From patchwork Wed Mar 4 08:27:08 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Szing X-Patchwork-Id: 82421 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6E586EB7EA8 for ; Wed, 4 Mar 2026 08:28:22 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.13793.1772612896350088285 for ; Wed, 04 Mar 2026 00:28:16 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: gyorgy.szing@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 661A2339; Wed, 4 Mar 2026 00:28:09 -0800 (PST) Received: from gyoszi01-yocto.budapest.arm.com (ubul2.budapest.arm.com [10.42.55.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 1A2803F7BD; Wed, 4 Mar 2026 00:28:14 -0800 (PST) From: Gyorgy Szing To: meta-arm@lists.yoctoproject.org Cc: Gyorgy Szing Subject: [PATCH 1/5] arm/trusted-services: Update to v1.3.0 Date: Wed, 4 Mar 2026 09:27:08 +0100 Message-ID: <20260304082718.2126340-2-gyorgy.szing@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260304082718.2126340-1-gyorgy.szing@arm.com> References: <20260304082718.2126340-1-gyorgy.szing@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 04 Mar 2026 08:28:22 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6936 Update to latest TS release. Signed-off-by: Gyorgy Szing --- ...cpputest-fix-cmake-4.0-compatibility.patch | 81 ------------------- .../trusted-services/trusted-services-src.inc | 10 +-- .../trusted-services/ts-sp-common.inc | 4 - 3 files changed, 5 insertions(+), 90 deletions(-) delete mode 100644 meta-arm/recipes-security/trusted-services/files/0005-cpputest-fix-cmake-4.0-compatibility.patch diff --git a/meta-arm/recipes-security/trusted-services/files/0005-cpputest-fix-cmake-4.0-compatibility.patch b/meta-arm/recipes-security/trusted-services/files/0005-cpputest-fix-cmake-4.0-compatibility.patch deleted file mode 100644 index f518d68d..00000000 --- a/meta-arm/recipes-security/trusted-services/files/0005-cpputest-fix-cmake-4.0-compatibility.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 5c75ba6cdbc1746438a748841a5327fa29840a4e Mon Sep 17 00:00:00 2001 -From: Gyorgy Szing -Date: Fri, 18 Jul 2025 12:23:25 +0200 -Subject: [PATCH 1/1] cpputest: fix cmake 4.0 compatibility - -Add a new patch to solve the mentioned issue. For details, see the -header of the patch file. - -Also update the component to use git am instead of apply. - -Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/40925] -Signed-off-by: Gyorgy Szing -Change-Id: I68291f4573fee3c64dd19c348bd8a30aa99b0c35 ---- - ...ix.patch => 0001-cpputest-cmake-fix.patch} | 0 - .../0002-Fix-cmake-4.0-compatibility.patch | 29 +++++++++++++++++++ - external/CppUTest/CppUTest.cmake | 8 +++-- - 3 files changed, 35 insertions(+), 2 deletions(-) - rename external/CppUTest/{cpputest-cmake-fix.patch => 0001-cpputest-cmake-fix.patch} (100%) - create mode 100644 external/CppUTest/0002-Fix-cmake-4.0-compatibility.patch - -diff --git a/external/CppUTest/cpputest-cmake-fix.patch b/external/CppUTest/0001-cpputest-cmake-fix.patch -similarity index 100% -rename from external/CppUTest/cpputest-cmake-fix.patch -rename to external/CppUTest/0001-cpputest-cmake-fix.patch -diff --git a/external/CppUTest/0002-Fix-cmake-4.0-compatibility.patch b/external/CppUTest/0002-Fix-cmake-4.0-compatibility.patch -new file mode 100644 -index 00000000..8aa9ff2c ---- /dev/null -+++ b/external/CppUTest/0002-Fix-cmake-4.0-compatibility.patch -@@ -0,0 +1,29 @@ -+From 1147a71cfa5657b13c13d10194d8a5b4c28e1709 Mon Sep 17 00:00:00 2001 -+From: Gyorgy Szing -+Date: Fri, 18 Jul 2025 12:17:46 +0200 -+Subject: [PATCH 1/1] Fix cmake 4.0 compatibility -+ -+Cmake 4.0 dropped compatibility to cmake versions below 3.5. Update the -+required version on the cmake file as a workaround. -+ -+Signed-off-by: Gyorgy Szing -+--- -+ CMakeLists.txt | 2 +- -+ 1 file changed, 1 insertion(+), 1 deletion(-) -+ -+diff --git a/CMakeLists.txt b/CMakeLists.txt -+index d9ca865f..b30e7d77 100644 -+--- a/CMakeLists.txt -++++ b/CMakeLists.txt -+@@ -4,7 +4,7 @@ set(CppUTest_version_major 3) -+ set(CppUTest_version_minor 8) -+ -+ # 2.6.3 is needed for ctest support -+-cmake_minimum_required(VERSION 2.8.7) -++cmake_minimum_required(VERSION 3.8...3.31) -+ -+ # Check for functions before setting a lot of stuff -+ include(CheckFunctionExists) -+-- -+2.34.1 -+ -diff --git a/external/CppUTest/CppUTest.cmake b/external/CppUTest/CppUTest.cmake -index 7b916d52..f323ad8e 100644 ---- a/external/CppUTest/CppUTest.cmake -+++ b/external/CppUTest/CppUTest.cmake -@@ -16,8 +16,12 @@ set(GIT_OPTIONS - GIT_REPOSITORY ${CPPUTEST_URL} - GIT_TAG ${CPPUTEST_REFSPEC} - GIT_SHALLOW FALSE -- PATCH_COMMAND git stash -- COMMAND git apply ${CMAKE_CURRENT_LIST_DIR}/cpputest-cmake-fix.patch -+ PATCH_COMMAND -+ git stash -+ COMMAND git branch -f bf-am -+ COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-cpputest-cmake-fix.patch -+ COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0002-Fix-cmake-4.0-compatibility.patch -+ COMMAND git reset bf-am - ) - - include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED) --- -2.34.1 \ No newline at end of file diff --git a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc index 4d71bcd7..38d705a3 100644 --- a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc +++ b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc @@ -4,8 +4,9 @@ LICENSE = "Apache-2.0 & BSD-3-Clause & BSD-2-Clause & Zlib" FILESEXTRAPATHS:prepend := "${THISDIR}/files:" -# v1.2.0 -SRCREV_trusted-services = "0d55b4c7a8e53958271feb7341e928853b7914cf" + +# v1.3.0 +SRCREV_trusted-services = "a5db25bc3f2892781a07620af5d6625900988281" LIC_FILES_CHKSUM = "file://${S}/license.rst;md5=ea160bac7f690a069c608516b17997f4" PV ?= "0.0+git" @@ -16,9 +17,9 @@ SRC_URI_TRUSTED_SERVICES_DTC = "git://github.com/dgibson/dtc;protocol=https;bran SRCREV_dtc = "b6910bec11614980a21e46fbccc35934b671bd81" LIC_FILES_CHKSUM += "file://ts-external/dtc/README.license;md5=a1eb22e37f09df5b5511b8a278992d0e" -# MbedTLS, tag "v3.6.0" +# MbedTLS, tag "v3.6.5" SRC_URI_TRUSTED_SERVICES_MBEDTLS = "gitsm://github.com/Mbed-TLS/mbedtls;protocol=https;branch=master" -SRCREV_mbedtls = "2ca6c285a0dd3f33982dd57299012dacab1ff206" +SRCREV_mbedtls = "e185d7fd85499c8ce5ca2a54f5cf8fe7dbe3f8df" LIC_FILES_CHKSUM += "file://ts-external/mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" # Nanopb, tag "nanopb-0.4.8" plus some further fixes @@ -51,7 +52,6 @@ SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https; file://0001-Allow-configuring-flash-image-files-compile-time.patch \ file://0002-Fix-MbedTLS-3.6-and-GCC-14-compatibility.patch \ file://0001-Relax-pyelftools-dependency.patch \ - file://0005-cpputest-fix-cmake-4.0-compatibility.patch \ " S = "${UNPACKDIR}/ts" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-common.inc b/meta-arm/recipes-security/trusted-services/ts-sp-common.inc index 85109f06..eb89127b 100644 --- a/meta-arm/recipes-security/trusted-services/ts-sp-common.inc +++ b/meta-arm/recipes-security/trusted-services/ts-sp-common.inc @@ -31,10 +31,6 @@ INSANE_SKIP:${PN}-dev += "ldflags" # Trusted Services SPs do not compile with clang TOOLCHAIN = "gcc" -# FIXME - there is an issue with mbedtls unions and gcc15. It has been -# fixed in commit 4c26d7d54cf5f5dc1e63e0dd0b902fda05e7063f but that has -# not been released yet. Work around this issue here until that is out -TARGET_CFLAGS += "-fzero-init-padding-bits=unions" # FORTIFY_SOURCE is a glibc feature. Disable it for all SPs as these do not use glibc. TARGET_CFLAGS:remove = "-D_FORTIFY_SOURCE=2" From patchwork Wed Mar 4 08:27:09 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gyorgy Szing X-Patchwork-Id: 82422 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8FA7DEB7EAA for ; Wed, 4 Mar 2026 08:28:22 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13681.1772612900056128844 for ; Wed, 04 Mar 2026 00:28:20 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: gyorgy.szing@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4964C339; Wed, 4 Mar 2026 00:28:13 -0800 (PST) Received: from gyoszi01-yocto.budapest.arm.com (ubul2.budapest.arm.com [10.42.55.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 7CBA13F7BD; Wed, 4 Mar 2026 00:28:18 -0800 (PST) From: Gyorgy Szing To: meta-arm@lists.yoctoproject.org Cc: Gyorgy Szing Subject: [PATCH 2/5] arm-bsp/corstone1000: Rebase TS patches. Date: Wed, 4 Mar 2026 09:27:09 +0100 Message-ID: <20260304082718.2126340-3-gyorgy.szing@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260304082718.2126340-1-gyorgy.szing@arm.com> References: <20260304082718.2126340-1-gyorgy.szing@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 04 Mar 2026 08:28:22 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6937 Remove patches merged upstream and rebase remaining patches. Signed-off-by: Gyorgy Szing --- ...store-UEFI-variable-index-in-chunks.patch} | 14 +- ...e1000-Add-CORSTONE_1000_TYPE-variabl.patch | 66 -- ..._HAS_ATTEST_PK-define-from-IAT-test.patch} | 6 +- ...e1000-Add-event-provider-proxy-for-b.patch | 304 ------- ...ow-platform-override-of-FWU-mapping-.patch | 245 ----- ...UCCESS_REBOOT-and-PSA_SUCCESS_RESTAR.patch | 74 -- ...e1000-Add-MM-communication-buffer-co.patch | 35 - ...pport-for-ESRT-v1-in-PSA-FWU-M-agent.patch | 290 ------ ...ting-warnings-as-errors-configurable.patch | 194 ---- ...-config-Remove-Werror-compile-option.patch | 46 - ...009-fwu-proxy-refactor-image-mapping.patch | 856 ------------------ ...crypto-fix-AEAD-block-cypher-support.patch | 73 -- ...n-PSA-Crypto-structs-with-TF-Mv2.1.1.patch | 40 - .../trusted-services/ts-arm-platforms.inc | 15 +- 14 files changed, 12 insertions(+), 2246 deletions(-) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0010-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch => 0001-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch} (97%) delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-platform-corstone1000-Add-CORSTONE_1000_TYPE-variabl.patch rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0011-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch => 0002-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch} (92%) delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-platform-corstone1000-Add-event-provider-proxy-for-b.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-fwu-se-proxy-Allow-platform-override-of-FWU-mapping-.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-fwu-Coerce-PSA_SUCCESS_REBOOT-and-PSA_SUCCESS_RESTAR.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-platform-corstone1000-Add-MM-communication-buffer-co.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-fwu-Add-support-for-ESRT-v1-in-PSA-FWU-M-agent.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Make-treating-warnings-as-errors-configurable.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-smm-gateway-config-Remove-Werror-compile-option.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-fwu-proxy-refactor-image-mapping.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-psa-crypto-fix-AEAD-block-cypher-support.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Align-PSA-Crypto-structs-with-TF-Mv2.1.1.patch diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch similarity index 97% rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch index e076759b..12f3a6b4 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch @@ -1,7 +1,7 @@ -From ce6571f7d1054ff003a29e7f977588f1c8e96cc8 Mon Sep 17 00:00:00 2001 +From 76113b4c497f478d2e3a791acd5f43ece6325038 Mon Sep 17 00:00:00 2001 From: Hugues KAMBA MPIANA Date: Fri, 12 Sep 2025 15:41:10 +0100 -Subject: [PATCH] Revert "Load and store UEFI variable index in chunks" +Subject: [PATCH 1/2] Revert "Load and store UEFI variable index in chunks" This reverts commit a0a08571084238af2a24d4e6e580308f86ab59a2. The PSA IPC backend for the Protected Storage doesn't support the optional @@ -22,7 +22,7 @@ Signed-off-by: Hugues KAMBA MPIANA 4 files changed, 29 insertions(+), 191 deletions(-) diff --git a/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp b/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp -index 0f962f20..7c7435fb 100644 +index 0f962f206..7c7435fb4 100644 --- a/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp +++ b/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp @@ -57,12 +57,6 @@ TEST_GROUP(UefiVariableStoreTests) @@ -148,7 +148,7 @@ index 0f962f20..7c7435fb 100644 { efi_status_t efi_status = EFI_SUCCESS; diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c -index 48b81ff3..e90ed172 100644 +index 48b81ff37..e90ed1722 100644 --- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c +++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c @@ -716,59 +716,29 @@ static psa_status_t get_active_variable_uid(struct uefi_variable_store *context, @@ -306,7 +306,7 @@ index 48b81ff3..e90ed172 100644 /* Check attribute usage rules */ diff --git a/deployments/smm-gateway/common/smm_gateway.c b/deployments/smm-gateway/common/smm_gateway.c -index 3ab45ccf..eaa86137 100644 +index 3ab45ccf5..eaa861370 100644 --- a/deployments/smm-gateway/common/smm_gateway.c +++ b/deployments/smm-gateway/common/smm_gateway.c @@ -40,6 +40,10 @@ @@ -321,10 +321,10 @@ index 3ab45ccf..eaa86137 100644 * The SP heap must be large enough for storing the UEFI variable index, the RPC shared memory and * ~16kB of miscellaneous data. diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -index 91158e93..7da375f0 100644 +index f5a9c48f6..03e99972b 100644 --- a/platform/providers/arm/corstone1000/platform.cmake +++ b/platform/providers/arm/corstone1000/platform.cmake -@@ -52,6 +52,7 @@ target_compile_definitions(${TGT} PRIVATE +@@ -51,6 +51,7 @@ target_compile_definitions(${TGT} PRIVATE MBEDTLS_ECP_DP_SECP521R1_ENABLED CORSTONE_1000_TYPE=${CORSTONE_1000_TYPE_INT} TFM_FWU_MAX_DIGEST_SIZE=${TFM_FWU_MAX_DIGEST_SIZE} diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-platform-corstone1000-Add-CORSTONE_1000_TYPE-variabl.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-platform-corstone1000-Add-CORSTONE_1000_TYPE-variabl.patch deleted file mode 100644 index 18b6d7be..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-platform-corstone1000-Add-CORSTONE_1000_TYPE-variabl.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 2cd4db9828f244de77e402ad31c52d9c4ba3c600 Mon Sep 17 00:00:00 2001 -From: Hugues KAMBA MPIANA -Date: Tue, 5 Aug 2025 14:05:49 +0100 -Subject: [PATCH] platform: corstone1000: Add CORSTONE_1000_TYPE variable - for platform selection - -This change introduces a CORSTONE_1000_TYPE variable in both CMake -and C code to differentiate between Corstone-1000 platform types: -* `CORSTONE_1000_TYPE_CORTEX_A35_FVP` -* `CORSTONE_1000_TYPE_CORTEX_A35_MPS3` - -The default platform type (`CORSTONE_1000_TYPE_CORTEX_A35_FVP`) is -set in CMake and can be overridden via the `-DCORSTONE_1000_TYPE` -option at configure time. - -This variable will be used to select the correct FWU image UUIDs at -compile time, as the UUIDs differ depending on the target platform. - -Upstream-Status: Backport [2cd4db9828f244de77e402ad31c52d9c4ba3c600] -Signed-off-by: Hugues KAMBA MPIANA -Signed-off-by: Ali Can Ozaslan -Signed-off-by: Harsimran Singh Tungal ---- - .../providers/arm/corstone1000/platform.cmake | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -index 37c6accf..4b6b9675 100644 ---- a/platform/providers/arm/corstone1000/platform.cmake -+++ b/platform/providers/arm/corstone1000/platform.cmake -@@ -6,6 +6,24 @@ - # Platform definition for the Corstone-1000 platform. - #------------------------------------------------------------------------------- - -+# Important: The order and index of values must match C code expectations -+set(_corstone_1000_valid_types -+ CORSTONE_1000_TYPE_CORTEX_A35_FVP -+ CORSTONE_1000_TYPE_CORTEX_A35_MPS3 -+) -+set(CORSTONE_1000_TYPE "CORSTONE_1000_TYPE_CORTEX_A35_FVP" CACHE STRING -+ "Corstone-1000 platform type. Valid values are: ${_corstone_1000_valid_types}" -+) -+set_property(CACHE CORSTONE_1000_TYPE PROPERTY STRINGS ${_corstone_1000_valid_types}) -+list(FIND _corstone_1000_valid_types "${CORSTONE_1000_TYPE}" CORSTONE_1000_TYPE_INT) -+if(CORSTONE_1000_TYPE_INT EQUAL -1) -+ message(FATAL_ERROR -+ "Invalid CORSTONE_1000_TYPE: ${CORSTONE_1000_TYPE}. -+ Valid values are: ${_corstone_1000_valid_types}" -+ ) -+endif() -+unset(_corstone_1000_valid_types) -+ - set(SMM_GATEWAY_MAX_UEFI_VARIABLES 80 CACHE STRING "Maximum UEFI variable count") - set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 4*4096 CACHE STRING "RPC caller buffer size in SMMGW") - set(SMM_SP_HEAP_SIZE 80*1024 CACHE STRING "SMM gateway SP heap size") -@@ -19,6 +37,7 @@ target_compile_definitions(${TGT} PRIVATE - PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE=${PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE} - COMMS_MHU_MSG_SIZE=${COMMS_MHU_MSG_SIZE} - MBEDTLS_ECP_DP_SECP521R1_ENABLED -+ CORSTONE_1000_TYPE=${CORSTONE_1000_TYPE_INT} - ) - - get_property(_platform_driver_dependencies TARGET ${TGT} --- -2.43.0 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch similarity index 92% rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch index 44f2bdd0..fb650900 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch @@ -1,7 +1,7 @@ -From cee283641224d2a6660cde0ad83e59bdddbc2f37 Mon Sep 17 00:00:00 2001 +From 9dffffbf9fb97d2b50d267a51ba1711795b64027 Mon Sep 17 00:00:00 2001 From: Bence Balogh Date: Tue, 14 May 2024 15:58:15 +0200 -Subject: [PATCH] Remove PLATFORM_HAS_ATTEST_PK define from IAT test +Subject: [PATCH 2/2] Remove PLATFORM_HAS_ATTEST_PK define from IAT test The `PLATFORM_HAS_ATTEST_PK` flag is removed to allow `PLATFORM_OVERRIDE_ATTEST_PK` to be defined in `psa-api-test`. @@ -36,5 +36,5 @@ index 807faf67a..c1b2ba6ed 100644 #------------------------------------------------------------------------------- # The arch test build system puts its build output under a test suite specific -- -2.25.1 +2.43.0 diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-platform-corstone1000-Add-event-provider-proxy-for-b.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-platform-corstone1000-Add-event-provider-proxy-for-b.patch deleted file mode 100644 index c5f2a0b9..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-platform-corstone1000-Add-event-provider-proxy-for-b.patch +++ /dev/null @@ -1,304 +0,0 @@ -From 6a4cedce9d433bc42a71ac77c3cd90dde4242951 Mon Sep 17 00:00:00 2001 -From: Hugues KAMBA MPIANA -Date: Tue, 5 Aug 2025 15:22:44 +0100 -Subject: [PATCH] platform: corstone1000: Add event provider proxy for boot - confirmation handling - -This patch introduces an event forwarding framework to support -delivery of boot confirmation events from the normal world to the -Secure Enclave for the Corstone-1000 platform. - -Key changes: -- Implements an `event_provider` service in the SE-Proxy SP that - processes boot confirmation events received from the host. -- Forwards the events to the Secure Enclave using PSA calls to - the `TFM_PLATFORM_SERVICE_HANDLE` and `TFM_PLATFORM_API_ID_IOCTL`. -- Defines and registers a proxy factory (`event_handler_proxy_create`) - to initialize and connect the event provider with the RSE comms - backend. -- Adds associated infrastructure in `infra.cmake` and headers to - support integration with the service framework. - -This mechanism ensures the SE-Proxy SP can relay important boot status -events (e.g., FWU boot confirmation) to the Secure Enclave for secure -state updates and lifecycle management. - -Upstream-Status: Backport [6a4cedce9d433bc42a71ac77c3cd90dde4242951] -Signed-off-by: Harsimran Singh Tungal -Signed-off-by: Hugues KAMBA MPIANA ---- - .../service/common/include/psa/client.h | 28 +++++++ - components/service/common/include/psa/sid.h | 9 ++ - .../corstone1000_event_handling.c | 83 +++++++++++++++++++ - .../corstone1000_event_handling.h | 40 +++++++++ - .../se-proxy/infra/corstone1000/infra.cmake | 6 ++ - .../infra/corstone1000/spf_event_handler.c | 44 ++++++++++ - 6 files changed, 210 insertions(+) - create mode 100644 deployments/se-proxy/infra/corstone1000/corstone1000_event_handling.c - create mode 100644 deployments/se-proxy/infra/corstone1000/corstone1000_event_handling.h - create mode 100644 deployments/se-proxy/infra/corstone1000/spf_event_handler.c - -diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h -index db40d7af..7e3092ae 100644 ---- a/components/service/common/include/psa/client.h -+++ b/components/service/common/include/psa/client.h -@@ -96,6 +96,34 @@ inline static uint32_t psa_ptr_const_to_u32(const void *ptr) - return (uintptr_t)ptr; - } - -+static inline bool psa_ptr_would_truncate_u32(const void *ptr) -+{ -+#if UINTPTR_MAX > UINT32_MAX -+ return (uintptr_t)ptr & ~((uintptr_t)UINT32_MAX); -+#else -+ (void)ptr; -+ return false; -+#endif -+} -+ -+static inline psa_status_t psa_ptr_const_to_u32_checked(const void *src, uint32_t *dst) -+{ -+ if (psa_ptr_would_truncate_u32(src)) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ *dst = (uint32_t)(uintptr_t)src; -+ return PSA_SUCCESS; -+} -+ -+static inline psa_status_t psa_ptr_to_u32_checked(void *src, uint32_t *dst) -+{ -+ if (psa_ptr_would_truncate_u32(src)) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ *dst = (uint32_t)(uintptr_t)src; -+ return PSA_SUCCESS; -+} -+ - /*************************** PSA Client API **********************************/ - - /** -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index 0235764d..baf16fed 100644 ---- a/components/service/common/include/psa/sid.h -+++ b/components/service/common/include/psa/sid.h -@@ -40,6 +40,15 @@ extern "C" { - #define TFM_CRYPTO_VERSION (1U) - #define TFM_CRYPTO_HANDLE (0x40000100U) - -+/******** TFM_PLATFORM_SERVICE *******/ -+#define TFM_PLATFORM_API_ID_IOCTL (1013) -+#define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U) -+ -+/** -+ * \brief Define a progressive numerical value for each SID which can be used -+ * when dispatching the requests to the service -+ */ -+ - /******** TFM_SP_PLATFORM ********/ - #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) - #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) -diff --git a/deployments/se-proxy/infra/corstone1000/corstone1000_event_handling.c b/deployments/se-proxy/infra/corstone1000/corstone1000_event_handling.c -new file mode 100644 -index 00000000..524db58d ---- /dev/null -+++ b/deployments/se-proxy/infra/corstone1000/corstone1000_event_handling.c -@@ -0,0 +1,83 @@ -+/* -+ * Copyright (c) 2025, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include -+#include -+#include -+ -+#include -+#include "corstone1000_event_handling.h" -+ -+#define BOOT_CONFIRMED_EVENT (0x3) -+#define OPCODE_BOOT_CONFIRMED BOOT_CONFIRMED_EVENT -+ -+enum corstone1000_ioctl_id { -+ IOCTL_CORSTONE1000_FWU_HOST_ACK = 1, -+}; -+ -+/* Service request handlers */ -+static rpc_status_t boot_confirmed_handler(void *context, struct rpc_request *req); -+ -+/* Handler mapping table for service */ -+static const struct service_handler handler_table[] = { -+ {.opcode = OPCODE_BOOT_CONFIRMED, .invoke = boot_confirmed_handler} -+}; -+ -+struct rpc_service_interface *corstone1000_event_provider_init(struct event_provider *context) -+{ -+ if (!context) -+ return NULL; -+ -+ service_provider_init(&context->base_provider, context, -+ &(const struct rpc_uuid){.uuid = { 0 }}, handler_table, -+ sizeof(handler_table) / sizeof(struct service_handler)); -+ -+ return service_provider_get_rpc_interface(&context->base_provider); -+} -+ -+static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller_interface *caller) -+{ -+ if (!caller) { -+ EMSG("%s rpc_caller is NULL", __func__); -+ return TS_RPC_ERROR_RESOURCE_FAILURE; -+ } -+ -+ IMSG("%s opcode %x", __func__, opcode); -+ -+ uint32_t ioctl_id; -+ uint32_t mem_buf_start_addr; -+ -+ if (psa_ptr_to_u32_checked(&ioctl_id, &mem_buf_start_addr) != PSA_SUCCESS) { -+ EMSG("%s start address of the memory buffer does not fit in 32 bits", __func__); -+ return TS_RPC_ERROR_INTERNAL; -+ } -+ -+ struct psa_invec in_vec[] = { -+ { .base = mem_buf_start_addr, .len = sizeof(ioctl_id) } -+ }; -+ -+ switch (opcode) { -+ case OPCODE_BOOT_CONFIRMED: -+ ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK; -+ -+ psa_call(caller, TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ break; -+ -+ default: -+ EMSG("%s unsupported opcode", __func__); -+ return TS_RPC_ERROR_INVALID_PARAMETER; -+ } -+ -+ return TS_RPC_CALL_ACCEPTED; -+} -+ -+static rpc_status_t boot_confirmed_handler(void *context, struct rpc_request *req) -+{ -+ struct event_provider *this_instance = (struct event_provider *)context; -+ -+ return event_handler(req->opcode, this_instance->client.session->caller); -+} -diff --git a/deployments/se-proxy/infra/corstone1000/corstone1000_event_handling.h b/deployments/se-proxy/infra/corstone1000/corstone1000_event_handling.h -new file mode 100644 -index 00000000..ecb2d6b8 ---- /dev/null -+++ b/deployments/se-proxy/infra/corstone1000/corstone1000_event_handling.h -@@ -0,0 +1,40 @@ -+/* -+ * Copyright (c) 2025, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef CORSTONE1000_EVENT_HANDLING_H -+#define CORSTONE1000_EVENT_HANDLING_H -+ -+#include -+#include -+#include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/** -+ * The event_provider is a service provider that accepts events -+ * and delegates them to a suitable backend. -+ */ -+struct event_provider { -+ struct service_provider base_provider; -+ struct service_client client; -+}; -+ -+/** -+ * \brief Initialize an instance of the event handler -+ * -+ * @param[in] context The instance to initialize -+ * -+ * \return An rpc_service_interface or NULL on failure -+ */ -+struct rpc_service_interface *corstone1000_event_provider_init(struct event_provider *context); -+ -+#ifdef __cplusplus -+} /* extern "C" */ -+#endif -+ -+#endif /* CORSTONE1000_EVENT_HANDLING_H */ -diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake -index 22d1542d..f0c2e58e 100644 ---- a/deployments/se-proxy/infra/corstone1000/infra.cmake -+++ b/deployments/se-proxy/infra/corstone1000/infra.cmake -@@ -14,6 +14,12 @@ set(CFG_ENABLE_CRYPTO On) - set(CFG_ENABLE_CRYPTO_NANO On) - set(CFG_ENABLE_IAT On) - set(CFG_ENABLE_FWU On) -+ -+target_sources(se-proxy PRIVATE -+ ${CMAKE_CURRENT_LIST_DIR}/spf_event_handler.c -+ ${CMAKE_CURRENT_LIST_DIR}/corstone1000_event_handling.c -+) -+ - #------------------------------------------------------------------------------- - # Infrastructure components - # -diff --git a/deployments/se-proxy/infra/corstone1000/spf_event_handler.c b/deployments/se-proxy/infra/corstone1000/spf_event_handler.c -new file mode 100644 -index 00000000..92820259 ---- /dev/null -+++ b/deployments/se-proxy/infra/corstone1000/spf_event_handler.c -@@ -0,0 +1,44 @@ -+/* -+ * Copyright (c) 2025, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include -+#include "deployments/se-proxy/env/commonsp/proxy_service_factory_list.h" -+#include "rpc/common/caller/rpc_caller.h" -+#include "rpc/common/caller/rpc_caller_session.h" -+#include "rpc/common/interface/rpc_status.h" -+#include "rpc/common/interface/rpc_uuid.h" -+#include "rpc/rse_comms/caller/sp/rse_comms_caller.h" -+ -+#include "corstone1000_event_handling.h" -+ -+struct rpc_service_interface *event_handler_proxy_create(void) -+{ -+ static struct event_provider event_provider = {0}; -+ const struct rpc_uuid dummy_uuid = { .uuid = { 0 }}; -+ rpc_status_t rpc_status = RPC_ERROR_INTERNAL; -+ -+ /* Static objects for proxy instance */ -+ static struct rpc_caller_interface rse_comms = { 0 }; -+ static struct rpc_caller_session rpc_session = { 0 }; -+ -+ rpc_status = rse_comms_caller_init(&rse_comms); -+ if (rpc_status != RPC_SUCCESS) -+ return NULL; -+ -+ rpc_status = rpc_caller_session_open(&rpc_session, &rse_comms, &dummy_uuid, 0, 0); -+ if (rpc_status != RPC_SUCCESS) -+ return NULL; -+ -+ event_provider.client.session = &rpc_session; -+ event_provider.client.rpc_status = RPC_SUCCESS; -+ event_provider.client.service_info.supported_encodings = 0; -+ event_provider.client.service_info.max_payload = 4096; -+ -+ return corstone1000_event_provider_init(&event_provider); -+} -+ -+ADD_PROXY_SERVICE_FACTORY(event_handler_proxy_create, -+ EVENT_HANDLER_PROXY, SE_PROXY_INTERFACE_PRIO_FWU + 1); --- -2.43.0 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-fwu-se-proxy-Allow-platform-override-of-FWU-mapping-.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-fwu-se-proxy-Allow-platform-override-of-FWU-mapping-.patch deleted file mode 100644 index 2a0e398a..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-fwu-se-proxy-Allow-platform-override-of-FWU-mapping-.patch +++ /dev/null @@ -1,245 +0,0 @@ -From a518c74b7ce050bba2d0aaece701086dc50ffa53 Mon Sep 17 00:00:00 2001 -From: Hugues KAMBA MPIANA -Date: Tue, 5 Aug 2025 13:54:13 +0100 -Subject: [PATCH] fwu:se-proxy: Allow platform override of FWU mapping and - payload size - -Allow platform override of FWU mapping and payload size -by updating the SE-Proxy deployment to support -platform-specific overrides for Firmware Update configuration -parameters. - -Specifically, it introduces configurable macros for the image mapping -table (`img_mapping`), the number of mapping entries -(`IMAGE_MAPPING_ELEMENT_COUNT`), and the maximum payload size -(`MAX_PAYLOAD_SIZE`). -Default values are provided if not defined by the platform. - -Corstone-1000 is supplying its own image mapping -layout and FWU buffer size by defining these symbols. - -`corstone1000_config.h` and `corstone1000_config.c` containing -platform-specific FWU configuration parameters for Corstone-1000 -are added. - -Key definitions include: -- UUIDs for firmware images used on FVP and MPS3 variants. -- An enum `fwu_image_index` to identify the image index in the capsule. - -This configuration enables consistent and reusable FWU integration -across Corstone-1000 platforms in the SE-Proxy deployment. - -Additionaly `psa_fwu_m_update_agent_init()` call is moved after -`psa_fwu_ipc_init()` because the former uses PSA API calls which can -only be used when the IPC framework has been initialized. - -Upstream-Status: Backport [a518c74b7ce050bba2d0aaece701086dc50ffa53] -Signed-off-by: Harsimran Singh Tungal -Signed-off-by: Ali Can Ozaslan -Signed-off-by: Bence Balogh -Signed-off-by: Hugues KAMBA MPIANA ---- - .../psa_fwu_m/agent/psa_fwu_m_update_agent.h | 3 + - .../infra/corstone1000/corstone1000_config.c | 56 +++++++++++++++++ - .../infra/corstone1000/corstone1000_config.h | 60 +++++++++++++++++++ - .../se-proxy/infra/corstone1000/infra.cmake | 10 ++++ - deployments/se-proxy/infra/rse/spf_fwu.c | 11 +++- - 5 files changed, 139 insertions(+), 1 deletion(-) - create mode 100644 deployments/se-proxy/infra/corstone1000/corstone1000_config.c - create mode 100644 deployments/se-proxy/infra/corstone1000/corstone1000_config.h - -diff --git a/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.h b/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.h -index 3c06570d..6354b8ba 100644 ---- a/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.h -+++ b/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.h -@@ -41,6 +41,9 @@ struct update_agent *psa_fwu_m_update_agent_init( - */ - void psa_fwu_m_update_agent_deinit(struct update_agent *update_agent); - -+/* This should be defined by the platform */ -+extern struct psa_fwu_m_image_mapping img_mapping[]; -+ - #ifdef __cplusplus - } - #endif -diff --git a/deployments/se-proxy/infra/corstone1000/corstone1000_config.c b/deployments/se-proxy/infra/corstone1000/corstone1000_config.c -new file mode 100644 -index 00000000..0cc0dee9 ---- /dev/null -+++ b/deployments/se-proxy/infra/corstone1000/corstone1000_config.c -@@ -0,0 +1,56 @@ -+/* -+ * Copyright (c) 2025, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ * -+ */ -+ -+#include "service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.h" -+#include "protocols/service/fwu/fwu_proto.h" -+ -+#include "corstone1000_config.h" -+ -+#ifndef CORSTONE_1000_TYPE -+#error "CORSTONE_1000_TYPE is not defined." -+#endif -+ -+struct psa_fwu_m_image_mapping img_mapping[IMAGE_MAPPING_ELEMENT_COUNT] = { -+#if (CORSTONE_1000_TYPE == CORSTONE_1000_TYPE_CORTEX_A35_FVP) -+ { -+ .uuid = FWU_FVP_BL2_CAPSULE_UUID, -+ .component = FWU_IMAGE_INDEX_CAPSULE_BL2 -+ }, -+ { -+ .uuid = FWU_FVP_TFM_S_CAPSULE_UUID, -+ .component = FWU_IMAGE_INDEX_CAPSULE_TFM_S -+ }, -+ { -+ .uuid = FWU_FVP_FIP_CAPSULE_UUID, -+ .component = FWU_IMAGE_INDEX_CAPSULE_FIP -+ }, -+ { -+ .uuid = FWU_FVP_INITRAMFS_CAPSULE_UUID, -+ .component = FWU_IMAGE_INDEX_CAPSULE_INITRAMFS -+ }, -+#elif (CORSTONE_1000_TYPE == CORSTONE_1000_TYPE_CORTEX_A35_MPS3) -+ { -+ .uuid = FWU_MPS3_BL2_CAPSULE_UUID, -+ .component = FWU_IMAGE_INDEX_CAPSULE_BL2 -+ }, -+ { -+ .uuid = FWU_MPS3_TFM_S_CAPSULE_UUID, -+ .component = FWU_IMAGE_INDEX_CAPSULE_TFM_S -+ }, -+ { -+ .uuid = FWU_MPS3_FIP_CAPSULE_UUID, -+ .component = FWU_IMAGE_INDEX_CAPSULE_FIP -+ }, -+ { -+ .uuid = FWU_MPS3_INITRAMFS_CAPSULE_UUID, -+ .component = FWU_IMAGE_INDEX_CAPSULE_INITRAMFS -+ }, -+#else -+#error "Unsupported CORSTONE_1000_TYPE value. Valid values are: 0 (Corstone-1000 with " \ -+ "Cortex-A35 FVP), 1 (Corstone-1000 with Cortex-A35 MPS3)" -+#endif -+}; -diff --git a/deployments/se-proxy/infra/corstone1000/corstone1000_config.h b/deployments/se-proxy/infra/corstone1000/corstone1000_config.h -new file mode 100644 -index 00000000..59662ee3 ---- /dev/null -+++ b/deployments/se-proxy/infra/corstone1000/corstone1000_config.h -@@ -0,0 +1,60 @@ -+/* -+ * Copyright (c) 2025, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ * -+ */ -+ -+#ifndef CORSTONE1000_CONFIG_H -+#define CORSTONE1000_CONFIG_H -+ -+#define CORSTONE_1000_TYPE_CORTEX_A35_FVP 0 // Corstone-1000 with Cortex-A35 FVP -+#define CORSTONE_1000_TYPE_CORTEX_A35_MPS3 1 // Corstone-1000 with Cortex-A35 MPS3 -+ -+/* -+ * GUIDs for capsule updatable firmware images -+ * -+ * The GUIDs are generated with the UUIDv5 format with the following configurations: -+ * Namespace (for FVP GUIDs): 989f3a4e-46e0-4cd0-9877-a25c70c01329 -+ * Namespace (for MPS3 GUIDs): df1865d1-90fb-4d59-9c38-c9f2c1bba8cc -+ * Names: in the `fw_name` field: `BL2`, `TFM_S`, `FIP`, `INITRAMFS` -+ * Note: Using the same namespace and `fw_name` values should generate the same GUIDs. -+ */ -+ -+#define FWU_FVP_BL2_CAPSULE_UUID \ -+{ 0xf9, 0x83, 0xd8, 0xf1, 0xeb, 0xdf, 0x63, 0x53, 0x98, 0xd8, 0x68, 0x6e, 0xe3, 0xb6, 0x9f, 0x4f, } -+ -+#define FWU_FVP_TFM_S_CAPSULE_UUID \ -+{ 0x0e, 0x47, 0xad, 0x7f, 0xc5, 0x5e, 0x03, 0x5c, 0xa2, 0xc1, 0x47, 0x56, 0xb4, 0x95, 0xde, 0x61, } -+ -+#define FWU_FVP_FIP_CAPSULE_UUID \ -+{ 0x75, 0x36, 0x93, 0xf1, 0x8c, 0x5a, 0x6d, 0x5b, 0x9e, 0xf4, 0x84, 0x67, 0x39, 0xe8, 0x9b, 0xc8, } -+ -+#define FWU_FVP_INITRAMFS_CAPSULE_UUID \ -+{ 0xf9, 0xaf, 0x71, 0xf7, 0xe9, 0xc7, 0x99, 0x5f, 0x9e, 0xda, 0x23, 0x69, 0xdd, 0x69, 0x4f, 0x61, } -+ -+#define FWU_MPS3_BL2_CAPSULE_UUID \ -+{ 0xaa, 0xef, 0xfb, 0xfb, 0x56, 0x0a, 0xd5, 0x50, 0xb6, 0x51, 0x74, 0x09, 0x1d, 0x3d, 0x62, 0xcf, } -+ -+#define FWU_MPS3_TFM_S_CAPSULE_UUID \ -+{ 0xad, 0xc7, 0x4c, 0xaf, 0x2e, 0xee, 0x39, 0x5a, 0xaa, 0xd5, 0xfa, 0xc8, 0xa1, 0xe6, 0x17, 0x3c, } -+ -+#define FWU_MPS3_FIP_CAPSULE_UUID \ -+{ 0x96, 0x2f, 0x30, 0x55, 0xf0, 0xc4, 0xf9, 0x5c, 0x86, 0x24, 0xe7, 0xcc, 0x38, 0x8f, 0x2b, 0x68, } -+ -+#define FWU_MPS3_INITRAMFS_CAPSULE_UUID \ -+{ 0x72, 0xc9, 0x8a, 0x3e, 0x3c, 0xc3, 0xc9, 0x5c, 0x90, 0xa0, 0xcd, 0xd3, 0x15, 0x96, 0x83, 0xea, } -+ -+ /* Image indexes in the UEFI capsule */ -+enum fwu_image_index { -+ FWU_IMAGE_INDEX_CAPSULE_BL2 = 1, -+ FWU_IMAGE_INDEX_CAPSULE_TFM_S, -+ FWU_IMAGE_INDEX_CAPSULE_FIP, -+ FWU_IMAGE_INDEX_CAPSULE_INITRAMFS, -+ FWU_IMAGE_INDEX_ESRT, -+ -+ FWU_IMAGE_INDEX_LAST = FWU_IMAGE_INDEX_ESRT, -+ FWU_IMAGE_INDEX_COUNT = FWU_IMAGE_INDEX_LAST, -+}; -+ -+#endif /* CORSTONE1000_CONFIG_H */ -diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake -index f0c2e58e..8e0ac95f 100644 ---- a/deployments/se-proxy/infra/corstone1000/infra.cmake -+++ b/deployments/se-proxy/infra/corstone1000/infra.cmake -@@ -33,4 +33,14 @@ add_components(TARGET "se-proxy" - "components/messaging/rse_comms/sp" - ) - -+if (CFG_ENABLE_FWU) -+ target_sources(se-proxy PRIVATE -+ ${CMAKE_CURRENT_LIST_DIR}/corstone1000_config.c -+ ) -+ -+ target_include_directories(se-proxy PRIVATE -+ ${CMAKE_CURRENT_LIST_DIR} -+ ) -+endif() -+ - include(../../infra/rse/service_proxy_factory.cmake REQUIRED) -diff --git a/deployments/se-proxy/infra/rse/spf_fwu.c b/deployments/se-proxy/infra/rse/spf_fwu.c -index 4f123ba1..90f200e1 100644 ---- a/deployments/se-proxy/infra/rse/spf_fwu.c -+++ b/deployments/se-proxy/infra/rse/spf_fwu.c -@@ -18,6 +18,14 @@ - #include "service/fwu/common/update_agent_interface.h" - #include "service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.h" - -+#ifndef IMAGE_MAPPING_ELEMENT_COUNT -+#define IMAGE_MAPPING_ELEMENT_COUNT 0 -+#endif -+ -+#ifndef MAX_PAYLOAD_SIZE -+#define MAX_PAYLOAD_SIZE 4096 -+#endif -+ - struct rpc_service_interface *fwu_proxy_create(void) - { - rpc_status_t rpc_status = RPC_ERROR_INTERNAL; -@@ -38,9 +46,10 @@ struct rpc_service_interface *fwu_proxy_create(void) - if (rpc_status != RPC_SUCCESS) - return NULL; - -- agent = psa_fwu_m_update_agent_init(NULL, 0, 4096); - if (psa_fwu_ipc_init(&rpc_session) != PSA_SUCCESS) - return NULL; -+ agent = psa_fwu_m_update_agent_init(img_mapping, IMAGE_MAPPING_ELEMENT_COUNT, -+ MAX_PAYLOAD_SIZE); - - return fwu_provider_init(&fwu_provider, agent); - } --- -2.43.0 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-fwu-Coerce-PSA_SUCCESS_REBOOT-and-PSA_SUCCESS_RESTAR.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-fwu-Coerce-PSA_SUCCESS_REBOOT-and-PSA_SUCCESS_RESTAR.patch deleted file mode 100644 index c171a70b..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-fwu-Coerce-PSA_SUCCESS_REBOOT-and-PSA_SUCCESS_RESTAR.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 8b8eb4a2d512de06d3ee8a17dd9295cd38efd68d Mon Sep 17 00:00:00 2001 -From: Hugues KAMBA MPIANA -Date: Tue, 5 Aug 2025 14:42:17 +0100 -Subject: [PATCH] fwu: Coerce PSA_SUCCESS_REBOOT and PSA_SUCCESS_RESTART to - PSA_SUCCESS - -Map `PSA_SUCCESS_REBOOT` and `PSA_SUCCESS_RESTART` (returned by -FWU-M after a successful install) to plain `PSA_SUCCESS` in the FWU PSA -IPC client. -This is useful on A+M systems since FWU-A does not define equivalent -return codes, and avoids exposing non-zero success codes to FWU-A -clients. - -Key changes: -- Update `psa_fwu_ipc.c` to coerce `PSA_SUCCESS_REBOOT` and - `PSA_SUCCESS_RESTART` to `PSA_SUCCESS` in `psa_fwu_install()``. -- Extend FWU documentation to describe the behavior. - -Note: When this option is enabled, the normal world must still arrange -a system reboot through its own mechanism. - -Upstream-Status: Backport [8b8eb4a2d512de06d3ee8a17dd9295cd38efd68d] -Signed-off-by: Harsimran Singh Tungal -Signed-off-by: Hugues KAMBA MPIANA ---- - .../fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.c | 6 +++++- - docs/services/fwu/psa-fwu-m.rst | 9 ++++++--- - 2 files changed, 11 insertions(+), 4 deletions(-) - -diff --git a/components/service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.c b/components/service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.c -index a47ae539..174b06f8 100644 ---- a/components/service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.c -+++ b/components/service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2024-2025, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -190,6 +190,10 @@ psa_status_t psa_fwu_install(void) - status = psa_call(caller, TFM_FIRMWARE_UPDATE_SERVICE_HANDLE, - TFM_FWU_INSTALL, in_vec, 0, - NULL, 0); -+ -+ if ((status == PSA_SUCCESS_REBOOT) || (status == PSA_SUCCESS_RESTART)) -+ status = PSA_SUCCESS; -+ - if (status != PSA_SUCCESS) - EMSG("failed to psa_call: %d", status); - -diff --git a/docs/services/fwu/psa-fwu-m.rst b/docs/services/fwu/psa-fwu-m.rst -index 1358015f..c3217159 100644 ---- a/docs/services/fwu/psa-fwu-m.rst -+++ b/docs/services/fwu/psa-fwu-m.rst -@@ -76,9 +76,12 @@ agent switches to trial state, so the client can validate the new set of images - - On calling ``fwu_end_staging()`` the agent calls ``psa_fwu_finish()`` on each selected image, then calls - ``psa_fwu_install()``. If all images have been accepted (see ``fwu_commit()``) it also calls ``psa_fwu_accept()``. --The implementation treats ``PSA_SUCCESS_REBOOT`` and ``PSA_SUCCESS_RESTART`` status values as error. In an A+M system the M --class side shouldn't restart the system, so calling ``psa_fwu_request_reboot()`` does not fit the system. There's also no --PSA FWU A return code for inidicating the restart request to the normal world. If the normal world has to restart the -+ -+Since FWU-M may return ``PSA_SUCCESS_REBOOT`` or ``PSA_SUCCESS_RESTART`` for A+M systems, the FWU PSA IPC client coerces -+these statuses to ``PSA_SUCCESS`` because FWU-A does not define an equivalent return code. -+ -+In an A+M system the M class side shouldn't restart the system, so calling ``psa_fwu_request_reboot()`` does not fit the system. -+There's also no PSA FWU A return code for inidicating the restart request to the normal world. If the normal world has to restart the - system after ending the staging phase, it has to do it in an implementation defined way. - - .. uml:: ../uml/psa_fwu_m_update_agent/fwu_end_staging.puml --- -2.43.0 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-platform-corstone1000-Add-MM-communication-buffer-co.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-platform-corstone1000-Add-MM-communication-buffer-co.patch deleted file mode 100644 index 2625dc18..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-platform-corstone1000-Add-MM-communication-buffer-co.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 333422fd06ccf69de8052988ec42398cec12ac3f Mon Sep 17 00:00:00 2001 -From: Hugues KAMBA MPIANA -Date: Fri, 8 Aug 2025 00:18:16 +0100 -Subject: [PATCH] platform: corstone1000: Add MM communication buffer - configs to CMake - -Two variables are added into the Corstone-1000 platform -CMake file so the MM communication buffer address and -the page count can be configured. - -Upstream-Status: Backport [d49a99d6ade219a617741001fb23016d791855ee] -Signed-off-by: Michael Safwat -Signed-off-by: Harsimran Singh Tungal ---- - platform/providers/arm/corstone1000/platform.cmake | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -index 3aeb4922..aeeb8fb4 100644 ---- a/platform/providers/arm/corstone1000/platform.cmake -+++ b/platform/providers/arm/corstone1000/platform.cmake -@@ -12,6 +12,10 @@ set(SMM_SP_HEAP_SIZE 80*1024 CACHE STRING "SMM gateway SP heap size") - set(PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE 0x43C0 CACHE STRING "Size of the RSS_COMMS_PAYLOAD buffer") - set(COMMS_MHU_MSG_SIZE 0x4500 CACHE STRING "Max message size that can be transfered via MHU") - -+set(MM_COMM_BUFFER_ADDRESS "0x00000000 0x81FFF000" CACHE STRING "MM Communication buffer start address") -+set(MM_COMM_BUFFER_PAGE_COUNT 0x1 CACHE STRING "MM Communication buffer page count") -+ -+ - target_compile_definitions(${TGT} PRIVATE - PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE=${PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE} - COMMS_MHU_MSG_SIZE=${COMMS_MHU_MSG_SIZE} --- -2.43.0 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-fwu-Add-support-for-ESRT-v1-in-PSA-FWU-M-agent.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-fwu-Add-support-for-ESRT-v1-in-PSA-FWU-M-agent.patch deleted file mode 100644 index 61ae510d..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-fwu-Add-support-for-ESRT-v1-in-PSA-FWU-M-agent.patch +++ /dev/null @@ -1,290 +0,0 @@ -From d5ca8c5b73c3ff3bc5c137828932e440c6a7f187 Mon Sep 17 00:00:00 2001 -From: Hugues KAMBA MPIANA -Date: Tue, 5 Aug 2025 15:05:33 +0100 -Subject: [PATCH] fwu: Add support for ESRT v1 in PSA FWU-M agent -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This patch introduces support for ESRT v1, enabling the PSA Firmware -Update Management (FWU-M) agent to expose UEFI-compliant firmware -resource metadata via a dedicated image UUID. - -Key changes: -- Declares ESRT v1 data structures (`efi_system_resource_entry` and - `efi_system_resource_table`) as specified by the UEFI 2.9 standard. -- Extends `image_directory_read()` to detect ESRT image reads and serve - the data stored in `candidate_digest` from `psa_fwu_query()`. -- Modifies `psa_fwu_m_update_agent_init()` to properly initialize the - ESRT image with read-only attributes and hook `image_directory_read()` - as its read handler. -- Defines `FWU_IMAGE_CAPSULE_COUNT`, `ESRT_IMAGE_ENTRY_SIZE`, and - `ESRT_REMAINING_FIELDS_SIZE` to represent the structure of the ESRT v1 - table. -- Calculates `TOTAL_ESRT_SIZE` based on capsule count and ESRT entry - sizes. -- Sets `TFM_FWU_MAX_DIGEST_SIZE` to `TOTAL_ESRT_SIZE` to ensure the PSA - FWU - agent allocates sufficient buffer space for ESRT data. -- Exposes these constants via `target_compile_definitions()` for use in - the FWU runtime. This platform configuration ensures correct ESRT - memory sizing and enables firmware metadata reporting according to UEFI - 2.9 specification. - -ESRT data can now be queried by update clients using the ESRT image UUID -handle. This enables standardized firmware reporting and diagnostics -in accordance with UEFI specifications. - -Specification reference: -UEFI 2.9 §23 - Firmware Update and Reporting: -https://uefi.org/specs/UEFI/2.9_A/23_Firmware_Update_and_Reporting.html - -Upstream-Status: Backport [d5ca8c5b73c3ff3bc5c137828932e440c6a7f187] -Signed-off-by: Bence Balogh -Signed-off-by: Harsimran Singh Tungal -Signed-off-by: Hugues KAMBA MPIANA ---- - .../psa_fwu_m/agent/psa_fwu_m_update_agent.c | 57 +++++++++++++++++-- - deployments/se-proxy/infra/rse/spf_fwu.c | 23 ++++++++ - .../providers/arm/corstone1000/platform.cmake | 15 +++++ - protocols/service/fwu/fwu_proto.h | 29 ++++++++-- - 4 files changed, 116 insertions(+), 8 deletions(-) - -diff --git a/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.c b/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.c -index 48b86f6e..26972fc0 100644 ---- a/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.c -+++ b/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.c -@@ -115,13 +115,25 @@ uint32_t image_version_to_uint(psa_fwu_image_version_t version) - return result; - } - -+/* image_directory_read -+ * This function is used for two purposes: -+ * -> Send the details of firmware images to update client when read request is -+ * made for FWU_DIRECTORY_CANONICAL_UUID -+ * -> Send ESRT data to update client when read request is -+ * made for EFI_SYSTEM_RESOURCE_TABLE_CANONICAL_UUID -+ */ - int image_directory_read(struct psa_fwu_m_update_agent *agent, struct psa_fwu_m_image *image, - uint8_t *buf, size_t buf_size, size_t *read_len, size_t *total_len) - { - psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR; - psa_fwu_component_info_t component_info = { 0 }; - struct fwu_image_directory *directory = NULL; -- size_t image_count = agent->image_count - 1; /* Do not return Image directory */ -+ uint8_t esrt_image_uuid[OSF_UUID_OCTET_LEN]; -+ /* Do not return Image directory -+ * If update client uses ESRT UUID for ESRT data, then ESRT image UUID -+ * is considered as a separate image included in this count -+ */ -+ size_t image_count = agent->image_count - 1; - size_t image_info_size = 0; - size_t i = 0; - -@@ -136,12 +148,40 @@ int image_directory_read(struct psa_fwu_m_update_agent *agent, struct psa_fwu_m_ - return FWU_STATUS_DENIED; /* LCOV_EXCL_LINE */ - - /* -- * If the directory structure doesn't fit into the buffer return SUCCESS with total_len set -+ * If the data to be read doesn't fit into the buffer return SUCCESS with total_len set - * and read_len = 0. - */ - if (*total_len > buf_size) - return FWU_STATUS_SUCCESS; - -+ /* Query ESRT data from Secure Enclave and Copy the ESRT entries -+ * from component_info.impl.candidate_digest to buf in case of ESRT image UUID. -+ * This is needed because Secure Enclave fills component_info.impl.candidate_digest -+ * with ESRT data which needs to be transferred to normal world buffer -+ */ -+ uuid_octets_from_canonical((struct uuid_octets *)&esrt_image_uuid, -+ EFI_SYSTEM_RESOURCE_TABLE_CANONICAL_UUID); -+ if (!memcmp(&esrt_image_uuid, &image->uuid, sizeof(esrt_image_uuid))) { -+ /* Query ESRT data */ -+ psa_status = psa_fwu_query(image->component, &component_info); -+ if (psa_status != PSA_SUCCESS) -+ return psa_status_to_fwu_status(psa_status); -+ -+ struct efi_system_resource_table *esrt = -+ (struct efi_system_resource_table *)component_info.impl.candidate_digest; -+ size_t esrt_size_recv = (esrt->fw_resource_count * -+ sizeof(struct efi_system_resource_entry)) -+ + sizeof(struct efi_system_resource_table); -+ if (esrt_size_recv > TFM_FWU_MAX_DIGEST_SIZE) -+ return FWU_STATUS_OUT_OF_BOUNDS; -+ -+ /* Copy the ESRT entries to the buf */ -+ memcpy(buf, &component_info.impl.candidate_digest, esrt_size_recv); -+ *total_len = esrt_size_recv; -+ *read_len = *total_len; -+ return FWU_STATUS_SUCCESS; -+ } -+ - directory = (struct fwu_image_directory *)buf; - directory->directory_version = FWU_IMAGE_DIRECTORY_VERSION; - directory->img_info_offset = offsetof(struct fwu_image_directory, img_info_entry); -@@ -615,6 +655,7 @@ struct update_agent *psa_fwu_m_update_agent_init( - struct psa_fwu_m_image *images = NULL; - enum psa_fwu_m_state state = regular; - struct update_agent *agent = NULL; -+ uint8_t esrt_image_uuid[OSF_UUID_OCTET_LEN]; - size_t i = 0; - - /* Allocate +1 image for the Image directory */ -@@ -657,8 +698,16 @@ struct update_agent *psa_fwu_m_update_agent_init( - images[i].selected_for_staging = false; - } - -- images[i].read = NULL; /* Cannot read images */ -- images[i].write = image_write; -+ uuid_octets_from_canonical((struct uuid_octets *)&esrt_image_uuid, -+ EFI_SYSTEM_RESOURCE_TABLE_CANONICAL_UUID); -+ if (!memcmp(&esrt_image_uuid, &images[i].uuid, sizeof(esrt_image_uuid))) { -+ images[i].read = image_directory_read; -+ images[i].write = NULL; -+ images[i].selected_for_staging = false; -+ } else { -+ images[i].read = NULL; /* Cannot read images */ -+ images[i].write = image_write; -+ } - } - - /* Insert Image directory as the last image */ -diff --git a/deployments/se-proxy/infra/rse/spf_fwu.c b/deployments/se-proxy/infra/rse/spf_fwu.c -index 90f200e1..713d932d 100644 ---- a/deployments/se-proxy/infra/rse/spf_fwu.c -+++ b/deployments/se-proxy/infra/rse/spf_fwu.c -@@ -18,6 +18,10 @@ - #include "service/fwu/common/update_agent_interface.h" - #include "service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.h" - -+#include -+#include "corstone1000_config.h" -+#include "corstone1000_event_handling.h" -+ - #ifndef IMAGE_MAPPING_ELEMENT_COUNT - #define IMAGE_MAPPING_ELEMENT_COUNT 0 - #endif -@@ -26,6 +30,13 @@ - #define MAX_PAYLOAD_SIZE 4096 - #endif - -+/* The index to access the ESRT image in the psa_fwu_m_image_mapping structure -+ * collection. The ESRT image is always accessed at the end of the collection. -+ */ -+#define IMAGE_MAPPING_ESRT_INDEX (IMAGE_MAPPING_ELEMENT_COUNT - 1) -+ -+static void define_esrt_image_mapping(void); -+ - struct rpc_service_interface *fwu_proxy_create(void) - { - rpc_status_t rpc_status = RPC_ERROR_INTERNAL; -@@ -48,10 +59,22 @@ struct rpc_service_interface *fwu_proxy_create(void) - - if (psa_fwu_ipc_init(&rpc_session) != PSA_SUCCESS) - return NULL; -+ -+ define_esrt_image_mapping(); - agent = psa_fwu_m_update_agent_init(img_mapping, IMAGE_MAPPING_ELEMENT_COUNT, - MAX_PAYLOAD_SIZE); - - return fwu_provider_init(&fwu_provider, agent); - } - -+/* Every platform needs to define esrt image mapping, -+ * if ESRT image UUID is to be used to extract ESRT data -+ */ -+static void define_esrt_image_mapping(void) -+{ -+ uuid_octets_from_canonical(&img_mapping[IMAGE_MAPPING_ESRT_INDEX].uuid, -+ EFI_SYSTEM_RESOURCE_TABLE_CANONICAL_UUID); -+ img_mapping[IMAGE_MAPPING_ESRT_INDEX].component = FWU_IMAGE_INDEX_ESRT; -+} -+ - ADD_PROXY_SERVICE_FACTORY(fwu_proxy_create, FWU_PROXY, SE_PROXY_INTERFACE_PRIO_FWU); -diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -index 4b6b9675..baddf0be 100644 ---- a/platform/providers/arm/corstone1000/platform.cmake -+++ b/platform/providers/arm/corstone1000/platform.cmake -@@ -33,11 +33,26 @@ set(MM_COMM_BUFFER_ADDRESS "0x00000000 0x81FFF000" CACHE STRING "MM Communicatio - set(MM_COMM_BUFFER_PAGE_COUNT 0x1 CACHE STRING "MM Communication buffer page count") - - -+# For ESRT v1 details : https://uefi.org/specs/UEFI/2.9_A/23_Firmware_Update_and_Reporting.html#efi-system-resource-table -+set(FWU_IMAGE_CAPSULE_COUNT 4 CACHE STRING "Maximum number of FWU Images in a capsule to be updated") -+set(ESRT_IMAGE_ENTRY_SIZE 40 CACHE STRING "Size of one ESRT v1 Image entry structure object") -+set(ESRT_REMAINING_FIELDS_SIZE 16 CACHE STRING "Size of remaining fields of ESRT v1 table structure") -+math(EXPR TOTAL_ESRT_SIZE "${FWU_IMAGE_CAPSULE_COUNT} * ${ESRT_IMAGE_ENTRY_SIZE} + ${ESRT_REMAINING_FIELDS_SIZE}" OUTPUT_FORMAT DECIMAL) -+ -+set(TFM_FWU_MAX_DIGEST_SIZE ${TOTAL_ESRT_SIZE} CACHE STRING "Maximum size of ESRT entries of all the images in a bank") -+ -+set(ESRT_IMAGE_COUNT 1 CACHE STRING "The immutable number of ESRT image") -+math(EXPR IMAGE_MAPPING_ELEMENT_COUNT "${FWU_IMAGE_CAPSULE_COUNT} + ${ESRT_IMAGE_COUNT}" OUTPUT_FORMAT DECIMAL) -+ - target_compile_definitions(${TGT} PRIVATE - PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE=${PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE} - COMMS_MHU_MSG_SIZE=${COMMS_MHU_MSG_SIZE} - MBEDTLS_ECP_DP_SECP521R1_ENABLED - CORSTONE_1000_TYPE=${CORSTONE_1000_TYPE_INT} -+ TFM_FWU_MAX_DIGEST_SIZE=${TFM_FWU_MAX_DIGEST_SIZE} -+ FWU_IMAGE_CAPSULE_COUNT=${FWU_IMAGE_CAPSULE_COUNT} -+ IMAGE_MAPPING_ELEMENT_COUNT=${IMAGE_MAPPING_ELEMENT_COUNT} -+ MAX_PAYLOAD_SIZE=4096 - ) - - get_property(_platform_driver_dependencies TARGET ${TGT} -diff --git a/protocols/service/fwu/fwu_proto.h b/protocols/service/fwu/fwu_proto.h -index 4bcacb1f..85296e5b 100644 ---- a/protocols/service/fwu/fwu_proto.h -+++ b/protocols/service/fwu/fwu_proto.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2022-2024, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2022-2025, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -28,9 +28,10 @@ - /** - * Protocol GUIDs defined in FWU-A specification - */ --#define FWU_UPDATE_AGENT_CANONICAL_UUID "6823a838-1b06-470e-9774-0cce8bfb53fd" --#define FWU_DIRECTORY_CANONICAL_UUID "deee58d9-5147-4ad3-a290-77666e2341a5" --#define FWU_METADATA_CANONICAL_UUID "8a7a84a0-8387-40f6-ab41-a8b9a5a60d23" -+#define FWU_UPDATE_AGENT_CANONICAL_UUID "6823a838-1b06-470e-9774-0cce8bfb53fd" -+#define FWU_DIRECTORY_CANONICAL_UUID "deee58d9-5147-4ad3-a290-77666e2341a5" -+#define FWU_METADATA_CANONICAL_UUID "8a7a84a0-8387-40f6-ab41-a8b9a5a60d23" -+#define EFI_SYSTEM_RESOURCE_TABLE_CANONICAL_UUID "63a222b1-6136-684f-9929-78f8b0d62180" - - #define FWU_OPEN_OP_TYPE_READ (0) - #define FWU_OPEN_OP_TYPE_WRITE (1) -@@ -40,6 +41,26 @@ - */ - #define FWU_IMAGE_DIRECTORY_VERSION (2) - -+/** -+ * @brief Information about the ESRT v1. -+ */ -+struct __attribute__((__packed__)) efi_system_resource_entry { -+ uint8_t fw_class[OSF_UUID_OCTET_LEN]; -+ uint32_t fw_type; -+ uint32_t fw_version; -+ uint32_t lowest_supported_fw_version; -+ uint32_t capsule_flags; -+ uint32_t last_attempt_version; -+ uint32_t last_attempt_status; -+}; -+ -+struct __attribute__((__packed__)) efi_system_resource_table { -+ uint32_t fw_resource_count; -+ uint32_t fw_resource_count_max; -+ uint64_t fw_resource_version; -+ struct efi_system_resource_entry entries[]; -+}; -+ - struct __attribute__((__packed__)) fwu_image_info_entry { - uint8_t img_type_uuid[OSF_UUID_OCTET_LEN]; - uint32_t client_permissions; --- -2.43.0 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Make-treating-warnings-as-errors-configurable.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Make-treating-warnings-as-errors-configurable.patch deleted file mode 100644 index 75742285..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Make-treating-warnings-as-errors-configurable.patch +++ /dev/null @@ -1,194 +0,0 @@ -From 44e56b28f6a5ea9caab0bcccce3d02c59bb5d0ce Mon Sep 17 00:00:00 2001 -From: Gyorgy Szing -Date: Tue, 19 Aug 2025 11:07:39 +0200 -Subject: [PATCH] Make treating warnings as errors configurable - -Introduce the CMAKE_COMPILE_WARNING_AS_ERROR build option to control -whether the project treats compiler warnings as errors. This option is -enabled by default (On) and can be overridden via the CMake command line -using the -D flag or with an environment variable with the same name. -If both are specified, the command-line option takes precedence over the -environment variable. - -Enforcing warnings as errors helps maintain code quality, which is -especially important for security-focused projects. However, this can be -problematic for system integrators using newer compiler versions than -those used in upstream CI, as new compilers may introduce additional -warnings that cause builds to fail. -This option provides a temporary workaround by allowing such builds to -proceed until the warnings are addressed properly. - -Upstream-Status: Backport [44e56b28f6a5ea9caab0bcccce3d02c59bb5d0ce] -Signed-off-by: Gyorgy Szing ---- - .../arm-linux/default_toolchain_file.cmake | 24 +++++++++++++++++-- - .../linux-pc/default_toolchain_file.cmake | 23 ++++++++++++++++-- - .../opteesp/default_toolchain_file.cmake | 23 ++++++++++++++++-- - environments/sp/default_toolchain_file.cmake | 21 +++++++++++++++- - 4 files changed, 84 insertions(+), 7 deletions(-) - -diff --git a/environments/arm-linux/default_toolchain_file.cmake b/environments/arm-linux/default_toolchain_file.cmake -index 7e565dd2..d5900b05 100644 ---- a/environments/arm-linux/default_toolchain_file.cmake -+++ b/environments/arm-linux/default_toolchain_file.cmake -@@ -1,5 +1,5 @@ - #------------------------------------------------------------------------------- --# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2020-2025, Arm Limited and Contributors. All rights reserved. - # - # SPDX-License-Identifier: BSD-3-Clause - # -@@ -19,9 +19,29 @@ set(CMAKE_SYSTEM_PROCESSOR arm) - - set(TS_DEBUG_INFO_FLAGS "-fdiagnostics-show-option -gdwarf-2" CACHE STRING "Compiler flags to add debug information.") - set(TS_MANDATORY_AARCH_FLAGS "-mstrict-align -march=armv8-a+crc -DARM64=1" CACHE STRING "Compiler flags configuring architecture specific ") --set(TS_WARNING_FLAGS "-Wall -Werror" CACHE STRING "Compiler flags affecting generating warning messages.") -+set(TS_WARNING_FLAGS "-Wall" CACHE STRING "Compiler flags affecting generating warning messages.") - set(TS_MANDATORY_LINKER_FLAGS "" CACHE STRING "Linker flags needed for correct builds.") - -+# Allow defining the "warning as error behavior" using an environment variable. But prioritize command line -+# definition if present. -+# If a cache variable is not present -+if(NOT DEFINED CACHE{CMAKE_COMPILE_WARNING_AS_ERROR}) -+ # And an environment variable is, copy its value to the cache -+ if (DEFINED ENV{CMAKE_COMPILE_WARNING_AS_ERROR}) -+ set(CMAKE_COMPILE_WARNING_AS_ERROR $ENV{CMAKE_COMPILE_WARNING_AS_ERROR} CACHE Bool "If compilation warnings should be treated as errors.") -+ endif() -+endif() -+ -+# By default warnings should be treated as errors. -+set(CMAKE_COMPILE_WARNING_AS_ERROR On CACHE BOOL "If compilation warnings should be treated as errors.") -+ -+# Cmake v3.24 + shall set the warning flag automatically, but does not when processing our deployments. As a workaround -+# set -Werror manually always as setting it twice shall have no ill effect. -+if (CMAKE_COMPILE_WARNING_AS_ERROR) -+ string(APPEND TS_WARNING_FLAGS " -Werror") -+endif() -+ -+ - # branch-protection enables bti/pac while compile force-bti tells the linker to - # warn if some object files lack the .note.gnu.property section with the BTI - # flag, and to turn on the BTI flag in the output anyway. -diff --git a/environments/linux-pc/default_toolchain_file.cmake b/environments/linux-pc/default_toolchain_file.cmake -index 2215d6b5..010105c2 100644 ---- a/environments/linux-pc/default_toolchain_file.cmake -+++ b/environments/linux-pc/default_toolchain_file.cmake -@@ -1,5 +1,5 @@ - #------------------------------------------------------------------------------- --# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2020-2025, Arm Limited and Contributors. All rights reserved. - # - # SPDX-License-Identifier: BSD-3-Clause - # -@@ -11,9 +11,28 @@ include_guard(GLOBAL) - - set(TS_DEBUG_INFO_FLAGS "-fdiagnostics-show-option -gdwarf-2" CACHE STRING "Compiler flags to add debug information.") - set(TS_MANDATORY_AARCH_FLAGS "" CACHE STRING "Compiler flags configuring architecture specific ") --set(TS_WARNING_FLAGS "-Wall -Werror" CACHE STRING "Compiler flags affecting generating warning messages.") -+set(TS_WARNING_FLAGS "-Wall" CACHE STRING "Compiler flags affecting generating warning messages.") - set(TS_MANDATORY_LINKER_FLAGS "" CACHE STRING "Linker flags needed for correct builds.") - -+# Allow defining the "warning as error behavior" using an environment variable. But prioritize command line -+# definition if present. -+# If a cache variable is not present -+if(NOT DEFINED CACHE{CMAKE_COMPILE_WARNING_AS_ERROR}) -+ # And an environment variable is, copy its value to the cache -+ if (DEFINED ENV{CMAKE_COMPILE_WARNING_AS_ERROR}) -+ set(CMAKE_COMPILE_WARNING_AS_ERROR $ENV{CMAKE_COMPILE_WARNING_AS_ERROR} CACHE Bool "If compilation warnings should be treated as errors.") -+ endif() -+endif() -+ -+# By default warnings should be treated as errors. -+set(CMAKE_COMPILE_WARNING_AS_ERROR On CACHE BOOL "If compilation warnings should be treated as errors.") -+ -+# Cmake v3.24 + shall set the warning flag automatically, but does not when processing our deployments. As a workaround -+# set -Werror manually always as setting it twice shall have no ill effect. -+if (CMAKE_COMPILE_WARNING_AS_ERROR) -+ string(APPEND TS_WARNING_FLAGS " -Werror") -+endif() -+ - # Set flags affecting all build types - string(APPEND CMAKE_C_FLAGS_INIT " ${TS_MANDATORY_AARCH_FLAGS}") - string(APPEND CMAKE_CXX_FLAGS_INIT " ${TS_MANDATORY_AARCH_FLAGS}") -diff --git a/environments/opteesp/default_toolchain_file.cmake b/environments/opteesp/default_toolchain_file.cmake -index b150b852..677e92ff 100644 ---- a/environments/opteesp/default_toolchain_file.cmake -+++ b/environments/opteesp/default_toolchain_file.cmake -@@ -1,5 +1,5 @@ - #------------------------------------------------------------------------------- --# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2020-2025, Arm Limited and Contributors. All rights reserved. - # - # SPDX-License-Identifier: BSD-3-Clause - # -@@ -21,10 +21,29 @@ set(CMAKE_POSITION_INDEPENDENT_CODE True) - - set(TS_DEBUG_INFO_FLAGS "-fdiagnostics-show-option -gdwarf-2" CACHE STRING "Compiler flags to add debug information.") - set(TS_MANDATORY_AARCH_FLAGS "-fpic -mstrict-align -march=armv8-a+crc" CACHE STRING "Compiler flags configuring architecture specific ") --set(TS_WARNING_FLAGS "-Wall -Werror" CACHE STRING "Compiler flags affecting generating warning messages.") -+set(TS_WARNING_FLAGS "-Wall" CACHE STRING "Compiler flags affecting generating warning messages.") - set(TS_MANDATORY_LINKER_FLAGS "-pie -Wl,--as-needed -Wl,--sort-section=alignment -zmax-page-size=4096" - CACHE STRING "Linker flags needed for correct builds.") - -+# Allow defining the "warning as error behavior" using an environment variable. But prioritize command line -+# definition if present. -+# If a cache variable is not present -+if(NOT DEFINED CACHE{CMAKE_COMPILE_WARNING_AS_ERROR}) -+ # And an environment variable is, copy its value to the cache -+ if (DEFINED ENV{CMAKE_COMPILE_WARNING_AS_ERROR}) -+ set(CMAKE_COMPILE_WARNING_AS_ERROR $ENV{CMAKE_COMPILE_WARNING_AS_ERROR} CACHE Bool "If compilation warnings should be treated as errors.") -+ endif() -+endif() -+ -+# By default warnings should be treated as errors. -+set(CMAKE_COMPILE_WARNING_AS_ERROR On CACHE BOOL "If compilation warnings should be treated as errors.") -+ -+# Cmake v3.24 + shall set the warning flag automatically, but does not when processing our deployments. As a workaround -+# set -Werror manually always as setting it twice shall have no ill effect. -+if (CMAKE_COMPILE_WARNING_AS_ERROR) -+ string(APPEND TS_WARNING_FLAGS " -Werror") -+endif() -+ - # branch-protection enables bti/pac while compile force-bti tells the linker to - # warn if some object files lack the .note.gnu.property section with the BTI - # flag, and to turn on the BTI flag in the output anyway. -diff --git a/environments/sp/default_toolchain_file.cmake b/environments/sp/default_toolchain_file.cmake -index d41ecec5..bbe4fb91 100644 ---- a/environments/sp/default_toolchain_file.cmake -+++ b/environments/sp/default_toolchain_file.cmake -@@ -1,5 +1,5 @@ - #------------------------------------------------------------------------------- --# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2020-2025, Arm Limited and Contributors. All rights reserved. - # - # SPDX-License-Identifier: BSD-3-Clause - # -@@ -24,6 +24,25 @@ set(TS_MANDATORY_AARCH_FLAGS "-fpie -mstrict-align -march=armv8-a+crc" CACHE STR - set(TS_WARNING_FLAGS "-Wall" CACHE STRING "Compiler flags affecting generating warning messages.") - set(TS_MANDATORY_LINKER_FLAGS "-Wl,-pie -Wl,--no-dynamic-linker -Wl,--sort-section=alignment -zmax-page-size=4096" CACHE STRING "Linker flags needed for correct builds.") - -+# Allow defining the "warning as error behavior" using an environment variable. But prioritize command line -+# definition if present. -+# If a cache variable is not present -+if(NOT DEFINED CACHE{CMAKE_COMPILE_WARNING_AS_ERROR}) -+ # And an environment variable is, copy its value to the cache -+ if (DEFINED ENV{CMAKE_COMPILE_WARNING_AS_ERROR}) -+ set(CMAKE_COMPILE_WARNING_AS_ERROR $ENV{CMAKE_COMPILE_WARNING_AS_ERROR} CACHE Bool "If compilation warnings should be treated as errors.") -+ endif() -+endif() -+ -+# By default warnings should be treated as errors. -+set(CMAKE_COMPILE_WARNING_AS_ERROR On CACHE BOOL "If compilation warnings should be treated as errors.") -+ -+# Cmake v3.24 + shall set the warning flag automatically, but does not when processing our deployments. As a workaround -+# set -Werror manually always as setting it twice shall have no ill effect. -+if (CMAKE_COMPILE_WARNING_AS_ERROR) -+ string(APPEND TS_WARNING_FLAGS " -Werror") -+endif() -+ - # branch-protection enables bti/pac while compile force-bti tells the linker to - # warn if some object files lack the .note.gnu.property section with the BTI - # flag, and to turn on the BTI flag in the output anyway. --- -2.43.0 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-smm-gateway-config-Remove-Werror-compile-option.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-smm-gateway-config-Remove-Werror-compile-option.patch deleted file mode 100644 index 427f99c9..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-smm-gateway-config-Remove-Werror-compile-option.patch +++ /dev/null @@ -1,46 +0,0 @@ -From c50ad182f8375eacb315b894229eec7f4cad1b30 Mon Sep 17 00:00:00 2001 -From: Hugues KAMBA MPIANA -Date: Fri, 18 Oct 2024 11:50:32 +0000 -Subject: [PATCH] smm-gateway/config: Remove `Werror` compile option - -Adding `-Werror` to CMakeLists.txt unintended when -originally committed. - -Remove the compilation option from `default-opteesp` and -`default-sp` configuration CMakeLists.txt files. - -Upstream-Status: Backport [c50ad182f8375eacb315b894229eec7f4cad1b30] -Signed-off-by: Harsimran Singh Tungal -Signed-off-by: Hugues KAMBA MPIANA ---- - deployments/smm-gateway/config/default-opteesp/CMakeLists.txt | 1 - - deployments/smm-gateway/config/default-sp/CMakeLists.txt | 1 - - 2 files changed, 2 deletions(-) - -diff --git a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt -index 94ff14c2..42385635 100644 ---- a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt -+++ b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt -@@ -92,7 +92,6 @@ target_compile_definitions(smm-gateway PRIVATE - if(CMAKE_C_COMPILER_ID STREQUAL "GNU") - target_compile_options(smm-gateway PRIVATE - -std=c11 -- -Werror - ) - - endif() -diff --git a/deployments/smm-gateway/config/default-sp/CMakeLists.txt b/deployments/smm-gateway/config/default-sp/CMakeLists.txt -index e92f1638..57802716 100644 ---- a/deployments/smm-gateway/config/default-sp/CMakeLists.txt -+++ b/deployments/smm-gateway/config/default-sp/CMakeLists.txt -@@ -89,7 +89,6 @@ target_compile_definitions(smm-gateway PRIVATE - if(CMAKE_C_COMPILER_ID STREQUAL "GNU") - target_compile_options(smm-gateway PRIVATE - -std=c11 -- -Werror - ) - - endif() --- -2.43.0 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-fwu-proxy-refactor-image-mapping.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-fwu-proxy-refactor-image-mapping.patch deleted file mode 100644 index 4db64306..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-fwu-proxy-refactor-image-mapping.patch +++ /dev/null @@ -1,856 +0,0 @@ -From ca3870a123f3449407d460dcbc6bc0ba0d135e1e Mon Sep 17 00:00:00 2001 -From: Gyorgy Szing -Date: Tue, 26 Aug 2025 15:01:44 +0200 -Subject: [PATCH] fwu-proxy: refactor image mapping - -Stop defining the size of the image mapping and the number of mappings -at different places (C code vs cmake). Move the number of images to the -image mapping structure of the FWU proxy. This simplifies the API and -makes consistent configuration easier. - -Upstream-Status: Backport [ca3870a123f3449407d460dcbc6bc0ba0d135e1e] -Signed-off-by: Gyorgy Szing -Signed-off-by: Hugues KAMBA MPIANA ---- - .../psa_fwu_m/agent/psa_fwu_m_update_agent.c | 24 +- - .../psa_fwu_m/agent/psa_fwu_m_update_agent.h | 14 +- - .../test/test_psa_fwu_m_update_agent.cpp | 214 +++++++++--------- - .../infra/corstone1000/corstone1000_config.c | 71 +++--- - .../infra/corstone1000/corstone1000_config.h | 2 + - deployments/se-proxy/infra/rse/spf_fwu.c | 27 +-- - .../infra/stub/service_proxy_factory.c | 2 +- - .../providers/arm/corstone1000/platform.cmake | 16 +- - 8 files changed, 191 insertions(+), 179 deletions(-) - -diff --git a/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.c b/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.c -index 26972fc0..650a6d04 100644 ---- a/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.c -+++ b/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.c -@@ -646,7 +646,7 @@ static const struct update_agent_interface interface = { - }; - - struct update_agent *psa_fwu_m_update_agent_init( -- const struct psa_fwu_m_image_mapping image_mapping[], size_t image_count, -+ const struct psa_fwu_m_image_mapping *image_mapping, - uint32_t max_payload_size) - { - psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR; -@@ -658,8 +658,11 @@ struct update_agent *psa_fwu_m_update_agent_init( - uint8_t esrt_image_uuid[OSF_UUID_OCTET_LEN]; - size_t i = 0; - -+ if (!image_mapping) -+ return NULL; -+ - /* Allocate +1 image for the Image directory */ -- images = (struct psa_fwu_m_image *)calloc(image_count + 1, sizeof(*images)); -+ images = (struct psa_fwu_m_image *)calloc(image_mapping->count + 1, sizeof(*images)); - if (!images) - return NULL; /* LCOV_EXCL_LINE */ - -@@ -680,8 +683,8 @@ struct update_agent *psa_fwu_m_update_agent_init( - /* LCOV_EXCL_STOP */ - } - -- for (i = 0; i < image_count; i++) { -- psa_status = psa_fwu_query(image_mapping[i].component, &info); -+ for (i = 0; i < image_mapping->count; i++) { -+ psa_status = psa_fwu_query(image_mapping->images[i].component, &info); - if (psa_status != PSA_SUCCESS) { - free(images); - free(context); -@@ -689,8 +692,8 @@ struct update_agent *psa_fwu_m_update_agent_init( - return NULL; - } - -- images[i].uuid = image_mapping[i].uuid; -- images[i].component = image_mapping[i].component; -+ images[i].uuid = image_mapping->images[i].uuid; -+ images[i].component = image_mapping->images[i].component; - if (info.state == PSA_FWU_TRIAL) { - images[i].selected_for_staging = true; - state = trial; -@@ -711,14 +714,15 @@ struct update_agent *psa_fwu_m_update_agent_init( - } - - /* Insert Image directory as the last image */ -- uuid_octets_from_canonical(&images[image_count].uuid, FWU_DIRECTORY_CANONICAL_UUID); -- images[image_count].component = 0; -- images[image_count].selected_for_staging = false; -+ uuid_octets_from_canonical(&images[image_mapping->count].uuid, -+ FWU_DIRECTORY_CANONICAL_UUID); -+ images[image_mapping->count].component = 0; -+ images[image_mapping->count].selected_for_staging = false; - images[i].read = image_directory_read; - images[i].write = NULL; /* Cannot write Images directory */ - - context->images = images; -- context->image_count = image_count + 1; -+ context->image_count = image_mapping->count + 1; - context->max_payload_size = max_payload_size; - context->state = state; - -diff --git a/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.h b/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.h -index 6354b8ba..ca5f9949 100644 ---- a/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.h -+++ b/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2024, Arm Limited. All rights reserved. -+ * Copyright (c) 2024-2025, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * -@@ -17,21 +17,23 @@ extern "C" { - #endif - - struct psa_fwu_m_image_mapping { -- struct uuid_octets uuid; -- psa_fwu_component_t component; -+ size_t count; -+ struct { -+ struct uuid_octets uuid; -+ psa_fwu_component_t component; -+ } images[]; - }; - - /** - * \brief Initialise the PSA FWU M update_agent - * - * \param[in] image_mapping Component mapping array -- * \param[in] image_count Component mapping count - * \param[in] max_payload_size The maximum number of bytes that a payload can contain - * - * \return The update_agent - */ - struct update_agent *psa_fwu_m_update_agent_init( -- const struct psa_fwu_m_image_mapping image_mapping[], size_t image_count, -+ const struct psa_fwu_m_image_mapping *image_mapping, - uint32_t max_payload_size); - - /** -@@ -42,7 +44,7 @@ struct update_agent *psa_fwu_m_update_agent_init( - void psa_fwu_m_update_agent_deinit(struct update_agent *update_agent); - - /* This should be defined by the platform */ --extern struct psa_fwu_m_image_mapping img_mapping[]; -+extern struct psa_fwu_m_image_mapping img_mapping; - - #ifdef __cplusplus - } -diff --git a/components/service/fwu/psa_fwu_m/agent/test/test_psa_fwu_m_update_agent.cpp b/components/service/fwu/psa_fwu_m/agent/test/test_psa_fwu_m_update_agent.cpp -index 3805d182..919ce897 100644 ---- a/components/service/fwu/psa_fwu_m/agent/test/test_psa_fwu_m_update_agent.cpp -+++ b/components/service/fwu/psa_fwu_m/agent/test/test_psa_fwu_m_update_agent.cpp -@@ -12,12 +12,37 @@ - #include - #include - -+static const psa_fwu_m_image_mapping * get_image_mapping() -+{ -+ static const psa_fwu_m_image_mapping image_mapping = { -+ .count = 2, -+ .images = { -+ { -+ .uuid = { -+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -+ }, -+ .component = 3 -+ }, -+ { -+ .uuid = { -+ 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, -+ 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 -+ }, -+ .component = 2 -+ }, -+ } -+ }; -+ return &image_mapping; -+} -+ - TEST_GROUP(psa_fwu_m_update_agent) { - TEST_SETUP() { - psa_fwu_component_info_t info = {0}; -- expect_mock_psa_fwu_query(mapping[0].component, &info, PSA_SUCCESS); -- expect_mock_psa_fwu_query(mapping[1].component, &info, PSA_SUCCESS); -- agent = psa_fwu_m_update_agent_init(mapping, 2, 4096); -+ mapping = get_image_mapping(); -+ expect_mock_psa_fwu_query(mapping->images[0].component, &info, PSA_SUCCESS); -+ expect_mock_psa_fwu_query(mapping->images[1].component, &info, PSA_SUCCESS); -+ agent = psa_fwu_m_update_agent_init(mapping, 4096); - handle = 0; - progress = 0; - total_work = 0; -@@ -31,14 +56,14 @@ TEST_GROUP(psa_fwu_m_update_agent) { - } - - void begin_staging() { -- expect_mock_psa_fwu_start(mapping[0].component, NULL, 0, PSA_SUCCESS); -- expect_mock_psa_fwu_start(mapping[1].component, NULL, 0, PSA_SUCCESS); -+ expect_mock_psa_fwu_start(mapping->images[0].component, NULL, 0, PSA_SUCCESS); -+ expect_mock_psa_fwu_start(mapping->images[1].component, NULL, 0, PSA_SUCCESS); - LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_begin_staging(agent, 0, 0, NULL)); - } - - void end_staging() { -- expect_mock_psa_fwu_finish(mapping[0].component, PSA_SUCCESS); -- expect_mock_psa_fwu_finish(mapping[1].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_finish(mapping->images[0].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_finish(mapping->images[1].component, PSA_SUCCESS); - - expect_mock_psa_fwu_install(PSA_SUCCESS); - -@@ -47,11 +72,11 @@ TEST_GROUP(psa_fwu_m_update_agent) { - - void open() { - LONGS_EQUAL(FWU_STATUS_SUCCESS, -- update_agent_open(agent, &mapping[0].uuid, FWU_OP_TYPE_WRITE, &handle)); -+ update_agent_open(agent, &mapping->images[0].uuid, FWU_OP_TYPE_WRITE, &handle)); - } - - void write(const uint8_t *data, size_t data_len) { -- expect_mock_psa_fwu_write(mapping[0].component, 0, NULL, 0, PSA_SUCCESS); -+ expect_mock_psa_fwu_write(mapping->images[0].component, 0, NULL, 0, PSA_SUCCESS); - LONGS_EQUAL(FWU_STATUS_SUCCESS, - update_agent_write_stream(agent, handle, data, data_len)); - } -@@ -61,27 +86,12 @@ TEST_GROUP(psa_fwu_m_update_agent) { - uint32_t progress; - uint32_t total_work; - -- const psa_fwu_m_image_mapping mapping[2] = { -- { -- .uuid = { -- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -- }, -- .component = 3 -- }, -- { -- .uuid = { -- 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, -- 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 -- }, -- .component = 2 -- }, -- }; -- - const struct uuid_octets image_directory_uuid = { - 0xde, 0xee, 0x58, 0xd9, 0x51, 0x47, 0x4a, 0xd3, - 0xa2, 0x90, 0x77, 0x66, 0x6e, 0x23, 0x41, 0xa5 - }; -+ -+ const psa_fwu_m_image_mapping *mapping; - }; - - TEST(psa_fwu_m_update_agent, discover) -@@ -98,16 +108,16 @@ TEST(psa_fwu_m_update_agent, discover) - - TEST(psa_fwu_m_update_agent, begin_staging_start_fail) - { -- expect_mock_psa_fwu_start(mapping[0].component, NULL, 0, PSA_ERROR_GENERIC_ERROR); -- expect_mock_psa_fwu_clean(mapping[0].component, PSA_SUCCESS); -- expect_mock_psa_fwu_clean(mapping[1].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_start(mapping->images[0].component, NULL, 0, PSA_ERROR_GENERIC_ERROR); -+ expect_mock_psa_fwu_clean(mapping->images[0].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_clean(mapping->images[1].component, PSA_SUCCESS); - LONGS_EQUAL(FWU_STATUS_UNKNOWN, update_agent_begin_staging(agent, 0, 0, NULL)); - } - - TEST(psa_fwu_m_update_agent, begin_staging_start_and_clean_fail) - { -- expect_mock_psa_fwu_start(mapping[0].component, NULL, 0, PSA_ERROR_GENERIC_ERROR); -- expect_mock_psa_fwu_clean(mapping[0].component, PSA_ERROR_GENERIC_ERROR); -+ expect_mock_psa_fwu_start(mapping->images[0].component, NULL, 0, PSA_ERROR_GENERIC_ERROR); -+ expect_mock_psa_fwu_clean(mapping->images[0].component, PSA_ERROR_GENERIC_ERROR); - LONGS_EQUAL(FWU_STATUS_DENIED, update_agent_begin_staging(agent, 0, 0, NULL)); - } - -@@ -115,42 +125,42 @@ TEST(psa_fwu_m_update_agent, begin_staging_partial_invalid_uuid) - { - const struct uuid_octets update_guid = { 0 }; - -- expect_mock_psa_fwu_clean(mapping[0].component, PSA_SUCCESS); -- expect_mock_psa_fwu_clean(mapping[1].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_clean(mapping->images[0].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_clean(mapping->images[1].component, PSA_SUCCESS); - - LONGS_EQUAL(FWU_STATUS_UNKNOWN, update_agent_begin_staging(agent, 0, 1, &update_guid)); - } - - TEST(psa_fwu_m_update_agent, begin_staging_partial_image_directory_uuid) - { -- expect_mock_psa_fwu_clean(mapping[0].component, PSA_SUCCESS); -- expect_mock_psa_fwu_clean(mapping[1].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_clean(mapping->images[0].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_clean(mapping->images[1].component, PSA_SUCCESS); - - LONGS_EQUAL(FWU_STATUS_UNKNOWN, update_agent_begin_staging(agent, 0, 1, &image_directory_uuid)); - } - - TEST(psa_fwu_m_update_agent, begin_staging_partial_start_fail) - { -- expect_mock_psa_fwu_start(mapping[0].component, NULL, 0, PSA_ERROR_GENERIC_ERROR); -- expect_mock_psa_fwu_clean(mapping[0].component, PSA_SUCCESS); -- expect_mock_psa_fwu_clean(mapping[1].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_start(mapping->images[0].component, NULL, 0, PSA_ERROR_GENERIC_ERROR); -+ expect_mock_psa_fwu_clean(mapping->images[0].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_clean(mapping->images[1].component, PSA_SUCCESS); - -- LONGS_EQUAL(FWU_STATUS_UNKNOWN, update_agent_begin_staging(agent, 0, 1, &mapping[0].uuid)); -+ LONGS_EQUAL(FWU_STATUS_UNKNOWN, update_agent_begin_staging(agent, 0, 1, &mapping->images[0].uuid)); - } - - TEST(psa_fwu_m_update_agent, begin_staging_partial_start_and_clean_fail) - { -- expect_mock_psa_fwu_start(mapping[0].component, NULL, 0, PSA_ERROR_GENERIC_ERROR); -- expect_mock_psa_fwu_clean(mapping[0].component, PSA_ERROR_GENERIC_ERROR); -+ expect_mock_psa_fwu_start(mapping->images[0].component, NULL, 0, PSA_ERROR_GENERIC_ERROR); -+ expect_mock_psa_fwu_clean(mapping->images[0].component, PSA_ERROR_GENERIC_ERROR); - -- LONGS_EQUAL(FWU_STATUS_DENIED, update_agent_begin_staging(agent, 0, 1, &mapping[0].uuid)); -+ LONGS_EQUAL(FWU_STATUS_DENIED, update_agent_begin_staging(agent, 0, 1, &mapping->images[0].uuid)); - } - - TEST(psa_fwu_m_update_agent, begin_staging_partial) - { -- expect_mock_psa_fwu_start(mapping[0].component, NULL, 0, PSA_SUCCESS); -+ expect_mock_psa_fwu_start(mapping->images[0].component, NULL, 0, PSA_SUCCESS); - -- LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_begin_staging(agent, 0, 1, &mapping[0].uuid)); -+ LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_begin_staging(agent, 0, 1, &mapping->images[0].uuid)); - } - - TEST(psa_fwu_m_update_agent, begin_staging) -@@ -162,11 +172,11 @@ TEST(psa_fwu_m_update_agent, begin_staging_repeated_cancel_fail) - { - begin_staging(); - -- expect_mock_psa_fwu_cancel(mapping[0].component, PSA_SUCCESS); -- expect_mock_psa_fwu_cancel(mapping[1].component, PSA_ERROR_GENERIC_ERROR); -+ expect_mock_psa_fwu_cancel(mapping->images[0].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_cancel(mapping->images[1].component, PSA_ERROR_GENERIC_ERROR); - -- expect_mock_psa_fwu_clean(mapping[0].component, PSA_SUCCESS); -- expect_mock_psa_fwu_clean(mapping[1].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_clean(mapping->images[0].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_clean(mapping->images[1].component, PSA_SUCCESS); - - LONGS_EQUAL(FWU_STATUS_UNKNOWN, update_agent_begin_staging(agent, 0, 0, NULL)); - } -@@ -175,10 +185,10 @@ TEST(psa_fwu_m_update_agent, begin_staging_repeated_clean_fail) - { - begin_staging(); - -- expect_mock_psa_fwu_cancel(mapping[0].component, PSA_SUCCESS); -- expect_mock_psa_fwu_cancel(mapping[1].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_cancel(mapping->images[0].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_cancel(mapping->images[1].component, PSA_SUCCESS); - -- expect_mock_psa_fwu_clean(mapping[0].component, PSA_ERROR_GENERIC_ERROR); -+ expect_mock_psa_fwu_clean(mapping->images[0].component, PSA_ERROR_GENERIC_ERROR); - - LONGS_EQUAL(FWU_STATUS_DENIED, update_agent_begin_staging(agent, 0, 0, NULL)); - } -@@ -187,14 +197,14 @@ TEST(psa_fwu_m_update_agent, begin_staging_repeated) - { - begin_staging(); - -- expect_mock_psa_fwu_cancel(mapping[0].component, PSA_SUCCESS); -- expect_mock_psa_fwu_cancel(mapping[1].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_cancel(mapping->images[0].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_cancel(mapping->images[1].component, PSA_SUCCESS); - -- expect_mock_psa_fwu_clean(mapping[0].component, PSA_SUCCESS); -- expect_mock_psa_fwu_clean(mapping[1].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_clean(mapping->images[0].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_clean(mapping->images[1].component, PSA_SUCCESS); - -- expect_mock_psa_fwu_start(mapping[0].component, NULL, 0, PSA_SUCCESS); -- expect_mock_psa_fwu_start(mapping[1].component, NULL, 0, PSA_SUCCESS); -+ expect_mock_psa_fwu_start(mapping->images[0].component, NULL, 0, PSA_SUCCESS); -+ expect_mock_psa_fwu_start(mapping->images[1].component, NULL, 0, PSA_SUCCESS); - LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_begin_staging(agent, 0, 0, NULL)); - } - -@@ -214,8 +224,8 @@ TEST(psa_fwu_m_update_agent, end_staging_finish_fail) - { - begin_staging(); - -- expect_mock_psa_fwu_finish(mapping[0].component, PSA_SUCCESS); -- expect_mock_psa_fwu_finish(mapping[1].component, PSA_ERROR_GENERIC_ERROR); -+ expect_mock_psa_fwu_finish(mapping->images[0].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_finish(mapping->images[1].component, PSA_ERROR_GENERIC_ERROR); - - LONGS_EQUAL(FWU_STATUS_DENIED, update_agent_end_staging(agent)); - } -@@ -224,8 +234,8 @@ TEST(psa_fwu_m_update_agent, end_staging_install_fail) - { - begin_staging(); - -- expect_mock_psa_fwu_finish(mapping[0].component, PSA_SUCCESS); -- expect_mock_psa_fwu_finish(mapping[1].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_finish(mapping->images[0].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_finish(mapping->images[1].component, PSA_SUCCESS); - - expect_mock_psa_fwu_install(PSA_ERROR_GENERIC_ERROR); - -@@ -254,17 +264,17 @@ TEST(psa_fwu_m_update_agent, end_staging_all_accepted_accept_fail) - begin_staging(); - - LONGS_EQUAL(FWU_STATUS_SUCCESS, -- update_agent_open(agent, &mapping[0].uuid, FWU_OP_TYPE_WRITE, &handle)); -+ update_agent_open(agent, &mapping->images[0].uuid, FWU_OP_TYPE_WRITE, &handle)); - LONGS_EQUAL(FWU_STATUS_SUCCESS, - update_agent_commit(agent, handle, true, 0, &progress, &total_work)); - - LONGS_EQUAL(FWU_STATUS_SUCCESS, -- update_agent_open(agent, &mapping[1].uuid, FWU_OP_TYPE_WRITE, &handle)); -+ update_agent_open(agent, &mapping->images[1].uuid, FWU_OP_TYPE_WRITE, &handle)); - LONGS_EQUAL(FWU_STATUS_SUCCESS, - update_agent_commit(agent, handle, true, 0, &progress, &total_work)); - -- expect_mock_psa_fwu_finish(mapping[0].component, PSA_SUCCESS); -- expect_mock_psa_fwu_finish(mapping[1].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_finish(mapping->images[0].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_finish(mapping->images[1].component, PSA_SUCCESS); - - expect_mock_psa_fwu_install(PSA_SUCCESS); - -@@ -278,12 +288,12 @@ TEST(psa_fwu_m_update_agent, end_staging_all_accepted) - begin_staging(); - - LONGS_EQUAL(FWU_STATUS_SUCCESS, -- update_agent_open(agent, &mapping[0].uuid, FWU_OP_TYPE_WRITE, &handle)); -+ update_agent_open(agent, &mapping->images[0].uuid, FWU_OP_TYPE_WRITE, &handle)); - LONGS_EQUAL(FWU_STATUS_SUCCESS, - update_agent_commit(agent, handle, true, 0, &progress, &total_work)); - - LONGS_EQUAL(FWU_STATUS_SUCCESS, -- update_agent_open(agent, &mapping[1].uuid, FWU_OP_TYPE_WRITE, &handle)); -+ update_agent_open(agent, &mapping->images[1].uuid, FWU_OP_TYPE_WRITE, &handle)); - LONGS_EQUAL(FWU_STATUS_SUCCESS, - update_agent_commit(agent, handle, true, 0, &progress, &total_work)); - -@@ -303,7 +313,7 @@ TEST(psa_fwu_m_update_agent, cancel_staging_cancel_fail) - { - begin_staging(); - -- expect_mock_psa_fwu_cancel(mapping[0].component, PSA_ERROR_GENERIC_ERROR); -+ expect_mock_psa_fwu_cancel(mapping->images[0].component, PSA_ERROR_GENERIC_ERROR); - - LONGS_EQUAL(FWU_STATUS_DENIED, update_agent_cancel_staging(agent)); - } -@@ -312,15 +322,15 @@ TEST(psa_fwu_m_update_agent, cancel_staging) - { - begin_staging(); - -- expect_mock_psa_fwu_cancel(mapping[0].component, PSA_SUCCESS); -- expect_mock_psa_fwu_cancel(mapping[1].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_cancel(mapping->images[0].component, PSA_SUCCESS); -+ expect_mock_psa_fwu_cancel(mapping->images[1].component, PSA_SUCCESS); - - LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_cancel_staging(agent)); - } - - TEST(psa_fwu_m_update_agent, open_for_write_not_staging) - { -- LONGS_EQUAL(FWU_STATUS_DENIED, update_agent_open(agent, &mapping[0].uuid, -+ LONGS_EQUAL(FWU_STATUS_DENIED, update_agent_open(agent, &mapping->images[0].uuid, - FWU_OP_TYPE_WRITE, &handle)); - } - -@@ -345,12 +355,12 @@ TEST(psa_fwu_m_update_agent, open_for_write_image_directory) - - TEST(psa_fwu_m_update_agent, open_for_write_partial_not_staging) - { -- expect_mock_psa_fwu_start(mapping[0].component, NULL, 0, PSA_SUCCESS); -+ expect_mock_psa_fwu_start(mapping->images[0].component, NULL, 0, PSA_SUCCESS); - -- LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_begin_staging(agent, 0, 1, &mapping[0].uuid)); -+ LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_begin_staging(agent, 0, 1, &mapping->images[0].uuid)); - - LONGS_EQUAL(FWU_STATUS_DENIED, -- update_agent_open(agent, &mapping[1].uuid, FWU_OP_TYPE_WRITE, &handle)); -+ update_agent_open(agent, &mapping->images[1].uuid, FWU_OP_TYPE_WRITE, &handle)); - } - - TEST(psa_fwu_m_update_agent, open_for_read) -@@ -358,7 +368,7 @@ TEST(psa_fwu_m_update_agent, open_for_read) - begin_staging(); - - LONGS_EQUAL(FWU_STATUS_NOT_AVAILABLE, -- update_agent_open(agent, &mapping[0].uuid, FWU_OP_TYPE_READ, &handle)); -+ update_agent_open(agent, &mapping->images[0].uuid, FWU_OP_TYPE_READ, &handle)); - } - - TEST(psa_fwu_m_update_agent, open) -@@ -374,7 +384,7 @@ TEST(psa_fwu_m_update_agent, open_too_many) - while (1) { - int result = FWU_STATUS_DENIED; - -- result = update_agent_open(agent, &mapping[0].uuid, FWU_OP_TYPE_WRITE, &handle); -+ result = update_agent_open(agent, &mapping->images[0].uuid, FWU_OP_TYPE_WRITE, &handle); - if (result == FWU_STATUS_NOT_AVAILABLE) { - break; - } else { -@@ -410,7 +420,7 @@ TEST(psa_fwu_m_update_agent, write_stream_write_fail) - begin_staging(); - open(); - -- expect_mock_psa_fwu_write(mapping[0].component, 0, NULL, 0, PSA_ERROR_GENERIC_ERROR); -+ expect_mock_psa_fwu_write(mapping->images[0].component, 0, NULL, 0, PSA_ERROR_GENERIC_ERROR); - LONGS_EQUAL(FWU_STATUS_DENIED, update_agent_write_stream(agent, handle, NULL, 0)); - } - -@@ -423,7 +433,7 @@ TEST(psa_fwu_m_update_agent, write_stream_overflow) - begin_staging(); - open(); - -- expect_mock_psa_fwu_write(mapping[0].component, 0, data, sizeof(data), PSA_SUCCESS); -+ expect_mock_psa_fwu_write(mapping->images[0].component, 0, data, sizeof(data), PSA_SUCCESS); - LONGS_EQUAL(FWU_STATUS_SUCCESS, - update_agent_write_stream(agent, handle, data, sizeof(data))); - -@@ -440,11 +450,11 @@ TEST(psa_fwu_m_update_agent, write_stream) - begin_staging(); - open(); - -- expect_mock_psa_fwu_write(mapping[0].component, 0, data, sizeof(data), PSA_SUCCESS); -+ expect_mock_psa_fwu_write(mapping->images[0].component, 0, data, sizeof(data), PSA_SUCCESS); - LONGS_EQUAL(FWU_STATUS_SUCCESS, - update_agent_write_stream(agent, handle, data, sizeof(data))); - -- expect_mock_psa_fwu_write(mapping[0].component, sizeof(data), data, sizeof(data), PSA_SUCCESS); -+ expect_mock_psa_fwu_write(mapping->images[0].component, sizeof(data), data, sizeof(data), PSA_SUCCESS); - LONGS_EQUAL(FWU_STATUS_SUCCESS, - update_agent_write_stream(agent, handle, data, sizeof(data))); - } -@@ -492,7 +502,7 @@ TEST(psa_fwu_m_update_agent, read_image_directory_query_fail) - LONGS_EQUAL(FWU_STATUS_SUCCESS, - update_agent_open(agent, &image_directory_uuid, FWU_OP_TYPE_READ, &handle)); - -- expect_mock_psa_fwu_query(mapping[0].component, &info, PSA_ERROR_GENERIC_ERROR); -+ expect_mock_psa_fwu_query(mapping->images[0].component, &info, PSA_ERROR_GENERIC_ERROR); - LONGS_EQUAL(FWU_STATUS_DENIED, - update_agent_read_stream(agent, handle, buffer, sizeof(buffer), &read_len, - &total_len)); -@@ -522,8 +532,8 @@ TEST(psa_fwu_m_update_agent, read_image_directory) - LONGS_EQUAL(FWU_STATUS_SUCCESS, - update_agent_open(agent, &image_directory_uuid, FWU_OP_TYPE_READ, &handle)); - -- expect_mock_psa_fwu_query(mapping[0].component, &info0, PSA_SUCCESS); -- expect_mock_psa_fwu_query(mapping[1].component, &info1, PSA_SUCCESS); -+ expect_mock_psa_fwu_query(mapping->images[0].component, &info0, PSA_SUCCESS); -+ expect_mock_psa_fwu_query(mapping->images[1].component, &info1, PSA_SUCCESS); - LONGS_EQUAL(FWU_STATUS_SUCCESS, - update_agent_read_stream(agent, handle, buffer, sizeof(buffer), &read_len, - &total_len)); -@@ -538,8 +548,8 @@ TEST(psa_fwu_m_update_agent, read_image_directory) - UNSIGNED_LONGS_EQUAL(0, directory->correct_boot); - UNSIGNED_LONGS_EQUAL(0x28, directory->img_info_size); - -- MEMCMP_EQUAL(&mapping[0].uuid, directory->img_info_entry[0].img_type_uuid, -- sizeof(mapping[0].uuid)); -+ MEMCMP_EQUAL(&mapping->images[0].uuid, directory->img_info_entry[0].img_type_uuid, -+ sizeof(mapping->images[0].uuid)); - UNSIGNED_LONGS_EQUAL(1, directory->img_info_entry[0].client_permissions); - UNSIGNED_LONGS_EQUAL(info0.max_size, directory->img_info_entry[0].img_max_size); - UNSIGNED_LONGS_EQUAL(0, directory->img_info_entry[0].lowest_accepted_version); -@@ -547,8 +557,8 @@ TEST(psa_fwu_m_update_agent, read_image_directory) - UNSIGNED_LONGS_EQUAL(0, directory->img_info_entry[0].accepted); - UNSIGNED_LONGS_EQUAL(0, directory->img_info_entry[0].reserved); - -- MEMCMP_EQUAL(&mapping[1].uuid, directory->img_info_entry[1].img_type_uuid, -- sizeof(mapping[1].uuid)); -+ MEMCMP_EQUAL(&mapping->images[1].uuid, directory->img_info_entry[1].img_type_uuid, -+ sizeof(mapping->images[1].uuid)); - UNSIGNED_LONGS_EQUAL(1, directory->img_info_entry[1].client_permissions); - UNSIGNED_LONGS_EQUAL(info1.max_size, directory->img_info_entry[1].img_max_size); - UNSIGNED_LONGS_EQUAL(0, directory->img_info_entry[1].lowest_accepted_version); -@@ -608,7 +618,7 @@ TEST(psa_fwu_m_update_agent, accept_image_one) - { - begin_staging(); - end_staging(); -- LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_accept_image(agent, &mapping[0].uuid)); -+ LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_accept_image(agent, &mapping->images[0].uuid)); - } - - TEST(psa_fwu_m_update_agent, accept_image_accept_fail) -@@ -617,8 +627,8 @@ TEST(psa_fwu_m_update_agent, accept_image_accept_fail) - end_staging(); - - expect_mock_psa_fwu_accept(PSA_ERROR_GENERIC_ERROR); -- LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_accept_image(agent, &mapping[0].uuid)); -- LONGS_EQUAL(FWU_STATUS_DENIED, update_agent_accept_image(agent, &mapping[1].uuid)); -+ LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_accept_image(agent, &mapping->images[0].uuid)); -+ LONGS_EQUAL(FWU_STATUS_DENIED, update_agent_accept_image(agent, &mapping->images[1].uuid)); - } - - TEST(psa_fwu_m_update_agent, accept_image) -@@ -627,8 +637,8 @@ TEST(psa_fwu_m_update_agent, accept_image) - end_staging(); - - expect_mock_psa_fwu_accept(PSA_SUCCESS); -- LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_accept_image(agent, &mapping[0].uuid)); -- LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_accept_image(agent, &mapping[1].uuid)); -+ LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_accept_image(agent, &mapping->images[0].uuid)); -+ LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_accept_image(agent, &mapping->images[1].uuid)); - } - - -@@ -675,8 +685,8 @@ TEST(psa_fwu_m_update_agent, select_previous) - TEST(psa_fwu_m_update_agent, boot_in_trial_mode_query_fail) { - psa_fwu_component_info_t info = {0}; - -- expect_mock_psa_fwu_query(mapping[0].component, &info, PSA_ERROR_GENERIC_ERROR); -- POINTERS_EQUAL(NULL, psa_fwu_m_update_agent_init(mapping, 2, 4096)); -+ expect_mock_psa_fwu_query(mapping->images[0].component, &info, PSA_ERROR_GENERIC_ERROR); -+ POINTERS_EQUAL(NULL, psa_fwu_m_update_agent_init(mapping, 4096)); - } - - TEST(psa_fwu_m_update_agent, boot_in_trial_mode_select_previous) { -@@ -685,10 +695,10 @@ TEST(psa_fwu_m_update_agent, boot_in_trial_mode_select_previous) { - - info1.state = PSA_FWU_TRIAL; - -- expect_mock_psa_fwu_query(mapping[0].component, &info0, PSA_SUCCESS); -- expect_mock_psa_fwu_query(mapping[1].component, &info1, PSA_SUCCESS); -+ expect_mock_psa_fwu_query(mapping->images[0].component, &info0, PSA_SUCCESS); -+ expect_mock_psa_fwu_query(mapping->images[1].component, &info1, PSA_SUCCESS); - -- update_agent *agent = psa_fwu_m_update_agent_init(mapping, 2, 4096); -+ update_agent *agent = psa_fwu_m_update_agent_init(mapping, 4096); - - expect_mock_psa_fwu_reject(0, PSA_SUCCESS); - LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_select_previous(agent)); -@@ -702,14 +712,14 @@ TEST(psa_fwu_m_update_agent, boot_in_trial_mode_accept) { - - info1.state = PSA_FWU_TRIAL; - -- expect_mock_psa_fwu_query(mapping[0].component, &info0, PSA_SUCCESS); -- expect_mock_psa_fwu_query(mapping[1].component, &info1, PSA_SUCCESS); -+ expect_mock_psa_fwu_query(mapping->images[0].component, &info0, PSA_SUCCESS); -+ expect_mock_psa_fwu_query(mapping->images[1].component, &info1, PSA_SUCCESS); - -- update_agent *agent = psa_fwu_m_update_agent_init(mapping, 2, 4096); -+ update_agent *agent = psa_fwu_m_update_agent_init(mapping, 4096); - - expect_mock_psa_fwu_accept(PSA_SUCCESS); -- LONGS_EQUAL(FWU_STATUS_DENIED, update_agent_accept_image(agent, &mapping[0].uuid)); -- LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_accept_image(agent, &mapping[1].uuid)); -+ LONGS_EQUAL(FWU_STATUS_DENIED, update_agent_accept_image(agent, &mapping->images[0].uuid)); -+ LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_accept_image(agent, &mapping->images[1].uuid)); - - psa_fwu_m_update_agent_deinit(agent); - } -diff --git a/deployments/se-proxy/infra/corstone1000/corstone1000_config.c b/deployments/se-proxy/infra/corstone1000/corstone1000_config.c -index 0cc0dee9..7466120f 100644 ---- a/deployments/se-proxy/infra/corstone1000/corstone1000_config.c -+++ b/deployments/se-proxy/infra/corstone1000/corstone1000_config.c -@@ -14,43 +14,48 @@ - #error "CORSTONE_1000_TYPE is not defined." - #endif - --struct psa_fwu_m_image_mapping img_mapping[IMAGE_MAPPING_ELEMENT_COUNT] = { -+struct psa_fwu_m_image_mapping img_mapping = { -+ .count = FWU_IMAGE_INDEX_COUNT, -+ .images = { - #if (CORSTONE_1000_TYPE == CORSTONE_1000_TYPE_CORTEX_A35_FVP) -- { -- .uuid = FWU_FVP_BL2_CAPSULE_UUID, -- .component = FWU_IMAGE_INDEX_CAPSULE_BL2 -- }, -- { -- .uuid = FWU_FVP_TFM_S_CAPSULE_UUID, -- .component = FWU_IMAGE_INDEX_CAPSULE_TFM_S -- }, -- { -- .uuid = FWU_FVP_FIP_CAPSULE_UUID, -- .component = FWU_IMAGE_INDEX_CAPSULE_FIP -- }, -- { -- .uuid = FWU_FVP_INITRAMFS_CAPSULE_UUID, -- .component = FWU_IMAGE_INDEX_CAPSULE_INITRAMFS -- }, -+ { -+ .uuid = {FWU_FVP_BL2_CAPSULE_UUID}, -+ .component = FWU_IMAGE_INDEX_CAPSULE_BL2 -+ }, -+ { -+ .uuid = {FWU_FVP_TFM_S_CAPSULE_UUID}, -+ .component = FWU_IMAGE_INDEX_CAPSULE_TFM_S -+ }, -+ { -+ .uuid = {FWU_FVP_FIP_CAPSULE_UUID}, -+ .component = FWU_IMAGE_INDEX_CAPSULE_FIP -+ }, -+ { -+ .uuid = {FWU_FVP_INITRAMFS_CAPSULE_UUID}, -+ .component = FWU_IMAGE_INDEX_CAPSULE_INITRAMFS -+ }, - #elif (CORSTONE_1000_TYPE == CORSTONE_1000_TYPE_CORTEX_A35_MPS3) -- { -- .uuid = FWU_MPS3_BL2_CAPSULE_UUID, -- .component = FWU_IMAGE_INDEX_CAPSULE_BL2 -- }, -- { -- .uuid = FWU_MPS3_TFM_S_CAPSULE_UUID, -- .component = FWU_IMAGE_INDEX_CAPSULE_TFM_S -- }, -- { -- .uuid = FWU_MPS3_FIP_CAPSULE_UUID, -- .component = FWU_IMAGE_INDEX_CAPSULE_FIP -- }, -- { -- .uuid = FWU_MPS3_INITRAMFS_CAPSULE_UUID, -- .component = FWU_IMAGE_INDEX_CAPSULE_INITRAMFS -- }, -+ { -+ .uuid = {FWU_MPS3_BL2_CAPSULE_UUID}, -+ .component = FWU_IMAGE_INDEX_CAPSULE_BL2 -+ }, -+ { -+ .uuid = {FWU_MPS3_TFM_S_CAPSULE_UUID}, -+ .component = FWU_IMAGE_INDEX_CAPSULE_TFM_S -+ }, -+ { -+ .uuid = {FWU_MPS3_FIP_CAPSULE_UUID}, -+ .component = FWU_IMAGE_INDEX_CAPSULE_FIP -+ }, -+ { -+ .uuid = {FWU_MPS3_INITRAMFS_CAPSULE_UUID}, -+ .component = FWU_IMAGE_INDEX_CAPSULE_INITRAMFS -+ }, - #else - #error "Unsupported CORSTONE_1000_TYPE value. Valid values are: 0 (Corstone-1000 with " \ - "Cortex-A35 FVP), 1 (Corstone-1000 with Cortex-A35 MPS3)" - #endif -+ /* Placeholder for ESRT entry; will be populated at runtime */ -+ {} /* ESRT image */ -+ } - }; -diff --git a/deployments/se-proxy/infra/corstone1000/corstone1000_config.h b/deployments/se-proxy/infra/corstone1000/corstone1000_config.h -index 59662ee3..99b15c21 100644 ---- a/deployments/se-proxy/infra/corstone1000/corstone1000_config.h -+++ b/deployments/se-proxy/infra/corstone1000/corstone1000_config.h -@@ -51,6 +51,8 @@ enum fwu_image_index { - FWU_IMAGE_INDEX_CAPSULE_TFM_S, - FWU_IMAGE_INDEX_CAPSULE_FIP, - FWU_IMAGE_INDEX_CAPSULE_INITRAMFS, -+ -+ // The ESRT image index should always be the last one - FWU_IMAGE_INDEX_ESRT, - - FWU_IMAGE_INDEX_LAST = FWU_IMAGE_INDEX_ESRT, -diff --git a/deployments/se-proxy/infra/rse/spf_fwu.c b/deployments/se-proxy/infra/rse/spf_fwu.c -index 713d932d..714edfaf 100644 ---- a/deployments/se-proxy/infra/rse/spf_fwu.c -+++ b/deployments/se-proxy/infra/rse/spf_fwu.c -@@ -17,23 +17,9 @@ - #include "service/fwu/provider/fwu_provider.h" - #include "service/fwu/common/update_agent_interface.h" - #include "service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.h" -- - #include --#include "corstone1000_config.h" --#include "corstone1000_event_handling.h" -- --#ifndef IMAGE_MAPPING_ELEMENT_COUNT --#define IMAGE_MAPPING_ELEMENT_COUNT 0 --#endif - --#ifndef MAX_PAYLOAD_SIZE - #define MAX_PAYLOAD_SIZE 4096 --#endif -- --/* The index to access the ESRT image in the psa_fwu_m_image_mapping structure -- * collection. The ESRT image is always accessed at the end of the collection. -- */ --#define IMAGE_MAPPING_ESRT_INDEX (IMAGE_MAPPING_ELEMENT_COUNT - 1) - - static void define_esrt_image_mapping(void); - -@@ -61,8 +47,7 @@ struct rpc_service_interface *fwu_proxy_create(void) - return NULL; - - define_esrt_image_mapping(); -- agent = psa_fwu_m_update_agent_init(img_mapping, IMAGE_MAPPING_ELEMENT_COUNT, -- MAX_PAYLOAD_SIZE); -+ agent = psa_fwu_m_update_agent_init(&img_mapping, MAX_PAYLOAD_SIZE); - - return fwu_provider_init(&fwu_provider, agent); - } -@@ -72,9 +57,15 @@ struct rpc_service_interface *fwu_proxy_create(void) - */ - static void define_esrt_image_mapping(void) - { -- uuid_octets_from_canonical(&img_mapping[IMAGE_MAPPING_ESRT_INDEX].uuid, -+ /* -+ * The index to access the ESRT image in the psa_fwu_m_image_mapping structure -+ * collection. The ESRT image is always accessed at the end of the collection. -+ */ -+ size_t esrt_index = img_mapping.count - 1; -+ -+ uuid_octets_from_canonical(&img_mapping.images[esrt_index].uuid, - EFI_SYSTEM_RESOURCE_TABLE_CANONICAL_UUID); -- img_mapping[IMAGE_MAPPING_ESRT_INDEX].component = FWU_IMAGE_INDEX_ESRT; -+ img_mapping.images[esrt_index].component = img_mapping.count; - } - - ADD_PROXY_SERVICE_FACTORY(fwu_proxy_create, FWU_PROXY, SE_PROXY_INTERFACE_PRIO_FWU); -diff --git a/deployments/se-proxy/infra/stub/service_proxy_factory.c b/deployments/se-proxy/infra/stub/service_proxy_factory.c -index c6c715e5..078984e0 100644 ---- a/deployments/se-proxy/infra/stub/service_proxy_factory.c -+++ b/deployments/se-proxy/infra/stub/service_proxy_factory.c -@@ -89,7 +89,7 @@ struct rpc_service_interface *fwu_proxy_create(void) - static struct update_agent *agent; - static struct fwu_provider fwu_provider = { 0 }; - -- agent = psa_fwu_m_update_agent_init(NULL, 0, 4096); -+ agent = psa_fwu_m_update_agent_init(NULL, 4096); - - return fwu_provider_init(&fwu_provider, agent); - } -diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -index baddf0be..f5a9c48f 100644 ---- a/platform/providers/arm/corstone1000/platform.cmake -+++ b/platform/providers/arm/corstone1000/platform.cmake -@@ -34,25 +34,23 @@ set(MM_COMM_BUFFER_PAGE_COUNT 0x1 CACHE STRING "MM Communication buffer page cou - - - # For ESRT v1 details : https://uefi.org/specs/UEFI/2.9_A/23_Firmware_Update_and_Reporting.html#efi-system-resource-table --set(FWU_IMAGE_CAPSULE_COUNT 4 CACHE STRING "Maximum number of FWU Images in a capsule to be updated") --set(ESRT_IMAGE_ENTRY_SIZE 40 CACHE STRING "Size of one ESRT v1 Image entry structure object") --set(ESRT_REMAINING_FIELDS_SIZE 16 CACHE STRING "Size of remaining fields of ESRT v1 table structure") -+# `FWU_IMAGE_CAPSULE_COUNT` has to match the number of images declared in corstone_config.h. Note that this does not include the ESRT image. -+# Maximum number of FWU Images in a capsule to be updated -+set(FWU_IMAGE_CAPSULE_COUNT 4) -+# Size of one ESRT v1 Image entry structure object -+set(ESRT_IMAGE_ENTRY_SIZE 40) -+# Size of remaining fields of ESRT v1 table structure -+set(ESRT_REMAINING_FIELDS_SIZE 16) - math(EXPR TOTAL_ESRT_SIZE "${FWU_IMAGE_CAPSULE_COUNT} * ${ESRT_IMAGE_ENTRY_SIZE} + ${ESRT_REMAINING_FIELDS_SIZE}" OUTPUT_FORMAT DECIMAL) - - set(TFM_FWU_MAX_DIGEST_SIZE ${TOTAL_ESRT_SIZE} CACHE STRING "Maximum size of ESRT entries of all the images in a bank") - --set(ESRT_IMAGE_COUNT 1 CACHE STRING "The immutable number of ESRT image") --math(EXPR IMAGE_MAPPING_ELEMENT_COUNT "${FWU_IMAGE_CAPSULE_COUNT} + ${ESRT_IMAGE_COUNT}" OUTPUT_FORMAT DECIMAL) -- - target_compile_definitions(${TGT} PRIVATE - PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE=${PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE} - COMMS_MHU_MSG_SIZE=${COMMS_MHU_MSG_SIZE} - MBEDTLS_ECP_DP_SECP521R1_ENABLED - CORSTONE_1000_TYPE=${CORSTONE_1000_TYPE_INT} - TFM_FWU_MAX_DIGEST_SIZE=${TFM_FWU_MAX_DIGEST_SIZE} -- FWU_IMAGE_CAPSULE_COUNT=${FWU_IMAGE_CAPSULE_COUNT} -- IMAGE_MAPPING_ELEMENT_COUNT=${IMAGE_MAPPING_ELEMENT_COUNT} -- MAX_PAYLOAD_SIZE=4096 - ) - - get_property(_platform_driver_dependencies TARGET ${TGT} --- -2.43.0 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-psa-crypto-fix-AEAD-block-cypher-support.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-psa-crypto-fix-AEAD-block-cypher-support.patch deleted file mode 100644 index 69f85ede..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-psa-crypto-fix-AEAD-block-cypher-support.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 85c8535f448466cdbd773f7072a42203ebc6ae64 Mon Sep 17 00:00:00 2001 -From: Gabor Abonyi -Date: Fri, 4 Apr 2025 11:43:09 +0000 -Subject: [PATCH] psa-crypto: fix AEAD block cypher support - -This change enables support for block cyphers that require input data -to be processed in whole block-sized chunks. - -psa_aead_encrypt() may send all input data for encryption, but the -underlying implementation is permitted to return only full blocks. -Any remaining data is returned later via psa_aead_finish(). -Similarly, in psa_aead_decrypt(), extra decrypted data may be returned -during psa_aead_verify(). - -This update ensures compatibility with block-based hardware accelerators -by deferring partial block processing until finalisation steps. - -Upstream-Status: Backport [85c8535f448466cdbd773f7072a42203ebc6ae64] -Signed-off-by: Gabor Abonyi ---- - .../service/crypto/client/psa/psa_aead.c | 18 ++++++++++++------ - 1 file changed, 12 insertions(+), 6 deletions(-) - -diff --git a/components/service/crypto/client/psa/psa_aead.c b/components/service/crypto/client/psa/psa_aead.c -index c820d222..5d76f708 100644 ---- a/components/service/crypto/client/psa/psa_aead.c -+++ b/components/service/crypto/client/psa/psa_aead.c -@@ -7,6 +7,7 @@ - #include - #include "psa_crypto_client.h" - #include "crypto_caller_selector.h" -+#include - - psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, - psa_key_id_t key, -@@ -244,14 +245,19 @@ psa_status_t psa_aead_encrypt(psa_key_id_t key, - { - size_t remaining_aead_len = 0; - size_t tag_len = 0; -+ uint8_t tag[PSA_AEAD_TAG_MAX_SIZE]; - - psa_status = psa_aead_finish(&operation, -- NULL, 0, &remaining_aead_len, -- &aeadtext[bytes_output], aeadtext_size - bytes_output, &tag_len); -+ &aeadtext[bytes_output], aeadtext_size - bytes_output, &remaining_aead_len, -+ tag, PSA_AEAD_TAG_MAX_SIZE, &tag_len); - -- if (psa_status == PSA_SUCCESS) { -+ if (aeadtext_size < bytes_output + remaining_aead_len + tag_len) -+ psa_status = PSA_ERROR_BUFFER_TOO_SMALL; - -- *aeadtext_length = bytes_output + remaining_aead_len + tag_len; -+ if (psa_status == PSA_SUCCESS) { -+ bytes_output += remaining_aead_len; -+ memcpy(&aeadtext[bytes_output], tag, tag_len); -+ *aeadtext_length = bytes_output + tag_len; - } - else { - -@@ -301,8 +307,8 @@ psa_status_t psa_aead_decrypt(psa_key_id_t key, - size_t remaining_plaintext_len = 0; - - psa_status = psa_aead_verify(&operation, -- NULL, 0, &remaining_plaintext_len, -- &aeadtext[bytes_output], aeadtext_length - bytes_output); -+ &plaintext[bytes_output], plaintext_size - bytes_output, -+ &remaining_plaintext_len, &aeadtext[ciphertext_len], tag_len); - - if (psa_status == PSA_SUCCESS) { - --- -2.43.0 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Align-PSA-Crypto-structs-with-TF-Mv2.1.1.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Align-PSA-Crypto-structs-with-TF-Mv2.1.1.patch deleted file mode 100644 index 4131cb63..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Align-PSA-Crypto-structs-with-TF-Mv2.1.1.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 8802bad31a37ded724cf157e49b6491226654d35 Mon Sep 17 00:00:00 2001 -From: Ali Can Ozaslan -Date: Tue, 29 Apr 2025 07:52:14 +0000 -Subject: [PATCH] Align PSA Crypto structs with TF-Mv2.1.1 - -The psa_client_key_attributes_s struct had to be aligned with the -psa_key_attributes_s struct in TF-M. - -Change-Id: Ia3b5e8f313bd79a321dda6a61357c1a5e5a17bc2 -Signed-off-by: Ali Can Ozaslan -Signed-off-by: Musa Antike -Signed-off-by: Frazer Carsley - -Upstream-Status: Backport [8802bad31a37ded724cf157e49b6491226654d35 on integration branch] ---- - components/service/crypto/include/psa/crypto_client_struct.h | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/components/service/crypto/include/psa/crypto_client_struct.h b/components/service/crypto/include/psa/crypto_client_struct.h -index 7e907faa..db2f9161 100644 ---- a/components/service/crypto/include/psa/crypto_client_struct.h -+++ b/components/service/crypto/include/psa/crypto_client_struct.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2023, Arm Limited. All rights reserved. -+ * Copyright (c) 2020-2025, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * -@@ -38,7 +38,6 @@ struct psa_client_key_attributes_s - uint32_t alg; - uint32_t alg2; - uint32_t id; -- int32_t owner_id; - }; - - #define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0} --- -2.43.0 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc index 5ebb08dc..5ba8d5f5 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc +++ b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc @@ -2,19 +2,8 @@ FILESEXTRAPATHS:prepend:corstone1000 := "${THISDIR}/corstone1000:" COMPATIBLE_MACHINE:corstone1000 = "corstone1000" SRC_URI:append:corstone1000 = " \ - file://0001-platform-corstone1000-Add-CORSTONE_1000_TYPE-variabl.patch \ - file://0002-platform-corstone1000-Add-event-provider-proxy-for-b.patch \ - file://0003-fwu-se-proxy-Allow-platform-override-of-FWU-mapping-.patch \ - file://0004-fwu-Coerce-PSA_SUCCESS_REBOOT-and-PSA_SUCCESS_RESTAR.patch \ - file://0005-platform-corstone1000-Add-MM-communication-buffer-co.patch \ - file://0006-fwu-Add-support-for-ESRT-v1-in-PSA-FWU-M-agent.patch \ - file://0007-Make-treating-warnings-as-errors-configurable.patch \ - file://0008-smm-gateway-config-Remove-Werror-compile-option.patch \ - file://0009-fwu-proxy-refactor-image-mapping.patch \ - file://0010-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch \ - file://0011-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch \ - file://0012-psa-crypto-fix-AEAD-block-cypher-support.patch \ - file://0013-Align-PSA-Crypto-structs-with-TF-Mv2.1.1.patch \ + file://0001-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch \ + file://0002-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch \ " # The patches above introduce errors with GCC 14.1, silence them for now From patchwork Wed Mar 4 08:27:10 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Szing X-Patchwork-Id: 82424 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71C06EB7EAA for ; Wed, 4 Mar 2026 08:28:32 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13682.1772612903805370161 for ; Wed, 04 Mar 2026 00:28:23 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: gyorgy.szing@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id F3E60339; Wed, 4 Mar 2026 00:28:16 -0800 (PST) Received: from gyoszi01-yocto.budapest.arm.com (ubul2.budapest.arm.com [10.42.55.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 78A8C3F7BD; Wed, 4 Mar 2026 00:28:22 -0800 (PST) From: Gyorgy Szing To: meta-arm@lists.yoctoproject.org Cc: Gabor Toth , Gyorgy Szing Subject: [PATCH 3/5] arm/trusted-services: Enable the fTPM SP Date: Wed, 4 Mar 2026 09:27:10 +0100 Message-ID: <20260304082718.2126340-4-gyorgy.szing@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260304082718.2126340-1-gyorgy.szing@arm.com> References: <20260304082718.2126340-1-gyorgy.szing@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 04 Mar 2026 08:28:32 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6938 From: Gabor Toth Trusted Services has introduced a Firmware TPM (fTPM) secure partition. This change enables building and deploying the fTPM SP through meta-arm. The secure partition is based on the TPM2 reference implementation, msp-tpm20-ref, which has been patched to use MbedTLS as its crypto backend and psa-its for non-volatile storage. Signed-off-by: Gabor Toth Signed-off-by: Gyorgy Szing --- .../0002-Add-TPM-CRB-FF-A-DT-support.patch | 297 ++++++++++++++++++ .../linux/files/fvp-base/tpm-crb.cfg | 3 + .../linux/linux-arm-platforms.inc | 9 + .../trusted-services/ts-sp-ftpm_%.bbappend | 1 + .../recipes-security/optee/optee-os-ts.inc | 7 + .../files/0001-fTPM-add-go_idle-support.patch | 84 +++++ .../trusted-services/trusted-services-src.inc | 1 + .../trusted-services/ts-ms-tpm20-ref_git.inc | 16 + .../trusted-services/ts-sp-ftpm_git.bb | 9 + .../trusted-services/ts-uuid.inc | 1 + 10 files changed, 428 insertions(+) create mode 100644 meta-arm-bsp/recipes-kernel/linux/files/fvp-base/0002-Add-TPM-CRB-FF-A-DT-support.patch create mode 100644 meta-arm-bsp/recipes-kernel/linux/files/fvp-base/tpm-crb.cfg create mode 100644 meta-arm-bsp/recipes-security/trusted-services/ts-sp-ftpm_%.bbappend create mode 100644 meta-arm/recipes-security/trusted-services/files/0001-fTPM-add-go_idle-support.patch create mode 100644 meta-arm/recipes-security/trusted-services/ts-ms-tpm20-ref_git.inc create mode 100644 meta-arm/recipes-security/trusted-services/ts-sp-ftpm_git.bb diff --git a/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/0002-Add-TPM-CRB-FF-A-DT-support.patch b/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/0002-Add-TPM-CRB-FF-A-DT-support.patch new file mode 100644 index 00000000..c858fb6d --- /dev/null +++ b/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/0002-Add-TPM-CRB-FF-A-DT-support.patch @@ -0,0 +1,297 @@ +From 016eec200c2da5949dd3b1886f4d0ff078085594 Mon Sep 17 00:00:00 2001 +From: kas User +Date: Sat, 24 Jan 2026 11:15:25 +0000 +Subject: Add TPM CRB FF-A DT support + +Add DT support and limit FF-A communication to 32 bit +FFA_MSG_SEND_DIRECT_REQ calls. + +This patch is a protorype implementation, proper DT support would need +wider changes (e.g. code is not reading carveout location from DT). + +Upstream-Status: Inappropriate [other] +Signed-off-by: Balint Dobszay +Signed-Off-By: Gyorgy Szing +--- + arch/arm64/boot/dts/arm/fvp-base-revc.dts | 11 ++ + drivers/char/tpm/tpm_crb.c | 187 ++++++++++++++++++++-- + drivers/char/tpm/tpm_crb_ffa.c | 7 +- + 3 files changed, 186 insertions(+), 19 deletions(-) + +diff --git a/arch/arm64/boot/dts/arm/fvp-base-revc.dts b/arch/arm64/boot/dts/arm/fvp-base-revc.dts +index 68a69f17e93d..c0ee96bddb61 100644 +--- a/arch/arm64/boot/dts/arm/fvp-base-revc.dts ++++ b/arch/arm64/boot/dts/arm/fvp-base-revc.dts +@@ -217,6 +217,17 @@ vram: vram@18000000 { + reg = <0x00000000 0x18000000 0 0x00800000>; + no-map; + }; ++ ++ /* TPM CRB carveout for SWd communication */ ++ tpm-crb@84000000 { ++ reg = <0x00000000 0x84000000 0 0x4000>; ++ no-map; ++ }; ++ }; ++ ++ ftpm { ++ /* Dummy node for TPM CRB platform driver */ ++ compatible = "arm,ftpm"; + }; + + gic: interrupt-controller@2f000000 { +diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c +index c75a531cfb98..3bd60cf34daf 100644 +--- a/drivers/char/tpm/tpm_crb.c ++++ b/drivers/char/tpm/tpm_crb.c +@@ -16,6 +16,8 @@ + #include + #include + #include ++#include ++#include + #ifdef CONFIG_ARM64 + #include + #endif +@@ -25,6 +27,10 @@ + #define ACPI_SIG_TPM2 "TPM2" + #define TPM_CRB_MAX_RESOURCES 3 + ++/* TPM CRB carveout. Should be marked as reserved-memory with no-map in the DT */ ++static const u64 carveout_addr = 0x84000000; ++static const size_t carveout_size = 4 * SZ_4K; ++ + static const guid_t crb_acpi_start_guid = + GUID_INIT(0x6BBF6CAB, 0x5463, 0x4714, + 0xB7, 0xCD, 0xF0, 0x20, 0x3C, 0x03, 0x68, 0xD4); +@@ -907,29 +913,180 @@ static void crb_acpi_remove(struct acpi_device *device) + tpm_chip_unregister(chip); + } + ++static int crb_map_of_io(struct platform_device *pdev, struct crb_priv *priv) ++{ ++ struct device *dev = &pdev->dev; ++ u32 pa_high, pa_low; ++ u64 cmd_pa; ++ u32 cmd_size; ++ __le64 __rsp_pa; ++ u64 rsp_pa; ++ u32 rsp_size; ++ int ret; ++ void __iomem *carveout; ++ ++ carveout = ioremap_np(carveout_addr, carveout_size); ++ if (!carveout) ++ return -EINVAL; ++ ++ priv->regs_h = (struct crb_regs_head *)carveout; ++ priv->regs_t = (struct crb_regs_tail *)((u8 *)carveout + 0x40); ++ priv->cmd = (u8 *)carveout + 0x80; ++ ++ ret = __crb_request_locality(dev, priv, 0); ++ if (ret) ++ return ret; ++ ++ pa_high = ioread32(&priv->regs_t->ctrl_cmd_pa_high); ++ pa_low = ioread32(&priv->regs_t->ctrl_cmd_pa_low); ++ cmd_pa = ((u64)pa_high << 32) | pa_low; ++ cmd_size = ioread32(&priv->regs_t->ctrl_cmd_size); ++ ++ dev_dbg(dev, "cmd_hi = %X cmd_low = %X cmd_size %X\n", ++ pa_high, pa_low, cmd_size); ++ ++ memcpy_fromio(&__rsp_pa, &priv->regs_t->ctrl_rsp_pa, 8); ++ rsp_pa = le64_to_cpu(__rsp_pa); ++ rsp_size = ioread32(&priv->regs_t->ctrl_rsp_size); ++ ++ /* According to the PTP specification, overlapping command and response ++ * buffer sizes must be identical. ++ */ ++ if (cmd_size != rsp_size) { ++ dev_err(dev, FW_BUG "overlapping command and response buffer sizes are not identical"); ++ ret = -EINVAL; ++ goto out; ++ } ++ ++ priv->rsp = priv->cmd; ++ ++out: ++ if (!ret) ++ priv->cmd_size = cmd_size; ++ ++ __crb_go_idle(dev, priv, 0); ++ __crb_relinquish_locality(dev, priv, 0); ++ ++ return ret; ++} ++ ++static int crb_of_add(struct platform_device *pdev) ++{ ++ struct crb_priv *priv; ++ struct tpm_chip *chip; ++ struct device *dev = &pdev->dev; ++ int rc; ++ ++ priv = devm_kzalloc(dev, sizeof(struct crb_priv), GFP_KERNEL); ++ if (!priv) { ++ rc = -ENOMEM; ++ goto out; ++ } ++ ++ priv->ffa_flags = 0; ++ priv->ffa_attributes = 0; ++ priv->sm = ACPI_TPM2_CRB_WITH_ARM_FFA; ++ priv->hid = "ftpm-ffa"; ++ ++ rc = tpm_crb_ffa_init(); ++ if (rc) { ++ if (rc == -ENOENT) { ++ /* FF-A driver is not available yet */ ++ rc = -EPROBE_DEFER; ++ } ++ goto out; ++ } ++ ++ rc = crb_map_of_io(pdev, priv); ++ if (rc) ++ goto out; ++ ++ chip = tpmm_chip_alloc(dev, &tpm_crb); ++ if (IS_ERR(chip)) { ++ rc = PTR_ERR(chip); ++ goto out; ++ } ++ ++ dev_set_drvdata(&chip->dev, priv); ++ chip->flags = TPM_CHIP_FLAG_TPM2; ++ ++ rc = tpm_chip_bootstrap(chip); ++ if (rc) ++ goto out; ++ ++ rc = tpm_chip_register(chip); ++ ++out: ++ return rc; ++} ++ ++static void crb_of_remove(struct platform_device *pdev) ++{ ++ struct device *dev = &pdev->dev; ++ struct tpm_chip *chip = dev_get_drvdata(dev); ++ ++ tpm_chip_unregister(chip); ++} ++ ++static int crb_probe(struct platform_device *pdev) ++{ ++ struct device_node *node = pdev->dev.of_node; ++ int rc; ++ ++ if (node) ++ rc = crb_of_add(pdev); ++ else if (ACPI_HANDLE(&pdev->dev)) ++ rc = crb_acpi_add(ACPI_COMPANION(&pdev->dev)); ++ else ++ return -EINVAL; ++ ++ return rc; ++} ++ ++static void crb_remove(struct platform_device *pdev) ++{ ++ struct device_node *node = pdev->dev.of_node; ++ ++ if (node) ++ crb_of_remove(pdev); ++ else if (ACPI_HANDLE(&pdev->dev)) ++ crb_acpi_remove(ACPI_COMPANION(&pdev->dev)); ++} ++ ++ + static const struct dev_pm_ops crb_pm = { + SET_SYSTEM_SLEEP_PM_OPS(tpm_pm_suspend, tpm_pm_resume) + }; + +-static const struct acpi_device_id crb_device_ids[] = { ++#ifdef CONFIG_OF ++static const struct of_device_id crb_of_device_ids[] = { ++ { .compatible = "arm,ftpm" }, ++ {}, ++}; ++MODULE_DEVICE_TABLE(of, crb_of_device_ids); ++#endif ++ ++#ifdef CONFIG_ACPI ++static const struct acpi_device_id crb_acpi_device_ids[] = { + {"MSFT0101", 0}, + {"", 0}, + }; +-MODULE_DEVICE_TABLE(acpi, crb_device_ids); +- +-static struct acpi_driver crb_acpi_driver = { +- .name = "tpm_crb", +- .ids = crb_device_ids, +- .ops = { +- .add = crb_acpi_add, +- .remove = crb_acpi_remove, +- }, +- .drv = { +- .pm = &crb_pm, +- }, +-}; ++MODULE_DEVICE_TABLE(acpi, crb_acpi_device_ids); ++#endif ++ ++static struct platform_driver crb_driver = { ++ .probe = crb_probe, ++ .remove = crb_remove, ++ .driver = { ++ .name = "tpm_crb", ++ .pm = &crb_pm, ++ .of_match_table = of_match_ptr(crb_of_device_ids), ++ .acpi_match_table = ACPI_PTR(crb_acpi_device_ids), ++ }, ++ }; ++ ++module_platform_driver(crb_driver); + +-module_acpi_driver(crb_acpi_driver); + MODULE_AUTHOR("Jarkko Sakkinen "); + MODULE_DESCRIPTION("TPM2 Driver"); + MODULE_VERSION("0.1"); +diff --git a/drivers/char/tpm/tpm_crb_ffa.c b/drivers/char/tpm/tpm_crb_ffa.c +index 755b77b32ea4..84b2ebc5c7c3 100644 +--- a/drivers/char/tpm/tpm_crb_ffa.c ++++ b/drivers/char/tpm/tpm_crb_ffa.c +@@ -340,8 +340,7 @@ static int tpm_crb_ffa_probe(struct ffa_device *ffa_dev) + + tpm_crb_ffa = ERR_PTR(-ENODEV); // set tpm_crb_ffa so we can detect probe failure + +- if (!ffa_partition_supports_direct_recv(ffa_dev) && +- !ffa_partition_supports_direct_req2_recv(ffa_dev)) { ++ if (!ffa_partition_supports_direct_recv(ffa_dev)) { + dev_warn(&ffa_dev->dev, "partition doesn't support direct message receive.\n"); + return -EINVAL; + } +@@ -356,7 +355,7 @@ static int tpm_crb_ffa_probe(struct ffa_device *ffa_dev) + ffa_dev_set_drvdata(ffa_dev, tpm_crb_ffa); + + /* if TPM is aarch32 use 32-bit SMCs */ +- if (!ffa_partition_check_property(ffa_dev, FFA_PARTITION_AARCH64_EXEC)) ++ if (!ffa_partition_check_property(ffa_dev, FFA_PARTITION_AARCH64_EXEC)) + ffa_dev->ops->msg_ops->mode_32bit_set(ffa_dev); + + /* verify compatibility of TPM service version number */ +@@ -406,7 +405,7 @@ static struct ffa_driver tpm_crb_ffa_driver = { + }; + + #ifdef MODULE +-module_ffa_driver(tpm_crb_ffa_driver); ++(tpm_crb_ffa_driver); + #endif + + MODULE_AUTHOR("Arm"); +-- +2.43.0 + diff --git a/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/tpm-crb.cfg b/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/tpm-crb.cfg new file mode 100644 index 00000000..2cb8da2e --- /dev/null +++ b/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/tpm-crb.cfg @@ -0,0 +1,3 @@ +CONFIG_ACPI=y +CONFIG_TCG_TPM=y +CONFIG_TCG_CRB=y \ No newline at end of file diff --git a/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc b/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc index cdfa3d35..a0c4128f 100644 --- a/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc +++ b/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc @@ -81,9 +81,18 @@ KERNEL_FEATURES:corstone1000:cortexa320 = "" COMPATIBLE_MACHINE:fvp-base = "fvp-base" KMACHINE:fvp-base = "fvp" FILESEXTRAPATHS:prepend:fvp-base := "${ARMBSPFILESPATHS}:${ARMFILESPATHS}" + + +FTPM_SRC = " \ + file://0002-Add-TPM-CRB-FF-A-DT-support.patch \ + file://tpm-crb.cfg \ +" + SRC_URI:append:fvp-base = " \ file://0001-arm64-dts-fvp-Enable-virtio-rng-support.patch \ file://tee.cfg \ + ${@bb.utils.contains('MACHINE_FEATURES', 'ts-ftpm', \ + '${FTPM_SRC}', '' , d)} \ ${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ 'file://no-strict-devmem.cfg', '' , d)} \ " diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-ftpm_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-ftpm_%.bbappend new file mode 100644 index 00000000..5c9ef210 --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-ftpm_%.bbappend @@ -0,0 +1 @@ +require ts-arm-platforms.inc diff --git a/meta-arm/recipes-security/optee/optee-os-ts.inc b/meta-arm/recipes-security/optee/optee-os-ts.inc index be4bf5bb..ee7dae69 100644 --- a/meta-arm/recipes-security/optee/optee-os-ts.inc +++ b/meta-arm/recipes-security/optee/optee-os-ts.inc @@ -86,6 +86,13 @@ DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-logging', \ SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-logging', \ ' ${TS_BIN}/${LOGGING_SP_UUID}${SP_EXT}', '', d)}" +# FTPM SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-ftpm', \ + ' ts-sp-ftpm', '' , d)}" + +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-ftpm', \ + ' ${TS_BIN}/${TS_FTPM_UUID}${SP_EXT}', '', d)}" + EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', \ ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y \ diff --git a/meta-arm/recipes-security/trusted-services/files/0001-fTPM-add-go_idle-support.patch b/meta-arm/recipes-security/trusted-services/files/0001-fTPM-add-go_idle-support.patch new file mode 100644 index 00000000..7b794e55 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/files/0001-fTPM-add-go_idle-support.patch @@ -0,0 +1,84 @@ +From 08fa0610c8796675ea8c8e5aabc6313b1c237f9c Mon Sep 17 00:00:00 2001 +From: Gyorgy Szing +Date: Mon, 2 Feb 2026 11:18:22 +0100 +Subject: [PATCH 1/1] fTPM: add go_idle support + +The Linux tpm_crb driver was changed to assume an fTPM instance accessed +trough FF-A CRB to support idle bit handing in the TPM_CRB_CTRL_REQ +register. Withouth this the kernel fails to start the device with a +timeout error. Add a minimal implementation to restore compatibility. + +Upstream-Status: Pending + +Signed-off-by: Gyorgy Szing +--- + .../service/tpm/provider/tpm_crb_provider.c | 29 +++++++++++++++++-- + 1 file changed, 27 insertions(+), 2 deletions(-) + +diff --git a/components/service/tpm/provider/tpm_crb_provider.c b/components/service/tpm/provider/tpm_crb_provider.c +index a0c8c4bf5..4a932624f 100644 +--- a/components/service/tpm/provider/tpm_crb_provider.c ++++ b/components/service/tpm/provider/tpm_crb_provider.c +@@ -142,6 +142,27 @@ static inline uint32_t tpm_get_request_length(uint8_t *buf) + return (uint32_t)((buf[2] << 24) + (buf[3] << 16) + (buf[4] << 8 ) + buf[5]); + } + ++#define WRITE_ALIAS_REG(this_instance, reg_name, value) \ ++ do { \ ++ unsigned int loc; \ ++ for (loc=0; loc < sizeof(this_instance->loc_ptr)/sizeof(this_instance->loc_ptr[0]); loc++) { \ ++ this_instance->loc_ptr[loc]->reg_name = (value); \ ++ } \ ++ } while(0) ++ ++static inline void go_busy(struct tpm_crb_provider *this_instance) { ++ WRITE_ALIAS_REG(this_instance, ctrl_status, 0); ++} ++ ++static inline void go_idle(struct tpm_crb_provider *this_instance, unsigned int locality) { ++ /* All operations done: ++ - clear the pending request ++ - set idle bit */ ++ this_instance->loc_ptr[locality]->ctrl_request = 0; ++ this_instance->loc_ptr[locality]->ctrl_start = 0; ++ WRITE_ALIAS_REG(this_instance, ctrl_status, CRB_CTRL_STS_TPM_IDLE); ++} ++ + static rpc_status_t command_handler(void *context, struct rpc_request *req) + { + struct tpm_crb_provider *this_instance = (struct tpm_crb_provider *)context; +@@ -161,25 +182,29 @@ static rpc_status_t command_handler(void *context, struct rpc_request *req) + + if (!(req_loc->ctrl_start & CRB_CTRL_START_COMMAND)) { + req->service_status = TPM_ERROR_INV_CRB_CTRL_DATA; ++ go_idle(this_instance, locality); + return RPC_ERROR_INTERNAL; + } + + req_len = tpm_get_request_length(req_loc->data_buffer); + if (req_len == 0 || crb_size < req_len) { + req->service_status = TPM_ERROR_INV_CRB_CTRL_DATA; ++ go_idle(this_instance, locality); + return RPC_ERROR_INTERNAL; + } + ++ go_busy(this_instance); ++ + req_data = req_loc->data_buffer; + resp_data = req_loc->data_buffer; + resp_max_size = crb_size; + + ms_tpm_backend_execute_command(req_data, req_len, &resp_data, &resp_len, resp_max_size); + +- /* All operations done, clear the pending request */ +- req_loc->ctrl_start &= ~CRB_CTRL_START_COMMAND; + req->service_status = TPM_STATUS_OK; + ++ go_idle(this_instance, locality); ++ + return RPC_SUCCESS; + } + +-- +2.43.0 + diff --git a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc index 38d705a3..7638a3ea 100644 --- a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc +++ b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc @@ -52,6 +52,7 @@ SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https; file://0001-Allow-configuring-flash-image-files-compile-time.patch \ file://0002-Fix-MbedTLS-3.6-and-GCC-14-compatibility.patch \ file://0001-Relax-pyelftools-dependency.patch \ + file://0001-fTPM-add-go_idle-support.patch \ " S = "${UNPACKDIR}/ts" diff --git a/meta-arm/recipes-security/trusted-services/ts-ms-tpm20-ref_git.inc b/meta-arm/recipes-security/trusted-services/ts-ms-tpm20-ref_git.inc new file mode 100644 index 00000000..e7543c8f --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-ms-tpm20-ref_git.inc @@ -0,0 +1,16 @@ +SUMMARY = "ms-tpm20-ref for Trusted Services" + +SRC_URI_MS_TPM20_REF = "git://github.com/microsoft/ms-tpm-20-ref;protocol=https;branch=v1.83" + +SRCREV_ms-tpm-20-ref = "e9fc7b89d865536c46deb63f9c7d0121a3ded49c" + +LIC_FILES_CHKSUM += "file://ts-external/mstpm/LICENSE;md5=5a3925ece0806073ae9ebbb08ff6f11e" + +EXTRA_OECMAKE += "-DMS_TPM_SOURCE_DIR=${S}/ts-external/mstpm" + +SRC_URI += "${SRC_URI_MS_TPM20_REF};name=ms-tpm-20-ref;destsuffix=ts/ts-external/mstpm \ +" + +do_apply_local_src_patches:append() { + apply_local_src_patches ${S}/external/ms_tpm ${S}/ts-external/mstpm +} diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-ftpm_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-ftpm_git.bb new file mode 100644 index 00000000..3d23a1d4 --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-ftpm_git.bb @@ -0,0 +1,9 @@ +DESCRIPTION = "Trusted Services Firmware Trusted Platform Module (fTPM) service provider" + +require ts-sp-common.inc +require ts-ms-tpm20-ref_git.inc + +SP_UUID = "${TS_FTPM_UUID}" +TS_SP_FTPM_CONFIG ?= "default" + +OECMAKE_SOURCEPATH = "${S}/deployments/ftpm/config/${TS_SP_FTPM_CONFIG}-${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-uuid.inc b/meta-arm/recipes-security/trusted-services/ts-uuid.inc index bcf0ee97..9bbcd087 100644 --- a/meta-arm/recipes-security/trusted-services/ts-uuid.inc +++ b/meta-arm/recipes-security/trusted-services/ts-uuid.inc @@ -14,3 +14,4 @@ SPM_TEST4_UUID = "423762ed-7772-406f-99d8-0c27da0abbf8" FWU_UUID = "6823a838-1b06-470e-9774-0cce8bfb53fd" BLOCK_STORAGE_UUID = "63646e80-eb52-462f-ac4f-8cdf3987519c" LOGGING_SP_UUID = "da9dffbd-d590-40ed-975f-19c65a3d52d3" +TS_FTPM_UUID = "17b862a4-1806-4faf-86b3-089a58353861" From patchwork Wed Mar 4 08:27:11 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Szing X-Patchwork-Id: 82423 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 80666EB7EAC for ; Wed, 4 Mar 2026 08:28:32 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13683.1772612906391256279 for ; Wed, 04 Mar 2026 00:28:26 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: gyorgy.szing@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A570D339; Wed, 4 Mar 2026 00:28:19 -0800 (PST) Received: from gyoszi01-yocto.budapest.arm.com (ubul2.budapest.arm.com [10.42.55.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 3092A3F7BD; Wed, 4 Mar 2026 00:28:25 -0800 (PST) From: Gyorgy Szing To: meta-arm@lists.yoctoproject.org Cc: Gabor Toth , Gyorgy Szing Subject: [PATCH 4/5] arm/trusted-services: Enable tpm2-tool self tests Date: Wed, 4 Mar 2026 09:27:11 +0100 Message-ID: <20260304082718.2126340-5-gyorgy.szing@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260304082718.2126340-1-gyorgy.szing@arm.com> References: <20260304082718.2126340-1-gyorgy.szing@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 04 Mar 2026 08:28:32 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6939 From: Gabor Toth Enable execution of the tpm2-tools self-test against the Trusted Services fTPM SP. The test is integrated into OEQA but is disabled by default due to its long execution time (over three hours on fvp-base) and inconsistent results. While individual tests pass when run in isolation, running the full suite results in failures. Despite this, it remains the most comprehensive verification currently available. Testing can be enabled by setting the RUN_TPM2_TESTS variable. Signed-off-by: Gabor Toth Signed-off-by: Gyorgy Szing --- ci/fvp-base-ts-ftpm.yml | 27 ++++ meta-arm/conf/layer.conf | 5 + ...1-Remove-simulator-and-abrmd-startup.patch | 55 ++++++++ ...icysigned_sh-fix-error-clear-lockout.patch | 56 ++++++++ .../recipes-tpm/tpm2-tools/files/tpm2-test | 8 ++ .../tpm2-tools/files/tpm2-test-all | 123 ++++++++++++++++++ .../tpm2-tools/tpm2-tools_5.7.bbappend | 27 ++++ .../oeqa/runtime/cases/trusted_services.py | 9 ++ 8 files changed, 310 insertions(+) create mode 100644 ci/fvp-base-ts-ftpm.yml create mode 100644 meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/files/0001-Remove-simulator-and-abrmd-startup.patch create mode 100644 meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/files/0003-abrmd_policysigned_sh-fix-error-clear-lockout.patch create mode 100644 meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/files/tpm2-test create mode 100644 meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/files/tpm2-test-all create mode 100644 meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/tpm2-tools_5.7.bbappend diff --git a/ci/fvp-base-ts-ftpm.yml b/ci/fvp-base-ts-ftpm.yml new file mode 100644 index 00000000..87539a7e --- /dev/null +++ b/ci/fvp-base-ts-ftpm.yml @@ -0,0 +1,27 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + +header: + version: 14 + includes: + - ci/fvp-base-ts.yml + - ci/meta-secure-core.yml + +repos: + meta-secure-core: + layers: + meta-tpm2: + +local_conf_header: + remove_secureboot: | + BBMASK += "efi-secure-boot" + + ftpm_sp_test: | + # Include tpm2 related packages + IMAGE_INSTALL:append = " tpm2-tools-tests tpm2-abrmd tpm2-tss" + # Use systemd as the init system, which is required for the tpm2 self-tests + INIT_MANAGER = "systemd" + IMAGE_INSTALL:append = " systemd util-linux" + + ts_ftpm_sp: | + MACHINE_FEATURES:append = " ts-ftpm" + RUN_TPM2_TESTS = "1" diff --git a/meta-arm/conf/layer.conf b/meta-arm/conf/layer.conf index 956a67c7..9d18c7c4 100644 --- a/meta-arm/conf/layer.conf +++ b/meta-arm/conf/layer.conf @@ -24,3 +24,8 @@ WARN_QA:append:layer-meta-arm = " patch-status" # Define base directory for meta-arm META_ARM_LAYER_DIR := "${LAYERDIR}" + +BBFILES_DYNAMIC += " \ + tpm2:${LAYERDIR}/dynamic-layers/meta-tpm2/*/*/*.bb \ + tpm2:${LAYERDIR}/dynamic-layers/meta-tpm2/*/*/*.bbappend \ +" diff --git a/meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/files/0001-Remove-simulator-and-abrmd-startup.patch b/meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/files/0001-Remove-simulator-and-abrmd-startup.patch new file mode 100644 index 00000000..b38fb9a7 --- /dev/null +++ b/meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/files/0001-Remove-simulator-and-abrmd-startup.patch @@ -0,0 +1,55 @@ +From b5269bd5380a8a7b202a27a558d98468e14ac642 Mon Sep 17 00:00:00 2001 +From: Imre Kis +Date: Wed, 25 Sep 2024 15:44:08 +0200 +Subject: [PATCH] Remove simulator and abrmd startup + +Upstream-Status: Inappropriate +Signed-off-by: Imre Kis +--- + test/integration/helpers.sh | 31 ------------------------------- + 1 file changed, 31 deletions(-) + +diff --git a/test/integration/helpers.sh b/test/integration/helpers.sh +index 4c861567..bb339078 100644 +--- a/test/integration/helpers.sh ++++ b/test/integration/helpers.sh +@@ -396,37 +396,6 @@ function start_up() { + + run_startup=true + +- if [ -n "$TPM2_SIM" ]; then +- # Start the simulator +- echo "Starting the simulator" +- start_sim || exit 1 +- echo "Started the simulator" +- else +- echo "not starting simulator" +- fi +- +- if [ -n "$TPM2_ABRMD" ]; then +- echo "Starting tpm2-abrmd" +- # Start tpm2-abrmd +- start_abrmd || exit 1 +- run_startup=false +- else +- echo "not starting abrmd" +- fi +- +- echo "TPM2TOOLS_TEST_TCTI=$TPM2TOOLS_TEST_TCTI" +- if [ -z "$TPM2TOOLS_TEST_TCTI" ]; then +- echo "TPM2TOOLS_TEST_TCTI not set, attempting to figure out default" +- if [ -z "$tpm2tools_tcti" ]; then +- echo "The simulator not abrmd was started, cannot determine a TCTI for tools." +- exit 1; +- fi +- TPM2TOOLS_TEST_TCTI="$tpm2tools_tcti" +- fi +- +- echo "export TPM2TOOLS_TCTI=\"$TPM2TOOLS_TEST_TCTI\"" +- export TPM2TOOLS_TCTI="$TPM2TOOLS_TEST_TCTI" +- + recreate_info + + echo "run_startup: $run_startup" +-- +2.34.1 \ No newline at end of file diff --git a/meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/files/0003-abrmd_policysigned_sh-fix-error-clear-lockout.patch b/meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/files/0003-abrmd_policysigned_sh-fix-error-clear-lockout.patch new file mode 100644 index 00000000..f6e1e9dd --- /dev/null +++ b/meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/files/0003-abrmd_policysigned_sh-fix-error-clear-lockout.patch @@ -0,0 +1,56 @@ +From be44c3231fe40c99ba55abe4f8ae6a7bfed92bde Mon Sep 17 00:00:00 2001 +From: Gabor Toth +Date: Thu, 30 Jan 2025 15:11:48 +0100 +Subject: [PATCH] abrmd_policysigned.sh: fix error, clear lockout + +Fix cleanup function to be able to return success. +Clear lockout state at the end of the test. + +Upstream-Status: Pending +Signed-off-by: Gabor Toth +--- + test/integration/tests/abrmd_policysigned.sh | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/test/integration/tests/abrmd_policysigned.sh b/test/integration/tests/abrmd_policysigned.sh +index 2a0b3994..d062f033 100644 +--- a/test/integration/tests/abrmd_policysigned.sh ++++ b/test/integration/tests/abrmd_policysigned.sh +@@ -3,15 +3,19 @@ + source helpers.sh + + cleanup() { +- rm -f session.ctx secret.dat private.pem public.pem signature.dat \ ++ rm -f secret.dat private.pem public.pem signature.dat \ + signing_key.ctx policy.signed prim.ctx sealing_key.priv sealing_key.pub \ + unsealed.dat qual.dat to_sign.bin + +- tpm2 flushcontext $session_ctx 2>/dev/null || true ++ tpm2 flushcontext session.ctx 2>/dev/null || true ++ ++ rm -f session.ctx + + if [ "${1}" != "no-shutdown" ]; then + shut_down + fi ++ ++ return 0 + } + trap cleanup EXIT + +@@ -129,10 +133,12 @@ openssl dgst -sha256 -sign signing_key.priv -out signature.dat to_sign.bin + tpm2 policysigned -S session.ctx -g sha256 -s signature.dat -f ecdsa \ + -c signing_key_pub.ctx --cphash cphash.bin + ### Authorize +-tpm2 dictionarylockout -c session:session.ctx ++tpm2 dictionarylockout -c -p session:session.ctx + + tpm2 flushcontext session.ctx + rm -f signing_key.priv signing_key.pub signing_key_pub.ctx cphash.bin \ + session.ctx policy.signed to_sign.bin signature.dat ++ ++tpm2 clear -c l "password" + + exit 0 +-- +2.34.1 diff --git a/meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/files/tpm2-test b/meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/files/tpm2-test new file mode 100644 index 00000000..da70121e --- /dev/null +++ b/meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/files/tpm2-test @@ -0,0 +1,8 @@ +#!/bin/sh + +# Some tests refers to these variables, which is not set at runtime +export srcdir=/usr/share/tpm2-tools +export abs_srcdir=$srcdir + +cd /usr/share/tpm2-tools/test/integration +dbus-run-session bash tests/$1.sh diff --git a/meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/files/tpm2-test-all b/meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/files/tpm2-test-all new file mode 100644 index 00000000..f5e3baf5 --- /dev/null +++ b/meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/files/tpm2-test-all @@ -0,0 +1,123 @@ +#!/bin/bash + +tests=( + abrmd_extended-sessions + abrmd_nvundefinespecial + abrmd_policyauthorizenv + abrmd_policyauthorize + abrmd_policyauthvalue + abrmd_policycommandcode + abrmd_policycountertimer + abrmd_policycphash + abrmd_policyduplicationselect + abrmd_policynamehash + abrmd_policynv + abrmd_policynvwritten + abrmd_policyor + abrmd_policypassword + abrmd_policypcr + abrmd_policysecret + abrmd_policysigned + abrmd_policytemplate + abrmd_policyticket + activecredential + attestation + certifycreation + certify + changeauth + changeeps + changepps + checkquote + clearcontrol + clear + clockrateadjust + commandaudit + createak + createpolicy + createprimary + create + dictionarylockout + duplicate + ecc + encryptdecrypt + evictcontrol + flushcontext + getcap + getpolicydigest + getrandom + gettestresult + gettime + hash + hierarchycontrol + hmac + import + import_tpm + incrementalselftest + load + makecredential + nvcertify + nvinc + output_formats + pcrevent + pcrextend + pcrlist + pcrreset + pcrs_format + print + readclock + readpublic + rsadecrypt + rsaencrypt + selftest + sessionconfig + setprimarypolicy + startup + stirrandom + symlink + testparms + unseal + verifysignature + X509certutil +) + +failed_tests=() + +# Failing tests: +# createek +# eventlog +# getekcertificate +# loadexternal +# quote +# rc_decode +# send +# send-tcti-cmd +# sign +# toggle_options +# nv +# pcrallocate +# sessionaudit +# setclock + +for test in "${tests[@]}"; do + echo '*******************************************************************************' + echo "${test} Starting..." + + if tpm2-test "${test}" + then + echo "${test} OK" + else + echo "${test} FAILED" + failed_tests+=("${test}") + fi +done +echo '*******************************************************************************' + +if [ ${#failed_tests[@]} -ne 0 ] +then + echo "ERROR: the following tpm2 tests failed:" + printf '\t%s\n' "${failed_tests[@]}" +fi + +echo '*******************************************************************************' + +(exit ${#failed_tests[@]}) diff --git a/meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/tpm2-tools_5.7.bbappend b/meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/tpm2-tools_5.7.bbappend new file mode 100644 index 00000000..092e8134 --- /dev/null +++ b/meta-arm/dynamic-layers/meta-tpm2/recipes-tpm/tpm2-tools/tpm2-tools_5.7.bbappend @@ -0,0 +1,27 @@ +# Include tpm2-tools dependencies. diffutils is needed for cmp tool, coreutils needed for dd and head (GNU instead of the busybox variant) +# need perl-misc for shasum + +PACKAGES:prepend = "${PN}-tests " + +RDEPENDS:${PN}-tests += " ${PN} xxd bash bash-completion dbus python3-yamllint python3 perl-misc coreutils diffutils curl" + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +SRC_URI:append = " \ + file://0001-Remove-simulator-and-abrmd-startup.patch \ + file://0003-abrmd_policysigned_sh-fix-error-clear-lockout.patch \ + file://tpm2-test \ + file://tpm2-test-all \ + " + +do_install:append() { + install -d ${D}${datadir}/tpm2-tools/test + install -m 0755 ${UNPACKDIR}/tpm2-test ${D}${bindir} + install -m 0755 ${UNPACKDIR}/tpm2-test-all ${D}${bindir} + + cd ${S}/test + find . -type d -exec install -d -m 0755 ${D}${datadir}/tpm2-tools/test/{} \; + find . -type f -exec install -m 0755 {} ${D}${datadir}/tpm2-tools/test/{} \; +} + +FILES:${PN}-tests += "${datadir}/tpm2-tools/test ${bindir}/tpm2-test ${bindir}/tpm2-test-all" diff --git a/meta-arm/lib/oeqa/runtime/cases/trusted_services.py b/meta-arm/lib/oeqa/runtime/cases/trusted_services.py index 54423999..6981bb98 100644 --- a/meta-arm/lib/oeqa/runtime/cases/trusted_services.py +++ b/meta-arm/lib/oeqa/runtime/cases/trusted_services.py @@ -4,6 +4,7 @@ from oeqa.runtime.case import OERuntimeTestCase from oeqa.core.decorator.depends import OETestDepends from oeqa.runtime.decorator.package import OEHasPackage from oeqa.core.decorator.data import skipIfNotInDataVar +from oeqa.core.decorator.oetimeout import OETimeout class TrustedServicesTest(OERuntimeTestCase): @@ -102,3 +103,11 @@ class TrustedServicesTest(OERuntimeTestCase): 'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']: self.skipTest('Crypto SP is not deployed in the system.') self.run_test_tool('ts-service-test -g Crypto') + + @OEHasPackage(['tpm2-tools-tests']) + @skipIfNotInDataVar('MACHINE_FEATURES', 'ts-ftpm', 'fTPM SP is not included') + @skipIfNotInDataVar('RUN_TPM2_TESTS', '1', 'Automated test is disabled (RUN_TPM2_TESTS is undefined).') + @OETestDepends(['ssh.SSHTest.test_ssh']) + @OETimeout(4*60*60) + def test_16_tpm2_test_all(self): + self.run_test_tool('tpm2-test-all') From patchwork Wed Mar 4 08:27:12 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gyorgy Szing X-Patchwork-Id: 82425 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 961BCEB7EAE for ; Wed, 4 Mar 2026 08:28:32 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.13794.1772612908709890180 for ; Wed, 04 Mar 2026 00:28:28 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: gyorgy.szing@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 052AA339; Wed, 4 Mar 2026 00:28:22 -0800 (PST) Received: from gyoszi01-yocto.budapest.arm.com (ubul2.budapest.arm.com [10.42.55.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id AA9E83F7BD; Wed, 4 Mar 2026 00:28:27 -0800 (PST) From: Gyorgy Szing To: meta-arm@lists.yoctoproject.org Cc: Gyorgy Szing Subject: [PATCH 5/5] arm/trusted-services: update documentation Date: Wed, 4 Mar 2026 09:27:12 +0100 Message-ID: <20260304082718.2126340-6-gyorgy.szing@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260304082718.2126340-1-gyorgy.szing@arm.com> References: <20260304082718.2126340-1-gyorgy.szing@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 04 Mar 2026 08:28:32 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6940 Change the layout to enhance readability and add TS fTPM related information. Signed-off-by: Gyorgy Szing --- documentation/trusted-services.md | 84 +++++++++++++++++++++++++++---- 1 file changed, 75 insertions(+), 9 deletions(-) diff --git a/documentation/trusted-services.md b/documentation/trusted-services.md index 8b7f795a..86db7b00 100644 --- a/documentation/trusted-services.md +++ b/documentation/trusted-services.md @@ -5,26 +5,31 @@ in `meta-arm/recipes-security/trusted-services` ## Secure Partitions recipes -We define dedicated recipes for all supported Trusted Services (TS) Secure Partitions. -These recipes produce ELF and DTB files for SPs. -These files are automatically included into optee-os image accordingly to defined MACHINE_FEATURES. +We define dedicated recipes for all supported Trusted Services (TS) Secure Partitions, which produce executables and +manifest binaries (DT files) for SPs. + +The Secure Partitions are compatible with any SPMC implementation that complies with the FF-A specification. Meta-arm +currently supports OP-TEE SPMC, and when enabled, the Secure Partition binaries are automatically included in the +optee-os image based on the defined MACHINE_FEATURES. For more details bout OP-TEE SPMC please refer to the +[OP-TEE documentation][^6]. ### How to include TS SPs -To include TS SPs into optee-os image you need to add into MACHINE_FEATURES -features for each [Secure Partition][^2] you would like to include: +To include TS SPs into the firmware image add the corresponding feature flags to the MACHINE_FEATURES variable for each +[Secure Partition][^2] you would like to include : | Secure Partition | MACHINE_FEATURE | | ----------------- | --------------- | | Attestation | ts-attesation | | Crypto | ts-crypto | -| Firmware Update | ts-fwu +| Firmware Update | ts-fwu | +| fTPM | ts-ftpm | | Internal Storage | ts-its | +| Logging | ts-logging | | Protected Storage | ts-storage | | se-proxy | ts-se-proxy | | smm-gateway | ts-smm-gateway | | spm-test[1-4] | optee-spmc-test | -| Logging | ts-logging | Other steps depend on your machine/platform definition: @@ -47,6 +52,15 @@ Other steps depend on your machine/platform definition: 4. Trusted Services supports an SPMC agonistic binary format. To build SPs to this format the `TS_ENV` variable is to be set to `sp`. The resulting SP binaries should be able to boot under any FF-A v1.1 compliant SPMC implementation. +### Example configurations + +The `meta-arm/ci` directory contains various TS focused [KAS][^7] configuration files: + +| File name | Description | +|-----------|-------------| +| ci/fvp-base-ts-ftpm.yml |Enabling the fTPM SP on the fvp-base machine| +| ci/fvp-base-ts.yml |TS config for the fvp-base machine| +| ci/qemuarm64-secureboot-ts.yml |TS config for quemuarm64-secureboot machine| ## Normal World applications @@ -55,7 +69,7 @@ Optionally for testing purposes you can add `packagegroup-ts-tests` into your im ## OEQA Trusted Services tests - meta-arm also includes Trusted Service OEQA tests which can be used for automated testing. +meta-arm also includes Trusted Service OEQA tests which can be used for automated testing. See `ci/trusted-services.yml` for an example how to include them into an image. ## Configuration options @@ -63,13 +77,59 @@ See `ci/trusted-services.yml` for an example how to include them into an image. Some TS recipes support yocto variables to set build configuration. These variables can be set in .conf files (machine specific or local.conf), or .bbappend files. -SmmGW SP recipe supports the following configuration variables +### SmmGW SP + +The recipe supports the following configuration variables | Variable name | Type | Description | |-----------------------|------|--------------------------------------------------------------------------------------------------------| | SMMGW_AUTH_VAR | Bool | Enable Authenticated variable support | | SMMGW_INTERNAL_CRYPTO | Bool | Use MbedTLS build into SmmGW for authentication related crypto operations. Depends on SMMGW_AUTH_VAR=1 | +fTPM tests are supported by OEQA but are disabled by default due to their lengthy execution time. To enable them, set the RUN_TPM2_TESTS +variable e.g. in local.conf. + +The list of supported test cases can be found in the `tests` array in the `meta-arm/recipes-tpm/tpm2-tools/files/tpm2-test-all` script. +These can be ran one-by-one, but currently running all of them by calling `tpm2-test-all` results in a failure of the `tpm2-abmrd` tool. + +The tests not supported are listed in the same script under the `Failing tests:` line. + +This script was created to meet the needs of the Trusted Services project, but in the future it should be updated to be configurable to +support generic usage. The aforementioned issue shall also be solved, so the supported tests could run together. + +### fTPM SP + +The fTPM SP is an experimental feature. Please refer to the [TS documentation][^5] for details on limitations. + +The current integration enables the fTPM Secure Partition and supports running tpm2-tools tests to verify correct +functionality. Secure Boot and other features that leverage TPM capabilities are not enabled currently. + +Configuration variables of the recipe: + +| Variable name | Type | Description | +|-----------------------|------|--------------------------------------------------------------------------------------------------------| +| RUN_TPM2_TESTS | Bool | Enable automatic execution of TPM tests from OEQA to verify the TS fTPM SP | + +The current integration targeting the fvp-base machine enables fTPM SP and allows running the tests. To reproduce the +build please use `ci/fvp-base-ts-ftpm.yml`. This configuration: + + - deploys the SP in the SWd + - amends the Linux kernel configuration: + - enables the tpm-crb driver + - add a patch to allow DTB based discovery + - deploys user-space components (tpm2-tss, tpm2-abrmd, tmp2-tools) + - configures the initialization system to start tpm2-abrmd. + +The configuration leverages tpm2 components form meta-secure-core layer. + +Validation can be performed by running the script located at `meta-arm/recipes-tpm/tpm2-tools/files/tpm2-test-all`. This +script runs a subset of tpm2 tests. While all tpm2 test pass when executed individually, executing the entire test suite +in a sequence leads to a failure of the `tpm2-abmrd` tool. As a workaround some test cases are disabled in the script. +You can find the list of disabled tests marked under the `Failing tests` section of the script. + +Note: tpm2 tests was designed to validate the tpm2 reference stack. Its use for verifying the fTPM SP is not fully +aligned with this intent. As such, the current validation approach is considered “best effort” and is suitable for +development purposes. A more appropriate and comprehensive test suite should be selected for future validation. ------ [^1]: https://trusted-services.readthedocs.io/en/integration/overview/index.html @@ -79,3 +139,9 @@ SmmGW SP recipe supports the following configuration variables [^3]: https://trusted-services.readthedocs.io/en/integration/deployments/test-executables.html [^4]: https://optee.readthedocs.io/en/latest/building/gits/optee_test.html + +[^5]: https://trusted-services.readthedocs.io/en/integration/services/tpm-service-description.html + +[^6]: https://optee.readthedocs.io/en/latest/architecture/spmc.html + +[^7]: https://kas.readthedocs.io