subtree updates july 21 2023 pi,security,arm
meta-arm: d6fac49541..b4d50a273d:
Abdellatif El Khlifi (5):
arm-bsp/documentation: corstone1000: Update change log
arm-bsp/doc: corstone1000: Update the software architecture document
arm-bsp/documentation: corstone1000: update the release note
arm-bsp/documentation: corstone1000: update user guide
kas: set the SHAs for 2023.06 release
Jon Mason (7):
arm/optee-test: modify to use build openssl
arm/optee: update to 3.22.0
arm-bsp/machine: work around rootfs name issue
ci/clang: add llvm-native from clang README
arm/optee-os: update/clean-up patches and recipes
arm-bsp/juno: remove commented out KCONFIG
arm/linux-yocto: move 6.1 patches to a unique bbappend
Khem Raj (1):
gn: Disable warning as error but not disable completely
Mikko Rapeli (1):
optee-os optee-test: switch from SRC_URI:append to SRC_URI +=
Peter Hoyes (5):
runfvp: Add missing conffile include
arm/oeqa: Merge all OEFVP*Target classes
arm/OEFVPTarget: Add support for model state transitions
arm/oeqa: Convert linuxboot test case into fvp_boot
arm/oeqa: Introduce the fvp_devices test suite
Ross Burton (14):
CI: use Kas 3.3
CI: update to Kas format 14
CI: use branch, not refspec
CI: generate and use a Kas lock file
CI: add a tool to fetch a lockfile.yml for a specified build
arm/scp-firmware: set default SCP_PLATFORM to MACHINE
arm-bsp/scp-firmware: remove redundant SCP_PLATFORM
arm/scp-firware: update compiler variables
arm/scp-firmware: log what platform/firmware/type is being built
arm/scp-firmware: fix intermittent compile failures
CI: track master
arm-bsp/u-boot: add temporary 2023.01 recipe
toolchain: remove pointless provides
arm-bsp/linux-yocto: fix Upstream-Status
Rouven Czerwinski (3):
optee-os: add optional optee-os-ta package
optee-os: deploy ta elf files
optee-test: add TA elfs to deploydir
Tomás González (2):
arm-bsp/documentation: corstone1000: Update the user guide
arm-bsp/documentation: corstone1000: Update the release notes
Ziad Elhanafy (5):
arm-bsp/conf: Remove hardcoded .rootfs from image path
arm/classes: Remove IMAGE_NAME_SUFFIX from image path
arm: Set FVP EULA environment variable details message
kas: Add fvp-eula.yml and remove license related settings
arm-bsp/documentation: Replace FVP_BASE_R_ARM_EULA_ACCEPT with ARM_FVP_EULA_ACCEPT
meta-raspberrypi: dff85b9a9f..e3f733cadd:
Khem Raj (1):
linux-raspberrypi_6.1.bb: Update to 6.1.38
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Iebdd94d49998e9297e49ee2463761f2f3acb45c1
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml
index b224674..4a786f6 100644
--- a/meta-arm/.gitlab-ci.yml
+++ b/meta-arm/.gitlab-ci.yml
@@ -1,4 +1,4 @@
-image: ghcr.io/siemens/kas/kas:3.2.3
+image: ghcr.io/siemens/kas/kas:3.3
variables:
CPU_REQUEST: ""
@@ -58,8 +58,8 @@
# Catch all for everything else
- if: '$KERNEL != "linux-yocto-dev"'
script:
- - KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME")
- - kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES
+ - KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME"):lockfile.yml
+ - kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES
- kas build $KASFILES
- ./ci/check-warnings $KAS_WORK_DIR/build/warnings.log
artifacts:
@@ -77,7 +77,19 @@
extends: .setup
stage: prep
script:
- - flock --verbose --timeout 60 $KAS_REPO_REF_DIR ./ci/update-repos
+ - |
+ flock --verbose --timeout 60 $KAS_REPO_REF_DIR ./ci/update-repos
+ # Only generate if doesn't already exist, to allow feature branches to drop one in.
+ if test -f lockfile.yml; then
+ echo Using existing lockfile.yml
+ else
+ # Be sure that this is the complete list of layers being fetched
+ kas dump --lock --update ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/clang.yml:ci/meta-virtualization.yml | tee lockfile.yml
+ fi
+ artifacts:
+ name: "lockfile"
+ paths:
+ - lockfile.yml
#
# Build stage, the actual build jobs
@@ -233,14 +245,14 @@
selftest:
extends: .setup
script:
- - KASFILES=./ci/qemuarm64.yml:./ci/selftest.yml
+ - KASFILES=./ci/qemuarm64.yml:./ci/selftest.yml:lockfile.yml
- kas shell --update --force-checkout $KASFILES -c 'oe-selftest --num-processes 1 --run-tests runfvp'
# Validate layers are Yocto Project Compatible
check-layers:
extends: .setup
script:
- - kas shell --update --force-checkout ci/base.yml:ci/meta-openembedded.yml --command \
+ - kas shell --update --force-checkout ci/base.yml:ci/meta-openembedded.yml:lockfile.yml --command \
"yocto-check-layer-wrapper $CI_PROJECT_DIR/$LAYER --dependency $CI_PROJECT_DIR/meta-* $KAS_WORK_DIR/meta-openembedded/meta-oe --no-auto-dependency"
parallel:
matrix:
@@ -254,7 +266,7 @@
script:
- rm -fr update-report
# This configuration has all of the layers we need enabled
- - kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml --command \
+ - kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml:lockfile.yml --command \
"$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)"
# Do this on x86 whilst the compilers are x86-only
tags:
diff --git a/meta-arm/ci/base.yml b/meta-arm/ci/base.yml
index 92fa707..4296d27 100644
--- a/meta-arm/ci/base.yml
+++ b/meta-arm/ci/base.yml
@@ -1,11 +1,11 @@
header:
- version: 11
+ version: 14
distro: poky
defaults:
repos:
- refspec: mickledore
+ branch: master
repos:
meta-arm:
diff --git a/meta-arm/ci/clang.yml b/meta-arm/ci/clang.yml
index eeee785..b9425fa 100644
--- a/meta-arm/ci/clang.yml
+++ b/meta-arm/ci/clang.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
repos:
meta-clang:
@@ -8,6 +8,12 @@
local_conf_header:
toolchain: |
TOOLCHAIN = "clang"
+ PREFERRED_PROVIDER_llvm = "clang"
+ PREFERRED_PROVIDER_llvm-native = "clang-native"
+ PREFERRED_PROVIDER_nativesdk-llvm = "nativesdk-clang"
+ PROVIDES:pn-clang = "llvm"
+ PROVIDES:pn-clang-native = "llvm-native"
+ PROVIDES:pn-nativesdk-clang = "nativesdk-llvm"
# This is needed to stop bitbake getting confused about what clang/llvm is
# being used, see https://github.com/kraj/meta-clang/pull/766
BBMASK += "/meta/recipes-devtools/llvm/llvm.*\.bb"
diff --git a/meta-arm/ci/corstone1000-common.yml b/meta-arm/ci/corstone1000-common.yml
index d856cfe..a4c9ca3 100644
--- a/meta-arm/ci/corstone1000-common.yml
+++ b/meta-arm/ci/corstone1000-common.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
- ci/meta-openembedded.yml
diff --git a/meta-arm/ci/corstone1000-fvp.yml b/meta-arm/ci/corstone1000-fvp.yml
index 7d21b98..25f8edf 100644
--- a/meta-arm/ci/corstone1000-fvp.yml
+++ b/meta-arm/ci/corstone1000-fvp.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/corstone1000-common.yml
- ci/fvp.yml
diff --git a/meta-arm/ci/corstone1000-mps3.yml b/meta-arm/ci/corstone1000-mps3.yml
index 2df7d97..7a1fc9e 100644
--- a/meta-arm/ci/corstone1000-mps3.yml
+++ b/meta-arm/ci/corstone1000-mps3.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/corstone1000-common.yml
diff --git a/meta-arm/ci/corstone500.yml b/meta-arm/ci/corstone500.yml
index 0f9592e..2172bc1 100644
--- a/meta-arm/ci/corstone500.yml
+++ b/meta-arm/ci/corstone500.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
- ci/fvp.yml
diff --git a/meta-arm/ci/debug.yml b/meta-arm/ci/debug.yml
index 757f6d1..6ca1a07 100644
--- a/meta-arm/ci/debug.yml
+++ b/meta-arm/ci/debug.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
# Add universally helpful features when testing boards
local_conf_header:
diff --git a/meta-arm/ci/download-lockfile.py b/meta-arm/ci/download-lockfile.py
new file mode 100755
index 0000000..3d4d50c
--- /dev/null
+++ b/meta-arm/ci/download-lockfile.py
@@ -0,0 +1,31 @@
+#! /usr/bin/env python3
+
+"""
+Download the lockfile.yml produced by a CI pipeline, specified by the GitLab
+server, full name of the meta-arm project, and the refspec that was executed.
+
+For example,
+$ ./download-lockfile.py https://gitlab.com/ rossburton/meta-arm master
+
+SPDX-FileCopyrightText: Copyright 2023 Arm Limited and Contributors
+SPDX-License-Identifier: GPL-2.0-only
+"""
+
+import argparse
+import gitlab
+import io
+import zipfile
+
+parser = argparse.ArgumentParser()
+parser.add_argument("server", help="GitLab server name")
+parser.add_argument("project", help="meta-arm project name")
+parser.add_argument("refspec", help="Branch/commit")
+args = parser.parse_args()
+
+gl = gitlab.Gitlab(args.server)
+project = gl.projects.get(args.project)
+artefact = project.artifacts.download(ref_name=args.refspec, job="update-repos")
+
+z = zipfile.ZipFile(io.BytesIO(artefact))
+z.extract("lockfile.yml")
+print("Fetched lockfile.yml")
diff --git a/meta-arm/ci/edk2.yml b/meta-arm/ci/edk2.yml
index 1261bf1..3a5c4ce 100644
--- a/meta-arm/ci/edk2.yml
+++ b/meta-arm/ci/edk2.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
local_conf_header:
bootfirmware: |
diff --git a/meta-arm/ci/external-gccarm.yml b/meta-arm/ci/external-gccarm.yml
index 2af8b5e..fe8fa6c 100644
--- a/meta-arm/ci/external-gccarm.yml
+++ b/meta-arm/ci/external-gccarm.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
local_conf_header:
cc: |
diff --git a/meta-arm/ci/fvp-base.yml b/meta-arm/ci/fvp-base.yml
index fbba698..7441ea4 100644
--- a/meta-arm/ci/fvp-base.yml
+++ b/meta-arm/ci/fvp-base.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
- ci/fvp.yml
diff --git a/meta-arm/ci/fvp-baser-aemv8r64.yml b/meta-arm/ci/fvp-baser-aemv8r64.yml
index cfaf9ef..fd90625 100644
--- a/meta-arm/ci/fvp-baser-aemv8r64.yml
+++ b/meta-arm/ci/fvp-baser-aemv8r64.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
- ci/fvp.yml
diff --git a/meta-arm/ci/fvp.yml b/meta-arm/ci/fvp.yml
index 3803d8c..81a5caa 100644
--- a/meta-arm/ci/fvp.yml
+++ b/meta-arm/ci/fvp.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
local_conf_header:
testimagefvp: |
diff --git a/meta-arm/ci/fvps.yml b/meta-arm/ci/fvps.yml
index 44c153a..cf4103e 100644
--- a/meta-arm/ci/fvps.yml
+++ b/meta-arm/ci/fvps.yml
@@ -1,7 +1,7 @@
# Simple target to build the FVPs that are publically available
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
diff --git a/meta-arm/ci/gcc.yml b/meta-arm/ci/gcc.yml
index a394368..260199a 100644
--- a/meta-arm/ci/gcc.yml
+++ b/meta-arm/ci/gcc.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
#NOTE: This is the default for poky. This is only being added for completeness/clarity
local_conf_header:
diff --git a/meta-arm/ci/generic-arm64.yml b/meta-arm/ci/generic-arm64.yml
index 873c9fd..5d944ef 100644
--- a/meta-arm/ci/generic-arm64.yml
+++ b/meta-arm/ci/generic-arm64.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
diff --git a/meta-arm/ci/glibc.yml b/meta-arm/ci/glibc.yml
index adc85a7..3c9f9eb 100644
--- a/meta-arm/ci/glibc.yml
+++ b/meta-arm/ci/glibc.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
#NOTE: This is the default for poky. This is only being added for completeness/clarity
local_conf_header:
diff --git a/meta-arm/ci/juno.yml b/meta-arm/ci/juno.yml
index b2ee60a..552e325 100644
--- a/meta-arm/ci/juno.yml
+++ b/meta-arm/ci/juno.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
diff --git a/meta-arm/ci/linux-yocto-dev.yml b/meta-arm/ci/linux-yocto-dev.yml
index a6fadce..5ee7afb 100644
--- a/meta-arm/ci/linux-yocto-dev.yml
+++ b/meta-arm/ci/linux-yocto-dev.yml
@@ -1,5 +1,5 @@
header:
- version: 9
+ version: 14
local_conf_header:
kernel: |
diff --git a/meta-arm/ci/linux-yocto-rt.yml b/meta-arm/ci/linux-yocto-rt.yml
index 69d768c..65a276c 100644
--- a/meta-arm/ci/linux-yocto-rt.yml
+++ b/meta-arm/ci/linux-yocto-rt.yml
@@ -1,5 +1,5 @@
header:
- version: 9
+ version: 14
local_conf_header:
kernel: |
diff --git a/meta-arm/ci/linux-yocto.yml b/meta-arm/ci/linux-yocto.yml
index 359fea5..e9ccdcb 100644
--- a/meta-arm/ci/linux-yocto.yml
+++ b/meta-arm/ci/linux-yocto.yml
@@ -1,5 +1,5 @@
header:
- version: 9
+ version: 14
#NOTE: This is the default for poky. This is only being added for completeness/clarity
local_conf_header:
diff --git a/meta-arm/ci/meta-openembedded.yml b/meta-arm/ci/meta-openembedded.yml
index bed338d..e1e16c8 100644
--- a/meta-arm/ci/meta-openembedded.yml
+++ b/meta-arm/ci/meta-openembedded.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
repos:
meta-openembedded:
diff --git a/meta-arm/ci/meta-virtualization.yml b/meta-arm/ci/meta-virtualization.yml
index 8791fc3..88f8cdc 100644
--- a/meta-arm/ci/meta-virtualization.yml
+++ b/meta-arm/ci/meta-virtualization.yml
@@ -1,9 +1,8 @@
header:
- version: 11
+ version: 14
includes:
- ci/meta-openembedded.yml
repos:
meta-virtualization:
url: git://git.yoctoproject.org/meta-virtualization
- refspec: master
diff --git a/meta-arm/ci/musca-b1.yml b/meta-arm/ci/musca-b1.yml
index b38dd1e..db2adc9 100644
--- a/meta-arm/ci/musca-b1.yml
+++ b/meta-arm/ci/musca-b1.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
- ci/meta-openembedded.yml
diff --git a/meta-arm/ci/musca-s1.yml b/meta-arm/ci/musca-s1.yml
index 29f289a..974badf 100644
--- a/meta-arm/ci/musca-s1.yml
+++ b/meta-arm/ci/musca-s1.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
- ci/meta-openembedded.yml
diff --git a/meta-arm/ci/musl.yml b/meta-arm/ci/musl.yml
index ee7905e..641c470 100644
--- a/meta-arm/ci/musl.yml
+++ b/meta-arm/ci/musl.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
local_conf_header:
libc: |
diff --git a/meta-arm/ci/n1sdp-ts.yml b/meta-arm/ci/n1sdp-ts.yml
index e8e9298..641d376 100644
--- a/meta-arm/ci/n1sdp-ts.yml
+++ b/meta-arm/ci/n1sdp-ts.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/meta-openembedded.yml
diff --git a/meta-arm/ci/n1sdp.yml b/meta-arm/ci/n1sdp.yml
index f688307..c1b654d 100644
--- a/meta-arm/ci/n1sdp.yml
+++ b/meta-arm/ci/n1sdp.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
diff --git a/meta-arm/ci/poky-tiny.yml b/meta-arm/ci/poky-tiny.yml
index cf252a0..d869c55 100644
--- a/meta-arm/ci/poky-tiny.yml
+++ b/meta-arm/ci/poky-tiny.yml
@@ -1,5 +1,5 @@
header:
- version: 9
+ version: 14
distro: poky-tiny
diff --git a/meta-arm/ci/poky.yml b/meta-arm/ci/poky.yml
index d4bcfeb..d6887a9 100644
--- a/meta-arm/ci/poky.yml
+++ b/meta-arm/ci/poky.yml
@@ -1,4 +1,4 @@
header:
- version: 9
+ version: 14
distro: poky
diff --git a/meta-arm/ci/qemu-generic-arm64.yml b/meta-arm/ci/qemu-generic-arm64.yml
index 32c4b98..43ae256 100644
--- a/meta-arm/ci/qemu-generic-arm64.yml
+++ b/meta-arm/ci/qemu-generic-arm64.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/generic-arm64.yml
diff --git a/meta-arm/ci/qemuarm-secureboot.yml b/meta-arm/ci/qemuarm-secureboot.yml
index 044661c..97e9903 100644
--- a/meta-arm/ci/qemuarm-secureboot.yml
+++ b/meta-arm/ci/qemuarm-secureboot.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
diff --git a/meta-arm/ci/qemuarm.yml b/meta-arm/ci/qemuarm.yml
index 4155847..18fef52 100644
--- a/meta-arm/ci/qemuarm.yml
+++ b/meta-arm/ci/qemuarm.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
diff --git a/meta-arm/ci/qemuarm64-secureboot-ts.yml b/meta-arm/ci/qemuarm64-secureboot-ts.yml
index 5f28dd3..e18ce1a 100644
--- a/meta-arm/ci/qemuarm64-secureboot-ts.yml
+++ b/meta-arm/ci/qemuarm64-secureboot-ts.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/meta-openembedded.yml
diff --git a/meta-arm/ci/qemuarm64-secureboot.yml b/meta-arm/ci/qemuarm64-secureboot.yml
index f617dfc..c4943cb 100644
--- a/meta-arm/ci/qemuarm64-secureboot.yml
+++ b/meta-arm/ci/qemuarm64-secureboot.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
diff --git a/meta-arm/ci/qemuarm64.yml b/meta-arm/ci/qemuarm64.yml
index 6639034..cd03e94 100644
--- a/meta-arm/ci/qemuarm64.yml
+++ b/meta-arm/ci/qemuarm64.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
diff --git a/meta-arm/ci/qemuarmv5.yml b/meta-arm/ci/qemuarmv5.yml
index 18c7a15..c2ff6c8 100644
--- a/meta-arm/ci/qemuarmv5.yml
+++ b/meta-arm/ci/qemuarmv5.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
diff --git a/meta-arm/ci/selftest.yml b/meta-arm/ci/selftest.yml
index 9a58735..e519851 100644
--- a/meta-arm/ci/selftest.yml
+++ b/meta-arm/ci/selftest.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
local_conf_header:
setup: |
diff --git a/meta-arm/ci/sgi575.yml b/meta-arm/ci/sgi575.yml
index 1895fc5..faab716 100644
--- a/meta-arm/ci/sgi575.yml
+++ b/meta-arm/ci/sgi575.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
diff --git a/meta-arm/ci/tc1.yml b/meta-arm/ci/tc1.yml
index f2de9a4..66c5ab9 100644
--- a/meta-arm/ci/tc1.yml
+++ b/meta-arm/ci/tc1.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
- ci/fvp.yml
diff --git a/meta-arm/ci/testimage.yml b/meta-arm/ci/testimage.yml
index 5d402f0..f496ec1 100644
--- a/meta-arm/ci/testimage.yml
+++ b/meta-arm/ci/testimage.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/debug.yml
diff --git a/meta-arm/ci/tftf.yml b/meta-arm/ci/tftf.yml
index 6e42d9c..260ceab 100644
--- a/meta-arm/ci/tftf.yml
+++ b/meta-arm/ci/tftf.yml
@@ -1,5 +1,5 @@
header:
- version: 9
+ version: 14
local_conf_header:
tftf: |
diff --git a/meta-arm/ci/toolchains.yml b/meta-arm/ci/toolchains.yml
index 080d8d9..72ce558 100644
--- a/meta-arm/ci/toolchains.yml
+++ b/meta-arm/ci/toolchains.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/base.yml
diff --git a/meta-arm/ci/u-boot.yml b/meta-arm/ci/u-boot.yml
index 76bdd23..c693b8b 100644
--- a/meta-arm/ci/u-boot.yml
+++ b/meta-arm/ci/u-boot.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
local_conf_header:
bootfirmware: |
diff --git a/meta-arm/ci/xen.yml b/meta-arm/ci/xen.yml
index d8b75d4..f4a8f9a 100644
--- a/meta-arm/ci/xen.yml
+++ b/meta-arm/ci/xen.yml
@@ -1,5 +1,5 @@
header:
- version: 11
+ version: 14
includes:
- ci/meta-virtualization.yml
diff --git a/meta-arm/documentation/oeqa-fvp.md b/meta-arm/documentation/oeqa-fvp.md
index e146885..b39e096 100644
--- a/meta-arm/documentation/oeqa-fvp.md
+++ b/meta-arm/documentation/oeqa-fvp.md
@@ -4,32 +4,36 @@
Tests can be configured to run automatically post-build by setting the variable `TESTIMAGE_AUTO="1"`, e.g. in your Kas file or local.conf.
-There are two main methods of testing, using different test "targets". Both test targets generate an additional log file with the prefix 'fvp_log' in the image recipe's `${WORKDIR}/testimage` containing the FVP's stdout.
-
-## OEFVPTarget
-
-This runs test cases on a machine using SSH. It therefore requires that an SSH server is installed in the image.
-
-In test cases, the primary interface with the target is, e.g:
-```
-(status, output) = self.target.run('uname -a')
-```
-which runs a single command on the target (using `ssh -c`) and returns the status code and the output. It is therefore useful for running tests in a Linux environment.
-
-For examples of test cases, see meta/lib/oeqa/runtime/cases in OE-Core. The majority of test cases depend on `ssh.SSHTest.test_ssh`, which first validates that the SSH connection is functioning.
-
-Example machine configuration:
+meta-arm provides the OEFVPTarget which must be set up in the machine configuration:
```
TEST_TARGET = "OEFVPTarget"
TEST_SERVER_IP = "127.0.0.1"
TEST_TARGET_IP = "127.0.0.1:8022"
IMAGE_FEATURES:append = " ssh-server-dropbear"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] ?= "8022=22"
+FVP_CONSOLES[default] = "terminal_0"
+FVP_CONSOLES[tf-a] = "s_terminal_0"
```
-## OEFVPSerialTarget
+The test target also generates a log file with the prefix 'fvp_log' in the image recipe's `${WORKDIR}/testimage` containing the FVP's stdout.
-This runs tests against one or more serial consoles on the FVP. It is more flexible than OEFVPTarget, but test cases written for this test target do not support the test cases in OE-core. As it does not require an SSH server, it is suitable for machines with performance or memory limitations.
+OEFVPTarget supports two different test interfaces - SSH and pexpect.
+
+## SSH
+
+As in OEQA in OE-core, tests cases can run commands on the machine using SSH. It therefore requires that an SSH server is installed in the image.
+
+This uses the `run` method on the target, e.g:
+```
+(status, output) = self.target.run('uname -a')
+```
+which executes a single command on the target (using `ssh -c`) and returns the status code and the output. It is therefore useful for running tests in a Linux environment.
+
+For examples of test cases, see meta/lib/oeqa/runtime/cases in OE-Core. The majority of test cases depend on `ssh.SSHTest.test_ssh`, which first validates that the SSH connection is functioning.
+
+## pexpect
+
+To support firmware and baremetal testing, OEFVPTarget also allows test cases to make assertions against one or more consoles using the pexpect library.
Internally, this test target launches a [Pexpect][PEXPECT] instance for each entry in FVP_CONSOLES which can be used with the provided alias. The whole Pexpect API is exposed on the target, where the alias is always passed as the first argument, e.g.:
```
@@ -39,16 +43,6 @@
For an example of a full test case, see meta-arm/lib/oeqa/runtime/cases/linuxboot.py This test case can be used to minimally verify that a machine boots to a Linux shell. The default timeout is 10 minutes, but this can be configured with the variable TEST_FVP_LINUX_BOOT_TIMEOUT, which expects a value in seconds.
-The SSH interface described above is also available on OEFVPSerialTarget to support writing a set of hybrid test suites that use a combination of serial and SSH access. Note however that this test target does not guarantee that Linux has booted to shell prior to running any tests, so the test cases in OE-core are not supported.
-
-Example machine configuration:
-```
-TEST_TARGET="OEFVPSerialTarget"
-TEST_SUITES="linuxboot"
-FVP_CONSOLES[default] = "terminal_0"
-FVP_CONSOLES[tf-a] = "s_terminal_0"
-```
-
[OEQA]: https://docs.yoctoproject.org/test-manual/intro.html
[FVP]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms
[RUNFVP]: runfvp.md
diff --git a/meta-arm/kas/corstone1000-base.yml b/meta-arm/kas/corstone1000-base.yml
index 9cfe1a2..85706dc 100644
--- a/meta-arm/kas/corstone1000-base.yml
+++ b/meta-arm/kas/corstone1000-base.yml
@@ -16,6 +16,7 @@
poky:
url: https://git.yoctoproject.org/git/poky
+ refspec: 31dd418207f6c95ef0aad589cd03cd2a4c9a8bf2
layers:
meta:
meta-poky:
@@ -23,6 +24,7 @@
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
+ refspec: 5a01ab461c9bcabcbb2298236602373948f8f073
layers:
meta-oe:
meta-python:
diff --git a/meta-arm/kas/corstone1000-fvp.yml b/meta-arm/kas/corstone1000-fvp.yml
index d0d10a7..7d23a53 100644
--- a/meta-arm/kas/corstone1000-fvp.yml
+++ b/meta-arm/kas/corstone1000-fvp.yml
@@ -2,6 +2,7 @@
version: 11
includes:
- kas/corstone1000-base.yml
+ - kas/fvp-eula.yml
machine: corstone1000-fvp
@@ -10,7 +11,6 @@
# Remove Dropbear SSH as it will not fit into the corstone1000 image.
IMAGE_FEATURES:remove = " ssh-server-dropbear"
INHERIT = " ${@bb.utils.contains('BUILD_ARCH', 'x86_64', 'fvpboot', '', d)}"
- LICENSE_FLAGS_ACCEPTED:append = " Arm-FVP-EULA"
target:
- corstone1000-image
diff --git a/meta-arm/kas/corstone500.yml b/meta-arm/kas/corstone500.yml
index f1587b4..d40b59d 100644
--- a/meta-arm/kas/corstone500.yml
+++ b/meta-arm/kas/corstone500.yml
@@ -1,5 +1,7 @@
header:
version: 11
+ includes:
+ - kas/fvp-eula.yml
distro: poky-tiny
@@ -38,7 +40,6 @@
PACKAGECONFIG:append:pn-perf = " coresight"
fvp-config: |
IMAGE_CLASSES:append = " ${@bb.utils.contains('BUILD_ARCH', 'x86_64', 'fvpboot', '', d)}"
- LICENSE_FLAGS_ACCEPTED:append = " Arm-FVP-EULA"
machine: corstone500
diff --git a/meta-arm/kas/fvp-baser-aemv8r64-bsp.yml b/meta-arm/kas/fvp-baser-aemv8r64-bsp.yml
index dd175d0..9f16a3f 100644
--- a/meta-arm/kas/fvp-baser-aemv8r64-bsp.yml
+++ b/meta-arm/kas/fvp-baser-aemv8r64-bsp.yml
@@ -1,5 +1,7 @@
header:
version: 9
+ includes:
+ - kas/fvp-eula.yml
distro: poky
machine: fvp-baser-aemv8r64
@@ -24,9 +26,6 @@
meta:
meta-poky:
-env:
- FVP_BASE_R_ARM_EULA_ACCEPT: "False"
-
local_conf_header:
base: |
CONF_VERSION = "2"
@@ -34,7 +33,6 @@
PACKAGECONFIG:remove:pn-qemu-system-native = "gtk+ sdl"
EXTRA_IMAGE_FEATURES:append = " debug-tweaks ssh-server-openssh"
CORE_IMAGE_EXTRA_INSTALL:append = " ssh-pregen-hostkeys"
- LICENSE_FLAGS_ACCEPTED:append = " ${@oe.utils.vartrue('FVP_BASE_R_ARM_EULA_ACCEPT', 'Arm-FVP-EULA', '', d)}"
IMAGE_CLASSES:append = " testimage"
target:
diff --git a/meta-arm/kas/fvp-eula.yml b/meta-arm/kas/fvp-eula.yml
new file mode 100644
index 0000000..ab1fae0
--- /dev/null
+++ b/meta-arm/kas/fvp-eula.yml
@@ -0,0 +1,5 @@
+header:
+ version: 13
+
+env:
+ ARM_FVP_EULA_ACCEPT:
diff --git a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
index 6623651..9636ffe 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
@@ -8,8 +8,8 @@
TFM_PLATFORM_IS_FVP = "TRUE"
# testimage config
-TEST_TARGET = "OEFVPSerialTarget"
-TEST_SUITES = "linuxboot"
+TEST_TARGET = "OEFVPTarget"
+TEST_SUITES = "fvp_boot"
# FVP Config
FVP_PROVIDER ?= "fvp-corstone1000-native"
@@ -32,7 +32,7 @@
FVP_CONFIG[se.cryptocell.USER_OTP_FILTERING_DISABLE] ?= "1"
# Boot image
-FVP_DATA ?= "board.flash0=${IMAGE_NAME}.rootfs.wic@0x68000000"
+FVP_DATA ?= "board.flash0=${IMAGE_NAME}.wic@0x68000000"
# External system (cortex-M3)
FVP_CONFIG[extsys_harness0.extsys_flashloader.fname] ?= "es_flashfw.bin"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/corstone500.conf b/meta-arm/meta-arm-bsp/conf/machine/corstone500.conf
index 4794028..6d2294c 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/corstone500.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/corstone500.conf
@@ -32,16 +32,18 @@
WKS_FILE ?= "core-image-minimal.corstone500.wks"
-TEST_TARGET = "OEFVPSerialTarget"
-TEST_SUITES = "linuxboot"
+TEST_TARGET = "OEFVPTarget"
+TEST_SUITES = "fvp_boot"
FVP_PROVIDER ?= "fvp-corstone500-native"
FVP_EXE ?= "FVP_Corstone-500"
FVP_CONFIG[board.flashloader0.fname] ?= "bl1.bin"
-FVP_DATA ?= "css.cluster.cpu0=${IMAGE_NAME}.rootfs.wic.nopt@0x80000000"
+FVP_DATA ?= "css.cluster.cpu0=${IMAGE_NAME}.wic.nopt@0x80000000"
FVP_CONSOLE ?= "terminal_0"
FVP_TERMINALS[css.terminal_0] ?= "console"
FVP_TERMINALS[css.terminal_1] ?= ""
# Disable openssl in kmod to shink the initramfs size
PACKAGECONFIG:remove:pn-kmod = "openssl"
+
+IMAGE_NAME_SUFFIX = ""
diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
index 39d6e68..3a923ba 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
@@ -15,3 +15,4 @@
KERNEL_IMAGETYPE = "Image"
FVP_CONFIG[bp.virtio_rng.enabled] ?= "1"
+IMAGE_NAME_SUFFIX = ""
diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf
index 62c9cbd..25ba3c8 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf
@@ -24,15 +24,18 @@
EFI_PROVIDER ?= "grub-efi"
MACHINE_FEATURES:append = " efi"
+IMAGE_NAME_SUFFIX = ""
+
# As this is a virtual target that will not be used in the real world there is
# no need for real SSH keys.
MACHINE_EXTRA_RRECOMMENDS += "ssh-pregen-hostkeys"
# testimage configuration
-TEST_TARGET = "OEFVPSerialTarget"
-TEST_SUITES = "linuxboot"
+TEST_TARGET = "OEFVPTarget"
+TEST_SUITES:append = " fvp_boot fvp_devices"
TEST_TARGET_IP ?= "127.0.0.1:8022"
TEST_SERVER_IP ?= "127.0.1.1"
+TEST_FVP_DEVICES ?= "rtc watchdog networking virtiorng cpu_hotplug"
FVP_EXTRA_ARGS = "-a cluster0*=linux-system.axf"
FVP_PROVIDER ?= "fvp-base-r-aem-native"
@@ -50,7 +53,7 @@
FVP_CONFIG[bp.virtio_net.secure_accesses] = "1"
FVP_CONFIG[bp.virtio_rng.enabled] ?= "1"
FVP_CONFIG[bp.virtio_rng.secure_accesses] = "1"
-FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.rootfs.wic"
+FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic"
FVP_CONFIG[bp.virtioblockdevice.secure_accesses] = "1"
FVP_CONFIG[cache_state_modelled] ?= "0"
FVP_CONFIG[cci400.force_on_from_start] = "1"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
index 198c7ec..8a2e2a0 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
@@ -57,6 +57,7 @@
#telling the build system which image is responsible of the generation of the initramfs rootfs
INITRAMFS_IMAGE = "corstone1000-initramfs-image"
+IMAGE_NAME_SUFFIX = ""
# add FF-A support in the kernel
MACHINE_FEATURES += "arm-ffa"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc b/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc
index 47b7ffc..36bf955 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc
+++ b/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc
@@ -24,6 +24,8 @@
TEST_TARGET = "OEFVPTarget"
TEST_TARGET_IP = "127.0.0.1:8022"
+TEST_SUITES:append = " fvp_boot fvp_devices"
+TEST_FVP_DEVICES ?= "rtc watchdog networking virtiorng cpu_hotplug"
FVP_PROVIDER ?= "fvp-base-a-aem-native"
FVP_EXE ?= "FVP_Base_RevC-2xAEMvA"
@@ -35,7 +37,7 @@
FVP_CONFIG[cache_state_modelled] ?= "0"
FVP_CONFIG[bp.secureflashloader.fname] ?= "bl1-fvp.bin"
FVP_CONFIG[bp.flashloader0.fname] ?= "fip-fvp.bin"
-FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.rootfs.wic"
+FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic"
# Set the baseline to ARMv8.4, as the default is 8.0.
FVP_CONFIG[cluster0.has_arm_v8-4] = "1"
FVP_CONFIG[cluster1.has_arm_v8-4] = "1"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc b/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc
index 14ec720..f6674ba 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc
+++ b/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc
@@ -25,6 +25,7 @@
IMAGE_FSTYPES += "cpio.gz"
INITRAMFS_IMAGE ?= "core-image-minimal"
+IMAGE_NAME_SUFFIX = ""
SERIAL_CONSOLES = "115200;ttyAMA0"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/juno.conf b/meta-arm/meta-arm-bsp/conf/machine/juno.conf
index 43d6b3e..6c666ef 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/juno.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/juno.conf
@@ -27,3 +27,4 @@
INITRAMFS_IMAGE_BUNDLE ?= "1"
INITRAMFS_IMAGE = "core-image-minimal"
+IMAGE_NAME_SUFFIX = ""
diff --git a/meta-arm/meta-arm-bsp/conf/machine/tc1.conf b/meta-arm/meta-arm-bsp/conf/machine/tc1.conf
index 5f68cc7..31bcc2f 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/tc1.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/tc1.conf
@@ -6,8 +6,8 @@
require conf/machine/include/tc.inc
-TEST_TARGET = "OEFVPSerialTarget"
-TEST_SUITES = "linuxboot"
+TEST_TARGET = "OEFVPTarget"
+TEST_SUITES = "fvp_boot"
# FVP Config
FVP_PROVIDER ?= "fvp-tc1-native"
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
index 64e82aa..32d6529 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
@@ -1,5 +1,5 @@
..
- # Copyright (c) 2022, Arm Limited.
+ # Copyright (c) 2022-2023, Arm Limited.
#
# SPDX-License-Identifier: MIT
@@ -10,6 +10,72 @@
This document contains a summary of the new features, changes and
fixes in each release of Corstone-1000 software stack.
+***************
+Version 2023.06
+***************
+
+Changes
+=======
+
+- GPT support (in TF-M, TF-A, U-boot)
+- Use TF-M BL1 code as the ROM code instead of MCUboot (the next stage bootloader BL2 remains to be MCUboot)
+- Secure Enclave uses CC312 OTP as the provisioning backend in FVP and FPGA
+- NVMXIP block storage support in U-Boot
+- Upgrading the SW stack recipes
+- Upgrades for the U-Boot FF-A driver and MM communication
+
+Corstone-1000 components versions
+=================================
+
++-------------------------------------------+--------------------------------------------+
+| arm-ffa-tee | 1.1.2-r0 |
++-------------------------------------------+--------------------------------------------+
+| arm-ffa-user | 5.0.1-r0 |
++-------------------------------------------+--------------------------------------------+
+| corstone1000-external-sys-tests | 1.0+gitAUTOINC+2945cd92f7-r0 |
++-------------------------------------------+--------------------------------------------+
+| external-system | 0.1.0+gitAUTOINC+8c9dca74b1-r0 |
++-------------------------------------------+--------------------------------------------+
+| linux-yocto | 6.1.25+gitAUTOINC+36901b5b29_581dc1aa2f-r0 |
++-------------------------------------------+--------------------------------------------+
+| u-boot | 2023.01-r0 |
++-------------------------------------------+--------------------------------------------+
+| optee-client | 3.18.0-r0 |
++-------------------------------------------+--------------------------------------------+
+| optee-os | 3.20.0-r0 |
++-------------------------------------------+--------------------------------------------+
+| trusted-firmware-a | 2.8.0-r0 |
++-------------------------------------------+--------------------------------------------+
+| trusted-firmware-m | 1.7.0-r0 |
++-------------------------------------------+--------------------------------------------+
+| ts-newlib | 4.1.0-r0 |
++-------------------------------------------+--------------------------------------------+
+| ts-psa-{crypto, iat, its. ps}-api-test | 38cb53a4d9 |
++-------------------------------------------+--------------------------------------------+
+| ts-sp-{se-proxy, smm-gateway} | 08b3d39471 |
++-------------------------------------------+--------------------------------------------+
+
+Yocto distribution components versions
+======================================
+
++-------------------------------------------+--------------------------------+
+| meta-arm | mickledore |
++-------------------------------------------+--------------------------------+
+| poky | mickledore |
++-------------------------------------------+--------------------------------+
+| meta-openembedded | mickledore |
++-------------------------------------------+--------------------------------+
+| busybox | 1.36.0-r0 |
++-------------------------------------------+--------------------------------+
+| musl | 1.2.3+gitAUTOINC+7d756e1c04-r0 |
++-------------------------------------------+--------------------------------+
+| gcc-arm-none-eabi-native | 11.2-2022.02 |
++-------------------------------------------+--------------------------------+
+| gcc-cross-aarch64 | 12.2.rel1-r0 |
++-------------------------------------------+--------------------------------+
+| openssl | 3.1.0-r0 |
++-------------------------------------------+--------------------------------+
+
******************
Version 2022.11.23
******************
@@ -25,7 +91,7 @@
- Upgrades for the U-Boot FF-A driver and MM communication
Corstone-1000 components versions
-=======================================
+=================================
+-------------------------------------------+------------+
| arm-ffa-tee | 1.1.1 |
@@ -56,7 +122,7 @@
+-------------------------------------------+------------+
Yocto distribution components versions
-=======================================
+======================================
+-------------------------------------------+---------------------+
| meta-arm | langdale |
@@ -161,4 +227,4 @@
--------------
-*Copyright (c) 2022, Arm Limited. All rights reserved.*
+*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png
index a41e721..4c6a2a8 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png
Binary files differ
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png
index 38407c0..399f875 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png
Binary files differ
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png
index bc5b4ba..88bb125 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png
Binary files differ
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png
index b7631b0..1e37d80 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png
Binary files differ
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png
index f585317..a501de5 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png
Binary files differ
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
index 89a4fa9..62e3f8f 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
@@ -1,5 +1,5 @@
..
- # Copyright (c) 2022, Arm Limited.
+ # Copyright (c) 2022-2023, Arm Limited.
#
# SPDX-License-Identifier: MIT
@@ -19,6 +19,28 @@
prove defective, you assume the entire cost of all necessary servicing, repair
or correction.
+***********************
+Release notes - 2023.06
+***********************
+
+Known Issues or Limitations
+---------------------------
+ - FPGA supports Linux distro install and boot through installer. However, FVP only supports openSUSE raw image installation and boot.
+ - Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
+ - PSA Crypto tests (psa-crypto-api-test command) take 30 minutes to complete for FVP and 1 hour for MPS3.
+ - Corstone-1000 SoC on FVP doesn't have a secure debug peripheral. It does on the MPS3 .
+ - The following limitations listed in the previous release are still applicable:
+
+ - UEFI Compliant - Boot from network protocols must be implemented -- FAILURE
+
+ - Known limitations regarding ACS tests - see previous release's notes.
+
+Platform Support
+-----------------
+ - This software release is tested on Corstone-1000 FPGA version AN550_v2
+ https://developer.arm.com/downloads/-/download-fpga-images
+ - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.19_21
+ https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
**************************
Release notes - 2022.11.23
@@ -174,4 +196,4 @@
--------------
-*Copyright (c) 2022, Arm Limited. All rights reserved.*
+*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst
index a17f1b8..bf3535b 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst
@@ -1,5 +1,5 @@
..
- # Copyright (c) 2022, Arm Limited.
+ # Copyright (c) 2022-2023, Arm Limited.
#
# SPDX-License-Identifier: MIT
@@ -9,16 +9,16 @@
*****************
-ARM corstone1000
+Arm Corstone-1000
*****************
-ARM corstone1000 is a reference solution for IoT devices. It is part of
+Arm Corstone-1000 is a reference solution for IoT devices. It is part of
Total Solution for IoT which consists of hardware and software reference
implementation.
-Corstone1000 software plus hardware reference solution is PSA Level-2 ready
+Corstone-1000 software plus hardware reference solution is PSA Level-2 ready
certified (`PSA L2 Ready`_) as well as System Ready IR certified(`SRIR cert`_).
-More information on the corstone1000 subsystem product and design can be
+More information on the Corstone-1000 subsystem product and design can be
found at:
`Arm corstone1000 Software`_ and `Arm corstone1000 Technical Overview`_.
@@ -31,12 +31,12 @@
Design Overview
***************
-The software architecture of corstone1000 platform is a reference
+The software architecture of Corstone-1000 platform is a reference
implementation of Platform Security Architecture (`PSA`_) which provides
framework to build secure IoT devices.
The base system architecture of the platform is created from three
-different tyes of systems: Secure Enclave, Host and External System.
+different types of systems: Secure Enclave, Host and External System.
Each subsystem provides different functionality to overall SoC.
@@ -50,9 +50,9 @@
CC312 Cryptographic Accelerator and peripherals, such as watchdog and
secure flash. Software running on the Secure Enclave is isolated via
hardware for enhanced security. Communication with the Secure Encalve
-is achieved using Message Hnadling Units (MHUs) and shared memory.
-On system power on, the Secure Enclaves boots first. Its software
-comprises of two boot loading stages, both based on mcuboot, and
+is achieved using Message Handling Units (MHUs) and shared memory.
+On system power on, the Secure Enclave boots first. Its software
+comprises of a ROM code (TF-M BL1), Mcuboot BL2, and
TrustedFirmware-M(`TF-M`_) as runtime software. The software design on
Secure Enclave follows Firmware Framework for M class
processor (`FF-M`_) specification.
@@ -66,7 +66,7 @@
The Host Subsystem is taken out of reset by the Secure Enclave system
during its final stages of the initialization. The Host subsystem runs
FF-A Secure Partitions(based on `Trusted Services`_) and OPTEE-OS
-(`OPTEE-OS`_) in the secure world, and u-boot(`u-boot repo`_) and
+(`OPTEE-OS`_) in the secure world, and U-Boot(`U-Boot repo`_) and
linux (`linux repo`_) in the non-secure world. The communication between
non-secure and the secure world is performed via FF-A messages.
@@ -75,7 +75,7 @@
Communictaion between external system and Host(cortex-A35) is performed
using MHU as transport mechanism and rpmsg messaging system.
-Overall, the corstone1000 architecture is designed to cover a range
+Overall, the Corstone-1000 architecture is designed to cover a range
of Power, Performance, and Area (PPA) applications, and enable extension
for use-case specific applications, for example, sensors, cloud
connectivitiy, and edge computing.
@@ -85,13 +85,13 @@
*****************
For the security of a device, it is essential that only authorized
-software should run on the device. The corstone1000 boot uses a
+software should run on the device. The Corstone-1000 boot uses a
Secure Boot Chain process where an already authenticated image verifies
and loads the following software in the chain. For the boot chain
process to work, the start of the chain should be trusted, forming the
Root of Trust (RoT) of the device. The RoT of the device is immutable in
nature and encoded into the device by the device owner before it
-is deployed into the field. In Corstone1000, the BL1 image of the secure
+is deployed into the field. In Corstone-1000, the BL1 image of the secure
enclave and content of the CC312 OTP (One Time Programmable) memory
forms the RoT. The BL1 image exists in ROM (Read Only Memory).
@@ -99,18 +99,20 @@
:width: 870
:alt: SecureBootChain
-It is a lengthy chain to boot the software on corstone1000. On power on,
+It is a lengthy chain to boot the software on Corstone-1000. On power on,
the secure enclave starts executing BL1 code from the ROM which is the RoT
of the device. Authentication of an image involves the steps listed below:
- Load image from flash to dynamic RAM.
-- The public key present in the image header is validated by comparing with the hash. Depending on the image, the hash of the public key is either stored in the OTP or part of the software which is being already verfied in the previous stages.
+- The public key present in the image header is validated by comparing with the hash.
+ Depending on the image, the hash of the public key is either stored in the OTP or part
+ of the software which is being already verified in the previous stages.
- The image is validated using the public key.
In the secure enclave, BL1 authenticates the BL2 and passes the execution
-control. BL2 authenticates the initial boot loader of the host (Host BL2)
+control. BL2 authenticates the initial boot loader of the host (Host TF-A BL2)
and TF-M. The execution control is now passed to TF-M. TF-M being the run
-time executable of secure enclaves initializes itself and, in the end,
+time executable of secure enclave which initializes itself and, at the end,
brings the host CPU out of rest. The host follows the boot standard defined
in the `TBBR`_ to authenticate the secure and non-secure software.
@@ -118,10 +120,10 @@
Secure Services
***************
-corstone1000 is unique in providing a secure environment to run a secure
-workload. The platform has Trustzone technology in the Host subsystem but
+Corstone-1000 is unique in providing a secure environment to run a secure
+workload. The platform has TrustZone technology in the Host subsystem but
it also has hardware isolated secure enclave environment to run such secure
-workloads. In corstone1000, known Secure Services such as Crypto, Protected
+workloads. In Corstone-1000, known Secure Services such as Crypto, Protected
Storage, Internal Trusted Storage and Attestation are available via PSA
Functional APIs in TF-M. There is no difference for a user communicating to
these services which are running on a secure enclave instead of the
@@ -137,7 +139,7 @@
The SE Proxy SP (Secure Enclave Proxy Secure Partition) is a proxy partition
managed by OPTEE which forwards such calls to the secure enclave. The
solution relies on OpenAMP which uses shared memory and MHU interrupts as
-a doorbell for communication between two cores. corstone1000 implements
+a doorbell for communication between two cores. Corstone-1000 implements
isolation level 2. Cortex-M0+ MPU (Memory Protection Unit) is used to implement
isolation level 2.
@@ -147,7 +149,7 @@
secure by real hardware isolation but have a higher latency path. In the
second scenario, the services running on the secure world of the host
subsystem have lower latency but virtual hardware isolation created by
-Trustzone technology.
+TrustZone technology.
**********************
@@ -156,14 +158,14 @@
Apart from always booting the authorized images, it is also essential that
the device only accepts the authorized images in the firmware update
-process. corstone1000 supports OTA (Over the Air) firmware updates and
+process. Corstone-1000 supports OTA (Over the Air) firmware updates and
follows Platform Security Firmware Update sepcification (`FWU`_).
As standardized into `FWU`_, the external flash is divided into two
banks of which one bank has currently running images and the other bank is
used for staging new images. There are four updatable units, i.e. Secure
Enclave's BL2 and TF-M, and Host's FIP (Firmware Image Package) and Kernel
-Image. The new images are accepted in the form of a UEFI capsule.
+Image (the initramfs bundle). The new images are accepted in the form of a UEFI capsule.
.. image:: images/ExternalFlash.png
@@ -194,13 +196,13 @@
******************************
-UEFI Runtime Support in u-boot
+UEFI Runtime Support in U-Boot
******************************
Implementation of UEFI boottime and runtime APIs require variable storage.
-In corstone1000, these UEFI variables are stored in the Protected Storage
+In Corstone-1000, these UEFI variables are stored in the Protected Storage
service. The below diagram presents the data flow to store UEFI variables.
-The u-boot implementation of the UEFI subsystem uses the FF-A driver to
+The U-Boot implementation of the UEFI subsystem uses the U-Boot FF-A driver to
communicate with the SMM Service in the secure world. The backend of the
SMM service uses the proxy PS from the SE Proxy SP. From there on, the PS
calls are forwarded to the secure enclave as explained above.
@@ -215,11 +217,12 @@
References
***************
`ARM corstone1000 Search`_
+
`Arm security features`_
--------------
-*Copyright (c) 2022, Arm Limited. All rights reserved.*
+*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
.. _Arm corstone1000 Technical Overview: https://developer.arm.com/documentation/102360/0000
.. _Arm corstone1000 Software: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software
@@ -236,4 +239,4 @@
.. _TBBR: https://developer.arm.com/documentation/den0006/latest
.. _TF-M: https://www.trustedfirmware.org/projects/tf-m/
.. _Trusted Services: https://www.trustedfirmware.org/projects/trusted-services/
-.. _u-boot repo: https://github.com/u-boot/u-boot.git
+.. _U-Boot repo: https://github.com/u-boot/u-boot.git
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
index e173f24..96dee07 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
@@ -1,5 +1,5 @@
..
- # Copyright (c) 2022, Arm Limited.
+ # Copyright (c) 2022-2023, Arm Limited.
#
# SPDX-License-Identifier: MIT
@@ -15,21 +15,35 @@
tool as its build tool. Please see `Yocto Project documentation <https://docs.yoctoproject.org/>`__
for more information.
-
Prerequisites
-------------
-These instructions assume your host PC is running Ubuntu Linux 18.04 or 20.04 LTS, with at least 32GB of free disk space and 16GB of RAM as minimum requirement. The following instructions expect that you are using a bash shell. All the paths stated in this document are absolute paths.
-The following prerequisites must be available on the host system. To resolve these dependencies, run:
+This guide assumes that your host PC is running Ubuntu 20.04 LTS, with at least
+32GB of free disk space and 16GB of RAM as minimum requirement.
-::
+The following prerequisites must be available on the host system:
- sudo apt-get update
- sudo apt-get install gawk wget git-core diffstat unzip texinfo gcc-multilib \
- build-essential chrpath socat cpio python3 python3-pip python3-pexpect \
- xz-utils debianutils iputils-ping python3-git libegl1-mesa libsdl1.2-dev \
- xterm zstd liblz4-tool picocom
- sudo apt-get upgrade libstdc++6
+- Git 1.8.3.1 or greater
+- tar 1.28 or greater
+- Python 3.8.0 or greater.
+- gcc 8.0 or greater.
+- GNU make 4.0 or greater
+
+Please follow the steps described in the Yocto mega manual:
+
+- `Compatible Linux Distribution <https://docs.yoctoproject.org/singleindex.html#compatible-linux-distribution>`__
+- `Build Host Packages <https://docs.yoctoproject.org/singleindex.html#build-host-packages>`__
+
+Targets
+-------
+
+- `Arm Corstone-1000 Ecosystem FVP (Fixed Virtual Platform) <https://developer.arm.com/downloads/-/arm-ecosystem-fvps>`__
+- `Arm Corstone-1000 for MPS3 <https://developer.arm.com/documentation/dai0550/latest/>`__
+
+Yocto stable branch
+-------------------
+
+Corstone-1000 software stack is built on top of Yocto mickledore.
Provided components
-------------------
@@ -44,6 +58,8 @@
- ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf``
- ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-mps3.conf``
+**NOTE:** All the paths stated in this document are absolute paths.
+
*****************
Software for Host
*****************
@@ -52,50 +68,52 @@
==================
Based on `Trusted Firmware-A <https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git>`__
-+----------+---------------------------------------------------------------------------------------------------+
-| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.bbappend |
-+----------+---------------------------------------------------------------------------------------------------+
-| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.bb |
-+----------+---------------------------------------------------------------------------------------------------+
++----------+-----------------------------------------------------------------------------------------------------+
+| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend |
++----------+-----------------------------------------------------------------------------------------------------+
+| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb |
++----------+-----------------------------------------------------------------------------------------------------+
OP-TEE
======
Based on `OP-TEE <https://git.trustedfirmware.org/OP-TEE/optee_os.git>`__
+----------+------------------------------------------------------------------------------------+
-| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend |
+| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bbappend |
+----------+------------------------------------------------------------------------------------+
-| Recipe | <_workspace>/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb |
+| Recipe | <_workspace>/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb |
+----------+------------------------------------------------------------------------------------+
U-Boot
-=======
-Based on `U-Boot <https://gitlab.com/u-boot>`__
+======
+Based on `U-Boot repo`_
-+----------+---------------------------------------------------------------------+
-| bbappend | <_workspace>/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend |
-+----------+---------------------------------------------------------------------+
-| Recipe | <_workspace>/poky/meta/recipes-bsp/u-boot/u-boot_2022.07.bb |
-+----------+---------------------------------------------------------------------+
++----------+-------------------------------------------------------------------------+
+| bbappend | <_workspace>/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend |
++----------+-------------------------------------------------------------------------+
+| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend |
++----------+-------------------------------------------------------------------------+
+| Recipe | <_workspace>/poky/meta/recipes-bsp/u-boot/u-boot_2023.01.bb |
++----------+-------------------------------------------------------------------------+
Linux
=====
The distro is based on the `poky-tiny <https://wiki.yoctoproject.org/wiki/Poky-Tiny>`__
distribution which is a Linux distribution stripped down to a minimal configuration.
-The provided distribution is based on busybox and built using muslibc. The
+The provided distribution is based on busybox and built using musl libc. The
recipe responsible for building a tiny version of Linux is listed below.
+-----------+----------------------------------------------------------------------------------------------+
| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend |
+-----------+----------------------------------------------------------------------------------------------+
-| Recipe | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb |
+| Recipe | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb |
+-----------+----------------------------------------------------------------------------------------------+
| defconfig | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig |
+-----------+----------------------------------------------------------------------------------------------+
External System Tests
-=======================
+=====================
Based on `Corstone-1000/applications <https://git.gitlab.arm.com/arm-reference-solutions/corstone1000/applications>`__
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
@@ -109,15 +127,15 @@
**************************************************
Based on `Trusted Firmware-M <https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git>`__
-+----------+-------------------------------------------------------------------------------------------------+
-| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend |
-+----------+-------------------------------------------------------------------------------------------------+
-| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb |
-+----------+-------------------------------------------------------------------------------------------------+
++----------+-----------------------------------------------------------------------------------------------------+
+| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.%.bbappend |
++----------+-----------------------------------------------------------------------------------------------------+
+| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb |
++----------+-----------------------------------------------------------------------------------------------------+
-**************************************************
+********************************
Software for the External System
-**************************************************
+********************************
RTX
====
@@ -150,7 +168,7 @@
::
- git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.11.23
+ git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2023.06
To build a Corstone-1000 image for MPS3 FPGA, run:
@@ -158,7 +176,15 @@
kas build meta-arm/kas/corstone1000-mps3.yml
-Alternatively, to build a Corstone-1000 image for FVP, run:
+Alternatively, to build a Corstone-1000 image for FVP, you need to accept
+the EULA at https://developer.arm.com/downloads/-/arm-ecosystem-fvps/eula
+by setting the ARM_FVP_EULA_ACCEPT environment variable as follows:
+
+::
+
+ export ARM_FVP_EULA_ACCEPT="True"
+
+then run:
::
@@ -173,46 +199,47 @@
- ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build.
Everything apart from the Secure Enclave ROM firmware and External System firmware, is bundled into a single binary, the
-``corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` file.
+``corstone1000-image-corstone1000-{mps3,fvp}.wic`` file.
The output binaries run in the Corstone-1000 platform are the following:
- The Secure Enclave ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/bl1.bin``
- The External System firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/es_flashfw.bin``
- - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt``
+ - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-image-corstone1000-{mps3,fvp}.wic``
Flash the firmware image on FPGA
--------------------------------
-The user should download the FPGA bit file image ``AN550: Arm® Corstone™-1000 for MPS3 Version 1``
+The user should download the FPGA bit file image ``AN550: Arm® Corstone™-1000 for MPS3 Version 2.0``
from `this link <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__
-and under the section ``Arm® Corstone™-1000 for MPS3``.
+and under the section ``Arm® Corstone™-1000 for MPS3``. The download is available after logging in.
The directory structure of the FPGA bundle is shown below.
::
- Boardfiles
- ├── MB
- │ ├── BRD_LOG.TXT
- │ ├── HBI0309B
- │ │ ├── AN550
- │ │ │ ├── AN550_v1.bit
- │ │ │ ├── an550_v1.txt
- │ │ │ └── images.txt
- │ │ ├── board.txt
- │ │ └── mbb_v210.ebf
- │ └── HBI0309C
- │ ├── AN550
- │ │ ├── AN550_v1.bit
- │ │ ├── an550_v1.txt
- │ │ └── images.txt
- │ ├── board.txt
- │ └── mbb_v210.ebf
- ├── SOFTWARE
- │ ├── ES0.bin
- │ ├── SE.bin
- │ └── an550_st.axf
- └── config.txt
+ Boardfiles
+ ├── config.txt
+ ├── MB
+ │ ├── BRD_LOG.TXT
+ │ ├── HBI0309B
+ │ │ ├── AN550
+ │ │ │ ├── AN550_v2.bit
+ │ │ │ ├── an550_v2.txt
+ │ │ │ └── images.txt
+ │ │ ├── board.txt
+ │ │ └── mbb_v210.ebf
+ │ └── HBI0309C
+ │ ├── AN550
+ │ │ ├── AN550_v2.bit
+ │ │ ├── an550_v2.txt
+ │ │ └── images.txt
+ │ ├── board.txt
+ │ └── mbb_v210.ebf
+ └── SOFTWARE
+ ├── an550_st.axf
+ ├── bl1.bin
+ ├── cs1000.bin
+ └── ES0.bin
Depending upon the MPS3 board version (printed on the MPS3 board) you should update the images.txt file
(in corresponding HBI0309x folder. Boardfiles/MB/HBI0309<board_revision>/AN550/images.txt) so that the file points to the images under SOFTWARE directory.
@@ -242,7 +269,7 @@
IMAGE0FILE: \SOFTWARE\bl1.bin
IMAGE1PORT: 0
- IMAGE1ADDRESS: 0x00_0010_0000
+ IMAGE1ADDRESS: 0x00_0000_0000
IMAGE1UPDATE: AUTOQSPI
IMAGE1FILE: \SOFTWARE\cs1000.bin
@@ -256,10 +283,9 @@
1. Copy ``bl1.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle.
2. Copy ``es_flashfw.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle
and rename the binary to ``es0.bin``.
-3. Copy ``corstone1000-image-corstone1000-mps3.wic.nopt`` from OUTPUT_DIR directory to SOFTWARE
- directory of the FPGA bundle and rename the wic.nopt image to ``cs1000.bin``.
+3. Copy ``corstone1000-image-corstone1000-mps3.wic`` from OUTPUT_DIR directory to SOFTWARE
+ directory of the FPGA bundle and rename the wic image to ``cs1000.bin``.
-
**NOTE:** Renaming of the images are required because MCC firmware has
limitation of 8 characters before .(dot) and 3 characters after .(dot).
@@ -274,7 +300,7 @@
- ttyUSB0 for MCC, OP-TEE and Secure Partition
- ttyUSB1 for Boot Processor (Cortex-M0+)
- ttyUSB2 for Host Processor (Cortex-A35)
- - ttyUSB3 for External System Processor (Cortex-M3)
+ - ttyUSB3 for External System Processor (Cortex-M3)
Run following commands to open serial port terminals on Linux:
@@ -285,12 +311,26 @@
sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal.
sudo picocom -b 115200 /dev/ttyUSB3 # in another terminal.
+**NOTE:** The MPS3 expects an ethernet cable to be plugged in, otherwise it will
+wait for the network for a considerable amount of time, printing the following
+logs:
+
+::
+
+ Generic PHY 40100000.ethernet-ffffffff:01: attached PHY driver (mii_bus:phy_addr=40100000.ethernet-ffffffff:01, irq=POLL)
+ smsc911x 40100000.ethernet eth0: SMSC911x/921x identified at 0xffffffc008e50000, IRQ: 17
+ Waiting up to 100 more seconds for network.
+
Once the system boot is completed, you should see console
logs on the serial port terminals. Once the HOST(Cortex-A35) is
booted completely, user can login to the shell using
**"root"** login.
-If system does not boot and only the ttyUSB1 logs are visible, please follow the steps in `Clean Secure Flash Before Testing (applicable to FPGA only)`_ under `SystemReady-IR tests`_ section. The previous image used in FPGA (MPS3) might have filled the Secure Flash completely. The best practice is to clean the secure flash in this case.
+If system does not boot and only the ttyUSB1 logs are visible, please follow the
+steps in `Clean Secure Flash Before Testing (applicable to FPGA only)`_ under
+`SystemReady-IR tests`_ section. The previous image used in FPGA (MPS3) might
+have filled the Secure Flash completely. The best practice is to clean the
+secure flash in this case.
Running the software on FVP
@@ -321,7 +361,7 @@
When the script is executed, three terminal instances will be launched, one for the boot processor
(aka Secure Enclave) processing element and two for the Host processing element. Once the FVP is
-executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic.nopt
+executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic
file are copied to their respective memory locations within the model, enforce firewall policies
on memories and peripherals and then, bring the host out of reset.
@@ -337,11 +377,11 @@
The External System can be released out of reset on demand using the systems-comms-tests command.
SystemReady-IR tests
--------------------------
+--------------------
-*********************
+*************
Testing steps
-*********************
+*************
**NOTE**: Running the SystemReady-IR tests described below requires the user to
work with USB sticks. In our testing, not all USB stick models work well with
@@ -359,7 +399,7 @@
the testing.
Clean Secure Flash Before Testing (applicable to FPGA only)
-==================================================================
+===========================================================
To prepare a clean board environment with clean secure flash for the testing,
the user should prepare an image that erases the secure flash cleanly during
@@ -368,17 +408,17 @@
::
cd <_workspace>
- git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.11.23
- git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2022.11.23
- cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch meta-arm
+ git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2023.06
+ git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.06
+ cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-embedded-a-corstone1000-clean-secure-flash.patch meta-arm
cd meta-arm
- git apply 0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch
+ git apply 0001-embedded-a-corstone1000-clean-secure-flash.patch
cd ..
kas build meta-arm/kas/corstone1000-mps3.yml
Replace the bl1.bin and cs1000.bin files on the SD card with following files:
- The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin
- - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt
+ - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic
Now reboot the board. This step erases the Corstone-1000 SecureEnclave flash
completely, the user should expect following message from TF-M log (can be seen
@@ -394,10 +434,16 @@
software stack and flash the FPGA as normal. And continue the testing.
Run SystemReady-IR ACS tests
-=============================
+============================
+
+Architecture Compliance Suite (ACS) is used to ensure architectural compliance
+across different implementations of the architecture. Arm Enterprise ACS
+includes a set of examples of the invariant behaviors that are provided by a
+set of specifications for enterprise systems (For example: SBSA, SBBR, etc.),
+so that implementers can verify if these behaviours have been interpreted correctly.
ACS image contains two partitions. BOOT partition and RESULT partition.
-Following packages are under BOOT partition
+Following test suites and bootable applications are under BOOT partition:
* SCT
* FWTS
@@ -406,12 +452,30 @@
* grub
* uefi manual capsule application
+BOOT partition contains the following:
+
+::
+
+ ├── EFI
+ │ └── BOOT
+ │ ├── app
+ │ ├── bbr
+ │ ├── bootaa64.efi
+ │ ├── bsa
+ │ ├── debug
+ │ ├── Shell.efi
+ │ └── startup.nsh
+ ├── grub
+ ├── grub.cfg
+ ├── Image
+ └── ramdisk-busybox.img
+
RESULT partition is used to store the test results.
-PLEASE MAKE SURE THAT THE RESULT PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS
+**NOTE**: PLEASE MAKE SURE THAT THE RESULT PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS
WILL NOT BE CONSISTENT
FPGA instructions for ACS image
-================================
+===============================
This section describes how the user can build and run Architecture Compliance
Suite (ACS) tests on Corstone-1000.
@@ -449,10 +513,11 @@
ensure that only the USB stick with the ACS image is connected to the board,
and then boot the board.
-The FPGA will reset multiple times during the test, and it might take approx. 24-36 hours to finish the test. At the end of test, the FPGA host terminal will halt showing a shell prompt. Once test is finished the result can be copied following above instructions.
+The FPGA will reset multiple times during the test, and it might take approx. 24-36 hours to finish the test.
+
FVP instructions for ACS image and run
-============================================
+======================================
Download ACS image from:
- ``https://gitlab.arm.com/systemready/acs/arm-systemready/-/tree/linux-5.17-rc7/IR/prebuilt_images/v22.04_1.0-Linux-v5.17-rc7``
@@ -487,7 +552,7 @@
instructions.
Common to FVP and FPGA
-===========================
+======================
U-Boot should be able to boot the grub bootloader from
the 1st partition and if grub is not interrupted, tests are executed
@@ -496,14 +561,13 @@
- SCT
- UEFI BSA
- FWTS
- - BSA Linux
The results can be fetched from the ``acs_results`` folder in the RESULT partition of the USB stick (FPGA) / SD Card (FVP).
#####################################################
Manual capsule update and ESRT checks
----------------------------------------------------------------------
+-------------------------------------
The following section describes running manual capsule update with the ``direct`` method.
@@ -518,63 +582,86 @@
Check the "Run SystemReady-IR ACS tests" section above to download and unpack the ACS image file
- ``ir_acs_live_image.img.xz``
-Download edk2 under <_workspace> :
+Download edk2 under <_workspace>:
::
git clone https://github.com/tianocore/edk2.git
+ cd edk2
+ git checkout f2188fe5d1553ad1896e27b2514d2f8d0308da8a
-*********************
+Download systemready-patch repo under <_workspace>:
+::
+
+ git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.06
+
+*******************
Generating Capsules
-*********************
-
-The capsule binary size (wic.nopt file) should be less than 15 MB.
-
-Based on the user's requirement, the user can change the firmware version
-number given to ``--fw-version`` option (the version number needs to be >= 1).
+*******************
Generating FPGA Capsules
========================
::
- <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \
- cs1k_cap_mps3_v5 --fw-version 5 --lsv 0 --guid \
- e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \
- 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt
+ cd <_workspace>/build/tmp/deploy/images/corstone1000-mps3/
+ sh <_workspace>/systemready-patch/embedded-a/corstone1000/capsule_gen/capsule_gen.sh -d mps3
+
+This will generate a file called "corstone1000_image.nopt" which will be used to
+generate a UEFI capsule.
::
- <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \
- cs1k_cap_mps3_v6 --fw-version 6 --lsv 0 --guid \
- e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \
- 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt
+ cd <_workspace>
+ edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_mps3_v6 --fw-version 6 \
+ --lsv 0 --guid e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index 0 \
+ --verbose build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt
+
+ edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_mps3_v5 --fw-version 5 \
+ --lsv 0 --guid e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index 0 \
+ --verbose build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt
Generating FVP Capsules
-========================
+=======================
::
- <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \
- cs1k_cap_fvp_v6 --fw-version 6 --lsv 0 --guid \
- e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \
- 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt
+ cd <_workspace>/build/tmp/deploy/images/corstone1000-fvp/
+ sh <_workspace>/systemready-patch/embedded-a/corstone1000/capsule_gen/capsule_gen.sh -d fvp
+
+This will generate a file called "corstone1000_image.nopt" which will be used to
+generate a UEFI capsule.
+
::
- <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \
- cs1k_cap_fvp_v5 --fw-version 5 --lsv 0 --guid \
- e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \
- 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt
+ cd <_workspace>
+ edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_fvp_v6 \
+ --fw-version 6 --lsv 0 --guid e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \
+ 0 --verbose build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt
-*********************
+ edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_fvp_v5 --fw-version 5 \
+ --lsv 0 --guid e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \
+ 0 --verbose build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt
+
+
+Common Notes for FVP and FPGA
+=============================
+
+The capsule binary size (wic file) should be less than 15 MB.
+
+Based on the user's requirement, the user can change the firmware version
+number given to ``--fw-version`` option (the version number needs to be >= 1).
+
+
+****************
Copying Capsules
-*********************
+****************
Copying the FPGA capsules
=========================
-The user should prepare a USB stick as explained in ACS image section (see above).
+The user should prepare a USB stick as explained in ACS image section `FPGA instructions for ACS image`_.
Place the generated ``cs1k_cap`` files in the root directory of the boot partition
in the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file
should not be under the EFI/UpdateCapsule directory as this may or may not trigger
@@ -612,7 +699,7 @@
**NOTE:**
-Size of first partition in the image file is calculated in the following way. The data is
+The size of first partition in the image file is calculated in the following way. The data is
just an example and might vary with different ir_acs_live_image.img files.
::
@@ -632,21 +719,21 @@
and the capsule with the lower version (cs1k_cap_<fvp/mps3>_v5) for the negative scenario.
Running the FVP with the IR prebuilt image
-==============================================
+==========================================
Run the FVP with the IR prebuilt image:
::
- <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file ${<path-to-img>/ir_acs_live_image.img}"
+ <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file=${<path-to-img>/ir_acs_live_image.img}"
Running the FPGA with the IR prebuilt image
-==============================================
+===========================================
Insert the prepared USB stick then Power cycle the MPS3 board.
Executing capsule update for FVP and FPGA
-==============================================
+=========================================
Reach u-boot then interrupt the boot to reach the EFI shell.
@@ -687,14 +774,14 @@
Shell> reset
FPGA: Select Corstone-1000 Linux kernel boot
-==============================================
+============================================
Remove the USB stick before u-boot is reached so the Corstone-1000 kernel will be detected and used for booting.
**NOTE:** Otherwise, the execution ends up in the ACS live image.
FVP: Select Corstone-1000 Linux kernel boot
-==============================================
+===========================================
Interrupt the u-boot shell.
@@ -708,15 +795,14 @@
::
- $ run retrieve_kernel_load_addr
$ unzip $kernel_addr 0x90000000
$ loadm 0x90000000 $kernel_addr_r 0xf00000
$ bootefi $kernel_addr_r $fdtcontroladdr
-***********************
+*********************
Capsule update status
-***********************
+*********************
Positive scenario
=================
@@ -733,7 +819,8 @@
SysTick_Handler: counted = 30, expiring on = 360
...
metadata_write: success: active = 1, previous = 0
- accept_full_capsule: exit: fwu state is changed to regular
+ flash_full_capsule: exit
+ corstone1000_fwu_flash_image: exit: ret = 0
...
@@ -775,15 +862,19 @@
...
uefi_capsule_retrieve_images: image 0 at 0xa0000070, size=15654928
uefi_capsule_retrieve_images: exit
- flash_full_capsule: enter: image = 0x0xa0000070, size = 15654928, version = 10
+ flash_full_capsule: enter: image = 0x0xa0000070, size = 7764541, version = 5
ERROR: flash_full_capsule: version error
private_metadata_write: enter: boot_index = 1
private_metadata_write: success
fmp_set_image_info:133 Enter
FMP image update: image id = 0
- FMP image update: status = 1version=11 last_attempt_version=10.
+ FMP image update: status = 1version=6 last_attempt_version=5.
fmp_set_image_info:157 Exit.
corstone1000_fwu_flash_image: exit: ret = -1
+ fmp_get_image_info:232 Enter
+ pack_image_info:207 ImageInfo size = 105, ImageName size = 34, ImageVersionName
+ size = 36
+ fmp_get_image_info:236 Exit
...
@@ -825,54 +916,96 @@
lowest_supported_fw_ver: 0
Linux distros tests
-----------------------------------
+-------------------
-***************************************************************************************
-Debian/OpenSUSE install and boot (applicable to FPGA only)
-***************************************************************************************
+*************************************************************
+Debian install and boot preparation (applicable to FPGA only)
+*************************************************************
-To test Linux distro install and boot, the user should prepare two empty USB sticks (minimum size should be 4GB and formatted with FAT32).
+There is a known issue in the `Shim 15.7 <https://salsa.debian.org/efi-team/shim/-/tree/upstream/15.7?ref_type=tags>`__
+provided with the Debian installer image (see below). This bug causes a fatal
+error when attempting to boot media installer for Debian, and it resets the MPS3 before installation starts.
+A patch to be applied to the Corstone-1000 stack (only applicable when
+installing Debian) is provided to
+`Skip the Shim <https://gitlab.arm.com/arm-reference-solutions/systemready-patch/-/blob/CORSTONE1000-2023.06/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch>`__.
+This patch makes U-Boot automatically bypass the Shim and run grub and allows
+the user to proceed with a normal installation. If at the moment of reading this
+document the problem is solved in the Shim, the user is encouraged to try the
+corresponding new installer image. Otherwise, please apply the patch as
+indicated by the instructions listed below. These instructions assume that the
+user has already built the stack by following the build steps of this
+documentation.
+
+::
+
+ cd <_workspace>
+ git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.06
+ cp -f systemready-patch/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch meta-arm
+ cd meta-arm
+ git am 0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch
+ cd ..
+ kas shell meta-arm/kas/corstone1000-mps3.yml -c="bitbake u-boot trusted-firmware-a corstone1000-image -c cleansstate; bitbake corstone1000-image"
+
+Please update the cs1000.bin on the SD card with the newly generated wic file.
+
+*************************************************
+Debian/openSUSE install (applicable to FPGA only)
+*************************************************
+
+To test Linux distro install and boot, the user should prepare two empty USB
+sticks (minimum size should be 4GB and formatted with FAT32).
Download one of following Linux distro images:
- - Debian installer image: https://cdimage.debian.org/cdimage/weekly-builds/arm64/iso-dvd/
- - OpenSUSE Tumbleweed installer image: http://download.opensuse.org/ports/aarch64/tumbleweed/iso/
- - The user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso
+ - `Debian 12.0.0 installer image <https://cdimage.debian.org/debian-cd/current/arm64/iso-dvd/debian-12.0.0-arm64-DVD-1.iso>`__
+ - `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__
-Once the .iso file is downloaded, the .iso file needs to be flashed to your USB drive.
+**NOTE:** For OpenSUSE Tumbleweed, the user should look for a DVD Snapshot like
+openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso
-In the given example here, we assume the USB device is ``/dev/sdb`` (the user
-should use `lsblk` command to confirm). Be cautious here and don't confuse your
-host PC's own hard drive with the USB drive. Then copy the contents of an iso
-file into the first USB stick, run:
+Once the iso file is downloaded, the iso file needs to be flashed to your USB
+drive. This can be done with your development machine.
+
+In the example given below, we assume the USB device is ``/dev/sdb`` (the user
+should use the `lsblk` command to confirm).
+
+**NOTE:** Please don't confuse your host PC's own hard drive with the USB drive.
+Then, copy the contents of the iso file into the first USB stick by running the
+following command in the development machine:
::
sudo dd if=<path-to-iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
-Boot the MSP3 board with the first USB stick connected. Open following minicom sessions:
+Unplug the first USB stick from the development machine and connect it to the
+MSP3 board. At this moment, only the first USB stick should be connected. Open
+the following picocom sessions in your development machine:
::
sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal
sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal.
-Now plug in the second USB stick (once installation screen is visible), the distro installation process will start. The installation prompt can be seen in ttyUSB2. If installer does not start, please try to reboot the board with both USB sticks connected and repeat the process.
+When the installation screen is visible in ttyUSB2, plug in the second USB stick
+in the MPS3 and start the distro installation process. If the installer does not
+start, please try to reboot the board with both USB sticks connected and repeat
+the process.
**NOTE:** Due to the performance limitation of Corstone-1000 MPS3 FPGA, the
distro installation process can take up to 24 hours to complete.
-Once installation is complete, unplug the first USB stick and reboot the board.
-After successfully installing and booting the Linux distro, the user should see
-a login prompt:
+*******************************************************
+Debian install clarifications (applicable to FPGA only)
+*******************************************************
-::
+As the installation process for Debian is different than the one for openSUSE,
+Debian may need some extra steps, that are indicated below:
- debian login:
+During Debian installation, please answer the following question:
+ - "Force GRUB installation to the EFI removable media path?" Yes
+ - "Update NVRAM variables to automatically boot into Debian?" No
-Login with the username root.
-
-**NOTE:** The Debian installer has a known issue "Install the GRUB bootloader - unable to install " and these are the steps to
-follow on the subsequent popups to solve the issue during the installation:
+If the grub installation fails, these are the steps to follow on the subsequent
+popups:
1. Select "Continue", then "Continue" again on the next popup
2. Scroll down and select "Execute a shell"
@@ -898,19 +1031,59 @@
7. Select "Continue without boot loader", then select "Continue" on the next popup
8. At this stage, the installation should proceed as normal.
-***************************************************************************************
-OpenSUSE Raw image install and boot (applicable to FVP only)
-***************************************************************************************
+*****************************************************************
+Debian/openSUSE boot after installation (applicable to FPGA only)
+*****************************************************************
-Steps to download openSUSE Tumbleweed raw image:
- - Go to: http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/
- - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw.xz``
+Once the installation is complete, unplug the first USB stick and reboot the
+board.
+The board will then enter recovery mode, from which the user can access a shell
+after entering the password for the root user. Proceed to edit the following
+files accordingly:
+
+::
+
+ vi /etc/systemd/system.conf
+ DefaultDeviceTimeoutSec=infinity
+
+The file to be editted next is different depending on the installed distro:
+
+::
+
+ vi /etc/login.defs # Only applicable to Debian
+ vi /usr/etc/login.defs # Only applicable to openSUSE
+ LOGIN_TIMEOUT 180
+
+To make sure the changes are applied, please run:
+
+::
+
+ systemctl daemon-reload
+
+After applying the previous commands, please reboot the board. The user should
+see a login prompt after booting, for example, for debian:
+
+::
+
+ debian login:
+
+Login with the username root and its corresponding password (already set at
+installation time).
+
+************************************************************
+OpenSUSE Raw image install and boot (applicable to FVP only)
+************************************************************
+
+Steps to download OpenSUSE Tumbleweed raw image:
+ - Under `OpenSUSE Tumbleweed appliances <http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/>`__
+ - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example,
+ ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw.xz``
Once the .raw.xz file is downloaded, the raw image file needs to be extracted:
::
- unxz <file-name.raw.xz>
+ unxz <file-name.raw.xz>
The above command will generate a file ending with extension .raw image. Now, use the following command
@@ -918,23 +1091,23 @@
::
-<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}"
+ <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}"
After successfully installing and booting the Linux distro, the user should see
a openSUSE login prompt.
::
- localhost login:
+ localhost login:
Login with the username 'root' and password 'linux'.
PSA API tests
-----------------------
+-------------
-***************************************************************************************
+***********************************************************
Run PSA API test commands (applicable to both FPGA and FVP)
-***************************************************************************************
+***********************************************************
When running PSA API test commands (aka PSA Arch Tests) on MPS3 FPGA, the user should make sure there is no
USB stick connected to the board. Power on the board and boot the board to
@@ -948,7 +1121,7 @@
::
- insmod /lib/modules/5.19.14-yocto-standard/extra/arm-ffa-tee.ko
+ insmod /lib/modules/6.1.32-yocto-standard/extra/arm-ffa-tee.ko
Then, check whether the FF-A TEE driver is loaded correctly by using the following command:
@@ -960,7 +1133,7 @@
::
- arm_ffa_tee 16384 - - Live 0xffffffc0004f0000 (O)
+ arm_ffa_tee 16384 - - Live 0xffffffc000510000 (O)
Now, run the PSA API tests in the following order:
@@ -971,15 +1144,17 @@
psa-its-api-test
psa-ps-api-test
-External System tests
------------------------------------
+**NOTE:** The psa-crypto-api-test takes between 30 minutes to 1 hour to run.
-***************************************************************************************
+External System tests
+---------------------
+
+**************************************************************
Running the External System test command (systems-comms-tests)
-***************************************************************************************
+**************************************************************
Test 1: Releasing the External System out of reset
-===================================================
+==================================================
Run this command in the Linux command-line:
@@ -1004,7 +1179,7 @@
MHUv2 module 'MHU1_SE' started
Test 2: Communication
-=============================================
+=====================
Test 2 releases the External System out of reset if not already done. Then, it performs communication between host and External System.
@@ -1014,7 +1189,7 @@
systems-comms-tests 2
-Additional output on the External System terminal will be printed:
+Additional output on the External System terminal will be printed:
::
@@ -1058,13 +1233,13 @@
Tests results
------------------------------------
+-------------
-As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2022.11.23) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2022.11.23>`__
-can be found in `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__.
+As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2023.06) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2023.06>`__
+can be found `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__.
Running the software on FVP on Windows
----------------------------------------------------------------
+--------------------------------------
If the user needs to run the Corstone-1000 software on FVP on Windows. The user
should follow the build instructions in this document to build on Linux host
@@ -1073,6 +1248,7 @@
--------------
-*Copyright (c) 2022, Arm Limited. All rights reserved.*
+*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
.. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
+.. _U-Boot repo: https://github.com/u-boot/u-boot.git
diff --git a/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md b/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md
index e29aad3..00efed4 100644
--- a/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md
+++ b/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md
@@ -110,7 +110,7 @@
https://developer.arm.com/downloads/-/arm-ecosystem-fvps/eula
by setting the following environment variable:
- FVP_BASE_R_ARM_EULA_ACCEPT="True"
+ ARM_FVP_EULA_ACCEPT="True"
**Note:** The host machine should have at least 50 GBytes of free disk space
for the next steps to work correctly.
@@ -134,13 +134,13 @@
Building with the standard Linux kernel:
cd ~/fvp-baser-aemv8r64-build
- export FVP_BASE_R_ARM_EULA_ACCEPT="True"
+ export ARM_FVP_EULA_ACCEPT="True"
kas build meta-arm/kas/fvp-baser-aemv8r64-bsp.yml
Building with the Real-Time Linux kernel (PREEMPT\_RT):
cd ~/fvp-baser-aemv8r64-build
- export FVP_BASE_R_ARM_EULA_ACCEPT="True"
+ export ARM_FVP_EULA_ACCEPT="True"
kas build meta-arm/kas/fvp-baser-aemv8r64-rt-bsp.yml
### Run
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-juno.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-juno.inc
index f78c94b..1f02d8e 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-juno.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-juno.inc
@@ -2,7 +2,6 @@
COMPATIBLE_MACHINE = "juno"
-SCP_PLATFORM = "juno"
FW_TARGETS = "scp"
FW_INSTALL:append = " romfw_bypass"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc
index 811537a..c89b132 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc
@@ -1,10 +1,9 @@
# N1SDP specific SCP configurations and build instructions
-SCP_PLATFORM = "n1sdp"
-SCP_LOG_LEVEL = "INFO"
-
COMPATIBLE_MACHINE:n1sdp = "n1sdp"
+SCP_LOG_LEVEL = "INFO"
+
DEPENDS += "fiptool-native"
DEPENDS += "trusted-firmware-a"
DEPENDS += "n1sdp-board-firmware"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc
index e1b0a85..3413822 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc
@@ -1,6 +1,5 @@
# SGI575 specific SCP configurations and build instructions
-SCP_PLATFORM = "sgi575"
-SCP_LOG_LEVEL = "INFO"
-
COMPATIBLE_MACHINE:sgi575 = "sgi575"
+
+SCP_LOG_LEVEL = "INFO"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc
index 3cbadad..2c65635 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc
@@ -2,5 +2,4 @@
COMPATIBLE_MACHINE = "(tc1)"
-SCP_PLATFORM:tc1 = "tc1"
FW_TARGETS = "scp"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2023.01.bb b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2023.01.bb
new file mode 100644
index 0000000..2dd5e04
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2023.01.bb
@@ -0,0 +1,4 @@
+require recipes-bsp/u-boot/u-boot-common.inc
+require recipes-bsp/u-boot/u-boot.inc
+
+SRCREV = "62e2ad1ceafbfdf2c44d3dc1b6efc81e768a96b9"
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch
index b68edbc..5af041e 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch
@@ -7,7 +7,7 @@
from user-space. It provides run and reset
functionality at the moment.
-Upstream-Status: Pending[Not submitted to upstream yet]
+Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
index 38bea02..64b1e41 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
@@ -76,8 +76,6 @@
# Juno KMACHINE
#
COMPATIBLE_MACHINE:juno = "juno"
-#KBUILD_DEFCONFIG:juno = "defconfig"
-#KCONFIG_MODE:juno = "--alldefconfig"
FILESEXTRAPATHS:prepend:juno := "${ARMBSPFILESPATHS}"
SRC_URI:append:juno = " \
file://0001-arm64-dts-Update-cache-properties-for-Arm-Ltd-platfo.patch \
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service
new file mode 100644
index 0000000..c273832
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=TEE Supplicant
+
+[Service]
+User=root
+EnvironmentFile=-@sysconfdir@/default/tee-supplicant
+ExecStart=@sbindir@/tee-supplicant $OPTARGS
+
+[Install]
+WantedBy=basic.target
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh
new file mode 100644
index 0000000..b4d2195
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+# Source function library
+. /etc/init.d/functions
+
+NAME=tee-supplicant
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DESC="OP-TEE Supplicant"
+
+DAEMON=@sbindir@/$NAME
+
+test -f $DAEMON || exit 0
+
+test -f @sysconfdir@/default/$NAME && . @sysconfdir@/default/$NAME
+test -f @sysconfdir@/default/rcS && . @sysconfdir@/default/rcS
+
+SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- -d $OPTARGS"
+
+set -e
+
+case $1 in
+ start)
+ echo -n "Starting $DESC: "
+ start-stop-daemon --start $SSD_OPTIONS
+ echo "${DAEMON##*/}."
+ ;;
+ stop)
+ echo -n "Stopping $DESC: "
+ start-stop-daemon --stop $SSD_OPTIONS
+ echo "${DAEMON##*/}."
+ ;;
+ restart|force-reload)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+ status)
+ status ${DAEMON} || exit $?
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.18.0.bb
new file mode 100644
index 0000000..ea7b65c
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.18.0.bb
@@ -0,0 +1,3 @@
+require recipes-security/optee/optee-client.inc
+
+SRCREV = "e7cba71cc6e2ecd02f412c7e9ee104f0a5dffc6f"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.20.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.20.0.bb
similarity index 73%
rename from meta-arm/meta-arm/recipes-security/optee/optee-client_3.20.0.bb
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.20.0.bb
index 1e69136..3daab7f 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.20.0.bb
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.20.0.bb
@@ -1,4 +1,4 @@
-require optee-client.inc
+require recipes-security/optee/optee-client.inc
SRCREV = "dd2d39b49975d2ada7870fe2b7f5a84d0d3860dc"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.18.0.bb
new file mode 100644
index 0000000..7796430
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.18.0.bb
@@ -0,0 +1,3 @@
+require recipes-security/optee/optee-examples.inc
+
+SRCREV = "f301ee9df2129c0db683e726c91dc2cefe4cdb65"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.20.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.20.0.bb
new file mode 100644
index 0000000..4a63f95
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.20.0.bb
@@ -0,0 +1,3 @@
+require recipes-security/optee/optee-examples.inc
+
+SRCREV = "a98d01e1b9168eaed96bcd0bac0df67c44a81081"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
similarity index 93%
copy from meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
copy to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
index ab4a6db..2aec7fc 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
@@ -1,4 +1,4 @@
-From 528aeb42652a3159c1bfd51d6c1442c3ff27b84c Mon Sep 17 00:00:00 2001
+From fed478758e495f35d18a9e2a89193e6577b06799 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Tue, 26 May 2020 14:38:02 -0500
Subject: [PATCH] allow setting sysroot for libgcc lookup
@@ -9,13 +9,12 @@
Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188]
Signed-off-by: Ross Burton <ross.burton@arm.com>
-
---
mk/gcc.mk | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/mk/gcc.mk b/mk/gcc.mk
-index adc77a24..81bfa78a 100644
+index adc77a24f25e..81bfa78ad8d7 100644
--- a/mk/gcc.mk
+++ b/mk/gcc.mk
@@ -13,11 +13,11 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0002-optee-enable-clang-support.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0002-optee-enable-clang-support.patch
similarity index 91%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0002-optee-enable-clang-support.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0002-optee-enable-clang-support.patch
index 067ba6e..7441e74 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0002-optee-enable-clang-support.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0002-optee-enable-clang-support.patch
@@ -1,4 +1,4 @@
-From db9e44af75c7cfd3316cab15aaa387383df3e57e Mon Sep 17 00:00:00 2001
+From f158e3af6633bd689a76d53be2c9c590c0385350 Mon Sep 17 00:00:00 2001
From: Brett Warren <brett.warren@arm.com>
Date: Wed, 23 Sep 2020 09:27:34 +0100
Subject: [PATCH] optee: enable clang support
@@ -10,13 +10,12 @@
Upstream-Status: Pending
ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701
Signed-off-by: Brett Warren <brett.warren@arm.com>
-
---
mk/clang.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mk/clang.mk b/mk/clang.mk
-index c141a3f2..7d067cc0 100644
+index c141a3f2ed0b..7d067cc007fa 100644
--- a/mk/clang.mk
+++ b/mk/clang.mk
@@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0003-core-link-add-no-warn-rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0003-core-link-add-no-warn-rwx-segments.patch
similarity index 96%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0003-core-link-add-no-warn-rwx-segments.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0003-core-link-add-no-warn-rwx-segments.patch
index 6d48a76..62aee35 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0003-core-link-add-no-warn-rwx-segments.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0003-core-link-add-no-warn-rwx-segments.patch
@@ -1,4 +1,4 @@
-From cf2a2451f4e9300532d677bb3a8315494a3b3a82 Mon Sep 17 00:00:00 2001
+From fb69397234b1efe3528714b6c0c1921ce37ad6a6 Mon Sep 17 00:00:00 2001
From: Jerome Forissier <jerome.forissier@linaro.org>
Date: Fri, 5 Aug 2022 09:48:03 +0200
Subject: [PATCH] core: link: add --no-warn-rwx-segments
@@ -18,13 +18,12 @@
Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
-
---
core/arch/arm/kernel/link.mk | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
-index 7eed333a..c39d43cb 100644
+index 7eed333a32de..c39d43cbfc5b 100644
--- a/core/arch/arm/kernel/link.mk
+++ b/core/arch/arm/kernel/link.mk
@@ -31,6 +31,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0004-core-Define-section-attributes-for-clang.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0004-core-Define-section-attributes-for-clang.patch
similarity index 96%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0004-core-Define-section-attributes-for-clang.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0004-core-Define-section-attributes-for-clang.patch
index 0ab670f..e3c509f 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0004-core-Define-section-attributes-for-clang.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0004-core-Define-section-attributes-for-clang.patch
@@ -1,4 +1,4 @@
-From 7218af04ce3af466e95d69e4995138cd2d26dd3f Mon Sep 17 00:00:00 2001
+From 0690909f07779a8f35b1f3d0baf8d4c5c9305d14 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sat, 13 Aug 2022 19:24:55 -0700
Subject: [PATCH] core: Define section attributes for clang
@@ -39,7 +39,7 @@
5 files changed, 104 insertions(+), 11 deletions(-)
diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
-index f083b159..432983c8 100644
+index f083b159e969..432983c86c9f 100644
--- a/core/arch/arm/kernel/thread.c
+++ b/core/arch/arm/kernel/thread.c
@@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss;
@@ -76,7 +76,7 @@
#ifdef ARM32
diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c
-index 3f08eec6..e6dc9261 100644
+index 3f08eec623f3..e6dc9261c41e 100644
--- a/core/arch/arm/mm/core_mmu_lpae.c
+++ b/core/arch/arm/mm/core_mmu_lpae.c
@@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t;
@@ -131,7 +131,7 @@
* TAs page table entry inside a level 1 page table.
*
diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c
-index cd85bd22..3e18f54f 100644
+index cd85bd22d385..3e18f54f6cf8 100644
--- a/core/arch/arm/mm/core_mmu_v7.c
+++ b/core/arch/arm/mm/core_mmu_v7.c
@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_ENTRIES];
@@ -185,7 +185,7 @@
struct mmu_partition {
l1_xlat_tbl_t *l1_table;
diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c
-index dee1d207..382cae1c 100644
+index dee1d207943f..382cae1c3f30 100644
--- a/core/arch/arm/mm/pgt_cache.c
+++ b/core/arch/arm/mm/pgt_cache.c
@@ -104,8 +104,18 @@ void pgt_init(void)
@@ -209,7 +209,7 @@
for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) {
diff --git a/core/kernel/thread.c b/core/kernel/thread.c
-index 18d34e6a..086129e2 100644
+index 18d34e6adfe2..086129e282bc 100644
--- a/core/kernel/thread.c
+++ b/core/kernel/thread.c
@@ -37,13 +37,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss;
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch
similarity index 96%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch
index 3ba6c4e..862a76b 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch
@@ -1,4 +1,4 @@
-From ea932656461865ab9ac4036245c756c082aeb3e1 Mon Sep 17 00:00:00 2001
+From 63445958678b58c5adc7eca476b216e5dc0f4195 Mon Sep 17 00:00:00 2001
From: Jerome Forissier <jerome.forissier@linaro.org>
Date: Tue, 23 Aug 2022 11:41:00 +0000
Subject: [PATCH] core, ldelf: link: add -z execstack
@@ -20,14 +20,13 @@
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
-
---
core/arch/arm/kernel/link.mk | 13 +++++++++----
ldelf/link.mk | 3 +++
2 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
-index c39d43cb..0e96e606 100644
+index c39d43cbfc5b..0e96e606cd9d 100644
--- a/core/arch/arm/kernel/link.mk
+++ b/core/arch/arm/kernel/link.mk
@@ -9,6 +9,11 @@ link-script-dep = $(link-out-dir)/.kern.ld.d
@@ -79,7 +78,7 @@
$(libgcccore)
cleanfiles += $(link-out-dir)/init.o
diff --git a/ldelf/link.mk b/ldelf/link.mk
-index 64c8212a..bd49551e 100644
+index 64c8212a06fa..bd49551e7065 100644
--- a/ldelf/link.mk
+++ b/ldelf/link.mk
@@ -20,6 +20,9 @@ link-ldflags += -z max-page-size=4096 # OP-TEE always uses 4K alignment
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
similarity index 92%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
index 4ea65d8..e82fdc7 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
@@ -1,4 +1,4 @@
-From ec30e84671aac9a2e9549754eb7bc6201728db4c Mon Sep 17 00:00:00 2001
+From 1a991cbedf8647d5a1e7c312614f7867c3940968 Mon Sep 17 00:00:00 2001
From: Jerome Forissier <jerome.forissier@linaro.org>
Date: Tue, 23 Aug 2022 12:31:46 +0000
Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to
@@ -24,7 +24,6 @@
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
-
---
lib/libutee/arch/arm/utee_syscalls_a32.S | 2 ++
lib/libutils/ext/arch/arm/atomic_a32.S | 2 ++
@@ -36,7 +35,7 @@
7 files changed, 14 insertions(+)
diff --git a/lib/libutee/arch/arm/utee_syscalls_a32.S b/lib/libutee/arch/arm/utee_syscalls_a32.S
-index 6e621ca6..af405f62 100644
+index 6e621ca6e06d..af405f62723c 100644
--- a/lib/libutee/arch/arm/utee_syscalls_a32.S
+++ b/lib/libutee/arch/arm/utee_syscalls_a32.S
@@ -7,6 +7,8 @@
@@ -49,7 +48,7 @@
.balign 4
.code 32
diff --git a/lib/libutils/ext/arch/arm/atomic_a32.S b/lib/libutils/ext/arch/arm/atomic_a32.S
-index eaef6914..2be73ffa 100644
+index eaef6914734e..2be73ffadcc9 100644
--- a/lib/libutils/ext/arch/arm/atomic_a32.S
+++ b/lib/libutils/ext/arch/arm/atomic_a32.S
@@ -5,6 +5,8 @@
@@ -62,7 +61,7 @@
FUNC atomic_inc32 , :
ldrex r1, [r0]
diff --git a/lib/libutils/ext/arch/arm/mcount_a32.S b/lib/libutils/ext/arch/arm/mcount_a32.S
-index 51439a23..54dc3c02 100644
+index 51439a23014e..54dc3c02da66 100644
--- a/lib/libutils/ext/arch/arm/mcount_a32.S
+++ b/lib/libutils/ext/arch/arm/mcount_a32.S
@@ -7,6 +7,8 @@
@@ -75,7 +74,7 @@
* Convert return address to call site address by subtracting the size of the
* mcount call instruction (blx __gnu_mcount_nc).
diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
-index a600c879..37ae9ec6 100644
+index a600c879668c..37ae9ec6f9f1 100644
--- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
@@ -5,6 +5,8 @@
@@ -88,7 +87,7 @@
* signed ret_idivmod_values(signed quot, signed rem);
* return quotient and remaining the EABI way (regs r0,r1)
diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
-index 2dc50bc9..5c3353e2 100644
+index 2dc50bc98bbf..5c3353e2c1ba 100644
--- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
@@ -5,6 +5,8 @@
@@ -101,7 +100,7 @@
* __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d)
*/
diff --git a/lib/libutils/isoc/arch/arm/setjmp_a32.S b/lib/libutils/isoc/arch/arm/setjmp_a32.S
-index 43ea5937..f8a0b70d 100644
+index 43ea593758c9..f8a0b70df705 100644
--- a/lib/libutils/isoc/arch/arm/setjmp_a32.S
+++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S
@@ -51,6 +51,8 @@
@@ -114,7 +113,7 @@
The interworking scheme expects functions to use a BX instruction
diff --git a/ta/arch/arm/ta_entry_a32.S b/ta/arch/arm/ta_entry_a32.S
-index d2f8a69d..cd9a12f9 100644
+index d2f8a69daa7f..cd9a12f9dbf9 100644
--- a/ta/arch/arm/ta_entry_a32.S
+++ b/ta/arch/arm/ta_entry_a32.S
@@ -5,6 +5,8 @@
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
similarity index 93%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
index ab4a6db..54b667a 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
@@ -1,4 +1,4 @@
-From 528aeb42652a3159c1bfd51d6c1442c3ff27b84c Mon Sep 17 00:00:00 2001
+From 843eb2ef918d5ae3d09de088110cb026ca25306b Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Tue, 26 May 2020 14:38:02 -0500
Subject: [PATCH] allow setting sysroot for libgcc lookup
@@ -9,13 +9,12 @@
Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188]
Signed-off-by: Ross Burton <ross.burton@arm.com>
-
---
mk/gcc.mk | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/mk/gcc.mk b/mk/gcc.mk
-index adc77a24..81bfa78a 100644
+index adc77a24f25e..81bfa78ad8d7 100644
--- a/mk/gcc.mk
+++ b/mk/gcc.mk
@@ -13,11 +13,11 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0002-optee-enable-clang-support.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0002-optee-enable-clang-support.patch
similarity index 91%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0002-optee-enable-clang-support.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0002-optee-enable-clang-support.patch
index af0ec94..b3e3098 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0002-optee-enable-clang-support.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0002-optee-enable-clang-support.patch
@@ -1,4 +1,4 @@
-From 8846ab2b37781364088cc5c02b6bc6f518a66a0a Mon Sep 17 00:00:00 2001
+From 0ca5ef7c8256dbd9690a01a82397bc16a123e179 Mon Sep 17 00:00:00 2001
From: Brett Warren <brett.warren@arm.com>
Date: Wed, 23 Sep 2020 09:27:34 +0100
Subject: [PATCH] optee: enable clang support
@@ -10,13 +10,12 @@
Upstream-Status: Pending
ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701
Signed-off-by: Brett Warren <brett.warren@arm.com>
-
---
mk/clang.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mk/clang.mk b/mk/clang.mk
-index a045beee..1ebe2f70 100644
+index a045beee8482..1ebe2f702dcd 100644
--- a/mk/clang.mk
+++ b/mk/clang.mk
@@ -30,7 +30,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0003-core-link-add-no-warn-rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0003-core-link-add-no-warn-rwx-segments.patch
similarity index 96%
copy from meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0003-core-link-add-no-warn-rwx-segments.patch
copy to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0003-core-link-add-no-warn-rwx-segments.patch
index 5740461..5d4191f 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0003-core-link-add-no-warn-rwx-segments.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0003-core-link-add-no-warn-rwx-segments.patch
@@ -1,4 +1,4 @@
-From 188a39b139e0e2ccceb22bcf63559b451f0483e0 Mon Sep 17 00:00:00 2001
+From 741df4df0ec7b69b0573cff265dc1ae7cb70b55c Mon Sep 17 00:00:00 2001
From: Jerome Forissier <jerome.forissier@linaro.org>
Date: Fri, 5 Aug 2022 09:48:03 +0200
Subject: [PATCH] core: link: add --no-warn-rwx-segments
@@ -18,13 +18,12 @@
Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
-
---
core/arch/arm/kernel/link.mk | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
-index 0e96e606..3fbcb680 100644
+index 0e96e606cd9d..3fbcb6804c6f 100644
--- a/core/arch/arm/kernel/link.mk
+++ b/core/arch/arm/kernel/link.mk
@@ -37,6 +37,7 @@ link-ldflags += --sort-section=alignment
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0004-core-Define-section-attributes-for-clang.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0004-core-Define-section-attributes-for-clang.patch
similarity index 96%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0004-core-Define-section-attributes-for-clang.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0004-core-Define-section-attributes-for-clang.patch
index f94d19f..6229be9 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0004-core-Define-section-attributes-for-clang.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0004-core-Define-section-attributes-for-clang.patch
@@ -1,4 +1,4 @@
-From e74d8a02edd8c431c87786e22dbceee8e1e85bb8 Mon Sep 17 00:00:00 2001
+From 162493e5b212b9d7391669a55be09b69b97a9cf8 Mon Sep 17 00:00:00 2001
From: Emekcan Aras <emekcan.aras@arm.com>
Date: Wed, 21 Dec 2022 10:55:58 +0000
Subject: [PATCH] core: Define section attributes for clang
@@ -30,7 +30,6 @@
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
---
core/arch/arm/kernel/thread.c | 19 +++++++++++++++--
core/arch/arm/mm/core_mmu_lpae.c | 35 +++++++++++++++++++++++++++----
@@ -40,7 +39,7 @@
5 files changed, 104 insertions(+), 11 deletions(-)
diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
-index 1cf76a0c..1e7f9f96 100644
+index 1cf76a0ca690..1e7f9f96b558 100644
--- a/core/arch/arm/kernel/thread.c
+++ b/core/arch/arm/kernel/thread.c
@@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss;
@@ -77,7 +76,7 @@
#ifdef ARM32
diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c
-index 3f08eec6..e6dc9261 100644
+index 3f08eec623f3..e6dc9261c41e 100644
--- a/core/arch/arm/mm/core_mmu_lpae.c
+++ b/core/arch/arm/mm/core_mmu_lpae.c
@@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t;
@@ -132,7 +131,7 @@
* TAs page table entry inside a level 1 page table.
*
diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c
-index cd85bd22..3e18f54f 100644
+index cd85bd22d385..3e18f54f6cf8 100644
--- a/core/arch/arm/mm/core_mmu_v7.c
+++ b/core/arch/arm/mm/core_mmu_v7.c
@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_ENTRIES];
@@ -186,7 +185,7 @@
struct mmu_partition {
l1_xlat_tbl_t *l1_table;
diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c
-index 79553c6d..b9efdf42 100644
+index 79553c6d2183..b9efdf42780b 100644
--- a/core/arch/arm/mm/pgt_cache.c
+++ b/core/arch/arm/mm/pgt_cache.c
@@ -410,8 +410,18 @@ void pgt_init(void)
@@ -210,7 +209,7 @@
for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) {
diff --git a/core/kernel/thread.c b/core/kernel/thread.c
-index d1f2f382..8de124ae 100644
+index d1f2f3823be7..8de124ae5357 100644
--- a/core/kernel/thread.c
+++ b/core/kernel/thread.c
@@ -38,13 +38,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss;
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch
similarity index 92%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch
index 4313a82..381cad9 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch
@@ -1,7 +1,7 @@
-From 11f4ea86579bc1a58e4adde2849326f4213694f2 Mon Sep 17 00:00:00 2001
+From d0e32b6e202cde672c2b38dc568122a52be716b4 Mon Sep 17 00:00:00 2001
From: Jens Wiklander <jens.wiklander@linaro.org>
Date: Mon, 21 Nov 2022 18:17:33 +0100
-Subject: core: arm: S-EL1 SPMC: boot ABI update
+Subject: [PATCH] core: arm: S-EL1 SPMC: boot ABI update
Updates the boot ABI for S-EL1 SPMC to align better with other SPMCs,
like Hafnium, but also with the non-FF-A configuration.
@@ -30,7 +30,7 @@
2 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c
-index dd34173e8..e02c02b60 100644
+index dd34173e838d..e02c02b6097d 100644
--- a/core/arch/arm/kernel/boot.c
+++ b/core/arch/arm/kernel/boot.c
@@ -1502,11 +1502,17 @@ struct ns_entry_context *boot_core_hpen(void)
@@ -53,7 +53,7 @@
DMSG("Bad fdt: %d", rc);
goto err;
diff --git a/core/arch/arm/kernel/entry_a64.S b/core/arch/arm/kernel/entry_a64.S
-index 4c6e9d75c..047ae1f25 100644
+index 4c6e9d75ca45..047ae1f25cc9 100644
--- a/core/arch/arm/kernel/entry_a64.S
+++ b/core/arch/arm/kernel/entry_a64.S
@@ -143,21 +143,20 @@
@@ -86,6 +86,3 @@
#endif
adr x0, reset_vect_table
---
-2.39.1.windows.1
-
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch
similarity index 94%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch
index add3907..5421b10 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch
@@ -1,7 +1,7 @@
-From 84f4ef4c4f2f45e2f54597f1afe80d8f8396cc57 Mon Sep 17 00:00:00 2001
+From 9da324001fd93e1b3d9bca076e4afddbb5cac289 Mon Sep 17 00:00:00 2001
From: Balint Dobszay <balint.dobszay@arm.com>
Date: Fri, 10 Feb 2023 11:07:27 +0100
-Subject: core: ffa: add TOS_FW_CONFIG handling
+Subject: [PATCH] core: ffa: add TOS_FW_CONFIG handling
At boot TF-A passes two DT addresses (HW_CONFIG and TOS_FW_CONFIG), but
currently only the HW_CONFIG address is saved, the other one is dropped.
@@ -23,7 +23,7 @@
6 files changed, 81 insertions(+), 8 deletions(-)
diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c
-index e02c02b60..98e13c072 100644
+index e02c02b6097d..98e13c072d8e 100644
--- a/core/arch/arm/kernel/boot.c
+++ b/core/arch/arm/kernel/boot.c
@@ -1,6 +1,7 @@
@@ -118,7 +118,7 @@
update_external_dt();
configure_console_from_dt();
diff --git a/core/arch/arm/kernel/entry_a32.S b/core/arch/arm/kernel/entry_a32.S
-index 0f14ca2f6..3758fd8b7 100644
+index 0f14ca2f6ad9..3758fd8b7674 100644
--- a/core/arch/arm/kernel/entry_a32.S
+++ b/core/arch/arm/kernel/entry_a32.S
@@ -1,7 +1,7 @@
@@ -139,7 +139,7 @@
#ifndef CFG_VIRTUALIZATION
mov r0, #THREAD_CLF_TMP
diff --git a/core/arch/arm/kernel/entry_a64.S b/core/arch/arm/kernel/entry_a64.S
-index 047ae1f25..fa76437fb 100644
+index 047ae1f25cc9..fa76437fb73c 100644
--- a/core/arch/arm/kernel/entry_a64.S
+++ b/core/arch/arm/kernel/entry_a64.S
@@ -1,7 +1,7 @@
@@ -178,7 +178,7 @@
#ifdef CFG_CORE_PAUTH
init_pauth_per_cpu
diff --git a/core/arch/arm/kernel/link_dummies_paged.c b/core/arch/arm/kernel/link_dummies_paged.c
-index 3b8287e06..023a5f3f5 100644
+index 3b8287e06a11..023a5f3f558b 100644
--- a/core/arch/arm/kernel/link_dummies_paged.c
+++ b/core/arch/arm/kernel/link_dummies_paged.c
@@ -1,6 +1,7 @@
@@ -200,7 +200,7 @@
}
diff --git a/core/arch/arm/kernel/secure_partition.c b/core/arch/arm/kernel/secure_partition.c
-index 1d36e90b1..d386f1e4d 100644
+index 1d36e90b1cf7..d386f1e4d211 100644
--- a/core/arch/arm/kernel/secure_partition.c
+++ b/core/arch/arm/kernel/secure_partition.c
@@ -1212,7 +1212,7 @@ static TEE_Result fip_sp_map_all(void)
@@ -213,7 +213,7 @@
EMSG("No SPMC manifest found");
return TEE_ERROR_GENERIC;
diff --git a/core/include/kernel/boot.h b/core/include/kernel/boot.h
-index 260854473..941e093b2 100644
+index 260854473b8b..941e093b29a1 100644
--- a/core/include/kernel/boot.h
+++ b/core/include/kernel/boot.h
@@ -1,7 +1,7 @@
@@ -244,6 +244,3 @@
/*
* get_aslr_seed() - return a random seed for core ASLR
* @fdt: Pointer to a device tree if CFG_DT_ADDR=y
---
-2.39.1.windows.1
-
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch
similarity index 96%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch
index 28d1f03..94c1e04 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch
@@ -1,4 +1,4 @@
-From f4b4f5bccc1be9a709008cc8e6107302745796c8 Mon Sep 17 00:00:00 2001
+From 18ad0cce24addd45271edf3172ab9ce873186d7a Mon Sep 17 00:00:00 2001
From: Imre Kis <imre.kis@arm.com>
Date: Tue, 18 Apr 2023 16:41:51 +0200
Subject: [PATCH] core: spmc: handle non-secure interrupts
@@ -18,7 +18,6 @@
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I577ebe86d416ee494963216a66a3bfc8206921b4
-
---
core/arch/arm/include/ffa.h | 2 +-
.../arch/arm/include/kernel/spmc_sp_handler.h | 11 +++++++
@@ -30,7 +29,7 @@
7 files changed, 122 insertions(+), 2 deletions(-)
diff --git a/core/arch/arm/include/ffa.h b/core/arch/arm/include/ffa.h
-index 5a19fb0c..b3d1d354 100644
+index 5a19fb0c7ff3..b3d1d354735d 100644
--- a/core/arch/arm/include/ffa.h
+++ b/core/arch/arm/include/ffa.h
@@ -50,7 +50,7 @@
@@ -43,7 +42,7 @@
#define FFA_MSG_SEND_DIRECT_REQ_32 U(0x8400006F)
#define FFA_MSG_SEND_DIRECT_REQ_64 U(0xC400006F)
diff --git a/core/arch/arm/include/kernel/spmc_sp_handler.h b/core/arch/arm/include/kernel/spmc_sp_handler.h
-index f5bda7bf..30c1e469 100644
+index f5bda7bfe7d0..30c1e4691273 100644
--- a/core/arch/arm/include/kernel/spmc_sp_handler.h
+++ b/core/arch/arm/include/kernel/spmc_sp_handler.h
@@ -25,6 +25,8 @@ void spmc_sp_start_thread(struct thread_smc_args *args);
@@ -72,7 +71,7 @@
#endif /* __KERNEL_SPMC_SP_HANDLER_H */
diff --git a/core/arch/arm/kernel/secure_partition.c b/core/arch/arm/kernel/secure_partition.c
-index 1d36e90b..6e351e43 100644
+index d386f1e4d211..740be6d22e47 100644
--- a/core/arch/arm/kernel/secure_partition.c
+++ b/core/arch/arm/kernel/secure_partition.c
@@ -999,6 +999,8 @@ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s,
@@ -109,7 +108,7 @@
thread_user_clear_vfp(&ctx->uctx);
diff --git a/core/arch/arm/kernel/spmc_sp_handler.c b/core/arch/arm/kernel/spmc_sp_handler.c
-index 5d3326fc..f4c7ff81 100644
+index 46a15646ecf0..12681151a796 100644
--- a/core/arch/arm/kernel/spmc_sp_handler.c
+++ b/core/arch/arm/kernel/spmc_sp_handler.c
@@ -366,6 +366,32 @@ cleanup:
@@ -146,7 +145,7 @@
{
return rxtx && rxtx->rx && rxtx->tx && rxtx->size > 0;
diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
-index 1e7f9f96..8cd4dc96 100644
+index 1e7f9f96b558..8cd4dc961b02 100644
--- a/core/arch/arm/kernel/thread.c
+++ b/core/arch/arm/kernel/thread.c
@@ -531,6 +531,13 @@ int thread_state_suspend(uint32_t flags, uint32_t cpsr, vaddr_t pc)
@@ -164,7 +163,7 @@
if (IS_ENABLED(CFG_VIRTUALIZATION))
diff --git a/core/arch/arm/kernel/thread_spmc.c b/core/arch/arm/kernel/thread_spmc.c
-index 3b4ac0b4..bc4e7687 100644
+index 3b4ac0b4e35c..bc4e7687d618 100644
--- a/core/arch/arm/kernel/thread_spmc.c
+++ b/core/arch/arm/kernel/thread_spmc.c
@@ -45,7 +45,7 @@ struct mem_frag_state {
@@ -220,7 +219,7 @@
case FFA_INTERRUPT:
itr_core_handler();
diff --git a/core/arch/arm/kernel/thread_spmc_a64.S b/core/arch/arm/kernel/thread_spmc_a64.S
-index 21cb6251..7297005a 100644
+index 21cb62513a42..7297005a6038 100644
--- a/core/arch/arm/kernel/thread_spmc_a64.S
+++ b/core/arch/arm/kernel/thread_spmc_a64.S
@@ -14,6 +14,20 @@
@@ -274,6 +273,3 @@
mov x2, #FFA_PARAM_MBZ
mov w3, #FFA_PARAM_MBZ
mov w4, #OPTEE_FFA_YIELDING_CALL_RETURN_INTERRUPT
-
---
-2.17.1
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch
similarity index 96%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch
index 6b502d7..9f7d781 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch
@@ -1,8 +1,8 @@
-From cad33cffb5be17fc0654aaf03c4d5227ae682e7a Mon Sep 17 00:00:00 2001
+From e7835c526aabd8e5b6db335619a0d86165c587ed Mon Sep 17 00:00:00 2001
From: Imre Kis <imre.kis@arm.com>
Date: Tue, 25 Apr 2023 14:19:14 +0200
-Subject: [PATCH] core: spmc: configure SP's NS interrupt action based on
- the manifest
+Subject: [PATCH] core: spmc: configure SP's NS interrupt action based on the
+ manifest
Used mandatory ns-interrupts-action SP manifest property to configure
signaled or queued non-secure interrupt handling.
@@ -17,7 +17,7 @@
2 files changed, 63 insertions(+), 5 deletions(-)
diff --git a/core/arch/arm/include/kernel/secure_partition.h b/core/arch/arm/include/kernel/secure_partition.h
-index 290750936..3bf339d3c 100644
+index 24b0a8cc07d2..51f6b697e5eb 100644
--- a/core/arch/arm/include/kernel/secure_partition.h
+++ b/core/arch/arm/include/kernel/secure_partition.h
@@ -43,6 +43,8 @@ struct sp_session {
@@ -30,7 +30,7 @@
};
diff --git a/core/arch/arm/kernel/secure_partition.c b/core/arch/arm/kernel/secure_partition.c
-index 52365553b..e54069c17 100644
+index 740be6d22e47..b644e1c72e6a 100644
--- a/core/arch/arm/kernel/secure_partition.c
+++ b/core/arch/arm/kernel/secure_partition.c
@@ -46,6 +46,10 @@
@@ -146,5 +146,3 @@
/* Restore rpc_target_info */
thread_get_tsd()->rpc_target_info = rpc_target_info;
---
-2.17.1
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bb
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.18.0.bb
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bb
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.20.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.20.0.bb
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.20.0.bb
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.20.0.bb
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-ts-3.18.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-ts-3.18.inc
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-ts-3.18.inc
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-ts-3.18.inc
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bb
new file mode 100644
index 0000000..6e1e6ad
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bb
@@ -0,0 +1,15 @@
+require recipes-security/optee/optee-os.inc
+
+DEPENDS += "dtc-native"
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/${P}:"
+
+SRCREV = "1ee647035939e073a2e8dddb727c0f019cc035f1"
+SRC_URI += " \
+ file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \
+ file://0002-optee-enable-clang-support.patch \
+ file://0003-core-link-add-no-warn-rwx-segments.patch \
+ file://0004-core-Define-section-attributes-for-clang.patch \
+ file://0005-core-ldelf-link-add-z-execstack.patch \
+ file://0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch \
+ "
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bb
new file mode 100644
index 0000000..0f3e58d
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bb
@@ -0,0 +1,17 @@
+require recipes-security/optee/optee-os.inc
+
+DEPENDS += "dtc-native"
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/${P}:"
+
+SRCREV = "8e74d47616a20eaa23ca692f4bbbf917a236ed94"
+SRC_URI += " \
+ file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \
+ file://0002-optee-enable-clang-support.patch \
+ file://0003-core-link-add-no-warn-rwx-segments.patch \
+ file://0004-core-Define-section-attributes-for-clang.patch \
+ file://0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch \
+ file://0006-core-ffa-add-TOS_FW_CONFIG-handling.patch \
+ file://0007-core-spmc-handle-non-secure-interrupts.patch \
+ file://0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch \
+ "
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test/Update-arm_ffa_user-driver-dependency.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/Update-arm_ffa_user-driver-dependency.patch
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-test/Update-arm_ffa_user-driver-dependency.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/Update-arm_ffa_user-driver-dependency.patch
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test/ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-test/ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/musl-workaround.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/musl-workaround.patch
new file mode 100644
index 0000000..eed1bd4
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/musl-workaround.patch
@@ -0,0 +1,24 @@
+Hack to work around musl compile error:
+ In file included from optee-test/3.17.0-r0/recipe-sysroot/usr/include/sys/stat.h:23,
+ from optee-test/3.17.0-r0/git/host/xtest/regression_1000.c:25:
+ optee-test/3.17.0-r0/recipe-sysroot/usr/include/bits/stat.h:17:26: error: expected identifier or '(' before '[' token
+ 17 | unsigned __unused[2];
+ | ^
+
+stat.h is not needed, since it is not being used in this file. So removing it.
+
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Jon Mason <jon.mason@arm.com>
+
+diff --git a/host/xtest/regression_1000.c b/host/xtest/regression_1000.c
+index 4264884..7f1baca 100644
+--- a/host/xtest/regression_1000.c
++++ b/host/xtest/regression_1000.c
+@@ -22,7 +22,6 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+-#include <sys/stat.h>
+ #include <sys/types.h>
+ #include <ta_arm_bti.h>
+ #include <ta_concurrent.h>
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/run-ptest b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/run-ptest
new file mode 100755
index 0000000..ba88c14
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test/run-ptest
@@ -0,0 +1,52 @@
+#!/bin/sh
+xtest | awk '
+
+ # Escapes the special characters in a string so that, when
+ # included in a regex, it represents a literal match
+ function regx_escape_literal(str, ret) {
+ ret = str
+ gsub(/[\[\]\^\$\.\*\?\+\{\}\\\(\)\|]/ , "\\\\&", str)
+ return str
+ }
+
+ # Returns the simple test formatted name
+ function name(n, ret) {
+ ret = n
+ gsub(/\./, " ", ret)
+ return ret
+ }
+
+ # Returns the simple test formatted result
+ function result(res) {
+ if(res ~ /OK/) {
+ return "PASS"
+ } else if(res ~ /FAILED/) {
+ return "FAIL"
+ }
+ }
+
+ function parse(name, description, has_subtests, result_line) {
+ has_subtests = 0
+
+ # Consume every line up to the result line
+ result_line = " " regx_escape_literal(name) " (OK|FAILED)"
+ do {
+ getline
+
+ # If this is a subtest (denoted by an "o" bullet) then subparse
+ if($0 ~ /^o /) {
+ parse($2, description " : " substr($0, index($0, $3)))
+ has_subtests = 1
+ }
+ } while ($0 !~ result_line)
+
+ # Only print the results for the deepest nested subtests
+ if(!has_subtests) {
+ print result($2) ": " name(name) " - " description
+ }
+ }
+
+ # Start parsing at the beginning of every test (denoted by a "*" bullet)
+ /^\* / { parse($2, substr($0, index($0, $3))) }
+
+'
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bb
similarity index 81%
rename from meta-arm/meta-arm/recipes-security/optee/optee-test_3.18.0.bb
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bb
index 0570687..436733e 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.18.0.bb
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bb
@@ -1,6 +1,6 @@
-require optee-test.inc
+require recipes-security/optee/optee-test.inc
-SRC_URI:append = " \
+SRC_URI += " \
file://musl-workaround.patch \
"
SRCREV = "da5282a011b40621a2cf7a296c11a35c833ed91b"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.20.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.20.0.bb
new file mode 100644
index 0000000..03ea911
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.20.0.bb
@@ -0,0 +1,12 @@
+require recipes-security/optee/optee-test.inc
+
+SRC_URI += " \
+ file://Update-arm_ffa_user-driver-dependency.patch \
+ file://ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch \
+ file://musl-workaround.patch \
+ "
+SRCREV = "5db8ab4c733d5b2f4afac3e9aef0a26634c4b444"
+
+EXTRA_OEMAKE:append = " OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}"
+DEPENDS:append = " openssl"
+CFLAGS:append = " -Wno-error=deprecated-declarations"
diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_12.2.rel1.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_12.2.rel1.bb
index b3b09ba..db8851e 100644
--- a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_12.2.rel1.bb
+++ b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_12.2.rel1.bb
@@ -11,8 +11,6 @@
LIC_FILES_CHKSUM:aarch64 = "file://share/doc/gcc/Copying.html;md5=0aef214b835259b64f026f4ad00c703e"
LIC_FILES_CHKSUM:x86-64 = "file://share/doc/gcc/Copying.html;md5=7ba3bc8ef145b48e2756a844db2029a3"
-PROVIDES = "virtual/aarch64-none-elf-gcc"
-
SRC_URI = "https://developer.arm.com/-/media/Files/downloads/gnu/${PV}/binrel/arm-gnu-toolchain-${PV}-${HOST_ARCH}-${BINNAME}.tar.xz;name=gcc-${HOST_ARCH}"
SRC_URI[gcc-aarch64.sha256sum] = "570a9bd42e2067d79d59b0747891681ebec66f30d989d17a05856563fe38f78b"
SRC_URI[gcc-x86_64.sha256sum] = "62d66e0ad7bd7f2a183d236ee301a5c73c737c886c7944aa4f39415aab528daf"
diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_12.2.rel1.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_12.2.rel1.bb
index 948933b..48ddd16 100644
--- a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_12.2.rel1.bb
+++ b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_12.2.rel1.bb
@@ -11,8 +11,6 @@
LIC_FILES_CHKSUM:aarch64 = "file://share/doc/gcc/Copying.html;md5=0aef214b835259b64f026f4ad00c703e"
LIC_FILES_CHKSUM:x86-64 = "file://share/doc/gcc/Copying.html;md5=7ba3bc8ef145b48e2756a844db2029a3"
-PROVIDES = "virtual/arm-none-eabi-gcc"
-
SRC_URI = "https://developer.arm.com/-/media/Files/downloads/gnu/${PV}/binrel/arm-gnu-toolchain-${PV}-${HOST_ARCH}-${BINNAME}.tar.xz;name=gcc-${HOST_ARCH}"
SRC_URI[gcc-aarch64.sha256sum] = "7ee332f7558a984e239e768a13aed86c6c3ac85c90b91d27f4ed38d7ec6b3e8c"
SRC_URI[gcc-x86_64.sha256sum] = "84be93d0f9e96a15addd490b6e237f588c641c8afdf90e7610a628007fc96867"
diff --git a/meta-arm/meta-arm/classes/wic_nopt.bbclass b/meta-arm/meta-arm/classes/wic_nopt.bbclass
index 9c78fd7..529bf13 100644
--- a/meta-arm/meta-arm/classes/wic_nopt.bbclass
+++ b/meta-arm/meta-arm/classes/wic_nopt.bbclass
@@ -6,4 +6,4 @@
CONVERSIONTYPES += "nopt"
# 1024 bytes are skipped which corresponds to the size of the partition table header to remove
-CONVERSION_CMD:nopt = "tail -c +1025 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.nopt"
+CONVERSION_CMD:nopt = "tail -c +1025 ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.nopt"
diff --git a/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf b/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf
index db02dc6..f08b84f 100644
--- a/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf
+++ b/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf
@@ -21,6 +21,3 @@
IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}"
MACHINE_FEATURES += "optee-ftpm"
-
-PREFERRED_VERSION_optee-os ?= "3.18.%"
-
diff --git a/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py b/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py
index 3848407..80f72aa 100644
--- a/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py
+++ b/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py
@@ -1,3 +1,5 @@
+import contextlib
+import enum
import pathlib
import pexpect
import os
@@ -5,12 +7,20 @@
from oeqa.core.target.ssh import OESSHTarget
from fvp import runner
+class OEFVPTargetState(str, enum.Enum):
+ OFF = "off"
+ ON = "on"
+ LINUX = "linux"
-class OEFVPSSHTarget(OESSHTarget):
+
+class OEFVPTarget(OESSHTarget):
"""
- Base class for meta-arm FVP targets.
- Contains common logic to start and stop an FVP.
+ For compatibility with OE-core test cases, this target's start() method
+ waits for a Linux shell before returning to ensure that SSH commands work
+ with the default test dependencies.
"""
+ DEFAULT_CONSOLE = "default"
+
def __init__(self, logger, target_ip, server_ip, timeout=300, user='root',
port=None, dir_image=None, rootfs=None, bootlog=None, **kwargs):
super().__init__(logger, target_ip, server_ip, timeout, user, port)
@@ -19,26 +29,76 @@
basename = pathlib.Path(rootfs)
basename = basename.name.replace("".join(basename.suffixes), "")
self.fvpconf = image_dir / (basename + ".fvpconf")
- self.bootlog = bootlog
-
if not self.fvpconf.exists():
raise FileNotFoundError(f"Cannot find {self.fvpconf}")
- def _after_start(self):
- pass
+ self.bootlog = bootlog
+ self.terminals = {}
+ self.stack = None
+ self.state = OEFVPTargetState.OFF
+
+ def transition(self, state, timeout=10*60):
+ if state == self.state:
+ return
+
+ if state == OEFVPTargetState.OFF:
+ returncode = self.fvp.stop()
+ self.logger.debug(f"Stopped FVP with return code {returncode}")
+ self.stack.close()
+ elif state == OEFVPTargetState.ON:
+ self.transition(OEFVPTargetState.OFF, timeout)
+ self.stack = contextlib.ExitStack()
+ self.fvp = runner.FVPRunner(self.logger)
+ self.fvp_log = self._create_logfile("fvp", "wb")
+ self.fvp.start(self.fvpconf, stdout=self.fvp_log)
+ self.logger.debug(f"Started FVP PID {self.fvp.pid()}")
+ self._setup_consoles()
+ elif state == OEFVPTargetState.LINUX:
+ self.transition(OEFVPTargetState.ON, timeout)
+ try:
+ self.expect(OEFVPTarget.DEFAULT_CONSOLE, "login\\:", timeout=timeout)
+ self.logger.debug("Found login prompt")
+ self.state = OEFVPTargetState.LINUX
+ except pexpect.TIMEOUT:
+ self.logger.info("Timed out waiting for login prompt.")
+ self.logger.info("Boot log follows:")
+ self.logger.info(b"\n".join(self.before(OEFVPTarget.DEFAULT_CONSOLE).splitlines()[-200:]).decode("utf-8", errors="replace"))
+ raise RuntimeError("Failed to start FVP.")
+
+ self.logger.info(f"Transitioned to {state}")
+ self.state = state
def start(self, **kwargs):
- self.fvp_log = self._create_logfile("fvp")
- self.fvp = runner.FVPRunner(self.logger)
- self.fvp.start(self.fvpconf, stdout=self.fvp_log)
- self.logger.debug(f"Started FVP PID {self.fvp.pid()}")
- self._after_start()
+ # No-op - put the FVP in the required state lazily
+ pass
def stop(self, **kwargs):
- returncode = self.fvp.stop()
- self.logger.debug(f"Stopped FVP with return code {returncode}")
+ self.transition(OEFVPTargetState.OFF)
- def _create_logfile(self, name):
+ def run(self, cmd, timeout=None):
+ # Running a command implies the LINUX state
+ self.transition(OEFVPTargetState.LINUX)
+ return super().run(cmd, timeout)
+
+ def _setup_consoles(self):
+ with open(self.fvp_log.name, 'rb') as logfile:
+ parser = runner.ConsolePortParser(logfile)
+ config = self.fvp.getConfig()
+ for name, console in config["consoles"].items():
+ logfile = self._create_logfile(name)
+ self.logger.info(f'Creating terminal {name} on {console}')
+ port = parser.parse_port(console)
+ self.terminals[name] = \
+ self.fvp.create_pexpect(port, logfile=logfile)
+
+ # testimage.bbclass expects to see a log file at `bootlog`,
+ # so make a symlink to the 'default' log file
+ test_log_suffix = pathlib.Path(self.bootlog).suffix
+ default_test_file = f"{name}_log{test_log_suffix}"
+ if name == 'default' and not os.path.exists(self.bootlog):
+ os.symlink(default_test_file, self.bootlog)
+
+ def _create_logfile(self, name, mode='ab'):
if not self.bootlog:
return None
@@ -52,72 +112,7 @@
except:
pass
os.symlink(fvp_log_file, fvp_log_symlink)
- return open(fvp_log_path, 'wb')
-
-
-class OEFVPTarget(OEFVPSSHTarget):
- """
- For compatibility with OE-core test cases, this target's start() method
- waits for a Linux shell before returning to ensure that SSH commands work
- with the default test dependencies.
- """
- def __init__(self, logger, target_ip, server_ip, **kwargs):
- super().__init__(logger, target_ip, server_ip, **kwargs)
- self.logfile = self.bootlog and open(self.bootlog, "wb") or None
-
- # FVPs boot slowly, so allow ten minutes
- self.boot_timeout = 10 * 60
-
- def _after_start(self):
- with open(self.fvp_log.name, 'rb') as logfile:
- parser = runner.ConsolePortParser(logfile)
- config = self.fvp.getConfig()
- self.logger.debug(f"Awaiting console on terminal {config['consoles']['default']}")
- port = parser.parse_port(config['consoles']['default'])
- console = self.fvp.create_pexpect(port)
- try:
- console.expect("login\\:", timeout=self.boot_timeout)
- self.logger.debug("Found login prompt")
- except pexpect.TIMEOUT:
- self.logger.info("Timed out waiting for login prompt.")
- self.logger.info("Boot log follows:")
- self.logger.info(b"\n".join(console.before.splitlines()[-200:]).decode("utf-8", errors="replace"))
- raise RuntimeError("Failed to start FVP.")
-
-
-class OEFVPSerialTarget(OEFVPSSHTarget):
- """
- This target is intended for interaction with the target over one or more
- telnet consoles using pexpect.
-
- This still depends on OEFVPSSHTarget so SSH commands can still be run on
- the target, but note that this class does not inherently guarantee that
- the SSH server is running prior to running test cases. Test cases that use
- SSH should first validate that SSH is available, e.g. by depending on the
- "linuxboot" test case in meta-arm.
- """
- DEFAULT_CONSOLE = "default"
-
- def __init__(self, logger, target_ip, server_ip, **kwargs):
- super().__init__(logger, target_ip, server_ip, **kwargs)
- self.terminals = {}
-
- def _after_start(self):
- with open(self.fvp_log.name, 'rb') as logfile:
- parser = runner.ConsolePortParser(logfile)
- config = self.fvp.getConfig()
- for name, console in config["consoles"].items():
- logfile = self._create_logfile(name)
- self.logger.info(f'Creating terminal {name} on {console}')
- port = parser.parse_port(console)
- self.terminals[name] = \
- self.fvp.create_pexpect(port, logfile=logfile)
-
- # testimage.bbclass expects to see a log file at `bootlog`,
- # so make a symlink to the 'default' log file
- if name == 'default':
- default_test_file = f"{name}_log{self.test_log_suffix}"
- os.symlink(default_test_file, self.bootlog)
+ return self.stack.enter_context(open(fvp_log_path, mode))
def _get_terminal(self, name):
return self.terminals[name]
@@ -137,3 +132,7 @@
return attr
return call_pexpect
+
+ @property
+ def config(self):
+ return self.fvp.getConfig()
diff --git a/meta-arm/meta-arm/lib/oeqa/runtime/cases/fvp_boot.py b/meta-arm/meta-arm/lib/oeqa/runtime/cases/fvp_boot.py
new file mode 100644
index 0000000..dce5277
--- /dev/null
+++ b/meta-arm/meta-arm/lib/oeqa/runtime/cases/fvp_boot.py
@@ -0,0 +1,25 @@
+# SPDX-License-Identifier: MIT
+
+from oeqa.runtime.case import OERuntimeTestCase
+import pexpect
+
+
+class FVPBootTest(OERuntimeTestCase):
+ """
+ This test waits for a Linux login prompt on the default console. It is
+ dependent on the OEFVPTarget test controller
+ """
+
+ def test_fvp_boot(self):
+ self.target.transition("off")
+ timeout = int(self.td.get('TEST_FVP_LINUX_BOOT_TIMEOUT') or 10*60)
+ self.target.transition("linux", timeout)
+
+ # Check for common error patterns on all consoles
+ for console in self.target.config['consoles']:
+ # "expect" a timeout when searching for the error patterns
+ match = self.target.expect(console,
+ [br'(\[ERR\]|\[ERROR\]|ERROR\:)',
+ pexpect.TIMEOUT],
+ timeout=0)
+ self.assertEqual(match, 1)
diff --git a/meta-arm/meta-arm/lib/oeqa/runtime/cases/fvp_devices.py b/meta-arm/meta-arm/lib/oeqa/runtime/cases/fvp_devices.py
new file mode 100644
index 0000000..0246e76
--- /dev/null
+++ b/meta-arm/meta-arm/lib/oeqa/runtime/cases/fvp_devices.py
@@ -0,0 +1,130 @@
+from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.core.decorator.data import skipIfNotInDataVar
+from oeqa.core.decorator.depends import OETestDepends
+
+
+class FvpDevicesTest(OERuntimeTestCase):
+ def run_cmd(self, cmd, check=True):
+ """
+ A wrapper around self.target.run, which:
+ * Fails the test on command failure by default
+ * Allows the "run" behavior to be overridden in sub-classes
+ """
+ (status, output) = self.target.run(cmd)
+ if status and check:
+ self.fail("Command '%s' returned non-zero exit "
+ "status %d:\n%s" % (cmd, status, output))
+
+ return (status, output)
+
+ def check_devices(self, cls, min_count, search_drivers):
+ # Find all the devices of the specified class
+ cmd = f'find "/sys/class/{cls}" -type l -maxdepth 1'
+ _, output = self.run_cmd(cmd)
+
+ devices = output.split()
+ self.assertGreaterEqual(len(devices),
+ min_count,
+ msg='Device count is lower than expected')
+
+ # Assert that at least one of the devices uses at least one of the
+ # drivers
+ drivers = set()
+ for device in devices:
+ cmd = f'basename "$(readlink "{device}/device/driver")"'
+ _, output = self.run_cmd(cmd)
+ drivers.update(output.split())
+
+ self.assertTrue(drivers & set(search_drivers),
+ msg='No device uses either of the drivers: ' +
+ str(search_drivers))
+
+ def check_rng(self, hw_random, dev):
+ cmd = f'cat {hw_random} | grep {dev}'
+ self.run_cmd(cmd)
+
+ def set_cpu(self, cpu_num, flag):
+ # Issue echo command
+ self.run_cmd(
+ f'echo "{flag}" > "/sys/devices/system/cpu/cpu{cpu_num}/online"',
+ check = False,
+ )
+ _, output = self.run_cmd(
+ f'cat "/sys/devices/system/cpu/cpu{cpu_num}/online"'
+ )
+
+ return output == flag
+
+ def enable_cpu(self, cpu_num):
+ return self.set_cpu(cpu_num, "1")
+
+ def disable_cpu(self, cpu_num):
+ return self.set_cpu(cpu_num, "0")
+
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ @skipIfNotInDataVar('TEST_FVP_DEVICES', 'cpu_hotplug',
+ 'cpu_hotplug not included in BSP tests')
+ def test_cpu_hotplug(self):
+ _, cpus = self.run_cmd('find /sys/firmware/devicetree/base/cpus/'
+ ' -name "cpu@*" -maxdepth 1 | wc -l')
+
+ try:
+ count_cpus = int(cpus)
+ except ValueError:
+ self.fail(f"Expected number of CPUs, but found this:\n{cpus}")
+
+ self.num_cpus = int(self.td.get('TEST_CPU_HOTPLUG_NUM_CPUS',
+ count_cpus))
+ try:
+ # Test that all cores are online
+ _, cpus = self.run_cmd('grep -c "processor" /proc/cpuinfo')
+ self.assertEqual(int(cpus), self.num_cpus)
+ # Don't try to disable here the only cpu present in the system.
+ if self.num_cpus > 1:
+ # Test that we can stop each core individually
+ for i in range(self.num_cpus):
+ self.assertTrue(self.disable_cpu(i))
+ self.assertTrue(self.enable_cpu(i))
+
+ # Test that we cannot disable all cores
+ for i in range(self.num_cpus - 1):
+ self.assertTrue(self.disable_cpu(i))
+ # Disabling last core should trigger an error
+ self.assertFalse(self.disable_cpu(self.num_cpus - 1))
+ finally:
+ # Ensure all CPUs are re-enabled
+ for i in range(self.num_cpus):
+ self.enable_cpu(i)
+
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ @skipIfNotInDataVar('TEST_FVP_DEVICES', 'rtc',
+ 'rtc device not included in BSP tests')
+ def test_rtc(self):
+ self.check_devices("rtc", 1, ["rtc-pl031"])
+ self.run_cmd('hwclock')
+
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ @skipIfNotInDataVar('TEST_FVP_DEVICES', 'watchdog',
+ 'watchdog device not included in BSP tests')
+ def test_watchdog(self):
+ self.check_devices("watchdog", 1, ["sp805-wdt", "sbsa-gwdt"])
+
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ @skipIfNotInDataVar('TEST_FVP_DEVICES', 'networking',
+ 'networking device not included in BSP tests')
+ def test_networking(self):
+ self.check_devices("net", 2, ["virtio_net", "vif"])
+
+ # Check that outbound network connections work
+ self.run_cmd('wget -O /dev/null "https://www.arm.com"')
+
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ @skipIfNotInDataVar('TEST_FVP_DEVICES', 'virtiorng',
+ 'virtiorng device not included in BSP tests')
+ def test_virtiorng(self):
+ self.check_rng('/sys/devices/virtual/misc/hw_random/rng_available',
+ 'virtio_rng.0')
+ self.check_rng('/sys/devices/virtual/misc/hw_random/rng_current',
+ 'virtio_rng.0')
+
+ self.run_cmd('hexdump -n 32 /dev/hwrng')
diff --git a/meta-arm/meta-arm/lib/oeqa/runtime/cases/linuxboot.py b/meta-arm/meta-arm/lib/oeqa/runtime/cases/linuxboot.py
deleted file mode 100644
index 99a8e78..0000000
--- a/meta-arm/meta-arm/lib/oeqa/runtime/cases/linuxboot.py
+++ /dev/null
@@ -1,19 +0,0 @@
-# SPDX-License-Identifier: MIT
-
-from oeqa.runtime.case import OERuntimeTestCase
-
-
-class LinuxBootTest(OERuntimeTestCase):
- """
- This test case is only compatible with the OEFVPSerialTarget as it uses
- the pexpect interface. It waits for a Linux login prompt on the default
- console.
- """
-
- def setUp(self):
- self.console = self.target.DEFAULT_CONSOLE
- self.timeout = int(self.td.get('TEST_FVP_LINUX_BOOT_TIMEOUT') or 10*60)
-
- def test_linux_boot(self):
- self.logger.info(f"{self.console}: Waiting for login prompt")
- self.target.expect(self.console, r"login\:", self.timeout)
diff --git a/meta-arm/meta-arm/recipes-bsp/scp-firmware/files/optee-private-includes.patch b/meta-arm/meta-arm/recipes-bsp/scp-firmware/files/optee-private-includes.patch
new file mode 100644
index 0000000..c2d8602
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-bsp/scp-firmware/files/optee-private-includes.patch
@@ -0,0 +1,34 @@
+Change the optee module includes to be private instead of public, so they don't get used
+in every build, which can result in compile failures as /core/include/ doesn't exit.
+
+For some reason this behaviour isn't deterministic, a ticket has been filed with upstream.
+
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+diff --git a/module/optee/console/CMakeLists.txt b/module/optee/console/CMakeLists.txt
+index aebb7cc79..942aa98c8 100644
+--- a/module/optee/console/CMakeLists.txt
++++ b/module/optee/console/CMakeLists.txt
+@@ -14,7 +14,7 @@ target_include_directories(${SCP_MODULE_TARGET}
+ # Those includes are needed for mutex definitnion that is used in optee_smt
+ # notification
+ target_include_directories(${SCP_MODULE_TARGET}
+- PUBLIC "${SCP_OPTEE_DIR}/core/arch/arm/include/"
++ PRIVATE "${SCP_OPTEE_DIR}/core/arch/arm/include/"
+ "${SCP_OPTEE_DIR}/core/include/"
+ "${SCP_OPTEE_DIR}/lib/libutils/ext/include/"
+ "${SCP_OPTEE_DIR}/lib/libutee/include/")
+diff --git a/module/optee/mbx/CMakeLists.txt b/module/optee/mbx/CMakeLists.txt
+index 305fa42b7..783a7970c 100644
+--- a/module/optee/mbx/CMakeLists.txt
++++ b/module/optee/mbx/CMakeLists.txt
+@@ -15,7 +15,7 @@ target_include_directories(${SCP_MODULE_TARGET}
+ # Those includes are needed for mutex defifitnion that is used in optee_smt
+ # notification
+ target_include_directories(${SCP_MODULE_TARGET}
+- PUBLIC "${SCP_OPTEE_DIR}/core/include/"
++ PRIVATE "${SCP_OPTEE_DIR}/core/include/"
+ "${SCP_OPTEE_DIR}/lib/libutils/ext/include/"
+ "${SCP_OPTEE_DIR}/lib/libutee/include/")
+
diff --git a/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.12.0.bb b/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.12.0.bb
index 2be5b30..58482cd 100644
--- a/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.12.0.bb
+++ b/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.12.0.bb
@@ -7,16 +7,16 @@
file://contrib/cmsis/git/LICENSE.txt;md5=e3fc50a88d0a364313df4b21ef20c29e"
SRC_URI_SCP_FIRMWARE ?= "gitsm://github.com/ARM-software/SCP-firmware.git;protocol=https"
-SRC_URI = "${SRC_URI_SCP_FIRMWARE};branch=${SRCBRANCH}"
-SRCBRANCH = "master"
+SRC_URI = "${SRC_URI_SCP_FIRMWARE};branch=${SRCBRANCH} \
+ file://optee-private-includes.patch"
+SRCBRANCH = "master"
SRCREV = "0c7236b1851d90124210a0414fd982dc55322c7c"
PROVIDES += "virtual/control-processor-firmware"
CMAKE_BUILD_TYPE ?= "RelWithDebInfo"
-SCP_PLATFORM ?= "invalid"
-SCP_COMPILER ?= "arm-none-eabi"
+SCP_PLATFORM ?= "${MACHINE}"
SCP_LOG_LEVEL ?= "WARN"
SCP_PLATFORM_FEATURE_SET ?= "0"
@@ -53,12 +53,14 @@
-D SCP_LOG_LEVEL=${SCP_LOG_LEVEL} \
-D SCP_PLATFORM_FEATURE_SET=${SCP_PLATFORM_FEATURE_SET} \
-D DISABLE_CPPCHECK=1 \
+ -D SCP_TOOLCHAIN=GNU \
"
do_configure() {
for FW in ${FW_TARGETS}; do
for TYPE in ${FW_INSTALL}; do
- cmake -GNinja ${EXTRA_OECMAKE} -S ${S} -B "${B}/${TYPE}/${FW}" -D SCP_FIRMWARE_SOURCE_DIR="${SCP_PLATFORM}/${FW}_${TYPE}"
+ bbnote Configuring ${SCP_PLATFORM}/${FW}_${TYPE}...
+ cmake -GNinja ${EXTRA_OECMAKE} -S ${S} -B "${B}/${TYPE}/${FW}" -D SCP_FIRMWARE_SOURCE_DIR:PATH="${SCP_PLATFORM}/${FW}_${TYPE}"
done
done
}
@@ -68,6 +70,7 @@
do_compile() {
for FW in ${FW_TARGETS}; do
for TYPE in ${FW_INSTALL}; do
+ bbnote Building ${SCP_PLATFORM}/${FW}_${TYPE}...
VERBOSE=1 cmake --build ${B}/${TYPE}/${FW} --target all
done
done
diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc
index ea3ef67..a20959b 100644
--- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc
+++ b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc
@@ -1,12 +1,20 @@
HOMEPAGE = "https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms"
-# FVP has an End User License Agreement. Add Arm-FVP-EULA to your
-# LICENSE_FLAGS_ACCEPTED if you agree to these terms.
LICENSE_FLAGS = "Arm-FVP-EULA"
-LICENSE_FLAGS_DETAILS[Arm-FVP-EULA] = "https://developer.arm.com/downloads/-/arm-ecosystem-fvps/eula"
-
LICENSE = "Proprietary & Apache-2.0 & Python-2.0 & GPL-3.0-with-GCC-exception & Zlib & NCSA & LGPL-2.0-or-later & MIT & BSD-3-Clause"
+# FVP has an End User License Agreement. Add Arm-FVP-EULA to
+# LICENSE_FLAGS_ACCEPTED if the EULA has been accepted, so it can
+# be later checked if the user accepted the EULA or not and if
+# not display a message to the user requesting them to do so.
+LICENSE_FLAGS_ACCEPTED:append = " ${@oe.utils.vartrue('ARM_FVP_EULA_ACCEPT', 'Arm-FVP-EULA', '', d)}"
+
+LICENSE_FLAGS_DETAILS[Arm-FVP-EULA] = " \
+Accept the END USER LICENSE AGREEMENT FOR ARM SOFTWARE DEVELOPMENT TOOLS. \
+Please refer to 'https://developer.arm.com/downloads/-/arm-ecosystem-fvps/eula'\
+${@bb.utils.contains('BB_ENV_PASSTHROUGH_ADDITIONS', 'ARM_FVP_EULA_ACCEPT', ' and export ARM_FVP_EULA_ACCEPT to 1', '', d)}.\
+"
+
COMPATIBLE_HOST = "x86_64.*-linux"
# The architecture-specific download filename suffix
diff --git a/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb b/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb
index 3713787..4b021bb 100644
--- a/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb
+++ b/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb
@@ -16,7 +16,7 @@
# ../git/src/gn/desc_builder.cc: In member function 'base::Value {anonymous}::BaseDescBuilder::ToBaseValue(const Scope*)':
# ../git/src/gn/desc_builder.cc:179:21: error: redundant move in return statement [-Werror=redundant-move]
# 179 | return std::move(res);
-CFLAGS:append = " -Wno-redundant-move"
+CXXFLAGS += "-Wno-error=redundant-move"
# Map from our _OS strings to the GN's platform values.
def gn_platform(variable, d):
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend
index 3f2c83f..0a42ce4 100644
--- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend
+++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend
@@ -1,12 +1,5 @@
ARMFILESPATHS := "${THISDIR}/files:"
-FILESEXTRAPATHS:prepend:aarch64 = "${ARMFILESPATHS}"
-SRC_URI:append:aarch64 = " \
- file://0001-Revert-arm64-defconfig-Enable-Tegra-MGBE-driver.patch \
- file://0002-Revert-arm64-defconfig-Add-Nuvoton-NPCM-family-suppo.patch \
- file://0001-gcc-plugins-Reorganize-gimple-includes-for-GCC-13.patch \
- "
-
COMPATIBLE_MACHINE:generic-arm64 = "generic-arm64"
FILESEXTRAPATHS:prepend:generic-arm64 = "${ARMFILESPATHS}"
SRC_URI:append:generic-arm64 = " \
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto-rt_6.1%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto-rt_6.1%.bbappend
new file mode 100644
index 0000000..d0a0ff0
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto-rt_6.1%.bbappend
@@ -0,0 +1,7 @@
+
+FILESEXTRAPATHS:prepend:aarch64 = "${ARMFILESPATHS}"
+SRC_URI:append:aarch64 = " \
+ file://0001-Revert-arm64-defconfig-Enable-Tegra-MGBE-driver.patch \
+ file://0002-Revert-arm64-defconfig-Add-Nuvoton-NPCM-family-suppo.patch \
+ file://0001-gcc-plugins-Reorganize-gimple-includes-for-GCC-13.patch \
+ "
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_6.1%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_6.1%.bbappend
new file mode 100644
index 0000000..d0a0ff0
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_6.1%.bbappend
@@ -0,0 +1,7 @@
+
+FILESEXTRAPATHS:prepend:aarch64 = "${ARMFILESPATHS}"
+SRC_URI:append:aarch64 = " \
+ file://0001-Revert-arm64-defconfig-Enable-Tegra-MGBE-driver.patch \
+ file://0002-Revert-arm64-defconfig-Add-Nuvoton-NPCM-family-suppo.patch \
+ file://0001-gcc-plugins-Reorganize-gimple-includes-for-GCC-13.patch \
+ "
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.18.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-client_3.18.0.bb
deleted file mode 100644
index 0c831db..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.18.0.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require optee-client.inc
-
-SRCREV = "e7cba71cc6e2ecd02f412c7e9ee104f0a5dffc6f"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.20.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-client_3.22.0.bb
similarity index 67%
copy from meta-arm/meta-arm/recipes-security/optee/optee-client_3.20.0.bb
copy to meta-arm/meta-arm/recipes-security/optee/optee-client_3.22.0.bb
index 1e69136..d0c75d0 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.20.0.bb
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-client_3.22.0.bb
@@ -1,6 +1,6 @@
require optee-client.inc
-SRCREV = "dd2d39b49975d2ada7870fe2b7f5a84d0d3860dc"
+SRCREV = "8533e0e6329840ee96cf81b6453f257204227e6c"
inherit pkgconfig
DEPENDS += "util-linux"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.18.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.18.0.bb
deleted file mode 100644
index 8118fee..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.18.0.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require optee-examples.inc
-
-SRCREV = "f301ee9df2129c0db683e726c91dc2cefe4cdb65"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.20.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.20.0.bb
deleted file mode 100644
index e424d70..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.20.0.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require optee-examples.inc
-
-SRCREV = "a98d01e1b9168eaed96bcd0bac0df67c44a81081"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.22.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.22.0.bb
new file mode 100644
index 0000000..8322c51
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.22.0.bb
@@ -0,0 +1,3 @@
+require optee-examples.inc
+
+SRCREV = "378dc0db2d5dd279f58a3b6cb3f78ffd6b165035"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
deleted file mode 100644
index ab4a6db..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 528aeb42652a3159c1bfd51d6c1442c3ff27b84c Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@arm.com>
-Date: Tue, 26 May 2020 14:38:02 -0500
-Subject: [PATCH] allow setting sysroot for libgcc lookup
-
-Explicitly pass the new variable LIBGCC_LOCATE_CFLAGS variable when searching
-for the compiler libraries as there's no easy way to reliably pass --sysroot
-otherwise.
-
-Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
----
- mk/gcc.mk | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/mk/gcc.mk b/mk/gcc.mk
-index adc77a24..81bfa78a 100644
---- a/mk/gcc.mk
-+++ b/mk/gcc.mk
-@@ -13,11 +13,11 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \
- -print-file-name=include 2> /dev/null)
-
- # Get location of libgcc from gcc
--libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
-+libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
- -print-libgcc-file-name 2> /dev/null)
--libstdc++$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
-+libstdc++$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
- -print-file-name=libstdc++.a 2> /dev/null)
--libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
-+libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
- -print-file-name=libgcc_eh.a 2> /dev/null)
-
- # Define these to something to discover accidental use
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
similarity index 93%
copy from meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
copy to meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
index ab4a6db..392e8d8 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
@@ -1,4 +1,4 @@
-From 528aeb42652a3159c1bfd51d6c1442c3ff27b84c Mon Sep 17 00:00:00 2001
+From 02ea8e616ac615efe3507d627dfba9820d3357f6 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Tue, 26 May 2020 14:38:02 -0500
Subject: [PATCH] allow setting sysroot for libgcc lookup
@@ -9,13 +9,12 @@
Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188]
Signed-off-by: Ross Burton <ross.burton@arm.com>
-
---
mk/gcc.mk | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/mk/gcc.mk b/mk/gcc.mk
-index adc77a24..81bfa78a 100644
+index adc77a24f25e..81bfa78ad8d7 100644
--- a/mk/gcc.mk
+++ b/mk/gcc.mk
@@ -13,11 +13,11 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0004-core-Define-section-attributes-for-clang.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0002-core-Define-section-attributes-for-clang.patch
similarity index 95%
copy from meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0004-core-Define-section-attributes-for-clang.patch
copy to meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0002-core-Define-section-attributes-for-clang.patch
index f94d19f..15bdf07 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0004-core-Define-section-attributes-for-clang.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0002-core-Define-section-attributes-for-clang.patch
@@ -1,4 +1,4 @@
-From e74d8a02edd8c431c87786e22dbceee8e1e85bb8 Mon Sep 17 00:00:00 2001
+From 6f588813a170a671ebf1d6b51cebc7bc761295dc Mon Sep 17 00:00:00 2001
From: Emekcan Aras <emekcan.aras@arm.com>
Date: Wed, 21 Dec 2022 10:55:58 +0000
Subject: [PATCH] core: Define section attributes for clang
@@ -30,7 +30,6 @@
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
---
core/arch/arm/kernel/thread.c | 19 +++++++++++++++--
core/arch/arm/mm/core_mmu_lpae.c | 35 +++++++++++++++++++++++++++----
@@ -40,7 +39,7 @@
5 files changed, 104 insertions(+), 11 deletions(-)
diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
-index 1cf76a0c..1e7f9f96 100644
+index 4487ef026df9..f3624389611b 100644
--- a/core/arch/arm/kernel/thread.c
+++ b/core/arch/arm/kernel/thread.c
@@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss;
@@ -59,7 +58,7 @@
SMALL_PAGE_SIZE)]
__aligned(SMALL_PAGE_SIZE)
+#ifndef __clang__
- #ifndef CFG_VIRTUALIZATION
+ #ifndef CFG_NS_VIRTUALIZATION
- __section(".nozi.kdata_page");
+ __section(".nozi.kdata_page")
#else
@@ -77,7 +76,7 @@
#ifdef ARM32
diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c
-index 3f08eec6..e6dc9261 100644
+index 7e79f780ad28..ec4db9dc98c5 100644
--- a/core/arch/arm/mm/core_mmu_lpae.c
+++ b/core/arch/arm/mm/core_mmu_lpae.c
@@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t;
@@ -132,7 +131,7 @@
* TAs page table entry inside a level 1 page table.
*
diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c
-index cd85bd22..3e18f54f 100644
+index 61e703da89c8..1960c08ca688 100644
--- a/core/arch/arm/mm/core_mmu_v7.c
+++ b/core/arch/arm/mm/core_mmu_v7.c
@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_ENTRIES];
@@ -186,7 +185,7 @@
struct mmu_partition {
l1_xlat_tbl_t *l1_table;
diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c
-index 79553c6d..b9efdf42 100644
+index 79553c6d2183..b9efdf42780b 100644
--- a/core/arch/arm/mm/pgt_cache.c
+++ b/core/arch/arm/mm/pgt_cache.c
@@ -410,8 +410,18 @@ void pgt_init(void)
@@ -210,10 +209,10 @@
for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) {
diff --git a/core/kernel/thread.c b/core/kernel/thread.c
-index d1f2f382..8de124ae 100644
+index 2a1f22dce635..5516b677141a 100644
--- a/core/kernel/thread.c
+++ b/core/kernel/thread.c
-@@ -38,13 +38,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss;
+@@ -39,13 +39,24 @@ static uint32_t end_canary_value = 0xababab00;
name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1]
#endif
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0002-optee-enable-clang-support.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0003-optee-enable-clang-support.patch
similarity index 91%
copy from meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0002-optee-enable-clang-support.patch
copy to meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0003-optee-enable-clang-support.patch
index af0ec94..b4ea8ed 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0002-optee-enable-clang-support.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0003-optee-enable-clang-support.patch
@@ -1,4 +1,4 @@
-From 8846ab2b37781364088cc5c02b6bc6f518a66a0a Mon Sep 17 00:00:00 2001
+From 9c55b7a4e39617c2abbf4e0e39fd8041c7b2b9b6 Mon Sep 17 00:00:00 2001
From: Brett Warren <brett.warren@arm.com>
Date: Wed, 23 Sep 2020 09:27:34 +0100
Subject: [PATCH] optee: enable clang support
@@ -10,13 +10,12 @@
Upstream-Status: Pending
ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701
Signed-off-by: Brett Warren <brett.warren@arm.com>
-
---
mk/clang.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mk/clang.mk b/mk/clang.mk
-index a045beee..1ebe2f70 100644
+index a045beee8482..1ebe2f702dcd 100644
--- a/mk/clang.mk
+++ b/mk/clang.mk
@@ -30,7 +30,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0003-core-link-add-no-warn-rwx-segments.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0004-core-link-add-no-warn-rwx-segments.patch
similarity index 96%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0003-core-link-add-no-warn-rwx-segments.patch
rename to meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0004-core-link-add-no-warn-rwx-segments.patch
index 5740461..d418d46 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0003-core-link-add-no-warn-rwx-segments.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0004-core-link-add-no-warn-rwx-segments.patch
@@ -1,4 +1,4 @@
-From 188a39b139e0e2ccceb22bcf63559b451f0483e0 Mon Sep 17 00:00:00 2001
+From 3e191f732b3eba699b91ffd7ffa2ae0787f08947 Mon Sep 17 00:00:00 2001
From: Jerome Forissier <jerome.forissier@linaro.org>
Date: Fri, 5 Aug 2022 09:48:03 +0200
Subject: [PATCH] core: link: add --no-warn-rwx-segments
@@ -18,13 +18,12 @@
Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
-
---
core/arch/arm/kernel/link.mk | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
-index 0e96e606..3fbcb680 100644
+index 49e9f4fa18a5..9e1cc172fb8a 100644
--- a/core/arch/arm/kernel/link.mk
+++ b/core/arch/arm/kernel/link.mk
@@ -37,6 +37,7 @@ link-ldflags += --sort-section=alignment
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.22.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.22.0.bb
new file mode 100644
index 0000000..3d95816
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.22.0.bb
@@ -0,0 +1,24 @@
+require optee-os_3.22.0.bb
+
+SUMMARY = "OP-TEE Trusted OS TA devkit"
+DESCRIPTION = "OP-TEE TA devkit for build TAs"
+HOMEPAGE = "https://www.op-tee.org/"
+
+DEPENDS += "python3-pycryptodome-native"
+
+do_install() {
+ #install TA devkit
+ install -d ${D}${includedir}/optee/export-user_ta/
+ for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do
+ cp -aR $f ${D}${includedir}/optee/export-user_ta/
+ done
+}
+
+do_deploy() {
+ echo "Do not inherit do_deploy from optee-os."
+}
+
+FILES:${PN} = "${includedir}/optee/"
+
+# Build paths are currently embedded
+INSANE_SKIP:${PN}-dev += "buildpaths"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/meta-arm/recipes-security/optee/optee-os.inc
index bb6974b..8e25d36 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os.inc
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os.inc
@@ -16,12 +16,6 @@
SRC_URI = "git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https"
-SRC_URI:append = " \
- file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \
- file://0002-optee-enable-clang-support.patch \
- file://0003-core-link-add-no-warn-rwx-segments.patch \
- "
-
S = "${WORKDIR}/git"
B = "${WORKDIR}/build"
@@ -56,6 +50,10 @@
#install core in firmware
install -d ${D}${nonarch_base_libdir}/firmware/
install -m 644 ${B}/core/*.bin ${B}/core/tee.elf ${D}${nonarch_base_libdir}/firmware/
+
+ #install tas in optee_armtz
+ install -d ${D}${nonarch_base_libdir}/optee_armtz/
+ install -m 444 ${B}/ta/*/*.ta ${D}${nonarch_base_libdir}/optee_armtz
}
PACKAGE_ARCH = "${MACHINE_ARCH}"
@@ -63,13 +61,19 @@
do_deploy() {
install -d ${DEPLOYDIR}/${MLPREFIX}optee
install -m 644 ${D}${nonarch_base_libdir}/firmware/* ${DEPLOYDIR}/${MLPREFIX}optee
+
+ install -d ${DEPLOYDIR}/${MLPREFIX}optee/ta
+ install -m 644 ${B}/ta/*/*.elf ${DEPLOYDIR}/${MLPREFIX}optee/ta
}
addtask deploy before do_build after do_install
SYSROOT_DIRS += "${nonarch_base_libdir}/firmware"
+PACKAGES += "${PN}-ta"
FILES:${PN} = "${nonarch_base_libdir}/firmware/"
+FILES:${PN}-ta = "${nonarch_base_libdir}/optee_armtz/*"
+
# note: "textrel" is not triggered on all archs
INSANE_SKIP:${PN} = "textrel"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.1%.bbappend b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.1%.bbappend
deleted file mode 100644
index 2ff1b83..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.1%.bbappend
+++ /dev/null
@@ -1,5 +0,0 @@
-# Include Trusted Services Secure Partitions
-require optee-os-ts-3.18.inc
-
-# Conditionally include platform specific Trusted Services related OPTEE build parameters
-EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_CORE_HEAP_SIZE=131072 CFG_TEE_BENCHMARK=n CFG_TEE_CORE_LOG_LEVEL=4 CFG_CORE_SEL1_SPMC=y ', d)}"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb
deleted file mode 100644
index 41b65c2..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb
+++ /dev/null
@@ -1,12 +0,0 @@
-require optee-os.inc
-
-DEPENDS += "dtc-native"
-
-FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os-3.18.0:"
-
-SRCREV = "1ee647035939e073a2e8dddb727c0f019cc035f1"
-SRC_URI:append = " \
- file://0004-core-Define-section-attributes-for-clang.patch \
- file://0005-core-ldelf-link-add-z-execstack.patch \
- file://0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch \
- "
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb
deleted file mode 100644
index 2fdfbb5..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb
+++ /dev/null
@@ -1,14 +0,0 @@
-require optee-os.inc
-
-DEPENDS += "dtc-native"
-
-FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os-3.20.0:"
-
-SRCREV = "8e74d47616a20eaa23ca692f4bbbf917a236ed94"
-SRC_URI:append = " \
- file://0004-core-Define-section-attributes-for-clang.patch \
- file://0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch \
- file://0006-core-ffa-add-TOS_FW_CONFIG-handling.patch \
- file://0007-core-spmc-handle-non-secure-interrupts.patch \
- file://0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch \
- "
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.22.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.22.0.bb
new file mode 100644
index 0000000..eba2c03
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.22.0.bb
@@ -0,0 +1,13 @@
+require optee-os.inc
+
+DEPENDS += "dtc-native"
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/${P}:"
+
+SRCREV = "001ace6655dd6bb9cbe31aa31b4ba69746e1a1d9"
+SRC_URI += " \
+ file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \
+ file://0002-core-Define-section-attributes-for-clang.patch \
+ file://0003-optee-enable-clang-support.patch \
+ file://0004-core-link-add-no-warn-rwx-segments.patch \
+ "
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test.inc b/meta-arm/meta-arm/recipes-security/optee/optee-test.inc
index 64b41a8..90b72b9 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-test.inc
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-test.inc
@@ -6,6 +6,7 @@
LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa"
inherit python3native ptest
+inherit deploy
require optee.inc
DEPENDS = "optee-client optee-os-tadevkit python3-cryptography-native"
@@ -43,6 +44,13 @@
install -D -p -m0444 ${B}/supp_plugin/*.plugin ${D}${libdir}/tee-supplicant/plugins/
}
+do_deploy () {
+ install -d ${DEPLOYDIR}/${MLPREFIX}optee/ta
+ install -m 644 ${B}/ta/*/*.elf ${DEPLOYDIR}/${MLPREFIX}optee/ta
+}
+
+addtask deploy before do_build after do_install
+
FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/ \
${libdir}/tee-supplicant/plugins/ \
"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.20.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-test_3.20.0.bb
deleted file mode 100644
index 50f5afe..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.20.0.bb
+++ /dev/null
@@ -1,12 +0,0 @@
-require optee-test.inc
-
-SRC_URI:append = " \
- file://Update-arm_ffa_user-driver-dependency.patch \
- file://ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch \
- file://musl-workaround.patch \
- "
-SRCREV = "5db8ab4c733d5b2f4afac3e9aef0a26634c4b444"
-
-EXTRA_OEMAKE:append:libc-musl = " OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}"
-DEPENDS:append:libc-musl = " openssl"
-CFLAGS:append:libc-musl = " -Wno-error=deprecated-declarations"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.22.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-test_3.22.0.bb
new file mode 100644
index 0000000..3b9632f
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-test_3.22.0.bb
@@ -0,0 +1,10 @@
+require optee-test.inc
+
+SRC_URI += " \
+ file://musl-workaround.patch \
+ "
+SRCREV = "a286b57f1721af215ace318d5807e63f40186df6"
+
+EXTRA_OEMAKE:append = " OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}"
+DEPENDS:append = " openssl"
+CFLAGS:append = " -Wno-error=deprecated-declarations"
diff --git a/meta-arm/scripts/runfvp b/meta-arm/scripts/runfvp
index c2e536c..0ca3a1b 100755
--- a/meta-arm/scripts/runfvp
+++ b/meta-arm/scripts/runfvp
@@ -14,7 +14,7 @@
libdir = pathlib.Path(__file__).parents[1] / "meta-arm" / "lib"
sys.path.insert(0, str(libdir))
-from fvp import terminal, runner
+from fvp import conffile, terminal, runner
def parse_args(arguments):
import argparse
diff --git a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_6.1.bb b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_6.1.bb
index f7bfa7e..d326ca2 100644
--- a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_6.1.bb
+++ b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_6.1.bb
@@ -1,9 +1,9 @@
-LINUX_VERSION ?= "6.1.34"
+LINUX_VERSION ?= "6.1.38"
LINUX_RPI_BRANCH ?= "rpi-6.1.y"
LINUX_RPI_KMETA_BRANCH ?= "yocto-6.1"
-SRCREV_machine = "d4c3133378b377ee519ea50247339cd61221fc47"
-SRCREV_meta = "ebdf12f7412436a72a81f748083979968097b9e6"
+SRCREV_machine = "31dbf25138831241f31f7eee835b83a607eaa179"
+SRCREV_meta = "2eaed50911009f9ddbc74460093e17b22ef7daa0"
KMETA = "kernel-meta"
