From patchwork Wed Mar 11 12:12:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jon Mason X-Patchwork-Id: 83105 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 684AE1062880 for ; Wed, 11 Mar 2026 12:12:53 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.19946.1773231165904492951 for ; Wed, 11 Mar 2026 05:12:46 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: jon.mason@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0D96D165C for ; Wed, 11 Mar 2026 05:12:39 -0700 (PDT) Received: from H24V3P4C17.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 1CEAA3F7BD for ; Wed, 11 Mar 2026 05:12:45 -0700 (PDT) From: Jon Mason To: meta-arm@lists.yoctoproject.org Subject: [PATCH 1/5] CI/uefi-secureboot: remove duplicate entry Date: Wed, 11 Mar 2026 08:12:39 -0400 Message-ID: <20260311121244.72838-1-jon.mason@arm.com> X-Mailer: git-send-email 2.50.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 Mar 2026 12:12:53 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6946 Signed-off-by: Jon Mason --- ci/uefi-secureboot.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ci/uefi-secureboot.yml b/ci/uefi-secureboot.yml index 4cc4e658b5e0..f16e8686be51 100644 --- a/ci/uefi-secureboot.yml +++ b/ci/uefi-secureboot.yml @@ -39,7 +39,6 @@ local_conf_header: IMAGE_CLASSES += "sbsign" UKI_SB_KEY = "${SBSIGN_KEY}" UKI_SB_CERT = "${SBSIGN_CERT}" - QB_KERNEL_ROOT = "" IMAGE_BOOT_FILES:remove = "Image" INITRAMFS_IMAGE = "core-image-initramfs-boot" From patchwork Wed Mar 11 12:12:40 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jon Mason X-Patchwork-Id: 83108 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 865871062882 for ; Wed, 11 Mar 2026 12:12:53 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.19947.1773231165942196920 for ; Wed, 11 Mar 2026 05:12:46 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: jon.mason@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 411C2169C for ; Wed, 11 Mar 2026 05:12:39 -0700 (PDT) Received: from H24V3P4C17.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 50E8A3F836 for ; Wed, 11 Mar 2026 05:12:45 -0700 (PDT) From: Jon Mason To: meta-arm@lists.yoctoproject.org Subject: [PATCH 2/5] arm-bsp/trusted-firmware-a: remove unnecessary FILESEXTRAPATHS Date: Wed, 11 Mar 2026 08:12:40 -0400 Message-ID: <20260311121244.72838-2-jon.mason@arm.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20260311121244.72838-1-jon.mason@arm.com> References: <20260311121244.72838-1-jon.mason@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 Mar 2026 12:12:53 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6947 Signed-off-by: Jon Mason --- .../trusted-firmware-a/trusted-firmware-a_%.bbappend | 2 -- 1 file changed, 2 deletions(-) diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend index 01ce095ef225..5b4043e87bea 100644 --- a/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend +++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend @@ -1,5 +1,3 @@ -FILESEXTRAPATHS:prepend := "${THISDIR}/files/:" - # Machine specific TFAs MACHINE_TFA_REQUIRE ?= "" From patchwork Wed Mar 11 12:12:41 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jon Mason X-Patchwork-Id: 83106 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 430251062878 for ; Wed, 11 Mar 2026 12:12:53 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.19530.1773231166061761925 for ; Wed, 11 Mar 2026 05:12:46 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: jon.mason@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6C9832103 for ; Wed, 11 Mar 2026 05:12:39 -0700 (PDT) Received: from H24V3P4C17.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 84AE93F7BD for ; Wed, 11 Mar 2026 05:12:45 -0700 (PDT) From: Jon Mason To: meta-arm@lists.yoctoproject.org Subject: [PATCH 3/5] arm-bsp/sbsa-ref: fix qemu warning Date: Wed, 11 Mar 2026 08:12:41 -0400 Message-ID: <20260311121244.72838-3-jon.mason@arm.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20260311121244.72838-1-jon.mason@arm.com> References: <20260311121244.72838-1-jon.mason@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 Mar 2026 12:12:53 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6949 Make the relevant correction for the following warning in qemu: warning: short-form boolean option 'readonly' deprecated Please use readonly=on instead Signed-off-by: Jon Mason --- meta-arm-bsp/conf/machine/sbsa-ref.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-arm-bsp/conf/machine/sbsa-ref.conf b/meta-arm-bsp/conf/machine/sbsa-ref.conf index eefbb2e9cac2..d05e44677e0d 100644 --- a/meta-arm-bsp/conf/machine/sbsa-ref.conf +++ b/meta-arm-bsp/conf/machine/sbsa-ref.conf @@ -44,7 +44,7 @@ QB_NETWORK_DEVICE = "-device e1000e,netdev=net0,mac=@MAC@" QB_DRIVE_TYPE = "/dev/hd" QB_ROOTFS_OPT = "-drive file=@ROOTFS@,if=ide,format=qcow2" QB_DEFAULT_KERNEL = "none" -QB_OPT_APPEND = "-device usb-tablet -device usb-kbd -drive if=pflash,format=raw,unit=0,readonly,file=@DEPLOY_DIR_IMAGE@/SBSA_FLASH0.fd -drive if=pflash,format=raw,unit=1,readonly,file=@DEPLOY_DIR_IMAGE@/SBSA_FLASH1.fd" +QB_OPT_APPEND = "-device usb-tablet -device usb-kbd -drive if=pflash,format=raw,unit=0,readonly=on,file=@DEPLOY_DIR_IMAGE@/SBSA_FLASH0.fd -drive if=pflash,format=raw,unit=1,readonly=on,file=@DEPLOY_DIR_IMAGE@/SBSA_FLASH1.fd" QB_SERIAL_OPT = "-device virtio-serial-pci -chardev null,id=virtcon -device virtconsole,chardev=virtcon" QB_TCPSERIAL_OPT = "-device virtio-serial-pci -chardev socket,id=virtcon,port=@PORT@,host=127.0.0.1 -device virtconsole,chardev=virtcon" # sbsa-ref is a true virtual machine so can't use KVM From patchwork Wed Mar 11 12:12:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jon Mason X-Patchwork-Id: 83107 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DFA031062883 for ; Wed, 11 Mar 2026 12:12:53 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.19531.1773231166333896481 for ; Wed, 11 Mar 2026 05:12:46 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: jon.mason@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A03282247 for ; Wed, 11 Mar 2026 05:12:39 -0700 (PDT) Received: from H24V3P4C17.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id AFDDF3F836 for ; Wed, 11 Mar 2026 05:12:45 -0700 (PDT) From: Jon Mason To: meta-arm@lists.yoctoproject.org Subject: [PATCH 4/5] arm/qemuarm64: fix edk2 and test it Date: Wed, 11 Mar 2026 08:12:42 -0400 Message-ID: <20260311121244.72838-4-jon.mason@arm.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20260311121244.72838-1-jon.mason@arm.com> References: <20260311121244.72838-1-jon.mason@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 Mar 2026 12:12:53 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6948 edk2 has been broken on qemuarm64 for an unknown amount of time. Add it to CI to prevent this from happening (until edk2 works on qemuarm64-secureboot). Signed-off-by: Jon Mason --- .gitlab-ci.yml | 1 + meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f1a4fdc38240..048366bd46a3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -271,6 +271,7 @@ qemuarm64: parallel: matrix: - DISTRO: poky-tiny + FIRMWARE: [u-boot, edk2] TESTING: testimage - VIRT: xen diff --git a/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend b/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend index b806bf8768e8..063136242bef 100644 --- a/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend +++ b/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend @@ -1,5 +1,5 @@ COMPATIBLE_MACHINE:qemuarm64 = "qemuarm64" -EDK2_PLATFORM:qemuarm64 = "ArmVirtQemu-AARCH64" +EDK2_PLATFORM:qemuarm64 = "ArmVirtQemu-AArch64" EDK2_PLATFORM_DSC:qemuarm64 = "ArmVirtPkg/ArmVirtQemu.dsc" EDK2_BIN_NAME:qemuarm64 = "QEMU_EFI.fd" # No need for PXE booting in qemu, disable to reduce unnecessary noise From patchwork Wed Mar 11 12:12:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jon Mason X-Patchwork-Id: 83109 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CCA3D1062884 for ; Wed, 11 Mar 2026 12:12:53 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.19948.1773231166476663320 for ; Wed, 11 Mar 2026 05:12:46 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: jon.mason@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id CA6FF22BE for ; Wed, 11 Mar 2026 05:12:39 -0700 (PDT) Received: from H24V3P4C17.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id E54183F7BD for ; Wed, 11 Mar 2026 05:12:45 -0700 (PDT) From: Jon Mason To: meta-arm@lists.yoctoproject.org Subject: [PATCH 5/5] arm/qemuarm64-secureboot: get edk2 and trusted-firmware a working Date: Wed, 11 Mar 2026 08:12:43 -0400 Message-ID: <20260311121244.72838-5-jon.mason@arm.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20260311121244.72838-1-jon.mason@arm.com> References: <20260311121244.72838-1-jon.mason@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 11 Mar 2026 12:12:53 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6950 Do the changes necessary to get qemuarm64-secureboot to work with edk2 firmware, and add it to CI. The CI changes needed to make it dynamic based on edk2.yml or u-boot.yml required moving the relevant parts into inc files. Signed-off-by: Jon Mason --- .gitlab-ci.yml | 1 + ci/edk2.yml | 2 +- .../trusted-firmware-a-qemuarm-secureboot.inc | 19 +++++++ ...rusted-firmware-a-qemuarm64-secureboot.inc | 36 ++++++++++++ .../trusted-firmware-a_%.bbappend | 55 ++----------------- .../recipes-bsp/uefi/edk2-firmware_%.bbappend | 6 ++ 6 files changed, 68 insertions(+), 51 deletions(-) create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemuarm-secureboot.inc create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemuarm64-secureboot.inc diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 048366bd46a3..a93a0f1e0dec 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -258,6 +258,7 @@ qemuarm64-secureboot: parallel: matrix: - TOOLCHAINS: [gcc, clang] + FIRMWARE: [u-boot, edk2] TCLIBC: [glibc, musl] TS: [none, qemuarm64-secureboot-ts] TESTING: testimage diff --git a/ci/edk2.yml b/ci/edk2.yml index cf2f5851b85d..e14c16e1df27 100644 --- a/ci/edk2.yml +++ b/ci/edk2.yml @@ -13,5 +13,5 @@ local_conf_header: EXTRA_IMAGEDEPENDS += "edk2-firmware" EFI_PROVIDER ?= "grub-efi" - QB_DEFAULT_BIOS = "QEMU_EFI.fd" + QB_DEFAULT_BIOS ??= "QEMU_EFI.fd" WKS_FILE ?= "efi-disk.wks.in" diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemuarm-secureboot.inc b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemuarm-secureboot.inc new file mode 100644 index 000000000000..6227d1882924 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemuarm-secureboot.inc @@ -0,0 +1,19 @@ +COMPATIBLE_MACHINE = "qemuarm-secureboot" + +TFA_PLATFORM = "qemu" + +# EDK2 dropped support for 32bit Arm, so u-boot only +TFA_UBOOT = "1" +TFA_INSTALL_TARGET = "flash.bin" + +do_compile:append() { + # Create a secure flash image for booting AArch64 Qemu. See: + # https://trustedfirmware-a.readthedocs.io/en/latest/plat/qemu.html + dd if=${BUILD_DIR}/bl1.bin of=${BUILD_DIR}/flash.bin bs=4096 conv=notrunc + dd if=${BUILD_DIR}/fip.bin of=${BUILD_DIR}/flash.bin seek=64 bs=4096 conv=notrunc +} + +do_deploy:append(){ + # runqemu requires flash.bin to be in the deploy directory + ln -srn ${DEPLOYDIR}/${PN}/flash.bin ${DEPLOYDIR}/flash.bin +} diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemuarm64-secureboot.inc b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemuarm64-secureboot.inc new file mode 100644 index 000000000000..9bfe52c5b44d --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qemuarm64-secureboot.inc @@ -0,0 +1,36 @@ +COMPATIBLE_MACHINE = "qemuarm64-secureboot" + +# Enable passing TOS_FW_CONFIG from FIP package to Trusted OS. +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" +SRC_URI:append = " file://0001-Add-spmc_manifest-for-qemu.patch" + +TFA_PLATFORM = "qemu" + +# Trusted Services secure partitions require arm-ffa machine feature. +# Enabling Secure-EL1 Payload Dispatcher (SPD) in this case +TFA_SPD = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', 'spmd', 'opteed', d)}" +# Configure tf-a accordingly to TS requirements if included +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', ' CTX_INCLUDE_EL2_REGS=0 SPMC_OPTEE=1 ', '' , d)}" +# Cortex-A57 supports Armv8.0 (no S-EL2 execution state). +# The SPD SPMC component should run at the S-EL1 execution state. +TFA_SPMD_SPM_AT_SEL2 = "0" + +TFA_UBOOT ?= "1" + +TFA_INSTALL_TARGET = "flash.bin" + +# When using OP-TEE SPMC specify the SPMC manifest file. +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', \ + 'QEMU_TOS_FW_CONFIG_DTS=${S}/plat/qemu/fdts/optee_spmc_manifest.dts', '', d)}" + +do_compile:append() { + # Create a secure flash image for booting AArch64 Qemu. See: + # https://trustedfirmware-a.readthedocs.io/en/latest/plat/qemu.html + dd if=${BUILD_DIR}/bl1.bin of=${BUILD_DIR}/flash.bin bs=4096 conv=notrunc + dd if=${BUILD_DIR}/fip.bin of=${BUILD_DIR}/flash.bin seek=64 bs=4096 conv=notrunc +} + +do_deploy:append(){ + # runqemu requires flash.bin to be in the deploy directory + ln -srn ${DEPLOYDIR}/${PN}/flash.bin ${DEPLOYDIR}/flash.bin +} diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend index 679f6f222fa0..a230a0c73fd3 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend @@ -1,32 +1,14 @@ -COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64-secureboot" -COMPATIBLE_MACHINE:qemuarm-secureboot = "qemuarm-secureboot" +# Machine specific TFAs -# Enable passing TOS_FW_CONFIG from FIP package to Trusted OS. -FILESEXTRAPATHS:prepend:qemuarm64-secureboot := "${THISDIR}/files:" -SRC_URI:append:qemuarm64-secureboot = " \ - file://0001-Add-spmc_manifest-for-qemu.patch \ - " +QEMU_TFA_REQUIRE ?= "" +QEMU_TFA_REQUIRE:qemuarm-secureboot = "trusted-firmware-a-qemuarm-secureboot.inc" +QEMU_TFA_REQUIRE:qemuarm64-secureboot = "trusted-firmware-a-qemuarm64-secureboot.inc" -TFA_PLATFORM:qemuarm64-secureboot = "qemu" -TFA_PLATFORM:qemuarm-secureboot = "qemu" +require ${QEMU_TFA_REQUIRE} -# Trusted Services secure partitions require arm-ffa machine feature. -# Enabling Secure-EL1 Payload Dispatcher (SPD) in this case -TFA_SPD:qemuarm64-secureboot = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', 'spmd', 'opteed', d)}" -# Configure tf-a accordingly to TS requirements if included -EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', ' CTX_INCLUDE_EL2_REGS=0 SPMC_OPTEE=1 ', '' , d)}" -# Cortex-A57 supports Armv8.0 (no S-EL2 execution state). -# The SPD SPMC component should run at the S-EL1 execution state. -TFA_SPMD_SPM_AT_SEL2:qemuarm64-secureboot = "0" - -TFA_UBOOT:qemuarm64-secureboot = "1" -TFA_UBOOT:qemuarm-secureboot = "1" TFA_BUILD_TARGET:aarch64:qemuall = "all fip" TFA_BUILD_TARGET:arm:qemuall = "all fip" -TFA_INSTALL_TARGET:qemuarm64-secureboot = "flash.bin" -TFA_INSTALL_TARGET:qemuarm-secureboot = "flash.bin" - DEPENDS:append:aarch64:qemuall = " optee-os" DEPENDS:append:arm:qemuall = " optee-os" @@ -46,30 +28,3 @@ EXTRA_OEMAKE:append:arm:qemuall = " \ BL32_RAM_LOCATION=tdram \ AARCH32_SP=optee \ " -# When using OP-TEE SPMC specify the SPMC manifest file. -EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', \ - 'QEMU_TOS_FW_CONFIG_DTS=${S}/plat/qemu/fdts/optee_spmc_manifest.dts', '', d)}" - -do_compile:append:qemuarm64-secureboot() { - # Create a secure flash image for booting AArch64 Qemu. See: - # https://trustedfirmware-a.readthedocs.io/en/latest/plat/qemu.html - dd if=${BUILD_DIR}/bl1.bin of=${BUILD_DIR}/flash.bin bs=4096 conv=notrunc - dd if=${BUILD_DIR}/fip.bin of=${BUILD_DIR}/flash.bin seek=64 bs=4096 conv=notrunc -} - -do_compile:append:qemuarm-secureboot() { - # Create a secure flash image for booting AArch64 Qemu. See: - # https://trustedfirmware-a.readthedocs.io/en/latest/plat/qemu.html - dd if=${BUILD_DIR}/bl1.bin of=${BUILD_DIR}/flash.bin bs=4096 conv=notrunc - dd if=${BUILD_DIR}/fip.bin of=${BUILD_DIR}/flash.bin seek=64 bs=4096 conv=notrunc -} - -do_deploy:append:qemuarm64-secureboot(){ - # runqemu requires flash.bin to be in the deploy directory - ln -srn ${DEPLOYDIR}/${PN}/flash.bin ${DEPLOYDIR}/flash.bin -} - -do_deploy:append:qemuarm-secureboot(){ - # runqemu requires flash.bin to be in the deploy directory - ln -srn ${DEPLOYDIR}/${PN}/flash.bin ${DEPLOYDIR}/flash.bin -} diff --git a/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend b/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend index 063136242bef..9f75e0a954a3 100644 --- a/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend +++ b/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend @@ -5,6 +5,12 @@ EDK2_BIN_NAME:qemuarm64 = "QEMU_EFI.fd" # No need for PXE booting in qemu, disable to reduce unnecessary noise EDK2_EXTRA_BUILD:qemuarm64 += " -D NETWORK_PXE_BOOT_ENABLE=FALSE " +COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64-secureboot" +EDK2_PLATFORM:qemuarm64-secureboot = "ArmVirtQemuKernel-AArch64" +EDK2_PLATFORM_DSC:qemuarm64-secureboot = "ArmVirtPkg/ArmVirtQemuKernel.dsc" +EDK2_BIN_NAME:qemuarm64-secureboot = "QEMU_EFI.fd" +#EDK2_BUILD_RELEASE:qemuarm64-secureboot = "0" + do_install:append:qemuarm64() { install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/FV/${EDK2_BIN_NAME} ${D}/firmware/ }