subtree updates: raspberrypi security arm
meta-arm: eb9c47a4e1..9b6c8c95e4:
Abdellatif El Khlifi (1):
CI: append classes to INHERIT in the common fvp.yml
Adam Johnston (1):
arm-bsp/linux-yocto: Update N1SDP PCI quirk patch
Jon Mason (10):
CI: add yml files for defaults
CI: add support for dev kernel, rt kernel, and poky-tiny
arm-bsp/fvp-base: update to u-boot 2023.01
arm-bsp/fvp-base-arm32: remove support
ci: add external-toolchain to qemuarm-secureboot
arm-bsp/optee: remove unused recipes
arm/optee: optee-os include cleanup
arm/optee-os: update to 3.20.0
arm/edk2: update version and relocate edk2-basetools to be with edk2
arm-bsp/fvp-base: Add edk2 build testing
Ross Burton (7):
arm-bsp/linux-arm64-ack: update Upstream-Status tags
CI: add CI_CLEAN_REPOS variable to allow cleaning the repo reference cache
arm/scp-firmware: fix up whitespace
arm/scp-firmware: enable verbose builds
arm/scp-firmware: remove textrel from INSANE_SKIP
arm/scp-firmware: improve debug packaging
CI: mask poky's llvm if we're using clang
Rui Miguel Silva (1):
arm-bsp/optee: bump corstone1000 to v3.20
Satish Kumar (1):
arm-bsp/corstone1000: new gpt based disk layout and fwu metadata
Xueliang Zhong (1):
arm-bsp/n1sdp: update to linux yocto kernel 6.1
meta-security: c06b9a18a6..a397a38ed9:
Armin Kuster (16):
openscap: update to 1.3.6
openscap: update to 1.3.7
openscap git: add DEFAULT_PREFERENCE
python3-fail2ban: update to 1.0.2
python3-privacyidea: update to 3.8.1
libhtp: update to 0.5.42
lkrg-modules: update to 0.9.6
chkrootkit: update to 0.57
fscrypt: update to 1.1.0
libmspack: update to 1.11
firejail: update 0.9.72
suricata: update to 6.0.10
apparmor: update to 3.1.3
krill: update 0.12.3
cryptmout: update to 6.2.0
packagegroup-core-security: refactor the inclusion of krill
Eero Aaltonen (1):
dm-verity-img.bbclass: fix syntax warning
Jose Quaresma (3):
meta-hardening/layer: lower the priority from 10 to 6
meta-security-compliance/layer: lower the priority from 10 to 6
meta-tpm/layer: lower the priority from 10 to 6
Kevin Hao (1):
dm-verity-img.bbclass: Fix the hash offset alignment issue
Mikko Rapeli (1):
ima-evm-utils: disable documentation from build
Paul Gortmaker (3):
dm-verity: update beaglebone wic to match meta-yocto
dm-verity: add basic non-arch/non-BSP yocto specific settings
dm-verity: document board specifics for Beaglebone Black
Peter Marko (1):
tpm2-tss: correct CVE product
meta-raspberrypi: e15b876155..3afdbbf782:
Carlos Alberto Lopez Perez (1):
mesa-demos: enable build with userland graphics drivers.
Khem Raj (6):
linux-raspberrypi: Add recipes for 6.1 kernel
psplash: Make psplash wait for the framebuffer to be ready
rpi-default-versions: Use 6.1 kernel as default
gstreamer1.0-plugins-bad: Drop gpl packageconfig
rpidistro-ffmpeg: Pin to use gcc always
rpidistro-vlc: Fix build with clang16
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ie6e60085306d31972098b87738eb550e5140b92a
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml
index 75d3609..28d0cc1 100644
--- a/meta-arm/.gitlab-ci.yml
+++ b/meta-arm/.gitlab-ci.yml
@@ -58,7 +58,8 @@
- $CI_PROJECT_DIR/work/build/tmp/work*/**/testimage/*
#
-# Prep stage, update repositories once
+# Prep stage, update repositories once.
+# Set the CI variable CI_CLEAN_REPOS=1 to refetch the respositories from scratch
#
update-repos:
extends: .setup
@@ -70,9 +71,12 @@
# Build stage, the actual build jobs
#
# Available options for building are
+# DISTRO: [poky, poky-tiny]
+# KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
# TOOLCHAINS: [gcc, clang, armgcc, external-gccarm]
# TCLIBC: [glibc, musl]
-# FIRMWARE: [uboot, edk2]
+# FIRMWARE: [u-boot, edk2]
+# TS: [none, trusted-services]
# VIRT: [none, xen]
# TESTING: testimage
@@ -88,7 +92,7 @@
extends: .build
parallel:
matrix:
- - TESTING: [testimage,tftf]
+ - TESTING: [testimage, tftf]
tags:
- x86_64
@@ -100,13 +104,7 @@
parallel:
matrix:
- TESTING: testimage
-
-fvp-base-arm32:
- extends: .build
- parallel:
- matrix:
- - TOOLCHAINS: [gcc, external-gccarm]
- TESTING: testimage
+ - FIRMWARE: edk2
fvp-baser-aemv8r64:
extends: .build
@@ -127,7 +125,7 @@
parallel:
matrix:
- TOOLCHAINS: [gcc, clang]
- FIRMWARE: [uboot, edk2]
+ FIRMWARE: [u-boot, edk2]
musca-b1:
extends: .build
@@ -146,14 +144,16 @@
extends: .build
parallel:
matrix:
- - TOOLCHAINS: [gcc, clang]
+ - KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+ TOOLCHAINS: [gcc, clang]
TESTING: testimage
qemuarm64-secureboot:
extends: .build
parallel:
matrix:
- - TOOLCHAINS: [gcc, clang]
+ - KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+ TOOLCHAINS: [gcc, clang]
TCLIBC: [glibc, musl]
TS: [none, trusted-services]
TESTING: testimage
@@ -162,8 +162,12 @@
extends: .build
parallel:
matrix:
- - TOOLCHAINS: [gcc, clang]
- EFI: [uboot, edk2]
+ - DISTRO: poky
+ KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+ TOOLCHAINS: [gcc, clang]
+ FIRMWARE: [u-boot, edk2]
+ TESTING: testimage
+ - DISTRO: poky-tiny
TESTING: testimage
- VIRT: xen
@@ -171,15 +175,20 @@
extends: .build
parallel:
matrix:
- - TOOLCHAINS: [gcc, clang]
+ - KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+ TOOLCHAINS: [gcc, clang, external-gccarm]
TESTING: testimage
qemuarm:
extends: .build
parallel:
matrix:
- - TOOLCHAINS: [gcc, clang]
- EFI: [uboot, edk2]
+ - DISTRO: poky
+ KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+ TOOLCHAINS: [gcc, clang]
+ FIRMWARE: [u-boot, edk2]
+ TESTING: testimage
+ - DISTRO: poky-tiny
TESTING: testimage
- VIRT: xen
@@ -187,7 +196,11 @@
extends: .build
parallel:
matrix:
- - TESTING: testimage
+ - DISTRO: poky
+ KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+ TESTING: testimage
+ - DISTRO: poky-tiny
+ TESTING: testimage
sgi575:
extends: .build
diff --git a/meta-arm/ci/clang.yml b/meta-arm/ci/clang.yml
index a2063f1..eeee785 100644
--- a/meta-arm/ci/clang.yml
+++ b/meta-arm/ci/clang.yml
@@ -6,5 +6,8 @@
url: https://github.com/kraj/meta-clang
local_conf_header:
- clang: |
+ toolchain: |
TOOLCHAIN = "clang"
+ # This is needed to stop bitbake getting confused about what clang/llvm is
+ # being used, see https://github.com/kraj/meta-clang/pull/766
+ BBMASK += "/meta/recipes-devtools/llvm/llvm.*\.bb"
diff --git a/meta-arm/ci/corstone1000-common.yml b/meta-arm/ci/corstone1000-common.yml
index 65ff9d3..d856cfe 100644
--- a/meta-arm/ci/corstone1000-common.yml
+++ b/meta-arm/ci/corstone1000-common.yml
@@ -3,13 +3,12 @@
includes:
- ci/base.yml
- ci/meta-openembedded.yml
+ - ci/poky-tiny.yml
local_conf_header:
extrapackages: |
# Intentionally blank to prevent perf from being added to the image in base.yml
-distro: poky-tiny
-
target:
- corstone1000-image
- perf
diff --git a/meta-arm/ci/corstone500.yml b/meta-arm/ci/corstone500.yml
index 437c97c..0f9592e 100644
--- a/meta-arm/ci/corstone500.yml
+++ b/meta-arm/ci/corstone500.yml
@@ -3,17 +3,10 @@
includes:
- ci/base.yml
- ci/fvp.yml
+ - ci/poky-tiny.yml
local_conf_header:
fvp-config: |
IMAGE_FEATURES:remove = " ssh-server-dropbear"
- extrapackages: |
- # Intentionally blank to prevent perf from being added to the image in base.yml
machine: corstone500
-
-distro: poky-tiny
-
-target:
- - core-image-minimal
- - perf
diff --git a/meta-arm/ci/fvp-base-arm32.yml b/meta-arm/ci/fvp-base-arm32.yml
deleted file mode 100644
index 9f790f6..0000000
--- a/meta-arm/ci/fvp-base-arm32.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-header:
- version: 11
- includes:
- - ci/base.yml
- - ci/fvp.yml
-
-machine: fvp-base-arm32
diff --git a/meta-arm/ci/fvp.yml b/meta-arm/ci/fvp.yml
index a12c621..a8f8dfc 100644
--- a/meta-arm/ci/fvp.yml
+++ b/meta-arm/ci/fvp.yml
@@ -3,7 +3,7 @@
local_conf_header:
testimagefvp: |
- INHERIT = "fvpboot"
+ INHERIT += "fvpboot"
# This fails but we can't add to the ignorelist from meta-arm yet
# https://bugzilla.yoctoproject.org/show_bug.cgi?id=14604
TEST_SUITES:remove = "parselogs"
diff --git a/meta-arm/ci/gcc.yml b/meta-arm/ci/gcc.yml
new file mode 100644
index 0000000..a394368
--- /dev/null
+++ b/meta-arm/ci/gcc.yml
@@ -0,0 +1,7 @@
+header:
+ version: 11
+
+#NOTE: This is the default for poky. This is only being added for completeness/clarity
+local_conf_header:
+ toolchain: |
+ TOOLCHAIN = "gcc"
diff --git a/meta-arm/ci/glibc.yml b/meta-arm/ci/glibc.yml
new file mode 100644
index 0000000..adc85a7
--- /dev/null
+++ b/meta-arm/ci/glibc.yml
@@ -0,0 +1,7 @@
+header:
+ version: 11
+
+#NOTE: This is the default for poky. This is only being added for completeness/clarity
+local_conf_header:
+ libc: |
+ TCLIBC = "glibc"
diff --git a/meta-arm/ci/jobs-to-kas b/meta-arm/ci/jobs-to-kas
index d6896b7..b8615a5 100755
--- a/meta-arm/ci/jobs-to-kas
+++ b/meta-arm/ci/jobs-to-kas
@@ -18,7 +18,7 @@
# defaults, we can simply ignore those parameters. They are necessary
# to pass in so that matrix can correctly setup all of the permutations
# of each individual run.
- if [[ $i == 'none' || $i == 'gcc' || $i == 'glibc' || $i == 'uboot' ]]; then
+ if [[ $i == 'none' ]]; then
continue
fi
FILES+=":ci/$i.yml"
diff --git a/meta-arm/ci/linux-yocto-dev.yml b/meta-arm/ci/linux-yocto-dev.yml
new file mode 100644
index 0000000..a6fadce
--- /dev/null
+++ b/meta-arm/ci/linux-yocto-dev.yml
@@ -0,0 +1,6 @@
+header:
+ version: 9
+
+local_conf_header:
+ kernel: |
+ PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-dev"
diff --git a/meta-arm/ci/linux-yocto-rt.yml b/meta-arm/ci/linux-yocto-rt.yml
new file mode 100644
index 0000000..69d768c
--- /dev/null
+++ b/meta-arm/ci/linux-yocto-rt.yml
@@ -0,0 +1,6 @@
+header:
+ version: 9
+
+local_conf_header:
+ kernel: |
+ PREFERRED_PROVIDER_virtual/kernel = "linux-yocto-rt"
diff --git a/meta-arm/ci/linux-yocto.yml b/meta-arm/ci/linux-yocto.yml
new file mode 100644
index 0000000..359fea5
--- /dev/null
+++ b/meta-arm/ci/linux-yocto.yml
@@ -0,0 +1,7 @@
+header:
+ version: 9
+
+#NOTE: This is the default for poky. This is only being added for completeness/clarity
+local_conf_header:
+ kernel: |
+ PREFERRED_PROVIDER_virtual/kernel = "linux-yocto"
diff --git a/meta-arm/ci/poky-tiny.yml b/meta-arm/ci/poky-tiny.yml
new file mode 100644
index 0000000..cf252a0
--- /dev/null
+++ b/meta-arm/ci/poky-tiny.yml
@@ -0,0 +1,14 @@
+header:
+ version: 9
+
+distro: poky-tiny
+
+local_conf_header:
+ hacking: |
+ TEST_SUITES = "ping"
+ extrapackages: |
+ # Intentionally blank to prevent perf from being added to the image in base.yml
+
+target:
+ - core-image-minimal
+ - perf
diff --git a/meta-arm/ci/poky.yml b/meta-arm/ci/poky.yml
new file mode 100644
index 0000000..d4bcfeb
--- /dev/null
+++ b/meta-arm/ci/poky.yml
@@ -0,0 +1,4 @@
+header:
+ version: 9
+
+distro: poky
diff --git a/meta-arm/ci/u-boot.yml b/meta-arm/ci/u-boot.yml
new file mode 100644
index 0000000..76bdd23
--- /dev/null
+++ b/meta-arm/ci/u-boot.yml
@@ -0,0 +1,8 @@
+header:
+ version: 11
+
+local_conf_header:
+ bootfirmware: |
+ PREFERRED_PROVIDER_virtual/bootloader = "u-boot"
+ TFA_UBOOT = "1"
+ TFA_UEFI = "0"
diff --git a/meta-arm/ci/update-repos b/meta-arm/ci/update-repos
index 91ff197..9487102 100755
--- a/meta-arm/ci/update-repos
+++ b/meta-arm/ci/update-repos
@@ -4,6 +4,7 @@
import sys
import os
+import shutil
import subprocess
import pathlib
@@ -34,9 +35,14 @@
for repo in repositories:
repodir = base_repodir / repo_shortname(repo)
+
+ if "CI_CLEAN_REPOS" in os.environ:
+ print("Cleaning %s..." % repo)
+ shutil.rmtree(repodir, ignore_errors=True)
+
if repodir.exists():
print("Updating %s..." % repo)
- subprocess.run(["git", "-C", repodir, "fetch"], check=True)
+ subprocess.run(["git", "-C", repodir, "-c", "gc.autoDetach=false", "fetch"], check=True)
else:
print("Cloning %s..." % repo)
subprocess.run(["git", "clone", "--bare", repo, repodir], check=True)
diff --git a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
index 2a72f7f..ca89c70 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
@@ -31,7 +31,7 @@
FVP_CONFIG[se.nvm.update_raw_image] ?= "0"
# Boot image
-FVP_DATA ?= "board.flash0=${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.wic.nopt@0x68100000"
+FVP_DATA ?= "board.flash0=${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.wic@0x68000000"
# External system (cortex-M3)
FVP_CONFIG[extsys_harness0.extsys_flashloader.fname] ?= "${DEPLOY_DIR_IMAGE}/es_flashfw.bin"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-base-arm32.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-base-arm32.conf
deleted file mode 100644
index d3452b7..0000000
--- a/meta-arm/meta-arm-bsp/conf/machine/fvp-base-arm32.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# Configuration for Armv7-A Base Platform FVP
-
-#@TYPE: Machine
-#@NAME: Armv7-A Base Platform FVP machine
-#@DESCRIPTION: Machine configuration for Armv7-A Base Platform FVP model
-
-require conf/machine/include/fvp-common.inc
-require conf/machine/include/arm/arch-armv7a.inc
-
-# FVP u-boot configuration
-PREFERRED_VERSION_u-boot ?= "2022.04"
-UBOOT_MACHINE = "vexpress_aemv8a_aarch32_defconfig"
-
-KERNEL_IMAGETYPE = "zImage"
-
-FVP_CONFIG[cluster0.cpu0.CONFIG64] = "0"
-FVP_CONFIG[cluster0.cpu1.CONFIG64] = "0"
-FVP_CONFIG[cluster0.cpu2.CONFIG64] = "0"
-FVP_CONFIG[cluster0.cpu3.CONFIG64] = "0"
-FVP_CONFIG[cluster1.cpu0.CONFIG64] = "0"
-FVP_CONFIG[cluster1.cpu1.CONFIG64] = "0"
-FVP_CONFIG[cluster1.cpu2.CONFIG64] = "0"
-FVP_CONFIG[cluster1.cpu3.CONFIG64] = "0"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
index 1ba0708..bc29e88 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
@@ -9,7 +9,7 @@
TUNE_FEATURES = "aarch64"
-PREFERRED_VERSION_u-boot ?= "2022.04"
+PREFERRED_VERSION_u-boot ?= "2023.01"
# FVP u-boot configuration
UBOOT_MACHINE = "vexpress_aemv8a_semi_defconfig"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
index 7f25cd5..3915d18 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
@@ -34,7 +34,7 @@
UBOOT_EXTLINUX = "0"
#optee
-PREFERRED_VERSION_optee-os ?= "3.18.%"
+PREFERRED_VERSION_optee-os ?= "3.20.%"
PREFERRED_VERSION_optee-client ?= "3.18.%"
EXTRA_IMAGEDEPENDS += "optee-os"
OPTEE_ARCH = "arm64"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc b/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc
index b6fc74d..233c734 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc
+++ b/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc
@@ -16,7 +16,7 @@
KERNEL_DEVICETREE = "arm/fvp-base-revc.dtb"
-EXTRA_IMAGEDEPENDS += "trusted-firmware-a u-boot"
+EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
# As this is a virtual target that will not be used in the real world there is
# no need for real SSH keys.
diff --git a/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf b/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf
index 581e6af..0e047e8 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf
@@ -19,7 +19,7 @@
# Use kernel provided by yocto
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
-PREFERRED_VERSION_linux-yocto ?= "5.19%"
+PREFERRED_VERSION_linux-yocto ?= "6.1%"
# RTL8168E Gigabit Ethernet Controller is attached to the PCIe interface
MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "linux-firmware-rtl8168"
diff --git a/meta-arm/meta-arm-bsp/documentation/fvp-base-arm32.md b/meta-arm/meta-arm-bsp/documentation/fvp-base-arm32.md
deleted file mode 100644
index 141e61f..0000000
--- a/meta-arm/meta-arm-bsp/documentation/fvp-base-arm32.md
+++ /dev/null
@@ -1,30 +0,0 @@
-# Armv8-A Base Platform FVP (32-bit) Support in meta-arm-bsp
-
-## Howto Build and Run
-
-### Configuration:
-In the local.conf file, `MACHINE` should be set:
-```
-MACHINE = "fvp-base-arm32"
-```
-
-### Build:
-```
-$ bitbake core-image-base
-```
-
-### Run:
-The `fvp-base` machine has support for the `runfvp` script, so running is simple:
-
-```
-$ runfvp tmp/deploy/images/fvp-base-arm32/core-image-base-fvp-base-arm32.fvpconf
-```
-## Devices supported in the kernel
-- serial
-- virtio disk
-- network
-- watchdog
-- rtc
-
-## Devices not supported or not functional
-None
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
index 3a1639e..714a57c 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
@@ -6,16 +6,16 @@
COMPATIBLE_MACHINE = "corstone1000"
inherit image
-inherit wic_nopt tfm_sign_image
+inherit tfm_sign_image
inherit uefi_capsule
PACKAGE_INSTALL = ""
-IMAGE_FSTYPES += "wic wic.nopt uefi_capsule"
+IMAGE_FSTYPES += "wic uefi_capsule"
UEFI_FIRMWARE_BINARY = "${PN}-${MACHINE}.${CAPSULE_IMGTYPE}"
UEFI_CAPSULE_CONFIG = "${THISDIR}/files/${PN}-capsule-update-image.json"
-CAPSULE_IMGTYPE = "wic.nopt"
+CAPSULE_IMGTYPE = "wic"
do_sign_images() {
# Sign TF-A BL2
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch
new file mode 100644
index 0000000..3afaa4b
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch
@@ -0,0 +1,167 @@
+From 360aa32846a97e775750e06865d462c6258179fa Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Mon, 9 Jan 2023 13:59:06 +0000
+Subject: [PATCH] feat(corstone1000): bl2 loads fip based on metadata
+
+Previously bl2 was reading the boot_index directly with a hard coded
+address and then set the fip image spec with fip offsets base based on
+the boot_index value.
+This commit removes this logic and rely on PSA_FWU_SUPPORT
+which reads the fip partition based on the active firmware bank written in
+metadata.
+
+Note: fip partition contains signature area at the begining. Hence, the fip
+image starts at fip partition + fip signature area size.
+
+Upstream-Status: Pending
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+
+%% original patch: 0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch
+---
+ bl2/bl2_main.c | 4 +++
+ .../corstone1000/common/corstone1000_plat.c | 32 ++++++-------------
+ .../common/include/platform_def.h | 12 +++----
+ tools/cert_create/Makefile | 4 +--
+ tools/fiptool/Makefile | 4 +--
+ 5 files changed, 24 insertions(+), 32 deletions(-)
+
+diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c
+index 5da803795..f25dc3029 100644
+--- a/bl2/bl2_main.c
++++ b/bl2/bl2_main.c
+@@ -86,6 +86,10 @@ void bl2_main(void)
+ /* Perform remaining generic architectural setup in S-EL1 */
+ bl2_arch_setup();
+
++#if ARM_GPT_SUPPORT
++ partition_init(GPT_IMAGE_ID);
++#endif
++
+ #if PSA_FWU_SUPPORT
+ fwu_init();
+ #endif /* PSA_FWU_SUPPORT */
+diff --git a/plat/arm/board/corstone1000/common/corstone1000_plat.c b/plat/arm/board/corstone1000/common/corstone1000_plat.c
+index 0235f8b84..7f9708a82 100644
+--- a/plat/arm/board/corstone1000/common/corstone1000_plat.c
++++ b/plat/arm/board/corstone1000/common/corstone1000_plat.c
+@@ -33,36 +33,17 @@ const mmap_region_t plat_arm_mmap[] = {
+ static void set_fip_image_source(void)
+ {
+ const struct plat_io_policy *policy;
+- /*
+- * metadata for firmware update is written at 0x0000 offset of the flash.
+- * PLAT_ARM_BOOT_BANK_FLAG contains the boot bank that TF-M is booted.
+- * As per firmware update spec, at a given point of time, only one bank
+- * is active. This means, TF-A should boot from the same bank as TF-M.
+- */
+- volatile uint32_t *boot_bank_flag = (uint32_t *)(PLAT_ARM_BOOT_BANK_FLAG);
+-
+- if (*boot_bank_flag > 1) {
+- VERBOSE("Boot_bank is set higher than possible values");
+- }
+-
+- VERBOSE("Boot bank flag = %u.\n\r", *boot_bank_flag);
+
+ policy = FCONF_GET_PROPERTY(arm, io_policies, FIP_IMAGE_ID);
+
+ assert(policy != NULL);
+ assert(policy->image_spec != 0UL);
+
++ /* FIP Partition contains Signature area at the begining which TF-A doesn't expect */
+ io_block_spec_t *spec = (io_block_spec_t *)policy->image_spec;
++ spec->offset += FIP_SIGNATURE_AREA_SIZE;
++ spec->length -= FIP_SIGNATURE_AREA_SIZE;
+
+- if ((*boot_bank_flag) == 0) {
+- VERBOSE("Booting from bank 0: fip offset = 0x%lx\n\r",
+- PLAT_ARM_FIP_BASE_BANK0);
+- spec->offset = PLAT_ARM_FIP_BASE_BANK0;
+- } else {
+- VERBOSE("Booting from bank 1: fip offset = 0x%lx\n\r",
+- PLAT_ARM_FIP_BASE_BANK1);
+- spec->offset = PLAT_ARM_FIP_BASE_BANK1;
+- }
+ }
+
+ void bl2_platform_setup(void)
+@@ -75,6 +56,13 @@ void bl2_platform_setup(void)
+ set_fip_image_source();
+ }
+
++void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1,
++ u_register_t arg2, u_register_t arg3)
++{
++ arm_bl2_early_platform_setup((uintptr_t)arg0, (meminfo_t *)arg1);
++ NOTICE("CS1k: early at bl2_platform_setup\n");
++}
++
+ /* corstone1000 only has one always-on power domain and there
+ * is no power control present
+ */
+diff --git a/plat/arm/board/corstone1000/common/include/platform_def.h b/plat/arm/board/corstone1000/common/include/platform_def.h
+index 584d485f3..0bfab05a4 100644
+--- a/plat/arm/board/corstone1000/common/include/platform_def.h
++++ b/plat/arm/board/corstone1000/common/include/platform_def.h
+@@ -173,16 +173,16 @@
+
+ /* NOR Flash */
+
+-#define PLAT_ARM_BOOT_BANK_FLAG UL(0x08002000)
+-#define PLAT_ARM_FIP_BASE_BANK0 UL(0x081EF000)
+-#define PLAT_ARM_FIP_BASE_BANK1 UL(0x0916F000)
+-#define PLAT_ARM_FIP_MAX_SIZE UL(0x1ff000) /* 1.996 MB */
+-
+ #define PLAT_ARM_NVM_BASE V2M_FLASH0_BASE
+ #define PLAT_ARM_NVM_SIZE (SZ_32M) /* 32 MB */
++#define PLAT_ARM_FIP_MAX_SIZE UL(0x1ff000) /* 1.996 MB */
+
+-#define PLAT_ARM_FLASH_IMAGE_BASE PLAT_ARM_FIP_BASE_BANK0
++#define PLAT_ARM_FLASH_IMAGE_BASE UL(0x08000000)
+ #define PLAT_ARM_FLASH_IMAGE_MAX_SIZE PLAT_ARM_FIP_MAX_SIZE
++#define PLAT_ARM_FIP_OFFSET_IN_GPT (0x86000)
++
++/* FIP Information */
++#define FIP_SIGNATURE_AREA_SIZE (0x1000) /* 4 KB */
+
+ /*
+ * Some data must be aligned on the biggest cache line size in the platform.
+diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
+index ca548b836..32b5486a0 100644
+--- a/tools/cert_create/Makefile
++++ b/tools/cert_create/Makefile
+@@ -69,8 +69,8 @@ INC_DIR += -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include
+ # directory. However, for a local build of OpenSSL, the built binaries are
+ # located under the main project directory (i.e.: ${OPENSSL_DIR}, not
+ # ${OPENSSL_DIR}/lib/).
+-LIB_DIR := -L ${OPENSSL_DIR}/lib -L ${OPENSSL_DIR}
+-LIB := -lssl -lcrypto
++LIB_DIR := -L ${OPENSSL_DIR}/lib -L ${OPENSSL_DIR} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS}
++LIB := -lssl -lcrypto ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS}
+
+ HOSTCC ?= gcc
+
+diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
+index e6aeba95b..7c047479e 100644
+--- a/tools/fiptool/Makefile
++++ b/tools/fiptool/Makefile
+@@ -29,7 +29,7 @@ endif
+ # directory. However, for a local build of OpenSSL, the built binaries are
+ # located under the main project directory (i.e.: ${OPENSSL_DIR}, not
+ # ${OPENSSL_DIR}/lib/).
+-LDLIBS := -L${OPENSSL_DIR}/lib -L${OPENSSL_DIR} -lcrypto
++LDLIBS := -L${OPENSSL_DIR}/lib -L${OPENSSL_DIR} -lcrypto ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS}
+
+ ifeq (${V},0)
+ Q := @
+@@ -37,7 +37,7 @@ else
+ Q :=
+ endif
+
+-INCLUDE_PATHS := -I../../include/tools_share -I${OPENSSL_DIR}/include
++INCLUDE_PATHS := -I../../include/tools_share -I${OPENSSL_DIR}/include ${BUILD_CFLAGS} ${BUILD_CFLAGS} ${BUILD_CFLAGS} ${BUILD_CFLAGS} ${BUILD_CFLAGS} ${BUILD_CFLAGS}
+
+ HOSTCC ?= gcc
+
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
index 3034680..0081034 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
@@ -6,7 +6,8 @@
SRC_URI:append = " \
file://0001-Fix-FF-A-version-in-SPMC-manifest.patch \
- "
+ file://0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch \
+ "
TFA_DEBUG = "1"
TFA_UBOOT ?= "1"
@@ -31,6 +32,9 @@
CREATE_KEYS=1 \
GENERATE_COT=1 \
TRUSTED_BOARD_BOOT=1 \
+ ARM_GPT_SUPPORT=1 \
+ PSA_FWU_SUPPORT=1 \
+ NR_OF_IMAGES_IN_FW_BANK=4 \
COT=tbbr \
ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-arm32.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-arm32.inc
deleted file mode 100644
index fdaadb9..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-arm32.inc
+++ /dev/null
@@ -1,12 +0,0 @@
-# Armv7-A FVP specific TFA parameters
-
-COMPATIBLE_MACHINE = "fvp-base-arm32"
-TFA_PLATFORM = "fvp"
-TFA_UBOOT = "1"
-TFA_BUILD_TARGET = "dtbs bl1 bl32 fip"
-
-EXTRA_OEMAKE:append = " \
- ARCH=aarch32 \
- AARCH32_SP=sp_min \
- "
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp.inc
index 43340cd..ca96b44 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp.inc
@@ -8,5 +8,5 @@
TFA_PLATFORM = "fvp"
TFA_DEBUG = "1"
TFA_MBEDTLS = "1"
-TFA_UBOOT = "1"
+TFA_UBOOT ?= "1"
TFA_BUILD_TARGET = "bl1 bl2 bl31 dtbs fip"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend
index 09ed3f7..220dd6e3 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend
@@ -6,7 +6,6 @@
MACHINE_TFA_REQUIRE:corstone500 = "trusted-firmware-a-corstone500.inc"
MACHINE_TFA_REQUIRE:corstone1000 = "trusted-firmware-a-corstone1000.inc"
MACHINE_TFA_REQUIRE:fvp-base = "trusted-firmware-a-fvp.inc"
-MACHINE_TFA_REQUIRE:fvp-base-arm32 = "trusted-firmware-a-fvp-arm32.inc"
MACHINE_TFA_REQUIRE:juno = "trusted-firmware-a-juno.inc"
MACHINE_TFA_REQUIRE:n1sdp = "trusted-firmware-a-n1sdp.inc"
MACHINE_TFA_REQUIRE:sgi575 = "trusted-firmware-a-sgi575.inc"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-number-of-assets.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-number-of-assets.patch
deleted file mode 100644
index f0368b8..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-number-of-assets.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From decb355247c4ba4b876997f55c27ec3f55dbacd2 Mon Sep 17 00:00:00 2001
-From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Date: Mon, 23 Jan 2023 13:25:28 +0000
-Subject: [PATCH] Platform: corstone1000: Increase number of assets
-
-As Corstone1000 stores at boot time few efi variables.
-Therefore, number of assets is increased to compansate this early usage.
-
-Note: Adding platform customized configs to config_tfm.h
- More information see:
-https://tf-m-user-guide.trustedfirmware.org/configuration/header_file_system.html
-
-Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Upstream-Status: Pending [Not submitted yet]
----
- platform/ext/target/arm/corstone1000/config_tfm_target.h | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h
-index bf8d2f95f7..e968366639 100644
---- a/platform/ext/target/arm/corstone1000/config_tfm_target.h
-+++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h
-@@ -16,4 +16,12 @@
- #undef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE
- #define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 256
-
-+/* The maximum number of assets to be stored in the Internal Trusted Storage. */
-+#undef ITS_NUM_ASSETS
-+#define ITS_NUM_ASSETS 20
-+
-+/* The maximum number of assets to be stored in the Protected Storage area. */
-+#undef PS_NUM_ASSETS
-+#define PS_NUM_ASSETS 20
-+
- #endif /* __CONFIG_TFM_TARGET_H__ */
---
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Introduce-IO-framework.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Introduce-IO-framework.patch
new file mode 100644
index 0000000..900fd54
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Introduce-IO-framework.patch
@@ -0,0 +1,1354 @@
+From 1db9afdbf70eb9708640debe5d7d24558fe0f63a Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Mon, 7 Nov 2022 12:49:11 +0000
+Subject: [PATCH 01/10] Platform: corstone1000: Introduce IO framework
+
+- Introduce IO storage framework
+- Add IO flash to abstract flash implementation details from upper layer
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Accepted [TF-Mv1.8.0]
+---
+ .../target/arm/corstone1000/CMakeLists.txt | 4 +
+ .../ext/target/arm/corstone1000/io/io_block.c | 527 ++++++++++++++++++
+ .../ext/target/arm/corstone1000/io/io_block.h | 40 ++
+ .../ext/target/arm/corstone1000/io/io_defs.h | 27 +
+ .../target/arm/corstone1000/io/io_driver.h | 54 ++
+ .../ext/target/arm/corstone1000/io/io_flash.c | 183 ++++++
+ .../ext/target/arm/corstone1000/io/io_flash.h | 37 ++
+ .../target/arm/corstone1000/io/io_storage.c | 289 ++++++++++
+ .../target/arm/corstone1000/io/io_storage.h | 92 +++
+ 9 files changed, 1253 insertions(+)
+ create mode 100644 platform/ext/target/arm/corstone1000/io/io_block.c
+ create mode 100644 platform/ext/target/arm/corstone1000/io/io_block.h
+ create mode 100644 platform/ext/target/arm/corstone1000/io/io_defs.h
+ create mode 100644 platform/ext/target/arm/corstone1000/io/io_driver.h
+ create mode 100644 platform/ext/target/arm/corstone1000/io/io_flash.c
+ create mode 100644 platform/ext/target/arm/corstone1000/io/io_flash.h
+ create mode 100644 platform/ext/target/arm/corstone1000/io/io_storage.c
+ create mode 100644 platform/ext/target/arm/corstone1000/io/io_storage.h
+
+diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+index cfbaffc995..7808efae68 100644
+--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+@@ -125,6 +125,9 @@ target_sources(platform_bl2
+ fw_update_agent/fwu_agent.c
+ bl2_security_cnt.c
+ $<$<NOT:$<BOOL:${PLATFORM_DEFAULT_OTP}>>:${PLATFORM_DIR}/ext/accelerator/cc312/otp_cc312.c>
++ io/io_block.c
++ io/io_flash.c
++ io/io_storage.c
+ )
+
+ if (PLATFORM_IS_FVP)
+@@ -182,6 +185,7 @@ target_include_directories(platform_bl2
+ fip_parser
+ Native_Driver
+ fw_update_agent
++ io
+ .
+ INTERFACE
+ cc312
+diff --git a/platform/ext/target/arm/corstone1000/io/io_block.c b/platform/ext/target/arm/corstone1000/io/io_block.c
+new file mode 100644
+index 0000000000..f7eaf7444c
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/io/io_block.c
+@@ -0,0 +1,527 @@
++/*
++ * Copyright (c) 2022 Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: Apache-2.0
++ *
++ * Licensed under the Apache License, Version 2.0 (the License); you may
++ * not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
++ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#include "io_block.h"
++
++#include <assert.h>
++#include <errno.h>
++
++#include "io_defs.h"
++#include "io_driver.h"
++#include "io_storage.h"
++
++typedef struct {
++ io_block_dev_spec_t *dev_spec;
++ uintptr_t base;
++ uint32_t file_pos;
++ uint32_t size;
++} block_dev_state_t;
++
++#define is_power_of_2(x) (((x) != 0U) && (((x) & ((x)-1U)) == 0U))
++
++io_type_t device_type_block(void);
++
++static int block_open(io_dev_info_t *dev_info, const uintptr_t spec,
++ io_entity_t *entity);
++static int block_seek(io_entity_t *entity, int mode, size_t offset);
++static int block_read(io_entity_t *entity, uintptr_t buffer, size_t length,
++ size_t *length_read);
++static int block_write(io_entity_t *entity, const uintptr_t buffer,
++ size_t length, size_t *length_written);
++static int block_close(io_entity_t *entity);
++static int block_dev_open(const uintptr_t dev_spec, io_dev_info_t **dev_info);
++static int block_dev_close(io_dev_info_t *dev_info);
++
++static const io_dev_connector_t block_dev_connector = {.dev_open =
++ block_dev_open};
++
++static const io_dev_funcs_t block_dev_funcs = {
++ .type = device_type_block,
++ .open = block_open,
++ .seek = block_seek,
++ .size = NULL,
++ .read = block_read,
++ .write = block_write,
++ .close = block_close,
++ .dev_init = NULL,
++ .dev_close = block_dev_close,
++};
++
++static block_dev_state_t state_pool[MAX_IO_BLOCK_DEVICES];
++static io_dev_info_t dev_info_pool[MAX_IO_BLOCK_DEVICES];
++
++/* Track number of allocated block state */
++static unsigned int block_dev_count;
++
++io_type_t device_type_block(void) { return IO_TYPE_BLOCK; }
++
++/* Locate a block state in the pool, specified by address */
++static int find_first_block_state(const io_block_dev_spec_t *dev_spec,
++ unsigned int *index_out) {
++ unsigned int index;
++ int result = -ENOENT;
++
++ for (index = 0U; index < MAX_IO_BLOCK_DEVICES; ++index) {
++ /* dev_spec is used as identifier since it's unique */
++ if (state_pool[index].dev_spec == dev_spec) {
++ result = 0;
++ *index_out = index;
++ break;
++ }
++ }
++ return result;
++}
++
++/* Allocate a device info from the pool and return a pointer to it */
++static int allocate_dev_info(io_dev_info_t **dev_info) {
++ int result = -ENOMEM;
++ assert(dev_info != NULL);
++
++ if (block_dev_count < MAX_IO_BLOCK_DEVICES) {
++ unsigned int index = 0;
++ result = find_first_block_state(NULL, &index);
++ assert(result == 0);
++ /* initialize dev_info */
++ dev_info_pool[index].funcs = &block_dev_funcs;
++ dev_info_pool[index].info = (uintptr_t)&state_pool[index];
++ *dev_info = &dev_info_pool[index];
++ ++block_dev_count;
++ }
++
++ return result;
++}
++
++/* Release a device info to the pool */
++static int free_dev_info(io_dev_info_t *dev_info) {
++ int result;
++ unsigned int index = 0;
++ block_dev_state_t *state;
++ assert(dev_info != NULL);
++
++ state = (block_dev_state_t *)dev_info->info;
++ result = find_first_block_state(state->dev_spec, &index);
++ if (result == 0) {
++ /* free if device info is valid */
++ memset(state, 0, sizeof(block_dev_state_t));
++ memset(dev_info, 0, sizeof(io_dev_info_t));
++ --block_dev_count;
++ }
++
++ return result;
++}
++
++static int block_open(io_dev_info_t *dev_info, const uintptr_t spec,
++ io_entity_t *entity) {
++ block_dev_state_t *cur;
++ io_block_spec_t *region;
++
++ assert((dev_info->info != (uintptr_t)NULL) && (spec != (uintptr_t)NULL) &&
++ (entity->info == (uintptr_t)NULL));
++
++ region = (io_block_spec_t *)spec;
++ cur = (block_dev_state_t *)dev_info->info;
++ assert(((region->offset % cur->dev_spec->block_size) == 0) &&
++ ((region->length % cur->dev_spec->block_size) == 0));
++
++ cur->base = region->offset;
++ cur->size = region->length;
++ cur->file_pos = 0;
++
++ entity->info = (uintptr_t)cur;
++ return 0;
++}
++
++/* parameter offset is relative address at here */
++static int block_seek(io_entity_t *entity, int mode, size_t offset) {
++ block_dev_state_t *cur;
++
++ assert(entity->info != (uintptr_t)NULL);
++
++ cur = (block_dev_state_t *)entity->info;
++
++ assert((offset >= 0) && ((uint32_t)offset < cur->size));
++ switch (mode) {
++ case IO_SEEK_SET:
++ cur->file_pos = (uint32_t)offset;
++ break;
++ case IO_SEEK_CUR:
++ cur->file_pos += (uint32_t)offset;
++ break;
++ default:
++ return -EINVAL;
++ }
++ assert(cur->file_pos < cur->size);
++ return 0;
++}
++
++/*
++ * This function allows the caller to read any number of bytes
++ * from any position. It hides from the caller that the low level
++ * driver only can read aligned blocks of data. For this reason
++ * we need to handle the use case where the first byte to be read is not
++ * aligned to start of the block, the last byte to be read is also not
++ * aligned to the end of a block, and there are zero or more blocks-worth
++ * of data in between.
++ *
++ * In such a case we need to read more bytes than requested (i.e. full
++ * blocks) and strip-out the leading bytes (aka skip) and the trailing
++ * bytes (aka padding). See diagram below
++ *
++ * cur->file_pos ------------
++ * |
++ * cur->base |
++ * | |
++ * v v<---- length ---->
++ * --------------------------------------------------------------
++ * | | block#1 | | block#n |
++ * | block#0 | + | ... | + |
++ * | | <- skip -> + | | + <- padding ->|
++ * ------------------------+----------------------+--------------
++ * ^ ^
++ * | |
++ * v iteration#1 iteration#n v
++ * --------------------------------------------------
++ * | | | |
++ * |<---- request ---->| ... |<----- request ---->|
++ * | | | |
++ * --------------------------------------------------
++ * / / | |
++ * / / | |
++ * / / | |
++ * / / | |
++ * / / | |
++ * / / | |
++ * / / | |
++ * / / | |
++ * / / | |
++ * / / | |
++ * <---- request ------> <------ request ----->
++ * --------------------- -----------------------
++ * | | | | | |
++ * |<-skip->|<-nbytes->| -------->|<-nbytes->|<-padding->|
++ * | | | | | | |
++ * --------------------- | -----------------------
++ * ^ \ \ | | |
++ * | \ \ | | |
++ * | \ \ | | |
++ * buf->offset \ \ buf->offset | |
++ * \ \ | |
++ * \ \ | |
++ * \ \ | |
++ * \ \ | |
++ * \ \ | |
++ * \ \ | |
++ * \ \ | |
++ * --------------------------------
++ * | | | |
++ * buffer-------------->| | ... | |
++ * | | | |
++ * --------------------------------
++ * <-count#1->| |
++ * <---------- count#n -------->
++ * <---------- length ---------->
++ *
++ * Additionally, the IO driver has an underlying buffer that is at least
++ * one block-size and may be big enough to allow.
++ */
++static int block_read(io_entity_t *entity, uintptr_t buffer, size_t length,
++ size_t *length_read) {
++ block_dev_state_t *cur;
++ io_block_spec_t *buf;
++ io_block_ops_t *ops;
++ int lba;
++ size_t block_size, left;
++ size_t nbytes; /* number of bytes read in one iteration */
++ size_t request; /* number of requested bytes in one iteration */
++ size_t count; /* number of bytes already read */
++ /*
++ * number of leading bytes from start of the block
++ * to the first byte to be read
++ */
++ size_t skip;
++
++ /*
++ * number of trailing bytes between the last byte
++ * to be read and the end of the block
++ */
++ size_t padding;
++
++ assert(entity->info != (uintptr_t)NULL);
++ cur = (block_dev_state_t *)entity->info;
++ ops = &(cur->dev_spec->ops);
++ buf = &(cur->dev_spec->buffer);
++ block_size = cur->dev_spec->block_size;
++ assert((length <= cur->size) && (length > 0U) && (ops->read != 0));
++
++ /*
++ * We don't know the number of bytes that we are going
++ * to read in every iteration, because it will depend
++ * on the low level driver.
++ */
++ count = 0;
++ for (left = length; left > 0U; left -= nbytes) {
++ /*
++ * We must only request operations aligned to the block
++ * size. Therefore if file_pos is not block-aligned,
++ * we have to request the operation to start at the
++ * previous block boundary and skip the leading bytes. And
++ * similarly, the number of bytes requested must be a
++ * block size multiple
++ */
++ skip = cur->file_pos & (block_size - 1U);
++
++ /*
++ * Calculate the block number containing file_pos
++ * - e.g. block 3.
++ */
++ lba = (cur->file_pos + cur->base) / block_size;
++
++ if ((skip + left) > buf->length) {
++ /*
++ * The underlying read buffer is too small to
++ * read all the required data - limit to just
++ * fill the buffer, and then read again.
++ */
++ request = buf->length;
++ } else {
++ /*
++ * The underlying read buffer is big enough to
++ * read all the required data. Calculate the
++ * number of bytes to read to align with the
++ * block size.
++ */
++ request = skip + left;
++ request = (request + (block_size - 1U)) & ~(block_size - 1U);
++ }
++ request = ops->read(lba, buf->offset, request);
++
++ if (request <= skip) {
++ /*
++ * We couldn't read enough bytes to jump over
++ * the skip bytes, so we should have to read
++ * again the same block, thus generating
++ * the same error.
++ */
++ return -EIO;
++ }
++
++ /*
++ * Need to remove skip and padding bytes,if any, from
++ * the read data when copying to the user buffer.
++ */
++ nbytes = request - skip;
++ padding = (nbytes > left) ? nbytes - left : 0U;
++ nbytes -= padding;
++
++ memcpy((void *)(buffer + count), (void *)(buf->offset + skip), nbytes);
++
++ cur->file_pos += nbytes;
++ count += nbytes;
++ }
++ assert(count == length);
++ *length_read = count;
++
++ return 0;
++}
++
++/*
++ * This function allows the caller to write any number of bytes
++ * from any position. It hides from the caller that the low level
++ * driver only can write aligned blocks of data.
++ * See comments for block_read for more details.
++ */
++static int block_write(io_entity_t *entity, const uintptr_t buffer,
++ size_t length, size_t *length_written) {
++ block_dev_state_t *cur;
++ io_block_spec_t *buf;
++ io_block_ops_t *ops;
++ int lba;
++ size_t block_size, left;
++ size_t nbytes; /* number of bytes read in one iteration */
++ size_t request; /* number of requested bytes in one iteration */
++ size_t count; /* number of bytes already read */
++ /*
++ * number of leading bytes from start of the block
++ * to the first byte to be read
++ */
++ size_t skip;
++
++ /*
++ * number of trailing bytes between the last byte
++ * to be read and the end of the block
++ */
++ size_t padding;
++ assert(entity->info != (uintptr_t)NULL);
++ cur = (block_dev_state_t *)entity->info;
++ ops = &(cur->dev_spec->ops);
++ buf = &(cur->dev_spec->buffer);
++ block_size = cur->dev_spec->block_size;
++ assert((length <= cur->size) && (length > 0U) && (ops->read != 0) &&
++ (ops->write != 0));
++
++ /*
++ * We don't know the number of bytes that we are going
++ * to write in every iteration, because it will depend
++ * on the low level driver.
++ */
++ count = 0;
++ for (left = length; left > 0U; left -= nbytes) {
++ /*
++ * We must only request operations aligned to the block
++ * size. Therefore if file_pos is not block-aligned,
++ * we have to request the operation to start at the
++ * previous block boundary and skip the leading bytes. And
++ * similarly, the number of bytes requested must be a
++ * block size multiple
++ */
++ skip = cur->file_pos & (block_size - 1U);
++
++ /*
++ * Calculate the block number containing file_pos
++ * - e.g. block 3.
++ */
++ lba = (cur->file_pos + cur->base) / block_size;
++
++ if ((skip + left) > buf->length) {
++ /*
++ * The underlying read buffer is too small to
++ * read all the required data - limit to just
++ * fill the buffer, and then read again.
++ */
++ request = buf->length;
++ } else {
++ /*
++ * The underlying read buffer is big enough to
++ * read all the required data. Calculate the
++ * number of bytes to read to align with the
++ * block size.
++ */
++ request = skip + left;
++ request = (request + (block_size - 1U)) & ~(block_size - 1U);
++ }
++
++ /*
++ * The number of bytes that we are going to write
++ * from the user buffer will depend of the size
++ * of the current request.
++ */
++ nbytes = request - skip;
++ padding = (nbytes > left) ? nbytes - left : 0U;
++ nbytes -= padding;
++
++ /*
++ * If we have skip or padding bytes then we have to preserve
++ * some content and it means that we have to read before
++ * writing
++ */
++ if ((skip > 0U) || (padding > 0U)) {
++ request = ops->read(lba, buf->offset, request);
++ /*
++ * The read may return size less than
++ * requested. Round down to the nearest block
++ * boundary
++ */
++ request &= ~(block_size - 1U);
++ if (request <= skip) {
++ /*
++ * We couldn't read enough bytes to jump over
++ * the skip bytes, so we should have to read
++ * again the same block, thus generating
++ * the same error.
++ */
++ return -EIO;
++ }
++ nbytes = request - skip;
++ padding = (nbytes > left) ? nbytes - left : 0U;
++ nbytes -= padding;
++ }
++
++ memcpy((void *)(buf->offset + skip), (void *)(buffer + count), nbytes);
++
++ request = ops->write(lba, buf->offset, request);
++ if (request <= skip) return -EIO;
++
++ /*
++ * And the previous write operation may modify the size
++ * of the request, so again, we have to calculate the
++ * number of bytes that we consumed from the user
++ * buffer
++ */
++ nbytes = request - skip;
++ padding = (nbytes > left) ? nbytes - left : 0U;
++ nbytes -= padding;
++
++ cur->file_pos += nbytes;
++ count += nbytes;
++ }
++ assert(count == length);
++ *length_written = count;
++
++ return 0;
++}
++
++static int block_close(io_entity_t *entity) {
++ entity->info = (uintptr_t)NULL;
++ return 0;
++}
++
++static int block_dev_open(const uintptr_t dev_spec, io_dev_info_t **dev_info) {
++ block_dev_state_t *cur;
++ io_block_spec_t *buffer;
++ io_dev_info_t *info;
++ size_t block_size;
++ int result;
++ assert(dev_info != NULL);
++ result = allocate_dev_info(&info);
++ if (result != 0) return -ENOENT;
++
++ cur = (block_dev_state_t *)info->info;
++ /* dev_spec is type of io_block_dev_spec_t. */
++ cur->dev_spec = (io_block_dev_spec_t *)dev_spec;
++ buffer = &(cur->dev_spec->buffer);
++ block_size = cur->dev_spec->block_size;
++
++ assert((block_size > 0U) && (is_power_of_2(block_size) != 0U) &&
++ ((buffer->length % block_size) == 0U));
++
++ *dev_info = info; /* cast away const */
++ (void)block_size;
++ (void)buffer;
++ return 0;
++}
++
++static int block_dev_close(io_dev_info_t *dev_info) {
++ return free_dev_info(dev_info);
++}
++
++/* Exported functions */
++
++/* Register the Block driver with the IO abstraction */
++int register_io_dev_block(const io_dev_connector_t **dev_con) {
++ int result;
++
++ assert(dev_con != NULL);
++
++ /*
++ * Since dev_info isn't really used in io_register_device, always
++ * use the same device info at here instead.
++ */
++ result = io_register_device(&dev_info_pool[0]);
++ if (result == 0) *dev_con = &block_dev_connector;
++ return result;
++}
+diff --git a/platform/ext/target/arm/corstone1000/io/io_block.h b/platform/ext/target/arm/corstone1000/io/io_block.h
+new file mode 100644
+index 0000000000..1603aa74c5
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/io/io_block.h
+@@ -0,0 +1,40 @@
++/*
++ * Copyright (c) 2022 Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: Apache-2.0
++ *
++ * Licensed under the Apache License, Version 2.0 (the License); you may
++ * not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
++ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#ifndef __IO_BLOCK_H__
++#define __IO_BLOCK_H__
++
++#include "io_storage.h"
++
++/* block devices ops */
++typedef struct io_block_ops {
++ size_t (*read)(int lba, uintptr_t buf, size_t size);
++ size_t (*write)(int lba, const uintptr_t buf, size_t size);
++} io_block_ops_t;
++
++typedef struct io_block_dev_spec {
++ io_block_spec_t buffer;
++ io_block_ops_t ops;
++ size_t block_size;
++} io_block_dev_spec_t;
++
++struct io_dev_connector;
++
++int register_io_dev_block(const struct io_dev_connector **dev_con);
++
++#endif /* __IO_BLOCK_H__ */
+\ No newline at end of file
+diff --git a/platform/ext/target/arm/corstone1000/io/io_defs.h b/platform/ext/target/arm/corstone1000/io/io_defs.h
+new file mode 100644
+index 0000000000..acba969ed6
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/io/io_defs.h
+@@ -0,0 +1,27 @@
++/*
++ * Copyright (c) 2022 Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: Apache-2.0
++ *
++ * Licensed under the Apache License, Version 2.0 (the License); you may
++ * not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
++ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#ifndef __IO_DEFS_H__
++#define __IO_DEFS_H__
++
++#define MAX_IO_DEVICES (2)
++#define MAX_IO_HANDLES (2)
++#define MAX_IO_BLOCK_DEVICES (2)
++#define MAX_IO_FLASH_DEVICES (2)
++
++#endif /* __IO_DEFS_H__ */
+\ No newline at end of file
+diff --git a/platform/ext/target/arm/corstone1000/io/io_driver.h b/platform/ext/target/arm/corstone1000/io/io_driver.h
+new file mode 100644
+index 0000000000..cf9e21a6d4
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/io/io_driver.h
+@@ -0,0 +1,54 @@
++/*
++ * Copyright (c) 2014-2022, ARM Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef __IO_DRIVER_H__
++#define __IO_DRIVER_H__
++
++#include <io_storage.h>
++#include <stdint.h>
++
++/* Generic IO entity structure,representing an accessible IO construct on the
++ * device, such as a file */
++typedef struct io_entity {
++ struct io_dev_info *dev_handle;
++ uintptr_t info;
++} io_entity_t;
++
++/* Device info structure, providing device-specific functions and a means of
++ * adding driver-specific state */
++typedef struct io_dev_info {
++ const struct io_dev_funcs *funcs;
++ uintptr_t info;
++} io_dev_info_t;
++
++/* Structure used to create a connection to a type of device */
++typedef struct io_dev_connector {
++ /* dev_open opens a connection to a particular device driver */
++ int (*dev_open)(const uintptr_t dev_spec, io_dev_info_t **dev_info);
++} io_dev_connector_t;
++
++/* Structure to hold device driver function pointers */
++typedef struct io_dev_funcs {
++ io_type_t (*type)(void);
++ int (*open)(io_dev_info_t *dev_info, const uintptr_t spec,
++ io_entity_t *entity);
++ int (*seek)(io_entity_t *entity, int mode, size_t offset);
++ int (*size)(io_entity_t *entity, size_t *length);
++ int (*read)(io_entity_t *entity, uintptr_t buffer, size_t length,
++ size_t *length_read);
++ int (*write)(io_entity_t *entity, const uintptr_t buffer, size_t length,
++ size_t *length_written);
++ int (*close)(io_entity_t *entity);
++ int (*dev_init)(io_dev_info_t *dev_info, const uintptr_t init_params);
++ int (*dev_close)(io_dev_info_t *dev_info);
++} io_dev_funcs_t;
++
++/* Operations intended to be performed during platform initialisation */
++
++/* Register an IO device */
++int io_register_device(const io_dev_info_t *dev_info);
++
++#endif /* __IO_DRIVER_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/io/io_flash.c b/platform/ext/target/arm/corstone1000/io/io_flash.c
+new file mode 100644
+index 0000000000..ff4524e9c5
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/io/io_flash.c
+@@ -0,0 +1,183 @@
++/*
++ * Copyright (c) 2022 Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: Apache-2.0
++ *
++ * Licensed under the Apache License, Version 2.0 (the License); you may
++ * not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
++ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#include "io_flash.h"
++
++#include <assert.h>
++#include <errno.h>
++
++#include "Driver_Flash.h"
++#include "io_block.h"
++#include "io_defs.h"
++#include "io_driver.h"
++#include "io_storage.h"
++
++#if MAX_IO_FLASH_DEVICES > MAX_IO_BLOCK_DEVICES
++#error \
++ "FLASH devices are BLOCK devices .. MAX_IO_FLASH_DEVICES should be less or equal to MAX_IO_BLOCK_DEVICES"
++#endif
++
++/* Private Prototypes */
++
++static int flash_dev_open(const uintptr_t dev_spec, io_dev_info_t **dev_info);
++static size_t flash_read(int lba, uintptr_t buf, size_t size, size_t flash_id);
++static size_t flash_write(int lba, const uintptr_t buf, size_t size,
++ size_t flash_id);
++static size_t flash0_read(int lba, uintptr_t buf, size_t size);
++static size_t flash0_write(int lba, uintptr_t buf, size_t size);
++static size_t flash1_read(int lba, uintptr_t buf, size_t size);
++static size_t flash1_write(int lba, uintptr_t buf, size_t size);
++
++/** Private Data **/
++
++/* Flash device data */
++static const io_dev_connector_t flash_dev_connector = {.dev_open =
++ flash_dev_open};
++static size_t flash_dev_count = 0;
++static io_flash_dev_spec_t *flash_dev_specs[MAX_IO_FLASH_DEVICES];
++
++/* Block device data */
++static io_dev_connector_t block_dev_connectors[MAX_IO_FLASH_DEVICES];
++static io_block_dev_spec_t block_dev_spec[MAX_IO_FLASH_DEVICES];
++
++/* Flash devices read/write function pointers */
++static io_block_ops_t flashs_ops[MAX_IO_FLASH_DEVICES] = {
++ [0] = {.read = flash0_read, .write = flash0_write},
++ [1] = {.read = flash1_read, .write = flash1_write},
++};
++
++/* Flash ops functions */
++static size_t flash_read(int lba, uintptr_t buf, size_t size, size_t flash_id) {
++ ARM_DRIVER_FLASH *flash_driver =
++ ((ARM_DRIVER_FLASH *)flash_dev_specs[flash_id]->flash_driver);
++ ARM_FLASH_INFO *info = flash_driver->GetInfo();
++ uint32_t addr = info->sector_size * lba;
++ uint32_t offset = addr - flash_dev_specs[flash_id]->base_addr;
++ size_t rem = info->sector_count * info->sector_size - offset;
++ size_t cnt = size < rem ? size : rem;
++
++ return flash_driver->ReadData(offset, buf, cnt);
++}
++
++static size_t flash_write(int lba, const uintptr_t buf, size_t size,
++ size_t flash_id) {
++ ARM_DRIVER_FLASH *flash_driver =
++ ((ARM_DRIVER_FLASH *)flash_dev_specs[flash_id]->flash_driver);
++ ARM_FLASH_INFO *info = flash_driver->GetInfo();
++ int32_t rc = 0;
++ uint32_t addr = info->sector_size * lba;
++ uint32_t offset = addr - flash_dev_specs[flash_id]->base_addr;
++ size_t rem = info->sector_count * info->sector_size - offset;
++ size_t cnt = size < rem ? size : rem;
++
++ flash_driver->EraseSector(offset);
++ rc = flash_driver->ProgramData(offset, buf, cnt);
++ return rc;
++}
++
++/* Flash ops functions wrapper for each device */
++
++static size_t flash0_read(int lba, uintptr_t buf, size_t size) {
++ return flash_read(lba, buf, size, 0);
++}
++
++static size_t flash0_write(int lba, uintptr_t buf, size_t size) {
++ return flash_write(lba, buf, size, 0);
++}
++
++static size_t flash1_read(int lba, uintptr_t buf, size_t size) {
++ return flash_read(lba, buf, size, 1);
++}
++
++static size_t flash1_write(int lba, uintptr_t buf, size_t size) {
++ return flash_write(lba, buf, size, 1);
++}
++
++/**
++ * Helper function to find the index of stored flash_dev_specs or
++ * return a free slot in case of a new dev_spec
++ */
++static int find_flash_dev_specs(const uintptr_t dev_spec) {
++ /* Search in the saved ones */
++ for (int i = 0; i < flash_dev_count; ++i) {
++ if (flash_dev_specs[i] != NULL &&
++ flash_dev_specs[i]->flash_driver ==
++ ((io_flash_dev_spec_t *)dev_spec)->flash_driver) {
++ return i;
++ }
++ }
++ /* Find the first empty flash_dev_specs to be used */
++ for (int i = 0; i < flash_dev_count; ++i) {
++ if (flash_dev_specs[i] == NULL) {
++ return i;
++ }
++ }
++ return -1;
++}
++
++/**
++ * This function should be called
++ */
++static int flash_dev_open(const uintptr_t dev_spec, io_dev_info_t **dev_info) {
++ ARM_DRIVER_FLASH *flash_driver;
++ assert(dev_info != NULL);
++ assert(dev_spec != NULL);
++
++ size_t index = find_flash_dev_specs(dev_spec);
++
++ /* Check if Flash ops functions are defined for this flash */
++ assert(flashs_ops[index].read && flashs_ops[index].write);
++
++ flash_dev_specs[index] = dev_spec;
++ flash_driver = flash_dev_specs[index]->flash_driver;
++
++ block_dev_spec[index].block_size = flash_driver->GetInfo()->sector_size;
++ block_dev_spec[index].buffer.offset = flash_dev_specs[index]->buffer;
++ block_dev_spec[index].buffer.length = flash_dev_specs[index]->bufferlen;
++ block_dev_spec[index].ops = flashs_ops[index];
++
++ flash_driver->Initialize(NULL);
++
++ block_dev_connectors[index].dev_open(&block_dev_spec[index], dev_info);
++
++ return 0;
++}
++
++/* Exported functions */
++
++/**
++ * Register the flash device.
++ * Internally it register a block device.
++ */
++int register_io_dev_flash(const io_dev_connector_t **dev_con) {
++ int result;
++
++ if (flash_dev_count >= MAX_IO_FLASH_DEVICES) {
++ return -ENOENT;
++ }
++ assert(dev_con != NULL);
++
++ result = register_io_dev_block(dev_con);
++ if (result == 0) {
++ /* Store the block dev connector */
++ block_dev_connectors[flash_dev_count++] = **dev_con;
++ /* Override dev_con with the flash dev connector */
++ *dev_con = &flash_dev_connector;
++ }
++ return result;
++}
+diff --git a/platform/ext/target/arm/corstone1000/io/io_flash.h b/platform/ext/target/arm/corstone1000/io/io_flash.h
+new file mode 100644
+index 0000000000..8bc38b5824
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/io/io_flash.h
+@@ -0,0 +1,37 @@
++/*
++ * Copyright (c) 2022 Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: Apache-2.0
++ *
++ * Licensed under the Apache License, Version 2.0 (the License); you may
++ * not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
++ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#ifndef __IO_FLASH_H__
++#define __IO_FLASH_H__
++
++#include "io_storage.h"
++
++typedef struct io_flash_dev_spec {
++ uintptr_t buffer;
++ size_t bufferlen;
++ uint32_t base_addr;
++ uintptr_t flash_driver;
++} io_flash_dev_spec_t;
++
++struct io_dev_connector;
++
++/* Register the flash driver with the IO abstraction internally it register a
++ * block device*/
++int register_io_dev_flash(const struct io_dev_connector **dev_con);
++
++#endif /* __IO_FLASH_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/io/io_storage.c b/platform/ext/target/arm/corstone1000/io/io_storage.c
+new file mode 100644
+index 0000000000..f26f4980f0
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/io/io_storage.c
+@@ -0,0 +1,289 @@
++/*
++ * Copyright (c) 2022 Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: Apache-2.0
++ *
++ * Licensed under the Apache License, Version 2.0 (the License); you may
++ * not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
++ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#include <assert.h>
++#include <errno.h>
++#include <stdbool.h>
++
++#include "io_defs.h"
++#include "io_driver.h"
++
++/* Storage for a fixed maximum number of IO entities, definable by platform */
++static io_entity_t entity_pool[MAX_IO_HANDLES];
++
++/* Simple way of tracking used storage - each entry is NULL or a pointer to an
++ * entity */
++static io_entity_t *entity_map[MAX_IO_HANDLES];
++
++/* Track number of allocated entities */
++static unsigned int entity_count;
++
++/* Array of fixed maximum of registered devices, definable by platform */
++static const io_dev_info_t *devices[MAX_IO_DEVICES];
++
++/* Number of currently registered devices */
++static unsigned int dev_count;
++
++/* Return a boolean value indicating whether a device connector is valid */
++static bool is_valid_dev_connector(const io_dev_connector_t *dev_con) {
++ return (dev_con != NULL) && (dev_con->dev_open != NULL);
++}
++
++/* Return a boolean value indicating whether a device handle is valid */
++static bool is_valid_dev(const uintptr_t dev_handle) {
++ const io_dev_info_t *dev = (io_dev_info_t *)dev_handle;
++
++ return (dev != NULL) && (dev->funcs != NULL) &&
++ (dev->funcs->type != NULL) && (dev->funcs->type() < IO_TYPE_MAX);
++}
++
++/* Return a boolean value indicating whether an IO entity is valid */
++static bool is_valid_entity(const uintptr_t handle) {
++ const io_entity_t *entity = (io_entity_t *)handle;
++
++ return (entity != NULL) && (is_valid_dev((uintptr_t)entity->dev_handle));
++}
++
++/* Return a boolean value indicating whether a seek mode is valid */
++static bool is_valid_seek_mode(io_seek_mode_t mode) {
++ return ((mode != IO_SEEK_INVALID) && (mode < IO_SEEK_MAX));
++}
++
++/* Open a connection to a specific device */
++static int io_storage_dev_open(const io_dev_connector_t *dev_con,
++ const uintptr_t dev_spec,
++ io_dev_info_t **dev_info) {
++ assert(dev_info != NULL);
++ assert(is_valid_dev_connector(dev_con));
++
++ return dev_con->dev_open(dev_spec, dev_info);
++}
++
++/* Set a handle to track an entity */
++static void set_handle(uintptr_t *handle, io_entity_t *entity) {
++ assert(handle != NULL);
++ *handle = (uintptr_t)entity;
++}
++
++/* Locate an entity in the pool, specified by address */
++static int find_first_entity(const io_entity_t *entity,
++ unsigned int *index_out) {
++ int result = -ENOENT;
++ for (unsigned int index = 0; index < MAX_IO_HANDLES; ++index) {
++ if (entity_map[index] == entity) {
++ result = 0;
++ *index_out = index;
++ break;
++ }
++ }
++ return result;
++}
++
++/* Allocate an entity from the pool and return a pointer to it */
++static int allocate_entity(io_entity_t **entity) {
++ int result = -ENOMEM;
++ assert(entity != NULL);
++
++ if (entity_count < MAX_IO_HANDLES) {
++ unsigned int index = 0;
++ result = find_first_entity(NULL, &index);
++ assert(result == 0);
++ *entity = &entity_pool[index];
++ entity_map[index] = &entity_pool[index];
++ ++entity_count;
++ }
++
++ return result;
++}
++
++/* Release an entity back to the pool */
++static int free_entity(const io_entity_t *entity) {
++ int result;
++ unsigned int index = 0;
++ assert(entity != NULL);
++
++ result = find_first_entity(entity, &index);
++ if (result == 0) {
++ entity_map[index] = NULL;
++ --entity_count;
++ }
++
++ return result;
++}
++
++/* Exported API */
++
++/* Register an io device */
++int io_register_device(const io_dev_info_t *dev_info) {
++ int result = -ENOMEM;
++ assert(dev_info != NULL);
++
++ if (dev_count < MAX_IO_DEVICES) {
++ devices[dev_count] = dev_info;
++ dev_count++;
++ result = 0;
++ }
++
++ return result;
++}
++
++/* Open a connection to an IO device */
++int io_dev_open(const io_dev_connector_t *dev_con, const uintptr_t dev_spec,
++ uintptr_t *handle) {
++ assert(handle != NULL);
++ return io_storage_dev_open(dev_con, dev_spec, (io_dev_info_t **)handle);
++}
++
++/* Initialise an IO device explicitly - to permit lazy initialisation or
++ * re-initialisation */
++int io_dev_init(uintptr_t dev_handle, const uintptr_t init_params) {
++ int result = 0;
++ assert(dev_handle != (uintptr_t)NULL);
++ assert(is_valid_dev(dev_handle));
++
++ io_dev_info_t *dev = (io_dev_info_t *)dev_handle;
++
++ /* Absence of registered function implies NOP here */
++ if (dev->funcs->dev_init != NULL) {
++ result = dev->funcs->dev_init(dev, init_params);
++ }
++
++ return result;
++}
++
++/* Close a connection to a device */
++int io_dev_close(uintptr_t dev_handle) {
++ int result = 0;
++ assert(dev_handle != (uintptr_t)NULL);
++ assert(is_valid_dev(dev_handle));
++
++ io_dev_info_t *dev = (io_dev_info_t *)dev_handle;
++
++ /* Absence of registered function implies NOP here */
++ if (dev->funcs->dev_close != NULL) {
++ result = dev->funcs->dev_close(dev);
++ }
++
++ return result;
++}
++
++/* Synchronous operations */
++
++/* Open an IO entity */
++int io_open(uintptr_t dev_handle, const uintptr_t spec, uintptr_t *handle) {
++ int result;
++ assert((spec != (uintptr_t)NULL) && (handle != NULL));
++ assert(is_valid_dev(dev_handle));
++
++ io_dev_info_t *dev = (io_dev_info_t *)dev_handle;
++ io_entity_t *entity;
++
++ result = allocate_entity(&entity);
++
++ if (result == 0) {
++ assert(dev->funcs->open != NULL);
++ result = dev->funcs->open(dev, spec, entity);
++
++ if (result == 0) {
++ entity->dev_handle = dev;
++ set_handle(handle, entity);
++ } else
++ free_entity(entity);
++ }
++ return result;
++}
++
++/* Seek to a specific position in an IO entity */
++int io_seek(uintptr_t handle, io_seek_mode_t mode, int32_t offset) {
++ int result = -ENODEV;
++ assert(is_valid_entity(handle) && is_valid_seek_mode(mode));
++
++ io_entity_t *entity = (io_entity_t *)handle;
++
++ io_dev_info_t *dev = entity->dev_handle;
++
++ if (dev->funcs->seek != NULL)
++ result = dev->funcs->seek(entity, mode, offset);
++
++ return result;
++}
++
++/* Determine the length of an IO entity */
++int io_size(uintptr_t handle, size_t *length) {
++ int result = -ENODEV;
++ assert(is_valid_entity(handle) && (length != NULL));
++
++ io_entity_t *entity = (io_entity_t *)handle;
++
++ io_dev_info_t *dev = entity->dev_handle;
++
++ if (dev->funcs->size != NULL) result = dev->funcs->size(entity, length);
++
++ return result;
++}
++
++/* Read data from an IO entity */
++int io_read(uintptr_t handle, uintptr_t buffer, size_t length,
++ size_t *length_read) {
++ int result = -ENODEV;
++ assert(is_valid_entity(handle));
++
++ io_entity_t *entity = (io_entity_t *)handle;
++
++ io_dev_info_t *dev = entity->dev_handle;
++
++ if (dev->funcs->read != NULL)
++ result = dev->funcs->read(entity, buffer, length, length_read);
++
++ return result;
++}
++
++/* Write data to an IO entity */
++int io_write(uintptr_t handle, const uintptr_t buffer, size_t length,
++ size_t *length_written) {
++ int result = -ENODEV;
++ assert(is_valid_entity(handle));
++
++ io_entity_t *entity = (io_entity_t *)handle;
++
++ io_dev_info_t *dev = entity->dev_handle;
++
++ if (dev->funcs->write != NULL) {
++ result = dev->funcs->write(entity, buffer, length, length_written);
++ }
++
++ return result;
++}
++
++/* Close an IO entity */
++int io_close(uintptr_t handle) {
++ int result = 0;
++ assert(is_valid_entity(handle));
++
++ io_entity_t *entity = (io_entity_t *)handle;
++
++ io_dev_info_t *dev = entity->dev_handle;
++
++ /* Absence of registered function implies NOP here */
++ if (dev->funcs->close != NULL) result = dev->funcs->close(entity);
++
++ /* Ignore improbable free_entity failure */
++ (void)free_entity(entity);
++
++ return result;
++}
+diff --git a/platform/ext/target/arm/corstone1000/io/io_storage.h b/platform/ext/target/arm/corstone1000/io/io_storage.h
+new file mode 100644
+index 0000000000..0cdca5b269
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/io/io_storage.h
+@@ -0,0 +1,92 @@
++/*
++ * Copyright (c) 2022 Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: Apache-2.0
++ *
++ * Licensed under the Apache License, Version 2.0 (the License); you may
++ * not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
++ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#ifndef __IO_STORAGE_H__
++#define __IO_STORAGE_H__
++
++#include <stddef.h>
++#include <stdint.h>
++
++/* Access modes used when accessing data on a device */
++#define IO_MODE_INVALID (0)
++#define IO_MODE_RO (1 << 0)
++#define IO_MODE_RW (1 << 1)
++
++/* Device type which can be used to enable policy decisions about which device
++ * to access */
++typedef enum {
++ IO_TYPE_INVALID,
++ IO_TYPE_SEMIHOSTING,
++ IO_TYPE_MEMMAP,
++ IO_TYPE_DUMMY,
++ IO_TYPE_FIRMWARE_IMAGE_PACKAGE,
++ IO_TYPE_BLOCK,
++ IO_TYPE_MTD,
++ IO_TYPE_MMC,
++ IO_TYPE_STM32IMAGE,
++ IO_TYPE_ENCRYPTED,
++ IO_TYPE_MAX
++} io_type_t;
++
++/* Modes used when seeking data on a supported device */
++typedef enum {
++ IO_SEEK_INVALID,
++ IO_SEEK_SET,
++ IO_SEEK_END,
++ IO_SEEK_CUR,
++ IO_SEEK_MAX
++} io_seek_mode_t;
++
++/* Connector type, providing a means of identifying a device to open */
++struct io_dev_connector;
++
++/* Block specification - used to refer to data on a device supporting
++ * block-like entities */
++typedef struct io_block_spec {
++ size_t offset;
++ size_t length;
++} io_block_spec_t;
++
++
++/* Open a connection to a device */
++int io_dev_open(const struct io_dev_connector *dev_con,
++ const uintptr_t dev_spec, uintptr_t *handle);
++
++/* Initialise a device explicitly - to permit lazy initialisation or
++ * re-initialisation */
++int io_dev_init(uintptr_t dev_handle, const uintptr_t init_params);
++
++/* Close a connection to a device */
++int io_dev_close(uintptr_t dev_handle);
++
++/* Synchronous operations */
++int io_open(uintptr_t dev_handle, const uintptr_t spec, uintptr_t *handle);
++
++int io_seek(uintptr_t handle, io_seek_mode_t mode, int32_t offset);
++
++int io_size(uintptr_t handle, size_t *length);
++
++int io_read(uintptr_t handle, uintptr_t buffer, size_t length,
++ size_t *length_read);
++
++int io_write(uintptr_t handle, const uintptr_t buffer, size_t length,
++ size_t *length_written);
++
++int io_close(uintptr_t handle);
++
++#endif /* __IO_STORAGE_H__ */
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-corstone1000-Add-IO-test-in-ci_regressions.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-corstone1000-Add-IO-test-in-ci_regressions.patch
new file mode 100644
index 0000000..a4da13e
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-corstone1000-Add-IO-test-in-ci_regressions.patch
@@ -0,0 +1,646 @@
+From 3bca7e6bae9a5017fff83b0a7d2d0d78b422a741 Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Mon, 7 Nov 2022 12:51:58 +0000
+Subject: [PATCH 02/10] Platform: corstone1000: Add IO test in ci_regressions
+
+The test is simply writing data on the edge of a block
+then reading back again.
+this test is preformed on two flash devices:
+- Nor Flash
+- Flash emu in the SRAM for testing
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Change-Id: I4950086e9e3dcbde29ab5b4ed5fe61fec7ebec86
+Upstream-Status: Accepted [TF-Mv1.8.0]
+---
+ .../ci_regression_tests/CMakeLists.txt | 10 +
+ .../Driver_Flash_SRAM_Emu.c | 327 ++++++++++++++++++
+ .../ci_regression_tests/s_io_storage_test.c | 147 ++++++++
+ .../ci_regression_tests/s_io_storage_test.h | 15 +
+ .../corstone1000/ci_regression_tests/s_test.c | 5 +
+ .../ci_regression_tests/s_test_config.cmake | 5 +
+ .../ci_regression_tests/test_flash.h | 25 ++
+ 7 files changed, 534 insertions(+)
+ create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/Driver_Flash_SRAM_Emu.c
+ create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_io_storage_test.c
+ create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_io_storage_test.h
+ create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/test_flash.h
+
+diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt b/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt
+index 9543e29e55..405b2b3702 100644
+--- a/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt
+@@ -17,12 +17,18 @@ target_sources(tfm_test_suite_extra_s
+ PRIVATE
+ ${CMAKE_CURRENT_SOURCE_DIR}/s_test.c
+ ../Native_Driver/firewall.c
++ ../io/io_storage.c
++ ../io/io_block.c
++ ../io/io_flash.c
++ Driver_Flash_SRAM_Emu.c
++ s_io_storage_test.c
+ )
+
+ target_include_directories(tfm_test_suite_extra_s
+ PRIVATE
+ ../Device/Include
+ ../Native_Driver
++ ../io
+ )
+
+ target_link_libraries(tfm_test_suite_extra_s
+@@ -33,4 +39,8 @@ target_link_libraries(tfm_test_suite_extra_s
+ target_compile_definitions(tfm_test_suite_extra_s
+ PRIVATE
+ $<$<BOOL:${PLATFORM_IS_FVP}>:PLATFORM_IS_FVP>
++ TEST_FLASH_SIZE_IN_BYTES=${TEST_FLASH_SIZE_IN_BYTES}
++ TEST_FLASH_SECTOR_SIZE_IN_BYTES=${TEST_FLASH_SECTOR_SIZE_IN_BYTES}
++ TEST_FLASH_PAGE_SIZE=${TEST_FLASH_PAGE_SIZE}
++ TEST_FLASH_PROGRAM_UNIT=${TEST_FLASH_PROGRAM_UNIT}
+ )
+diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/Driver_Flash_SRAM_Emu.c b/platform/ext/target/arm/corstone1000/ci_regression_tests/Driver_Flash_SRAM_Emu.c
+new file mode 100644
+index 0000000000..06b6b51c09
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/Driver_Flash_SRAM_Emu.c
+@@ -0,0 +1,327 @@
++/*
++ * Copyright (c) 2013-2022 ARM Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: Apache-2.0
++ *
++ * Licensed under the Apache License, Version 2.0 (the License); you may
++ * not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ * www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
++ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#include <string.h>
++#include <stdint.h>
++#include "Driver_Flash.h"
++#include "test_flash.h"
++#include "tfm_sp_log.h"
++
++#ifndef ARG_UNUSED
++#define ARG_UNUSED(arg) ((void)arg)
++#endif
++
++/* Driver version */
++#define ARM_FLASH_DRV_VERSION ARM_DRIVER_VERSION_MAJOR_MINOR(1, 1)
++#define ARM_FLASH_DRV_ERASE_VALUE 0xFF
++
++
++/**
++ * There is no real flash memory. This driver just emulates a flash
++ * interface and behaviour on top of the SRAM memory.
++ */
++
++/**
++ * Data width values for ARM_FLASH_CAPABILITIES::data_width
++ * \ref ARM_FLASH_CAPABILITIES
++ */
++ enum {
++ DATA_WIDTH_8BIT = 0u,
++ DATA_WIDTH_16BIT,
++ DATA_WIDTH_32BIT,
++ DATA_WIDTH_ENUM_SIZE
++};
++
++static const uint32_t data_width_byte[DATA_WIDTH_ENUM_SIZE] = {
++ sizeof(uint8_t),
++ sizeof(uint16_t),
++ sizeof(uint32_t),
++};
++
++
++/*
++ * ARM FLASH device structure
++ *
++ */
++struct arm_flash_dev_t {
++ const uint8_t* memory_base; /*!< FLASH memory base address */
++ ARM_FLASH_INFO *data; /*!< FLASH data */
++};
++
++/* Flash emulated memory */
++static uint8_t flash_memory[TEST_FLASH_SIZE_IN_BYTES]
++ __attribute__((aligned(TEST_FLASH_SECTOR_SIZE_IN_BYTES)));
++
++/* Flash Status */
++static ARM_FLASH_STATUS FlashStatus = {0, 0, 0};
++
++/* Driver Version */
++static const ARM_DRIVER_VERSION DriverVersion = {
++ ARM_FLASH_API_VERSION,
++ ARM_FLASH_DRV_VERSION
++};
++
++/* Driver Capabilities */
++static const ARM_FLASH_CAPABILITIES DriverCapabilities = {
++ 0, /* event_ready */
++ 0, /* data_width = 0:8-bit, 1:16-bit, 2:32-bit */
++ 1 /* erase_chip */
++};
++
++static int32_t is_range_valid(struct arm_flash_dev_t *flash_dev,
++ uint32_t offset)
++{
++ uint32_t flash_limit = 0;
++ int32_t rc = 0;
++
++ flash_limit = (flash_dev->data->sector_count * flash_dev->data->sector_size);
++ if (offset > flash_limit) {
++ rc = -1;
++ }
++ return rc;
++}
++
++static int32_t is_write_aligned(struct arm_flash_dev_t *flash_dev,
++ uint32_t param)
++{
++ int32_t rc = 0;
++
++ if ((param % flash_dev->data->program_unit) != 0) {
++ rc = -1;
++ }
++ return rc;
++}
++
++static int32_t is_sector_aligned(struct arm_flash_dev_t *flash_dev,
++ uint32_t offset)
++{
++ int32_t rc = 0;
++
++ if ((offset % flash_dev->data->sector_size) != 0) {
++ rc = -1;
++ }
++ return rc;
++}
++
++static int32_t is_flash_ready_to_write(const uint8_t *start_addr, uint32_t cnt)
++{
++ int32_t rc = 0;
++ uint32_t i;
++
++ for (i = 0; i < cnt; i++) {
++ if(start_addr[i] != ARM_FLASH_DRV_ERASE_VALUE) {
++ rc = -1;
++ break;
++ }
++ }
++
++ return rc;
++}
++
++static ARM_FLASH_INFO ARM_TEST_FLASH_DEV_DATA = {
++ .sector_info = NULL,/* Uniform sector layout */
++ .sector_count = TEST_FLASH_SIZE_IN_BYTES / TEST_FLASH_SECTOR_SIZE_IN_BYTES,
++ .sector_size = TEST_FLASH_SECTOR_SIZE_IN_BYTES,
++ .page_size = TEST_FLASH_PAGE_SIZE,
++ .program_unit = TEST_FLASH_PROGRAM_UNIT,
++ .erased_value = ARM_FLASH_DRV_ERASE_VALUE};
++
++static struct arm_flash_dev_t ARM_TEST_FLASH_DEV = {
++ .memory_base = flash_memory,
++ .data = &(ARM_TEST_FLASH_DEV_DATA)};
++
++static struct arm_flash_dev_t *TEST_FLASH_DEV = &ARM_TEST_FLASH_DEV;
++
++/*
++ * Functions
++ */
++
++static ARM_DRIVER_VERSION ARM_Flash_GetVersion(void)
++{
++ return DriverVersion;
++}
++
++static ARM_FLASH_CAPABILITIES ARM_Flash_GetCapabilities(void)
++{
++ return DriverCapabilities;
++}
++
++static int32_t ARM_Flash_Initialize(ARM_Flash_SignalEvent_t cb_event)
++{
++ ARG_UNUSED(cb_event);
++
++ if (DriverCapabilities.data_width >= DATA_WIDTH_ENUM_SIZE) {
++ return ARM_DRIVER_ERROR;
++ }
++
++ /* Nothing to be done */
++ return ARM_DRIVER_OK;
++}
++
++static int32_t ARM_Flash_Uninitialize(void)
++{
++ /* Nothing to be done */
++ return ARM_DRIVER_OK;
++}
++
++static int32_t ARM_Flash_PowerControl(ARM_POWER_STATE state)
++{
++ switch (state) {
++ case ARM_POWER_FULL:
++ /* Nothing to be done */
++ return ARM_DRIVER_OK;
++ break;
++
++ case ARM_POWER_OFF:
++ case ARM_POWER_LOW:
++ default:
++ return ARM_DRIVER_ERROR_UNSUPPORTED;
++ }
++}
++
++static int32_t ARM_Flash_ReadData(uint32_t addr, void *data, uint32_t cnt)
++{
++ int32_t rc = 0;
++
++ /* The addr given is a relative address*/
++ uint32_t offset = addr;
++ addr += (uint32_t)(TEST_FLASH_DEV->memory_base);
++
++ /* Conversion between data items and bytes */
++ cnt *= data_width_byte[DriverCapabilities.data_width];
++
++ /* Check flash memory boundaries */
++ rc = is_range_valid(TEST_FLASH_DEV, offset + cnt);
++ if (rc != 0) {
++ return ARM_DRIVER_ERROR_PARAMETER;
++ }
++
++ /* Flash interface just emulated over SRAM, use memcpy */
++ memcpy(data, (void *)addr, cnt);
++
++ /* Conversion between bytes and data items */
++ cnt /= data_width_byte[DriverCapabilities.data_width];
++
++ return cnt;
++}
++
++static int32_t ARM_Flash_ProgramData(uint32_t addr, const void *data,
++ uint32_t cnt)
++{
++ int32_t rc = 0;
++
++ /* The addr given is a relative address*/
++ uint32_t offset = addr;
++ addr += (uint32_t)(TEST_FLASH_DEV->memory_base);
++
++ /* Conversion between data items and bytes */
++ cnt *= data_width_byte[DriverCapabilities.data_width];
++
++ /* Check flash memory boundaries and alignment with minimal write size */
++ rc = is_range_valid(TEST_FLASH_DEV, offset + cnt);
++ rc |= is_write_aligned(TEST_FLASH_DEV, offset);
++ rc |= is_write_aligned(TEST_FLASH_DEV, cnt);
++ if (rc != 0) {
++ return ARM_DRIVER_ERROR_PARAMETER;
++ }
++
++ /* Check if the flash area to write the data was erased previously */
++ rc = is_flash_ready_to_write((const uint8_t*)addr, cnt);
++ if (rc != 0) {
++ return ARM_DRIVER_ERROR;
++ }
++
++ /* Flash interface just emulated over SRAM, use memcpy */
++ memcpy((void *)addr, data, cnt);
++
++ /* Conversion between bytes and data items */
++ cnt /= data_width_byte[DriverCapabilities.data_width];
++
++ return cnt;
++}
++
++static int32_t ARM_Flash_EraseSector(uint32_t addr)
++{
++ uint32_t rc = 0;
++
++ /* The addr given is a relative address*/
++ uint32_t offset = addr;
++ addr += (uint32_t)(TEST_FLASH_DEV->memory_base);
++
++ rc = is_range_valid(TEST_FLASH_DEV, offset);
++ rc |= is_sector_aligned(TEST_FLASH_DEV, offset);
++ if (rc != 0) {
++ return ARM_DRIVER_ERROR_PARAMETER;
++ }
++
++ /* Flash interface just emulated over SRAM, use memset */
++ memset((void *)addr,
++ TEST_FLASH_DEV->data->erased_value,
++ TEST_FLASH_DEV->data->sector_size);
++ return ARM_DRIVER_OK;
++}
++
++static int32_t ARM_Flash_EraseChip(void)
++{
++ uint32_t i;
++ uint32_t addr = TEST_FLASH_DEV->memory_base;
++ int32_t rc = ARM_DRIVER_ERROR_UNSUPPORTED;
++
++ /* Check driver capability erase_chip bit */
++ if (DriverCapabilities.erase_chip == 1) {
++ for (i = 0; i < TEST_FLASH_DEV->data->sector_count; i++) {
++ /* Flash interface just emulated over SRAM, use memset */
++ memset((void *)addr,
++ TEST_FLASH_DEV->data->erased_value,
++ TEST_FLASH_DEV->data->sector_size);
++
++ addr += TEST_FLASH_DEV->data->sector_size;
++ rc = ARM_DRIVER_OK;
++ }
++ }
++ return rc;
++}
++
++static ARM_FLASH_STATUS ARM_Flash_GetStatus(void)
++{
++ return FlashStatus;
++}
++
++static ARM_FLASH_INFO * ARM_Flash_GetInfo(void)
++{
++ return TEST_FLASH_DEV->data;
++}
++
++
++/* Global Variables */
++
++ARM_DRIVER_FLASH Driver_TEST_FLASH = {
++ ARM_Flash_GetVersion,
++ ARM_Flash_GetCapabilities,
++ ARM_Flash_Initialize,
++ ARM_Flash_Uninitialize,
++ ARM_Flash_PowerControl,
++ ARM_Flash_ReadData,
++ ARM_Flash_ProgramData,
++ ARM_Flash_EraseSector,
++ ARM_Flash_EraseChip,
++ ARM_Flash_GetStatus,
++ ARM_Flash_GetInfo
++};
++
++uintptr_t flash_base_address = flash_memory;
+diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_io_storage_test.c b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_io_storage_test.c
+new file mode 100644
+index 0000000000..f8be384a74
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_io_storage_test.c
+@@ -0,0 +1,147 @@
++/*
++ * Copyright (c) 2022, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "s_io_storage_test.h"
++
++#include "Driver_Flash.h"
++#include "flash_layout.h"
++#include "io_block.h"
++#include "io_driver.h"
++#include "io_flash.h"
++#include "tfm_sp_log.h"
++
++#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array)))
++
++extern ARM_DRIVER_FLASH Driver_FLASH0;
++extern ARM_DRIVER_FLASH Driver_TEST_FLASH;
++extern uintptr_t flash_base_address;
++
++void s_test_io_storage_multiple_flash_simultaneous(struct test_result_t *ret) {
++ /* FLASH0 */
++ static io_dev_connector_t* flash0_dev_con;
++ static uint8_t local_block_flash0[FLASH_SECTOR_SIZE];
++ ARM_FLASH_INFO* flash0_info = Driver_FLASH0.GetInfo();
++ size_t flash0_block_size = flash0_info->sector_size;
++ io_flash_dev_spec_t flash0_dev_spec = {
++ .buffer = local_block_flash0,
++ .bufferlen = flash0_block_size,
++ .base_addr = FLASH_BASE_ADDRESS,
++ .flash_driver = &Driver_FLASH0,
++ };
++ io_block_spec_t flash0_spec = {
++ .offset = FLASH_BASE_ADDRESS,
++ .length = flash0_info->sector_count * flash0_info->sector_size};
++ uintptr_t flash0_dev_handle = NULL;
++ uintptr_t flash0_handle = NULL;
++
++ /* EMU TEST FLASH */
++ static io_dev_connector_t* flash_emu_dev_con;
++ static uint8_t local_block_flash_emu[TEST_FLASH_SECTOR_SIZE_IN_BYTES]
++ __attribute__((aligned(TEST_FLASH_SECTOR_SIZE_IN_BYTES)));
++ ARM_FLASH_INFO* flash_emu_info = Driver_TEST_FLASH.GetInfo();
++ size_t flash_emu_block_size = flash_emu_info->sector_size;
++ io_flash_dev_spec_t flash_emu_dev_spec = {
++ .buffer = local_block_flash_emu,
++ .bufferlen = flash_emu_block_size,
++ .base_addr = flash_base_address,
++ .flash_driver = &Driver_TEST_FLASH,
++ };
++ io_block_spec_t flash_emu_spec = {
++ .offset = flash_base_address,
++ .length = flash_emu_info->sector_count * flash_emu_info->sector_size};
++ uintptr_t flash_emu_dev_handle = NULL;
++ uintptr_t flash_emu_handle = NULL;
++
++ /* Common */
++ int rc = -1;
++ static uint8_t test_data[] = {0xEE, 0xDD, 0xCC, 0xBB, 0xAA,
++ 0x10, 0x50, 0xA0, 0xD0, 0x51,
++ 0x55, 0x44, 0x33, 0x22, 0x11};
++ static uint8_t actual_data[15];
++ size_t bytes_written_count = 0;
++ size_t bytes_read_count = 0;
++
++ memset(local_block_flash0, -1, sizeof(local_block_flash0));
++ memset(local_block_flash_emu, -1, sizeof(local_block_flash_emu));
++
++ /* Register */
++ register_io_dev_flash(&flash0_dev_con);
++ register_io_dev_flash(&flash_emu_dev_con);
++
++ io_dev_open(flash0_dev_con, &flash0_dev_spec, &flash0_dev_handle);
++ io_dev_open(flash_emu_dev_con, &flash_emu_dev_spec, &flash_emu_dev_handle);
++
++ /* Write Data */
++ io_open(flash0_dev_handle, &flash0_spec, &flash0_handle);
++ io_open(flash_emu_dev_handle, &flash_emu_spec, &flash_emu_handle);
++
++ io_seek(flash0_handle, IO_SEEK_SET,
++ BANK_1_PARTITION_OFFSET + flash0_info->sector_size - 7);
++ io_seek(flash_emu_handle, IO_SEEK_SET, flash_emu_info->sector_size - 7);
++
++ io_write(flash0_handle, test_data, ARRAY_LENGTH(test_data),
++ &bytes_written_count);
++ if (bytes_written_count != ARRAY_LENGTH(test_data)) {
++ LOG_ERRFMT("io_write failed to write %d bytes for flash0",
++ ARRAY_LENGTH(test_data));
++ LOG_ERRFMT("bytes_written_count %d for flash0", bytes_written_count);
++ ret->val = TEST_FAILED;
++ }
++ io_write(flash_emu_handle, test_data, ARRAY_LENGTH(test_data),
++ &bytes_written_count);
++ if (bytes_written_count != ARRAY_LENGTH(test_data)) {
++ LOG_ERRFMT("io_write failed to write %d bytes for flash emu",
++ ARRAY_LENGTH(test_data));
++ LOG_ERRFMT("bytes_written_count %d for flash emu", bytes_written_count);
++ ret->val = TEST_FAILED;
++ }
++ io_close(flash0_handle);
++ io_close(flash_emu_handle);
++
++ /* Read Data */
++ io_open(flash0_dev_handle, &flash0_spec, &flash0_handle);
++ io_open(flash_emu_dev_handle, &flash_emu_spec, &flash_emu_handle);
++
++ io_seek(flash0_handle, IO_SEEK_SET,
++ BANK_1_PARTITION_OFFSET + flash0_info->sector_size - 7);
++ io_seek(flash_emu_handle, IO_SEEK_SET, flash_emu_info->sector_size - 7);
++
++ /* Flash0 */
++ io_read(flash0_handle, actual_data, ARRAY_LENGTH(actual_data),
++ &bytes_read_count);
++ if (bytes_read_count != ARRAY_LENGTH(test_data)) {
++ LOG_ERRFMT("io_read failed to read %d bytes for flash0",
++ ARRAY_LENGTH(test_data));
++ LOG_ERRFMT("bytes_read_count %d for flash0", bytes_read_count);
++ ret->val = TEST_FAILED;
++ }
++ if (memcmp((uint8_t*)test_data, actual_data, ARRAY_LENGTH(actual_data)) !=
++ 0) {
++ LOG_ERRFMT("Data written != Data read\r\n");
++ ret->val = TEST_FAILED;
++ }
++
++ memset(actual_data, -1, sizeof(actual_data));
++
++ /* Flash Emu */
++ io_read(flash_emu_handle, actual_data, ARRAY_LENGTH(actual_data),
++ &bytes_read_count);
++ if (bytes_read_count != ARRAY_LENGTH(test_data)) {
++ LOG_ERRFMT("io_read failed to read %d bytes for flash emu",
++ ARRAY_LENGTH(test_data));
++ LOG_ERRFMT("bytes_read_count %d for flash emu", bytes_read_count);
++ ret->val = TEST_FAILED;
++ }
++ if (memcmp((uint8_t*)test_data, actual_data, ARRAY_LENGTH(actual_data)) !=
++ 0) {
++ LOG_ERRFMT("Data written != Data read\r\n");
++ ret->val = TEST_FAILED;
++ }
++
++ LOG_INFFMT("PASS: %s\n\r", __func__);
++ ret->val = TEST_PASSED;
++}
+\ No newline at end of file
+diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_io_storage_test.h b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_io_storage_test.h
+new file mode 100644
+index 0000000000..fa9012776f
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_io_storage_test.h
+@@ -0,0 +1,15 @@
++/*
++ * Copyright (c) 2022, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __S_IO_STORAGE_TEST_H__
++#define __S_IO_STORAGE_TEST_H__
++
++#include "extra_s_tests.h"
++
++void s_test_io_storage_multiple_flash_simultaneous(struct test_result_t *ret);
++
++#endif /* __S_IO_STORAGE_TEST_H__ */
+\ No newline at end of file
+diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c
+index a0bf47a04b..9a8453ff57 100644
+--- a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c
++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c
+@@ -11,6 +11,7 @@
+ #include "platform_base_address.h"
+ #include "firewall.h"
+ #include "tfm_sp_log.h"
++#include "s_io_storage_test.h"
+
+ /* TODO: if needed each test function can be made as a separate test case, in
+ * such case EXTRA_TEST_XX definitions can be removed */
+@@ -19,6 +20,8 @@
+
+ #define DISABLED_TEST 0
+
++int test_io_storage_multiple_flash_simultaneous(void);
++
+ enum host_firewall_host_comp_id_t {
+ HOST_FCTRL = (0x00u),
+ COMP_SYSPERIPH,
+@@ -184,6 +187,8 @@ void s_test(struct test_result_t *ret)
+ static struct test_t plat_s_t[] = {
+ {&s_test, "TFM_S_EXTRA_TEST_1001",
+ "Extra Secure test"},
++ {&s_test_io_storage_multiple_flash_simultaneous, "TFM_S_EXTRA_TEST_1002",
++ "Extra Secure test: io storage access multiple flash simultaneous"},
+ };
+
+ void register_testsuite_extra_s_interface(struct test_suite_t *p_test_suite)
+diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake
+index bb8d26bf1c..05b7cd7852 100644
+--- a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake
++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake
+@@ -6,3 +6,8 @@
+ #-------------------------------------------------------------------------------
+
+ ############ Define secure test specific cmake configurations here #############
++
++set (TEST_FLASH_SIZE_IN_BYTES 48U CACHE STRING "The size of the emulated flash used in io tests")
++set (TEST_FLASH_SECTOR_SIZE_IN_BYTES 16U CACHE STRING "The sector size of the emulated flash used in io tests")
++set (TEST_FLASH_PAGE_SIZE 8U CACHE STRING "The page size of the emulated flash used in io tests")
++set (TEST_FLASH_PROGRAM_UNIT 1U CACHE STRING "The program unit of the emulated flash used in io tests")
+diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/test_flash.h b/platform/ext/target/arm/corstone1000/ci_regression_tests/test_flash.h
+new file mode 100644
+index 0000000000..4d073a1d71
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/test_flash.h
+@@ -0,0 +1,25 @@
++/*
++ * Copyright (c) 2017-2022 Arm Limited. All rights reserved.
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#ifndef __TEST_FLASH_H__
++#define __TEST_FLASH_H__
++
++#define TEST_FLASH_SIZE_IN_BYTES (48) // 48 bytes
++#define TEST_FLASH_SECTOR_SIZE_IN_BYTES (16) // 16 bytes
++#define TEST_FLASH_PAGE_SIZE (8U) // 8 bytes
++#define TEST_FLASH_PROGRAM_UNIT (1U) /* 1 B */
++
++#endif /* __TEST_FLASH_H__ */
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Add-soft-crc32-calculation.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Add-soft-crc32-calculation.patch
new file mode 100644
index 0000000..5983a49
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Add-soft-crc32-calculation.patch
@@ -0,0 +1,171 @@
+From 2de11bf9de6d0471772c100c72712d2a09c7cefc Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Wed, 21 Dec 2022 14:44:31 +0000
+Subject: [PATCH 3/10] Platform: corstone1000: Add soft crc32 calculation
+
+crc32 is required by different components.
+for example: during bl1 provisioning crc32 calculation is required
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ .../arm/corstone1000/soft_crc/soft_crc.c | 121 ++++++++++++++++++
+ .../arm/corstone1000/soft_crc/soft_crc.h | 18 +++
+ 2 files changed, 139 insertions(+)
+ create mode 100644 platform/ext/target/arm/corstone1000/soft_crc/soft_crc.c
+ create mode 100644 platform/ext/target/arm/corstone1000/soft_crc/soft_crc.h
+
+diff --git a/platform/ext/target/arm/corstone1000/soft_crc/soft_crc.c b/platform/ext/target/arm/corstone1000/soft_crc/soft_crc.c
+new file mode 100644
+index 0000000000..85f1e30d9f
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/soft_crc/soft_crc.c
+@@ -0,0 +1,121 @@
++/* Copyright (C) 1986 Gary S. Brown. You may use this program, or
++ code or tables extracted from it, as desired without restriction.*/
++
++/* First, the polynomial itself and its table of feedback terms. The */
++/* polynomial is */
++/* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 */
++/* Note that we take it "backwards" and put the highest-order term in */
++/* the lowest-order bit. The X^32 term is "implied"; the LSB is the */
++/* X^31 term, etc. The X^0 term (usually shown as "+1") results in */
++/* the MSB being 1. */
++
++/* Note that the usual hardware shift register implementation, which */
++/* is what we're using (we're merely optimizing it by doing eight-bit */
++/* chunks at a time) shifts bits into the lowest-order term. In our */
++/* implementation, that means shifting towards the right. Why do we */
++/* do it this way? Because the calculated CRC must be transmitted in */
++/* order from highest-order term to lowest-order term. UARTs transmit */
++/* characters in order from LSB to MSB. By storing the CRC this way, */
++/* we hand it to the UART in the order low-byte to high-byte; the UART */
++/* sends each low-bit to hight-bit; and the result is transmission bit */
++/* by bit from highest- to lowest-order term without requiring any bit */
++/* shuffling on our part. Reception works similarly. */
++
++/* The feedback terms table consists of 256, 32-bit entries. Notes: */
++/* */
++/* 1. The table can be generated at runtime if desired; code to do so */
++/* is shown later. It might not be obvious, but the feedback */
++/* terms simply represent the results of eight shift/xor opera- */
++/* tions for all combinations of data and CRC register values. */
++/* */
++/* 2. The CRC accumulation logic is the same for all CRC polynomials, */
++/* be they sixteen or thirty-two bits wide. You simply choose the */
++/* appropriate table. Alternatively, because the table can be */
++/* generated at runtime, you can start by generating the table for */
++/* the polynomial in question and use exactly the same "updcrc", */
++/* if your application needn't simultaneously handle two CRC */
++/* polynomials. (Note, however, that XMODEM is strange.) */
++/* */
++/* 3. For 16-bit CRCs, the table entries need be only 16 bits wide; */
++/* of course, 32-bit entries work OK if the high 16 bits are zero. */
++/* */
++/* 4. The values must be right-shifted by eight bits by the "updcrc" */
++/* logic; the shift must be unsigned (bring in zeroes). On some */
++/* hardware you could probably optimize the shift in assembler by */
++/* using byte-swap instructions. */
++
++/**
++ * The code derived from work by Gary S. Brown.
++*/
++
++#include "soft_crc.h"
++
++
++const static uint32_t crc_32_tab[] = { /* CRC polynomial 0xedb88320 */
++0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
++0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
++0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
++0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
++0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
++0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
++0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
++0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
++0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
++0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
++0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
++0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
++0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
++0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
++0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
++0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
++0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
++0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
++0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
++0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
++0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
++0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
++0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
++0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
++0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
++0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
++0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
++0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
++0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
++0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
++0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
++0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
++0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
++0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
++0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
++0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
++0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
++0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
++0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
++0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
++0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
++0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
++0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
++};
++
++#define UPDC32(octet,crc) (crc_32_tab[((crc)\
++ ^ ((uint8_t)octet)) & 0xff] ^ ((crc) >> 8))
++
++static inline uint32_t crc32buf(char *buf, size_t len)
++{
++ register uint32_t oldcrc32;
++
++ oldcrc32 = 0xFFFFFFFF;
++
++ for ( ; len; --len, ++buf)
++ {
++ oldcrc32 = UPDC32(*buf, oldcrc32);
++ }
++
++ return ~oldcrc32;
++}
++
++/* Calculate crc32 */
++uint32_t crc32(const void *buf, size_t len) {
++ return crc32buf(buf, len);
++}
++
+diff --git a/platform/ext/target/arm/corstone1000/soft_crc/soft_crc.h b/platform/ext/target/arm/corstone1000/soft_crc/soft_crc.h
+new file mode 100644
+index 0000000000..e5b06075c9
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/soft_crc/soft_crc.h
+@@ -0,0 +1,18 @@
++/*
++ * Copyright (c) 2023, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __SOFT_CRC_H__
++#define __SOFT_CRC_H__
++
++#include <stddef.h>
++#include <stdint.h>
++
++/* Calculate crc32 */
++uint32_t crc32(const void *buf, size_t len);
++
++#endif /* __SOFT_CRC_H__ */
++
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-Platform-corstone1000-calculate-metadata-crc32.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-Platform-corstone1000-calculate-metadata-crc32.patch
new file mode 100644
index 0000000..4921e3a
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-Platform-corstone1000-calculate-metadata-crc32.patch
@@ -0,0 +1,89 @@
+From 6f8ce3c0f70fecb1e7b990b8b47af16972b90671 Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Wed, 21 Dec 2022 15:13:27 +0000
+Subject: [PATCH 4/10] Platform: corstone1000: calculate metadata crc32
+
+Calculate metadata crc32 during provisioning.
+It is requried to enable TF-A, U-Boot to verify fwu_metadata.
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ platform/ext/target/arm/corstone1000/CMakeLists.txt | 2 ++
+ platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt | 2 ++
+ .../target/arm/corstone1000/fw_update_agent/fwu_agent.c | 7 ++++++-
+ 3 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+index 7808efae68..554fc51b21 100644
+--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+@@ -58,6 +58,7 @@ target_include_directories(platform_s
+ INTERFACE
+ cc312
+ fw_update_agent
++ soft_crc
+ )
+
+ target_sources(platform_s
+@@ -185,6 +186,7 @@ target_include_directories(platform_bl2
+ fip_parser
+ Native_Driver
+ fw_update_agent
++ soft_crc
+ io
+ .
+ INTERFACE
+diff --git a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
+index 62fd0f6ddf..426a8df698 100644
+--- a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
+@@ -229,6 +229,7 @@ target_include_directories(bl1_main
+ $<$<BOOL:${CRYPTO_HW_ACCELERATOR}>:${CMAKE_SOURCE_DIR}/platform/ext/accelerator/cc312>
+ $<$<BOOL:${CRYPTO_HW_ACCELERATOR}>:${CMAKE_SOURCE_DIR}/lib/ext/cryptocell-312-runtime/shared/include/mbedtls>
+ $<$<BOOL:${CRYPTO_HW_ACCELERATOR}>:${CMAKE_SOURCE_DIR}/lib/ext/cryptocell-312-runtime/shared/include/crypto_api/cc3x>
++ ../soft_crc
+ )
+
+ # Configurations based on platform level cmake files
+@@ -241,6 +242,7 @@ target_sources(bl1_main
+ ../Native_Driver/firewall.c
+ ../Native_Driver/uart_pl011_drv.c
+ ../fw_update_agent/fwu_agent.c
++ ../soft_crc/soft_crc.c
+ ../Native_Driver/arm_watchdog_drv.c
+ ../Native_Driver/watchdog.c
+ bl1_boot_hal.c
+diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+index d5491e08db..1a42c72bd5 100644
+--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
++ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+@@ -20,6 +20,7 @@
+ #include "tfm_plat_defs.h"
+ #include "uefi_fmp.h"
+ #include "uart_stdout.h"
++#include "soft_crc.h"
+
+ /* Properties of image in a bank */
+ struct fwu_image_properties {
+@@ -324,6 +325,10 @@ enum fwu_agent_error_t fwu_metadata_provision(void)
+ _metadata.img_entry[i].img_props[BANK_1].version = INVALID_VERSION;
+ }
+
++ /* Calculate CRC32 for fwu metadata */
++ _metadata.crc_32 = crc32((uint8_t *)&_metadata.version,
++ sizeof(struct fwu_metadata) - sizeof(uint32_t));
++
+ ret = metadata_write(&_metadata);
+ if (ret) {
+ return ret;
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-fwu-metadata_read-validate-crc.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-fwu-metadata_read-validate-crc.patch
new file mode 100644
index 0000000..49452b8
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-fwu-metadata_read-validate-crc.patch
@@ -0,0 +1,99 @@
+From 25924b6c0504faae0b0ed680c09fb8996b6aaba6 Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Wed, 21 Dec 2022 15:42:21 +0000
+Subject: [PATCH 5/10] Platform:corstone1000:fwu: metadata_read validate crc
+
+Add validation logic to metadata_read function.
+Also, add metadata_read_without_validation
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ .../target/arm/corstone1000/CMakeLists.txt | 1 +
+ .../corstone1000/fw_update_agent/fwu_agent.c | 51 +++++++++++++++++++
+ 2 files changed, 52 insertions(+)
+
+diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+index 554fc51b21..9db2864033 100644
+--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+@@ -75,6 +75,7 @@ target_sources(platform_s
+ fw_update_agent/uefi_capsule_parser.c
+ fw_update_agent/fwu_agent.c
+ fw_update_agent/uefi_fmp.c
++ soft_crc/soft_crc.c
+ $<$<NOT:$<BOOL:${PLATFORM_DEFAULT_OTP}>>:${PLATFORM_DIR}/ext/accelerator/cc312/otp_cc312.c>
+ )
+
+diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+index 1a42c72bd5..eb17c3a377 100644
+--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+@@ -193,6 +193,53 @@ static enum fwu_agent_error_t private_metadata_write(
+ return FWU_AGENT_SUCCESS;
+ }
+
++static enum fwu_agent_error_t metadata_validate(struct fwu_metadata *p_metadata)
++{
++ int ret;
++
++ FWU_LOG_MSG("%s: enter:\n\r", __func__);
++
++ if (!p_metadata) {
++ return FWU_AGENT_ERROR;
++ }
++
++ uint32_t calculated_crc32 = crc32((uint8_t *)&(p_metadata->version),
++ sizeof(struct fwu_metadata) - sizeof(uint32_t));
++
++ if (p_metadata->crc_32 != calculated_crc32) {
++ FWU_LOG_MSG("%s: failed: crc32 calculated: 0x%x, given: 0x%x\n\r", __func__,
++ calculated_crc32, p_metadata->crc_32);
++ return FWU_AGENT_ERROR;
++ }
++
++ FWU_LOG_MSG("%s: success\n\r", __func__);
++
++ return FWU_AGENT_SUCCESS;
++}
++
++static enum fwu_agent_error_t metadata_read_without_validation(struct fwu_metadata *p_metadata)
++{
++ int ret;
++
++ FWU_LOG_MSG("%s: enter: flash addr = %u, size = %d\n\r", __func__,
++ FWU_METADATA_REPLICA_1_OFFSET, sizeof(struct fwu_metadata));
++
++ if (!p_metadata) {
++ return FWU_AGENT_ERROR;
++ }
++
++ ret = FWU_METADATA_FLASH_DEV.ReadData(FWU_METADATA_REPLICA_1_OFFSET,
++ p_metadata, sizeof(struct fwu_metadata));
++ if (ret < 0 || ret != sizeof(struct fwu_metadata)) {
++ return FWU_AGENT_ERROR;
++ }
++
++ FWU_LOG_MSG("%s: success: active = %u, previous = %d\n\r", __func__,
++ p_metadata->active_index, p_metadata->previous_active_index);
++
++ return FWU_AGENT_SUCCESS;
++}
++
+ static enum fwu_agent_error_t metadata_read(struct fwu_metadata *p_metadata)
+ {
+ int ret;
+@@ -210,6 +257,10 @@ static enum fwu_agent_error_t metadata_read(struct fwu_metadata *p_metadata)
+ return FWU_AGENT_ERROR;
+ }
+
++ if (metadata_validate(p_metadata) != FWU_AGENT_SUCCESS) {
++ return FWU_AGENT_ERROR;
++ }
++
+ FWU_LOG_MSG("%s: success: active = %u, previous = %d\n\r", __func__,
+ p_metadata->active_index, p_metadata->previous_active_index);
+
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-corstone1000-Add-common-platform-logger.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-corstone1000-Add-common-platform-logger.patch
new file mode 100644
index 0000000..a7c17ab
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-corstone1000-Add-common-platform-logger.patch
@@ -0,0 +1,125 @@
+From 9545d9bb44f8fb5af438fb40cab7fefc95d5a9a4 Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Thu, 22 Dec 2022 09:24:50 +0000
+Subject: [PATCH 6/10] Platform:corstone1000: Add common platform logger
+
+platform_log defines log messages macros to be used by the platform code
+It allows defining the module name to be added at the beginning of the log
+message.
+Based on build type PLAT_LOG_LEVEL is defined.
+In case of Debug/RelWithDebInfo PLAT_LOG_LEVEL is defined to Debug level
+else it is defined to OFF.
+
+usage in source file:
+...
+INFO("msg");
+ERROR("msg");
+WARN("msg");
+VERBOSE("msg");
+DBG("msg");
+...
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ .../target/arm/corstone1000/CMakeLists.txt | 1 +
+ .../ext/target/arm/corstone1000/config.cmake | 4 +-
+ .../target/arm/corstone1000/platform_log.h | 60 +++++++++++++++++++
+ 3 files changed, 64 insertions(+), 1 deletion(-)
+ create mode 100644 platform/ext/target/arm/corstone1000/platform_log.h
+
+diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+index 9db2864033..a120f39ea4 100644
+--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+@@ -152,6 +152,7 @@ target_compile_definitions(platform_bl2
+ $<$<BOOL:${PLATFORM_IS_FVP}>:PLATFORM_IS_FVP>
+ $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST>
+ $<$<BOOL:${ENABLE_FWU_AGENT_DEBUG_LOGS}>:ENABLE_FWU_AGENT_DEBUG_LOGS>
++ PLAT_LOG_LEVEL=${PLAT_LOG_LEVEL}
+ )
+
+ # boot_hal_bl2.c is compiled as part of 'bl2' target and not inside
+diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake
+index b71ca672f3..de0b4b64c1 100644
+--- a/platform/ext/target/arm/corstone1000/config.cmake
++++ b/platform/ext/target/arm/corstone1000/config.cmake
+@@ -63,6 +63,8 @@ set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ON CACHE BOOL "Enable Inte
+
+ if (${CMAKE_BUILD_TYPE} STREQUAL Debug OR ${CMAKE_BUILD_TYPE} STREQUAL RelWithDebInfo)
+ set(ENABLE_FWU_AGENT_DEBUG_LOGS TRUE CACHE BOOL "Enable Firmware update agent debug logs.")
+-else()
++ set(PLAT_LOG_LEVEL 4 CACHE STRING "Set platform log level.")
++ else()
+ set(ENABLE_FWU_AGENT_DEBUG_LOGS FALSE CACHE BOOL "Enable Firmware update agent debug logs.")
++ set(PLAT_LOG_LEVEL 0 CACHE STRING "Set platform log level.")
+ endif()
+diff --git a/platform/ext/target/arm/corstone1000/platform_log.h b/platform/ext/target/arm/corstone1000/platform_log.h
+new file mode 100644
+index 0000000000..b3a6e98026
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/platform_log.h
+@@ -0,0 +1,60 @@
++/*
++ * Copyright (c) 2023, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __PLATFORM_LOG_H__
++#define __PLATFORM_LOG_H__
++
++#define PLAT_LOG_LEVEL_OFF (0)
++#define PLAT_LOG_LEVEL_ERROR (1)
++#define PLAT_LOG_LEVEL_WARN (2)
++#define PLAT_LOG_LEVEL_INFO (3)
++#define PLAT_LOG_LEVEL_DEBUG (4)
++
++#ifndef PLAT_LOG_MODULE_NAME
++#define MODULE_NAME_STR " "
++#else
++#define MODULE_NAME_STR "["PLAT_LOG_MODULE_NAME"]: "
++#endif
++
++#ifndef PLAT_LOG_LEVEL
++#warning "Logging level is not defined, default is PLAT_LOG_LEVEL_ERROR."
++#define PLAT_LOG_LEVEL PLAT_LOG_LEVEL_ERROR
++#endif
++
++
++/* System can override PRINTF with other rich format function*/
++#ifndef PRINTF
++#if PLAT_LOG_LEVEL > PLAT_LOG_LEVEL_OFF
++#include <stdio.h>
++#define PRINTF printf
++#endif
++#endif
++
++#if PLAT_LOG_LEVEL >= PLAT_LOG_LEVEL_ERROR
++ #define ERROR(f_, ...) do { PRINTF("\033[31;4m[ERR]:\033[m%s"f_"\r\n", MODULE_NAME_STR, ##__VA_ARGS__); } while (0)
++#else
++ #define ERROR(f_, ...) do { } while(0)
++#endif
++#if PLAT_LOG_LEVEL >= PLAT_LOG_LEVEL_WARN
++ #define WARN(f_, ...) do { PRINTF("\033[33;4m[WRN]:\033[m%s"f_"\r\n", MODULE_NAME_STR, ##__VA_ARGS__); } while (0)
++#else
++ #define WARN(f_, ...) do { } while(0)
++#endif
++#if PLAT_LOG_LEVEL >= PLAT_LOG_LEVEL_INFO
++ #define INFO(f_, ...) do { PRINTF("[INF]:%s"f_"\r\n", MODULE_NAME_STR, ##__VA_ARGS__); } while (0)
++#else
++ #define INFO(f_, ...) do { } while(0)
++#endif
++#if PLAT_LOG_LEVEL >= PLAT_LOG_LEVEL_DEBUG
++ #define VERBOSE(f_, ...) do { PRINTF("[DBG]:%s" f_"\r\n",MODULE_NAME_STR, ##__VA_ARGS__); } while (0)
++ #define DEBUG(f_, ...) do { PRINTF("[DBG]:%s" f_"\r\n",MODULE_NAME_STR, ##__VA_ARGS__); } while (0)
++#else
++ #define VERBOSE(f_, ...) do { } while(0)
++ #define DEBUG(f_, ...) do { } while(0)
++#endif
++
++#endif /* __PLATFORM_LOG_H__ */
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-Platform-corstone1000-Introduce-GPT-parser.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-Platform-corstone1000-Introduce-GPT-parser.patch
new file mode 100644
index 0000000..418c533
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-Platform-corstone1000-Introduce-GPT-parser.patch
@@ -0,0 +1,735 @@
+From 1fdc3000f1ab6f9c1bb792cb8baff16a7517c03a Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Thu, 22 Dec 2022 14:27:41 +0000
+Subject: [PATCH 7/10] Platform:corstone1000: Introduce GPT parser
+
+Adding GPT parser
+Side changes required:
+Includes the implementation of the `plat_get_image_source` function
+in the platform.c file.
+
+The GPT parser requires the function. Given the image id, it should
+return handle to the IO device contains the image and image
+specification that allows IO storage access to the image.
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ .../target/arm/corstone1000/partition/efi.h | 36 ++
+ .../target/arm/corstone1000/partition/gpt.c | 58 ++++
+ .../target/arm/corstone1000/partition/gpt.h | 51 +++
+ .../target/arm/corstone1000/partition/mbr.h | 29 ++
+ .../arm/corstone1000/partition/partition.c | 310 ++++++++++++++++++
+ .../arm/corstone1000/partition/partition.h | 47 +++
+ .../target/arm/corstone1000/partition/uuid.h | 76 +++++
+ .../ext/target/arm/corstone1000/platform.c | 20 ++
+ .../ext/target/arm/corstone1000/platform.h | 14 +
+ 9 files changed, 641 insertions(+)
+ create mode 100644 platform/ext/target/arm/corstone1000/partition/efi.h
+ create mode 100644 platform/ext/target/arm/corstone1000/partition/gpt.c
+ create mode 100644 platform/ext/target/arm/corstone1000/partition/gpt.h
+ create mode 100644 platform/ext/target/arm/corstone1000/partition/mbr.h
+ create mode 100644 platform/ext/target/arm/corstone1000/partition/partition.c
+ create mode 100644 platform/ext/target/arm/corstone1000/partition/partition.h
+ create mode 100644 platform/ext/target/arm/corstone1000/partition/uuid.h
+ create mode 100644 platform/ext/target/arm/corstone1000/platform.c
+ create mode 100644 platform/ext/target/arm/corstone1000/platform.h
+
+diff --git a/platform/ext/target/arm/corstone1000/partition/efi.h b/platform/ext/target/arm/corstone1000/partition/efi.h
+new file mode 100644
+index 0000000000..f66daffb32
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/partition/efi.h
+@@ -0,0 +1,36 @@
++/*
++ * Copyright (c) 2021, Linaro Limited
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef DRIVERS_PARTITION_EFI_H
++#define DRIVERS_PARTITION_EFI_H
++
++#include <string.h>
++
++#include "uuid.h"
++
++#define EFI_NAMELEN 36
++
++static inline int guidcmp(const void *g1, const void *g2) {
++ return memcmp(g1, g2, sizeof(struct efi_guid));
++}
++
++static inline void *guidcpy(void *dst, const void *src) {
++ return memcpy(dst, src, sizeof(struct efi_guid));
++}
++
++#define EFI_GUID(a, b, c, d0, d1, d2, d3, d4, d5, d6, d7) \
++ { \
++ (a) & 0xffffffff, (b)&0xffff, (c)&0xffff, { \
++ (d0), (d1), (d2), (d3), (d4), (d5), (d6), (d7) \
++ } \
++ }
++
++#define NULL_GUID \
++ EFI_GUID(0x00000000, 0x0000, 0x0000, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
++ 0x00, 0x00)
++
++#endif /* DRIVERS_PARTITION_EFI_H */
+diff --git a/platform/ext/target/arm/corstone1000/partition/gpt.c b/platform/ext/target/arm/corstone1000/partition/gpt.c
+new file mode 100644
+index 0000000000..8549785e3b
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/partition/gpt.c
+@@ -0,0 +1,58 @@
++/*
++ * Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#include "gpt.h"
++
++#include <assert.h>
++#include <errno.h>
++#include <string.h>
++
++#include "efi.h"
++
++static int unicode_to_ascii(unsigned short *str_in, unsigned char *str_out) {
++ uint8_t *name;
++ int i;
++
++ assert((str_in != NULL) && (str_out != NULL));
++
++ name = (uint8_t *)str_in;
++
++ assert(name[0] != '\0');
++
++ /* check whether the unicode string is valid */
++ for (i = 1; i < (EFI_NAMELEN << 1); i += 2) {
++ if (name[i] != '\0') return -EINVAL;
++ }
++ /* convert the unicode string to ascii string */
++ for (i = 0; i < (EFI_NAMELEN << 1); i += 2) {
++ str_out[i >> 1] = name[i];
++ if (name[i] == '\0') break;
++ }
++ return 0;
++}
++
++int parse_gpt_entry(gpt_entry_t *gpt_entry, partition_entry_t *entry) {
++ int result;
++
++ assert((gpt_entry != NULL) && (entry != NULL));
++
++ if ((gpt_entry->first_lba == 0) && (gpt_entry->last_lba == 0)) {
++ return -EINVAL;
++ }
++
++ memset(entry, 0, sizeof(partition_entry_t));
++ result = unicode_to_ascii(gpt_entry->name, (uint8_t *)entry->name);
++ if (result != 0) {
++ return result;
++ }
++ entry->start = (uint64_t)gpt_entry->first_lba * PLAT_PARTITION_BLOCK_SIZE;
++ entry->length = (uint64_t)(gpt_entry->last_lba - gpt_entry->first_lba + 1) *
++ PLAT_PARTITION_BLOCK_SIZE;
++ guidcpy(&entry->part_guid, &gpt_entry->unique_uuid);
++ guidcpy(&entry->type_guid, &gpt_entry->type_uuid);
++
++ return 0;
++}
+diff --git a/platform/ext/target/arm/corstone1000/partition/gpt.h b/platform/ext/target/arm/corstone1000/partition/gpt.h
+new file mode 100644
+index 0000000000..b528fc05c0
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/partition/gpt.h
+@@ -0,0 +1,51 @@
++/*
++ * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef GPT_H
++#define GPT_H
++
++#include "efi.h"
++#include "partition.h"
++#include "uuid.h"
++
++#define PARTITION_TYPE_GPT 0xee
++#define GPT_HEADER_OFFSET PLAT_PARTITION_BLOCK_SIZE
++#define GPT_ENTRY_OFFSET (GPT_HEADER_OFFSET + PLAT_PARTITION_BLOCK_SIZE)
++
++#define GPT_SIGNATURE "EFI PART"
++
++typedef struct gpt_entry {
++ struct efi_guid type_uuid;
++ struct efi_guid unique_uuid;
++ unsigned long long first_lba;
++ unsigned long long last_lba;
++ unsigned long long attr;
++ unsigned short name[EFI_NAMELEN];
++} gpt_entry_t;
++
++typedef struct gpt_header {
++ unsigned char signature[8];
++ unsigned int revision;
++ unsigned int size;
++ unsigned int header_crc;
++ unsigned int reserved;
++ unsigned long long current_lba;
++ unsigned long long backup_lba;
++ unsigned long long first_lba;
++ unsigned long long last_lba;
++ struct efi_guid disk_uuid;
++ /* starting LBA of array of partition entries */
++ unsigned long long part_lba;
++ /* number of partition entries in array */
++ unsigned int list_num;
++ /* size of a single partition entry (usually 128) */
++ unsigned int part_size;
++ unsigned int part_crc;
++} gpt_header_t;
++
++int parse_gpt_entry(gpt_entry_t *gpt_entry, partition_entry_t *entry);
++
++#endif /* GPT_H */
+diff --git a/platform/ext/target/arm/corstone1000/partition/mbr.h b/platform/ext/target/arm/corstone1000/partition/mbr.h
+new file mode 100644
+index 0000000000..e77f367016
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/partition/mbr.h
+@@ -0,0 +1,29 @@
++/*
++ * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef MBR_H
++#define MBR_H
++
++#define MBR_OFFSET 0
++
++#define MBR_PRIMARY_ENTRY_OFFSET 0x1be
++#define MBR_PRIMARY_ENTRY_SIZE 0x10
++#define MBR_PRIMARY_ENTRY_NUMBER 4
++#define MBR_CHS_ADDRESS_LEN 3
++
++#define MBR_SIGNATURE_FIRST 0x55
++#define MBR_SIGNATURE_SECOND 0xAA
++
++typedef struct mbr_entry {
++ unsigned char status;
++ unsigned char first_sector[MBR_CHS_ADDRESS_LEN];
++ unsigned char type;
++ unsigned char last_sector[MBR_CHS_ADDRESS_LEN];
++ unsigned int first_lba;
++ unsigned int sector_nums;
++} mbr_entry_t;
++
++#endif /* MBR_H */
+diff --git a/platform/ext/target/arm/corstone1000/partition/partition.c b/platform/ext/target/arm/corstone1000/partition/partition.c
+new file mode 100644
+index 0000000000..afc6aa1c5c
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/partition/partition.c
+@@ -0,0 +1,310 @@
++/*
++ * Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#include "partition.h"
++
++#include <assert.h>
++#include <errno.h>
++#include <inttypes.h>
++#include <stdio.h>
++#include <string.h>
++
++#include "efi.h"
++#include "gpt.h"
++#include "mbr.h"
++
++#include "io_storage.h"
++#include "platform.h"
++#include "soft_crc.h"
++
++#define PLAT_LOG_MODULE_NAME "partition"
++#include "platform_log.h"
++
++static uint8_t mbr_sector[PLAT_PARTITION_BLOCK_SIZE];
++static partition_entry_list_t list;
++
++#if LOG_LEVEL >= LOG_LEVEL_DEBUG
++static void dump_entries(int num) {
++ char name[EFI_NAMELEN];
++ int i, j, len;
++
++ VERBOSE("Partition table with %d entries:", num);
++ for (i = 0; i < num; i++) {
++ len = snprintf(name, EFI_NAMELEN, "%s", list.list[i].name);
++ for (j = 0; j < EFI_NAMELEN - len - 1; j++) {
++ name[len + j] = ' ';
++ }
++ name[EFI_NAMELEN - 1] = '\0';
++ VERBOSE("%d: %s %x%x %d", i + 1, name,
++ (uint32_t)(list.list[i].start >> 32),
++ (uint32_t)list.list[i].start,
++ (uint32_t)(list.list[i].start + list.list[i].length - 4));
++ }
++}
++#else
++#define dump_entries(num) ((void)num)
++#endif
++
++/*
++ * Load the first sector that carries MBR header.
++ * The MBR boot signature should be always valid whether it's MBR or GPT.
++ */
++static int load_mbr_header(uintptr_t image_handle, mbr_entry_t *mbr_entry) {
++ size_t bytes_read;
++ uintptr_t offset;
++ int result;
++
++ assert(mbr_entry != NULL);
++ /* MBR partition table is in LBA0. */
++ result = io_seek(image_handle, IO_SEEK_SET, MBR_OFFSET);
++ if (result != 0) {
++ WARN("Failed to seek (%i)\n", result);
++ return result;
++ }
++ result = io_read(image_handle, (uintptr_t)&mbr_sector,
++ PLAT_PARTITION_BLOCK_SIZE, &bytes_read);
++ if (result != 0) {
++ WARN("Failed to read data (%i)\n", result);
++ return result;
++ }
++
++ /* Check MBR boot signature. */
++ if ((mbr_sector[LEGACY_PARTITION_BLOCK_SIZE - 2] != MBR_SIGNATURE_FIRST) ||
++ (mbr_sector[LEGACY_PARTITION_BLOCK_SIZE - 1] != MBR_SIGNATURE_SECOND)) {
++ ERROR("MBR signature isn't correct");
++ return -ENOENT;
++ }
++ offset = (uintptr_t)&mbr_sector + MBR_PRIMARY_ENTRY_OFFSET;
++ memcpy(mbr_entry, (void *)offset, sizeof(mbr_entry_t));
++ return 0;
++}
++
++/*
++ * Load GPT header and check the GPT signature and header CRC.
++ * If partition numbers could be found, check & update it.
++ */
++static int load_gpt_header(uintptr_t image_handle) {
++ gpt_header_t header;
++ size_t bytes_read;
++ int result;
++ uint32_t header_crc, calc_crc;
++
++ result = io_seek(image_handle, IO_SEEK_SET, GPT_HEADER_OFFSET);
++ if (result != 0) {
++ return result;
++ }
++ result = io_read(image_handle, (uintptr_t)&header, sizeof(gpt_header_t),
++ &bytes_read);
++ if ((result != 0) || (sizeof(gpt_header_t) != bytes_read)) {
++ return result;
++ }
++ if (memcmp(header.signature, GPT_SIGNATURE, sizeof(header.signature)) !=
++ 0) {
++ return -EINVAL;
++ }
++
++ /*
++ * UEFI Spec 2.8 March 2019 Page 119: HeaderCRC32 value is
++ * computed by setting this field to 0, and computing the
++ * 32-bit CRC for HeaderSize bytes.
++ */
++ header_crc = header.header_crc;
++ header.header_crc = 0U;
++
++ calc_crc = crc32((uint8_t *)&header, DEFAULT_GPT_HEADER_SIZE);
++ if (header_crc != calc_crc) {
++ ERROR("Invalid GPT Header CRC: Expected 0x%x but got 0x%x.\n",
++ header_crc, calc_crc);
++ return -EINVAL;
++ }
++
++ header.header_crc = header_crc;
++
++ /* partition numbers can't exceed PLAT_PARTITION_MAX_ENTRIES */
++ list.entry_count = header.list_num;
++ if (list.entry_count > PLAT_PARTITION_MAX_ENTRIES) {
++ list.entry_count = PLAT_PARTITION_MAX_ENTRIES;
++ }
++ return 0;
++}
++
++static int load_mbr_entry(uintptr_t image_handle, mbr_entry_t *mbr_entry,
++ int part_number) {
++ size_t bytes_read;
++ uintptr_t offset;
++ int result;
++
++ assert(mbr_entry != NULL);
++ /* MBR partition table is in LBA0. */
++ result = io_seek(image_handle, IO_SEEK_SET, MBR_OFFSET);
++ if (result != 0) {
++ WARN("Failed to seek (%i)\n", result);
++ return result;
++ }
++ result = io_read(image_handle, (uintptr_t)&mbr_sector,
++ PLAT_PARTITION_BLOCK_SIZE, &bytes_read);
++ if (result != 0) {
++ WARN("Failed to read data (%i)\n", result);
++ return result;
++ }
++
++ /* Check MBR boot signature. */
++ if ((mbr_sector[LEGACY_PARTITION_BLOCK_SIZE - 2] != MBR_SIGNATURE_FIRST) ||
++ (mbr_sector[LEGACY_PARTITION_BLOCK_SIZE - 1] != MBR_SIGNATURE_SECOND)) {
++ return -ENOENT;
++ }
++ offset = (uintptr_t)&mbr_sector + MBR_PRIMARY_ENTRY_OFFSET +
++ MBR_PRIMARY_ENTRY_SIZE * part_number;
++ memcpy(mbr_entry, (void *)offset, sizeof(mbr_entry_t));
++
++ return 0;
++}
++
++static int load_mbr_entries(uintptr_t image_handle) {
++ mbr_entry_t mbr_entry;
++ int i;
++
++ list.entry_count = MBR_PRIMARY_ENTRY_NUMBER;
++
++ for (i = 0; i < list.entry_count; i++) {
++ load_mbr_entry(image_handle, &mbr_entry, i);
++ list.list[i].start = mbr_entry.first_lba * 512;
++ list.list[i].length = mbr_entry.sector_nums * 512;
++ list.list[i].name[0] = mbr_entry.type;
++ }
++
++ return 0;
++}
++
++static int load_gpt_entry(uintptr_t image_handle, gpt_entry_t *entry) {
++ size_t bytes_read;
++ int result;
++
++ assert(entry != NULL);
++ result = io_read(image_handle, (uintptr_t)entry, sizeof(gpt_entry_t),
++ &bytes_read);
++ if (sizeof(gpt_entry_t) != bytes_read) return -EINVAL;
++ return result;
++}
++
++static int verify_partition_gpt(uintptr_t image_handle) {
++ gpt_entry_t entry;
++ int result, i;
++
++ for (i = 0; i < list.entry_count; i++) {
++ result = load_gpt_entry(image_handle, &entry);
++ assert(result == 0);
++ if (result != 0) {
++ break;
++ }
++ result = parse_gpt_entry(&entry, &list.list[i]);
++ if (result != 0) {
++ break;
++ }
++ }
++ if (i == 0) {
++ return -EINVAL;
++ }
++ /*
++ * Only records the valid partition number that is loaded from
++ * partition table.
++ */
++ list.entry_count = i;
++ dump_entries(list.entry_count);
++
++ return 0;
++}
++
++int load_partition_table(unsigned int image_id) {
++ uintptr_t dev_handle, image_handle, image_spec = 0;
++ mbr_entry_t mbr_entry;
++ int result;
++
++ result = plat_get_image_source(image_id, &dev_handle, &image_spec);
++ if (result != 0) {
++ WARN("Failed to obtain reference to image id=%u (%i)\n", image_id,
++ result);
++ return result;
++ }
++
++ result = io_open(dev_handle, image_spec, &image_handle);
++ if (result != 0) {
++ WARN("Failed to open image id=%u (%i)\n", image_id, result);
++ return result;
++ }
++
++ result = load_mbr_header(image_handle, &mbr_entry);
++ if (result != 0) {
++ ERROR("Loading mbr header failed with image id=%u (%i)\n", image_id,
++ result);
++ return result;
++ }
++ if (mbr_entry.type == PARTITION_TYPE_GPT) {
++ INFO("Loading gpt header");
++ result = load_gpt_header(image_handle);
++ assert(result == 0);
++ if (result != 0) {
++ ERROR("Failed load gpt header! %i", result);
++ goto load_partition_table_exit;
++ }
++ result = io_seek(image_handle, IO_SEEK_SET, GPT_ENTRY_OFFSET);
++ assert(result == 0);
++ if (result != 0) {
++ ERROR("Failed seek gpt header! %i", result);
++ goto load_partition_table_exit;
++ }
++ result = verify_partition_gpt(image_handle);
++ if (result != 0) {
++ ERROR("Failed verify gpt partition %i", result);
++ goto load_partition_table_exit;
++ }
++ } else {
++ result = load_mbr_entries(image_handle);
++ }
++
++load_partition_table_exit:
++ io_close(image_handle);
++ return result;
++}
++
++const partition_entry_t *get_partition_entry(const char *name) {
++ int i;
++
++ for (i = 0; i < list.entry_count; i++) {
++ if (strcmp(name, list.list[i].name) == 0) {
++ return &list.list[i];
++ }
++ }
++ return NULL;
++}
++
++const partition_entry_t *get_partition_entry_by_type(const uuid_t *type_uuid) {
++ int i;
++
++ for (i = 0; i < list.entry_count; i++) {
++ if (guidcmp(type_uuid, &list.list[i].type_guid) == 0) {
++ return &list.list[i];
++ }
++ }
++
++ return NULL;
++}
++
++const partition_entry_t *get_partition_entry_by_uuid(const uuid_t *part_uuid) {
++ int i;
++
++ for (i = 0; i < list.entry_count; i++) {
++ if (guidcmp(part_uuid, &list.list[i].part_guid) == 0) {
++ return &list.list[i];
++ }
++ }
++
++ return NULL;
++}
++
++const partition_entry_list_t *get_partition_entry_list(void) { return &list; }
++
++void partition_init(unsigned int image_id) { load_partition_table(image_id); }
+diff --git a/platform/ext/target/arm/corstone1000/partition/partition.h b/platform/ext/target/arm/corstone1000/partition/partition.h
+new file mode 100644
+index 0000000000..54af47aca4
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/partition/partition.h
+@@ -0,0 +1,47 @@
++/*
++ * Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PARTITION_H
++#define PARTITION_H
++
++#include <stdint.h>
++
++#include "efi.h"
++#include "uuid.h"
++
++#if !PLAT_PARTITION_MAX_ENTRIES
++#define PLAT_PARTITION_MAX_ENTRIES 16
++#endif /* PLAT_PARTITION_MAX_ENTRIES */
++
++#if !PLAT_PARTITION_BLOCK_SIZE
++#define PLAT_PARTITION_BLOCK_SIZE 512
++#endif /* PLAT_PARTITION_BLOCK_SIZE */
++
++#define LEGACY_PARTITION_BLOCK_SIZE 512
++
++#define DEFAULT_GPT_HEADER_SIZE 92
++
++typedef struct partition_entry {
++ uint64_t start;
++ uint64_t length;
++ char name[EFI_NAMELEN];
++ struct efi_guid part_guid;
++ struct efi_guid type_guid;
++} partition_entry_t;
++
++typedef struct partition_entry_list {
++ partition_entry_t list[PLAT_PARTITION_MAX_ENTRIES];
++ int entry_count;
++} partition_entry_list_t;
++
++int load_partition_table(unsigned int image_id);
++const partition_entry_t *get_partition_entry(const char *name);
++const partition_entry_t *get_partition_entry_by_type(const uuid_t *type_guid);
++const partition_entry_t *get_partition_entry_by_uuid(const uuid_t *part_uuid);
++const partition_entry_list_t *get_partition_entry_list(void);
++void partition_init(unsigned int image_id);
++
++#endif /* PARTITION_H */
+diff --git a/platform/ext/target/arm/corstone1000/partition/uuid.h b/platform/ext/target/arm/corstone1000/partition/uuid.h
+new file mode 100644
+index 0000000000..06fec5a3c0
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/partition/uuid.h
+@@ -0,0 +1,76 @@
++/*-
++ * Copyright (c) 2002 Marcel Moolenaar
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ * $FreeBSD$
++ */
++
++/*
++ * Portions copyright (c) 2014-2020, ARM Limited and Contributors.
++ * All rights reserved.
++ */
++
++#ifndef UUID_H
++#define UUID_H
++
++#include <stdint.h>
++
++/* Length of a node address (an IEEE 802 address). */
++#define _UUID_NODE_LEN 6
++
++/* Length of UUID string including dashes. */
++#define _UUID_STR_LEN 36
++
++/*
++ * See also:
++ * http://www.opengroup.org/dce/info/draft-leach-uuids-guids-01.txt
++ * http://www.opengroup.org/onlinepubs/009629399/apdxa.htm
++ *
++ * A DCE 1.1 compatible source representation of UUIDs.
++ */
++struct uuid {
++ uint8_t time_low[4];
++ uint8_t time_mid[2];
++ uint8_t time_hi_and_version[2];
++ uint8_t clock_seq_hi_and_reserved;
++ uint8_t clock_seq_low;
++ uint8_t node[_UUID_NODE_LEN];
++};
++
++struct efi_guid {
++ uint32_t time_low;
++ uint16_t time_mid;
++ uint16_t time_hi_and_version;
++ uint8_t clock_seq_and_node[8];
++};
++
++union uuid_helper_t {
++ struct uuid uuid_struct;
++ struct efi_guid efi_guid;
++};
++
++/* XXX namespace pollution? */
++typedef struct uuid uuid_t;
++
++#endif /* UUID_H */
+diff --git a/platform/ext/target/arm/corstone1000/platform.c b/platform/ext/target/arm/corstone1000/platform.c
+new file mode 100644
+index 0000000000..908b66b7ac
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/platform.c
+@@ -0,0 +1,20 @@
++/*
++ * Copyright (c) 2023, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "platform.h"
++
++#include <stdint.h>
++
++/* Return an IO device handle and specification which can be used to access
++ * an image. This has to be implemented for the GPT parser. */
++int32_t plat_get_image_source(unsigned int image_id, uintptr_t *dev_handle,
++ uintptr_t *image_spec) {
++ (void)image_id;
++ *dev_handle = NULL;
++ *image_spec = NULL;
++ return 0;
++}
+diff --git a/platform/ext/target/arm/corstone1000/platform.h b/platform/ext/target/arm/corstone1000/platform.h
+new file mode 100644
+index 0000000000..250f9cd9f5
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/platform.h
+@@ -0,0 +1,14 @@
++/*
++ * Copyright (c) 2023, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __PLATFORM_H__
++#define __PLATFORM_H__
++
++int32_t plat_get_image_source(unsigned int image_id, uintptr_t *dev_handle,
++ uintptr_t *image_spec);
++
++#endif /*__PLATFORM_H__*/
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-corstone1000-BL1-changes-to-adapt-to-new-fl.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-corstone1000-BL1-changes-to-adapt-to-new-fl.patch
new file mode 100644
index 0000000..d9143a0
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-corstone1000-BL1-changes-to-adapt-to-new-fl.patch
@@ -0,0 +1,337 @@
+From f70bbd0d8efefcc69916fc0393bc413fb39924af Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Tue, 10 Jan 2023 22:33:26 +0000
+Subject: [PATCH 8/10] Platform: corstone1000: BL1 changes to adapt to new flash
+ layout
+
+The commit prepares BL1 to adapt to new GPT-based flash layout.
+
+BL1 does not incorporate a GPT parser and still uses a static
+configuration to understand the flash.
+
+The flash_layout.h is also modified/marked in a way to start
+the process of its simplification.
+
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ .../arm/corstone1000/bl1/bl1_boot_hal.c | 10 +--
+ .../arm/corstone1000/bl1/bl1_flash_map.c | 17 ++--
+ .../target/arm/corstone1000/bl2_flash_map.c | 8 +-
+ .../corstone1000/fw_update_agent/fwu_agent.c | 16 ++--
+ .../corstone1000/fw_update_agent/fwu_agent.h | 4 +-
+ .../arm/corstone1000/partition/flash_layout.h | 84 +++++++++----------
+ 6 files changed, 66 insertions(+), 73 deletions(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/bl1/bl1_boot_hal.c b/platform/ext/target/arm/corstone1000/bl1/bl1_boot_hal.c
+index 9caa26b26c..a5fe0f7da1 100644
+--- a/platform/ext/target/arm/corstone1000/bl1/bl1_boot_hal.c
++++ b/platform/ext/target/arm/corstone1000/bl1/bl1_boot_hal.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
++ * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+@@ -601,12 +601,12 @@ __attribute__((naked)) void boot_clear_bl2_ram_area(void)
+ );
+ }
+
+-extern void add_bank_offset_to_image_offset(uint32_t bank_offset);
++extern void set_flash_area_image_offset(uint32_t offset);
+
+ int32_t boot_platform_init(void)
+ {
+ int32_t result;
+- uint32_t bank_offset;
++ uint32_t image_offset;
+
+ result = corstone1000_watchdog_init();
+ if (result != ARM_DRIVER_OK) {
+@@ -653,8 +653,8 @@ int32_t boot_platform_init(void)
+ }
+ }
+
+- bl1_get_boot_bank(&bank_offset);
+- add_bank_offset_to_image_offset(bank_offset);
++ bl1_get_active_bl2_image(&image_offset);
++ set_flash_area_image_offset(image_offset);
+
+ return 0;
+ }
+diff --git a/platform/ext/target/arm/corstone1000/bl1/bl1_flash_map.c b/platform/ext/target/arm/corstone1000/bl1/bl1_flash_map.c
+index c8a1f13319..0e615da254 100644
+--- a/platform/ext/target/arm/corstone1000/bl1/bl1_flash_map.c
++++ b/platform/ext/target/arm/corstone1000/bl1/bl1_flash_map.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
++ * Copyright (c) 2019-2021, 2023 Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+@@ -22,23 +22,22 @@ struct flash_area flash_map[] = {
+ .fa_id = FLASH_AREA_8_ID,
+ .fa_device_id = FLASH_DEVICE_ID,
+ .fa_driver = &FLASH_DEV_NAME,
+- .fa_off = FLASH_AREA_8_OFFSET,
++ .fa_off = FLASH_INVALID_OFFSET,
+ .fa_size = FLASH_AREA_8_SIZE,
+ },
++ /* Secondary slot is not supported */
+ {
+- .fa_id = FLASH_AREA_9_ID,
++ .fa_id = FLASH_INVALID_ID,
+ .fa_device_id = FLASH_DEVICE_ID,
+ .fa_driver = &FLASH_DEV_NAME,
+- .fa_off = FLASH_AREA_9_OFFSET,
+- .fa_size = FLASH_AREA_9_SIZE,
++ .fa_off = FLASH_INVALID_OFFSET,
++ .fa_size = FLASH_INVALID_SIZE,
+ },
+ };
+
+ const int flash_map_entry_num = ARRAY_SIZE(flash_map);
+
+-void add_bank_offset_to_image_offset(uint32_t bank_offset)
++void set_flash_area_image_offset(uint32_t offset)
+ {
+- for (int i = 0; i < flash_map_entry_num; i++) {
+- flash_map[i].fa_off += bank_offset;
+- }
++ flash_map[0].fa_off = offset;
+ }
+diff --git a/platform/ext/target/arm/corstone1000/bl2_flash_map.c b/platform/ext/target/arm/corstone1000/bl2_flash_map.c
+index 0a6a592d94..f512045a44 100644
+--- a/platform/ext/target/arm/corstone1000/bl2_flash_map.c
++++ b/platform/ext/target/arm/corstone1000/bl2_flash_map.c
+@@ -28,15 +28,15 @@ struct flash_area flash_map[] = {
+ .fa_id = FLASH_AREA_0_ID,
+ .fa_device_id = FLASH_DEVICE_ID,
+ .fa_driver = &FLASH_DEV_NAME,
+- .fa_off = FLASH_AREA_0_OFFSET,
+- .fa_size = FLASH_AREA_0_SIZE,
++ .fa_off = FLASH_INVALID_OFFSET,
++ .fa_size = FLASH_INVALID_SIZE,
+ },
+ {
+ .fa_id = FLASH_AREA_1_ID,
+ .fa_device_id = FLASH_DEVICE_ID,
+ .fa_driver = &FLASH_DEV_NAME,
+- .fa_off = FLASH_AREA_1_OFFSET,
+- .fa_size = FLASH_AREA_1_SIZE,
++ .fa_off = FLASH_INVALID_OFFSET,
++ .fa_size = FLASH_INVALID_SIZE,
+ },
+ #ifndef TFM_S_REG_TEST
+ {
+diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+index eb17c3a377..e4f9da1ec3 100644
+--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+@@ -154,7 +154,7 @@ static enum fwu_agent_error_t private_metadata_read(
+ return FWU_AGENT_ERROR;
+ }
+
+- ret = FWU_METADATA_FLASH_DEV.ReadData(FWU_PRIVATE_AREA_OFFSET, p_metadata,
++ ret = FWU_METADATA_FLASH_DEV.ReadData(FWU_PRIVATE_METADATA_REPLICA_1_OFFSET, p_metadata,
+ sizeof(struct fwu_private_metadata));
+ if (ret < 0 || ret != sizeof(struct fwu_private_metadata)) {
+ return FWU_AGENT_ERROR;
+@@ -178,12 +178,12 @@ static enum fwu_agent_error_t private_metadata_write(
+ return FWU_AGENT_ERROR;
+ }
+
+- ret = FWU_METADATA_FLASH_DEV.EraseSector(FWU_PRIVATE_AREA_OFFSET);
++ ret = FWU_METADATA_FLASH_DEV.EraseSector(FWU_PRIVATE_METADATA_REPLICA_1_OFFSET);
+ if (ret != ARM_DRIVER_OK) {
+ return FWU_AGENT_ERROR;
+ }
+
+- ret = FWU_METADATA_FLASH_DEV.ProgramData(FWU_PRIVATE_AREA_OFFSET,
++ ret = FWU_METADATA_FLASH_DEV.ProgramData(FWU_PRIVATE_METADATA_REPLICA_1_OFFSET,
+ p_metadata, sizeof(struct fwu_private_metadata));
+ if (ret < 0 || ret != sizeof(struct fwu_private_metadata)) {
+ return FWU_AGENT_ERROR;
+@@ -769,7 +769,7 @@ static enum fwu_agent_error_t fwu_select_previous(
+
+ }
+
+-void bl1_get_boot_bank(uint32_t *bank_offset)
++void bl1_get_active_bl2_image(uint32_t *offset)
+ {
+ struct fwu_private_metadata priv_metadata;
+ enum fwu_agent_state_t current_state;
+@@ -823,15 +823,15 @@ void bl1_get_boot_bank(uint32_t *bank_offset)
+ }
+
+ if (boot_index == BANK_0) {
+- *bank_offset = BANK_0_PARTITION_OFFSET;
++ *offset = SE_BL2_BANK_0_OFFSET;
+ } else if (boot_index == BANK_1) {
+- *bank_offset = BANK_1_PARTITION_OFFSET;
++ *offset = SE_BL2_BANK_1_OFFSET;
+ } else {
+ FWU_ASSERT(0);
+ }
+
+- FWU_LOG_MSG("%s: exit: booting from bank = %u, offset = %x\n\r", __func__,
+- boot_index, *bank_offset);
++ FWU_LOG_MSG("%s: exit: booting from bank = %u, offset = 0x%x\n\r", __func__,
++ boot_index, *offset);
+
+ return;
+ }
+diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h
+index 00a08354be..eb8320ed8a 100644
+--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h
++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
++ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+@@ -44,7 +44,7 @@ enum fwu_agent_error_t corstone1000_fwu_flash_image(void);
+ */
+ enum fwu_agent_error_t corstone1000_fwu_host_ack(void);
+
+-void bl1_get_boot_bank(uint32_t *bank_offset);
++void bl1_get_active_bl2_image(uint32_t *bank_offset);
+ void bl2_get_boot_bank(uint32_t *bank_offset);
+
+ /* When in trial state, start the timer for host to respond.
+diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+index 5970a13c12..347c91acbb 100644
+--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h
++++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2017-2022 Arm Limited. All rights reserved.
++ * Copyright (c) 2017-2023 Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+@@ -98,56 +98,56 @@
+
+ #endif
+
+-/* Flash layout (32MB) :-
+- *
+- * 1 MB : FWU_METADATA_PARTITION_SIZE
+- * 15.5 MB : BANK 1 PARTITION SIZE
+- * 15.5 MB : BANK 2 PARTITION SIZE
+- *
+- */
+-#define FWU_METADATA_PARTITION_SIZE (0x100000) /* 1MB */
+-#define BANK_PARTITION_SIZE (0xF80000) /* 15.5 MB */
++/* Static Configurations of the Flash */
++#define SE_BL2_PARTITION_SIZE (0x18800) /* 98 KB */
++#define SE_BL2_BANK_0_OFFSET (0x9000) /* 72nd LBA */
++#define SE_BL2_BANK_1_OFFSET (0x1002000) /* 32784th LBA */
+
+-#define FLASH_BASE_OFFSET (0x0)
++/* Space in flash to store metadata and uefi variables */
++#define FWU_METADATA_FLASH_DEV (FLASH_DEV_NAME)
++#define FWU_METADATA_FLASH_SECTOR_SIZE (FLASH_SECTOR_SIZE)
+
+-/* BANK layout (15MB: BANK_PARTITION_SIZE) :-
+- *
+- * 200 KB : SE_BL2_PARTITION_SIZE + SE_BL2_PARTITION_SIZE
+- * 752 KB : TFM_PARTITION_SIZE + TFM_PARTITION_SIZE
+- * 2 MB : FIP_PARTITION_SIZE
+- * 12+ MB : KERNEL_PARTITION_SIZE
+- *
+- */
+-#define SE_BL2_PARTITION_SIZE (0x19000) /* 100 KB */
+-#define TFM_PARTITION_SIZE (0x5E000) /* 376 KB */
+-#define FIP_PARTITION_SIZE (0x200000) /* 2 MB */
+-#define KERNEL_PARTITION_SIZE (0xC00000) /* 12 MB */
++#define FWU_METADATA_REPLICA_1_OFFSET (0x5000) /* 40th LBA */
++#define FWU_METADATA_REPLICA_2_OFFSET (FWU_METADATA_REPLICA_1_OFFSET + \
++ FWU_METADATA_FLASH_SECTOR_SIZE)
+
++#define FWU_PRIVATE_METADATA_REPLICA_1_OFFSET (FWU_METADATA_REPLICA_2_OFFSET + \
++ FWU_METADATA_FLASH_SECTOR_SIZE)
++#define FWU_PRIVATE_METADATA_REPLICA_2_OFFSET (FWU_PRIVATE_METADATA_REPLICA_1_OFFSET + \
++ FWU_METADATA_FLASH_SECTOR_SIZE)
+
++#define BANK_0_PARTITION_OFFSET (SE_BL2_BANK_0_OFFSET + \
++ SE_BL2_PARTITION_SIZE)
++#define BANK_1_PARTITION_OFFSET (SE_BL2_BANK_1_OFFSET + \
++ SE_BL2_PARTITION_SIZE)
+
++/* BL1: mcuboot flashmap configurations */
++#define FLASH_AREA_8_ID (1)
++#define FLASH_AREA_8_SIZE (SE_BL2_PARTITION_SIZE)
+
+-/* 1MB: space in flash to store metadata and uefi variables */
+-#define FWU_METADATA_FLASH_DEV (FLASH_DEV_NAME)
+-#define FWU_METADATA_FLASH_SECTOR_SIZE (FLASH_SECTOR_SIZE)
++#define FLASH_INVALID_ID (0xFF)
++#define FLASH_INVALID_OFFSET (0xFFFFFFFF)
++#define FLASH_INVALID_SIZE (0xFFFFFFFF)
+
+-#define FWU_METADATA_PARTITION_OFFSET (FLASH_BASE_OFFSET)
+-#define FWU_METADATA_AREA_SIZE (FWU_METADATA_FLASH_SECTOR_SIZE)
+-#define FWU_METADATA_REPLICA_1_OFFSET (FLASH_BASE_OFFSET)
+-#define FWU_METADATA_REPLICA_2_OFFSET (FWU_METADATA_REPLICA_1_OFFSET + \
+- FWU_METADATA_AREA_SIZE)
+-#define FWU_PRIVATE_AREA_SIZE (FLASH_SECTOR_SIZE)
+-#define FWU_PRIVATE_AREA_OFFSET (FWU_METADATA_REPLICA_2_OFFSET + \
+- FWU_METADATA_AREA_SIZE)
++#define BL1_FLASH_AREA_IMAGE_PRIMARY(x) (((x) == 0) ? FLASH_AREA_8_ID : \
++ 255 )
++#define BL1_FLASH_AREA_IMAGE_SECONDARY(x) (((x) == 0) ? FLASH_INVALID_ID : \
++ 255 )
++
++#define BL1_FLASH_AREA_IMAGE_SCRATCH 255
+
++/* FWU Configurations */
+ #define NR_OF_FW_BANKS (2)
+ #define NR_OF_IMAGES_IN_FW_BANK (4) /* Secure Enclave: BL2 and TF-M \
+ * Host: FIP and Kernel image
+ */
+
+-#define BANK_0_PARTITION_OFFSET (FWU_METADATA_PARTITION_OFFSET + \
+- FWU_METADATA_PARTITION_SIZE)
+-#define BANK_1_PARTITION_OFFSET (BANK_0_PARTITION_OFFSET + \
+- BANK_PARTITION_SIZE)
++/****** TODO: START : NEED SIMPLIFICATION BASED ON GPT *******************/
++/* Bank configurations */
++#define BANK_PARTITION_SIZE (0xFE0000) /* 15.875 MB */
++#define TFM_PARTITION_SIZE (0x5E000) /* 376 KB */
++#define FIP_PARTITION_SIZE (0x200000) /* 2 MB */
++#define KERNEL_PARTITION_SIZE (0xC00000) /* 12 MB */
+
+ /************************************************************/
+ /* Bank : Images flash offsets are with respect to the bank */
+@@ -170,13 +170,6 @@
+ #define BL2_IMAGE_OFFSET (0x0)
+ #define BL2_IMAGE_MAX_SIZE (SE_BL2_PARTITION_SIZE)
+
+-#define BL1_FLASH_AREA_IMAGE_PRIMARY(x) (((x) == 0) ? FLASH_AREA_8_ID : \
+- 255 )
+-#define BL1_FLASH_AREA_IMAGE_SECONDARY(x) (((x) == 0) ? FLASH_AREA_9_ID : \
+- 255 )
+-
+-#define BL1_FLASH_AREA_IMAGE_SCRATCH 255
+-
+ /* Image 1: TF-M primary and secondary images */
+ #define FLASH_AREA_0_ID (1)
+ #define FLASH_AREA_0_OFFSET (FLASH_AREA_9_OFFSET + \
+@@ -229,6 +222,7 @@
+ #define FWU_METADATA_IMAGE_3_OFFSET (KERNEL_PARTITION_OFFSET)
+ #define FWU_METADATA_IMAGE_3_SIZE_LIMIT (KERNEL_PARTITION_SIZE)
+
++/****** TODO: END : NEED SIMPLIFICATION BASED ON GPT *******************/
+
+ /*******************************/
+ /*** ITS, PS and NV Counters ***/
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-Platform-corstone1000-BL2-uses-GPT-layout.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-Platform-corstone1000-BL2-uses-GPT-layout.patch
new file mode 100644
index 0000000..9df98cd
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-Platform-corstone1000-BL2-uses-GPT-layout.patch
@@ -0,0 +1,411 @@
+From 6f95d99329e178b7dea5cf7affac2c55135bbb85 Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Wed, 11 Jan 2023 10:27:04 +0000
+Subject: [PATCH 9/10] Platform:corstone1000: BL2 uses GPT layout
+
+Adabt BL2 to use GPT parser find tfm and fip partitions, and then
+extract info to populate MCUBOOT flashmap.
+
+Side changes required:
+Borrow 2k of BL2 code memory to Data memory (during linking)
+i.e. Increase BL2_DATA_GAP_SIZE and decrease SE_BL2_PARTITION_SIZE
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ .../target/arm/corstone1000/CMakeLists.txt | 5 +-
+ .../target/arm/corstone1000/bl2_flash_map.c | 7 --
+ .../target/arm/corstone1000/boot_hal_bl2.c | 86 +++++++++++++-----
+ .../corstone1000/fw_update_agent/fwu_agent.c | 24 ++---
+ .../corstone1000/fw_update_agent/fwu_agent.h | 2 +-
+ .../arm/corstone1000/partition/flash_layout.h | 2 +-
+ .../ext/target/arm/corstone1000/platform.c | 87 ++++++++++++++++++-
+ .../ext/target/arm/corstone1000/platform.h | 10 +++
+ 8 files changed, 168 insertions(+), 55 deletions(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+index a120f39ea4..f16c1c40b0 100644
+--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+@@ -130,6 +130,10 @@ target_sources(platform_bl2
+ io/io_block.c
+ io/io_flash.c
+ io/io_storage.c
++ soft_crc/soft_crc.c
++ partition/partition.c
++ partition/gpt.c
++ platform.c
+ )
+
+ if (PLATFORM_IS_FVP)
+@@ -174,7 +178,6 @@ target_compile_definitions(bl2
+ $<$<BOOL:${CRYPTO_HW_ACCELERATOR}>:CRYPTO_HW_ACCELERATOR>
+ $<$<BOOL:${CRYPTO_HW_ACCELERATOR_OTP_PROVISIONING}>:CRYPTO_HW_ACCELERATOR_OTP_PROVISIONING>
+ $<$<BOOL:${PLATFORM_PSA_ADAC_SECURE_DEBUG}>:PLATFORM_PSA_ADAC_SECURE_DEBUG>
+-
+ )
+ target_compile_definitions(bootutil
+ PRIVATE
+diff --git a/platform/ext/target/arm/corstone1000/bl2_flash_map.c b/platform/ext/target/arm/corstone1000/bl2_flash_map.c
+index f512045a44..599f80b411 100644
+--- a/platform/ext/target/arm/corstone1000/bl2_flash_map.c
++++ b/platform/ext/target/arm/corstone1000/bl2_flash_map.c
+@@ -58,13 +58,6 @@ struct flash_area flash_map[] = {
+
+ const int flash_map_entry_num = ARRAY_SIZE(flash_map);
+
+-void add_bank_offset_to_image_offset(uint32_t bank_offset)
+-{
+- for (int i = 0; i < flash_map_entry_num; i++) {
+- flash_map[i].fa_off += bank_offset;
+- }
+-}
+-
+ int boot_get_image_exec_ram_info(uint32_t image_id,
+ uint32_t *exec_ram_start,
+ uint32_t *exec_ram_size)
+diff --git a/platform/ext/target/arm/corstone1000/boot_hal_bl2.c b/platform/ext/target/arm/corstone1000/boot_hal_bl2.c
+index 323d9707fe..52db26beea 100644
+--- a/platform/ext/target/arm/corstone1000/boot_hal_bl2.c
++++ b/platform/ext/target/arm/corstone1000/boot_hal_bl2.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
++ * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+@@ -30,6 +30,14 @@
+ #include "crypto_hw.h"
+ #endif
+
++#include "efi.h"
++#include "partition.h"
++#include "platform.h"
++
++static const uint8_t * const tfm_part_names[] = {"tfm_primary", "tfm_secondary"};
++static const uint8_t * const fip_part_names[] = {"FIP_A", "FIP_B"};
++
++
+ /* Flash device name must be specified by target */
+ extern ARM_DRIVER_FLASH FLASH_DEV_NAME;
+
+@@ -39,28 +47,62 @@ REGION_DECLARE(Image$$, ARM_LIB_HEAP, $$ZI$$Limit)[];
+ #define ARRAY_SIZE(arr) (sizeof(arr)/sizeof((arr)[0]))
+ extern struct flash_area flash_map[];
+
+-int32_t fill_bl2_flash_map_by_parsing_fips(uint32_t bank_offset)
+-{
+- int result;
++static bool fill_flash_map_with_tfm_data(uint8_t boot_index) {
++
++ if (boot_index >= ARRAY_SIZE(tfm_part_names)) {
++ BOOT_LOG_ERR("%d is an invalid boot_index, 0 <= boot_index < %d",
++ boot_index, ARRAY_SIZE(tfm_part_names));
++ return false;
++ }
++ partition_entry_t *tfm_entry =
++ get_partition_entry(tfm_part_names[boot_index]);
++ if (tfm_entry == NULL) {
++ BOOT_LOG_ERR("Could not find partition %s", tfm_part_names[boot_index]);
++ return false;
++ }
++ flash_map[0].fa_off = tfm_entry->start;
++ flash_map[0].fa_size = tfm_entry->length;
++ return true;
++}
++
++static bool fill_flash_map_with_fip_data(uint8_t boot_index) {
+ uint32_t tfa_offset = 0;
+- uint32_t tfa_size = 0;
++ size_t tfa_size = 0;
++ uint32_t fip_offset = 0;
++ size_t fip_size = 0;
++ int result;
++
++ if (boot_index >= ARRAY_SIZE(fip_part_names)) {
++ BOOT_LOG_ERR("%d is an invalid boot_index, 0 <= boot_index < %d",
++ boot_index, ARRAY_SIZE(fip_part_names));
++ return false;
++ }
++ partition_entry_t *fip_entry =
++ get_partition_entry(fip_part_names[boot_index]);
++ if (fip_entry == NULL) {
++ BOOT_LOG_ERR("Could not find partition %s", fip_part_names[boot_index]);
++ return false;
++ }
++
++ fip_offset = fip_entry->start;
++ fip_size = fip_entry->length;
+
+ /* parse directly from flash using XIP mode */
+ /* FIP is large so its not a good idea to load it in memory */
+- result = parse_fip_and_extract_tfa_info(bank_offset + FLASH_FIP_ADDRESS,
+- FLASH_FIP_SIZE,
+- &tfa_offset, &tfa_size);
++ result = parse_fip_and_extract_tfa_info(
++ FLASH_BASE_ADDRESS + fip_offset + FIP_SIGNATURE_AREA_SIZE, fip_size,
++ &tfa_offset, &tfa_size);
+ if (result != FIP_PARSER_SUCCESS) {
+ BOOT_LOG_ERR("parse_fip_and_extract_tfa_info failed");
+- return 1;
++ return false;
+ }
+
+- flash_map[2].fa_off = FLASH_FIP_OFFSET + tfa_offset;
++ flash_map[2].fa_off = fip_offset + FIP_SIGNATURE_AREA_SIZE + tfa_offset;
+ flash_map[2].fa_size = tfa_size;
+ flash_map[3].fa_off = flash_map[2].fa_off + flash_map[2].fa_size;
+ flash_map[3].fa_size = tfa_size;
+
+- return 0;
++ return true;
+ }
+
+ #ifdef PLATFORM_PSA_ADAC_SECURE_DEBUG
+@@ -89,26 +131,29 @@ uint8_t secure_debug_rotpk[32];
+
+ #endif
+
+-extern void add_bank_offset_to_image_offset(uint32_t bank_offset);
+-
+ int32_t boot_platform_init(void)
+ {
+ int32_t result;
++ uint8_t boot_index;
+
+ result = corstone1000_watchdog_init();
+ if (result != ARM_DRIVER_OK) {
+ return 1;
+ }
+
+-#ifndef TFM_S_REG_TEST
+- result = fill_bl2_flash_map_by_parsing_fips(BANK_0_PARTITION_OFFSET);
+- if (result) {
++ result = FLASH_DEV_NAME.Initialize(NULL);
++ if (result != ARM_DRIVER_OK) {
+ return 1;
+ }
+-#endif
+
+- result = FLASH_DEV_NAME.Initialize(NULL);
+- if (result != ARM_DRIVER_OK) {
++ plat_io_storage_init();
++ partition_init(PLATFORM_GPT_IMAGE);
++
++ boot_index = bl2_get_boot_bank();
++
++ if (!fill_flash_map_with_tfm_data(boot_index)
++ || !fill_flash_map_with_fip_data(boot_index)) {
++ BOOT_LOG_ERR("Filling flash map has failed!");
+ return 1;
+ }
+
+@@ -149,9 +194,6 @@ int32_t boot_platform_post_init(void)
+ }
+ #endif
+
+- bl2_get_boot_bank(&bank_offset);
+- add_bank_offset_to_image_offset(bank_offset);
+-
+ return 0;
+ }
+
+diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+index e4f9da1ec3..1052bf9f00 100644
+--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+@@ -836,34 +836,20 @@ void bl1_get_active_bl2_image(uint32_t *offset)
+ return;
+ }
+
+-void bl2_get_boot_bank(uint32_t *bank_offset)
++uint8_t bl2_get_boot_bank(void)
+ {
+- uint32_t boot_index;
++ uint8_t boot_index;
+ struct fwu_private_metadata priv_metadata;
+- FWU_LOG_MSG("%s: enter\n\r", __func__);
+-
++ FWU_LOG_MSG("%s: enter", __func__);
+ if (fwu_metadata_init()) {
+ FWU_ASSERT(0);
+ }
+-
+ if (private_metadata_read(&priv_metadata)) {
+ FWU_ASSERT(0);
+ }
+-
+ boot_index = priv_metadata.boot_index;
+-
+- if (boot_index == BANK_0) {
+- *bank_offset = BANK_0_PARTITION_OFFSET;
+- } else if (boot_index == BANK_1) {
+- *bank_offset = BANK_1_PARTITION_OFFSET;
+- } else {
+- FWU_ASSERT(0);
+- }
+-
+- FWU_LOG_MSG("%s: exit: booting from bank = %u, offset = %x\n\r", __func__,
+- boot_index, *bank_offset);
+-
+- return;
++ FWU_LOG_MSG("%s: exit: booting from bank = %u", __func__, boot_index);
++ return boot_index;
+ }
+
+ static void disable_host_ack_timer(void)
+diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h
+index eb8320ed8a..701f205583 100644
+--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h
++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h
+@@ -45,7 +45,7 @@ enum fwu_agent_error_t corstone1000_fwu_flash_image(void);
+ enum fwu_agent_error_t corstone1000_fwu_host_ack(void);
+
+ void bl1_get_active_bl2_image(uint32_t *bank_offset);
+-void bl2_get_boot_bank(uint32_t *bank_offset);
++uint8_t bl2_get_boot_bank(void);
+
+ /* When in trial state, start the timer for host to respond.
+ * Diable timer when host responds back either by calling
+diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+index 347c91acbb..c5cf94a52c 100644
+--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h
++++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+@@ -32,7 +32,7 @@
+ #define SRAM_BASE (0x30000000)
+ #define SRAM_SIZE (0x80000) /* 512 KB */
+
+-#define BL2_DATA_GAP_SIZE (0x09000) /* 36 KB */
++#define BL2_DATA_GAP_SIZE (0x09800) /* 38 KB */
+
+ #define BL1_DATA_START (SRAM_BASE)
+ #define BL1_DATA_SIZE (0x10000) /* 64 KiB*/
+diff --git a/platform/ext/target/arm/corstone1000/platform.c b/platform/ext/target/arm/corstone1000/platform.c
+index 908b66b7ac..6add0d7e1b 100644
+--- a/platform/ext/target/arm/corstone1000/platform.c
++++ b/platform/ext/target/arm/corstone1000/platform.c
+@@ -5,16 +5,95 @@
+ *
+ */
+
++#include "stdint.h"
++
++#include "Driver_Flash.h"
++#include "flash_layout.h"
++
++#include "io_driver.h"
++#include "io_flash.h"
++#include "io_storage.h"
++
+ #include "platform.h"
+
+-#include <stdint.h>
++#define PLAT_LOG_MODULE_NAME "platform"
++#include "platform_log.h"
++
++typedef struct {
++ uintptr_t dev_handle;
++ uintptr_t image_spec;
++} platform_image_source_t;
++
++extern ARM_DRIVER_FLASH FLASH_DEV_NAME;
++
++static io_dev_connector_t *flash_dev_con;
++static uint8_t local_block_flash[FLASH_SECTOR_SIZE];
++static io_flash_dev_spec_t flash_dev_spec = {
++ .buffer = local_block_flash,
++ .bufferlen = FLASH_SECTOR_SIZE,
++ .base_addr = FLASH_BASE_ADDRESS,
++ .flash_driver = &FLASH_DEV_NAME,
++};
++static io_block_spec_t flash_spec = {
++ .offset = FLASH_BASE_ADDRESS,
++ .length = FLASH_TOTAL_SIZE
++};
++
++static platform_image_source_t platform_image_source[] = {
++ [PLATFORM_GPT_IMAGE] = {
++ .dev_handle = NULL,
++ .image_spec = &flash_spec,
++ }
++};
++
++/* Initialize io storage of the platform */
++int32_t plat_io_storage_init(void)
++{
++ int rc = -1;
++ uintptr_t flash_dev_handle = NULL;
++ uintptr_t flash_handle = NULL;
++
++ rc = register_io_dev_flash((const io_dev_connector_t **) &flash_dev_con);
++ if (rc != 0) {
++ ERROR("Failed to register io flash rc: %d", rc);
++ return rc;
++ }
++
++ rc = io_dev_open(flash_dev_con, (const uintptr_t)&flash_dev_spec, &flash_dev_handle);
++ if (rc != 0) {
++ ERROR("Failed to open io flash dev rc: %d", rc);
++ return rc;
++ }
++
++ VERBOSE("Flash_dev_handle = %p",flash_dev_handle);
++
++ rc = io_open(flash_dev_handle, (const uintptr_t)&flash_spec, &flash_handle);
++ if (rc != 0) {
++ ERROR("Failed to open io flash rc: %d", rc);
++ return rc;
++ }
++
++ VERBOSE("Flash_handle = %p",flash_handle);
++
++ rc = io_close(flash_handle);
++ if (rc != 0) {
++ ERROR("Failed to close io flash rc: %d", rc);
++ return rc;
++ }
++ /* Update the platform image source that uses the flash with dev handles */
++ platform_image_source[PLATFORM_GPT_IMAGE].dev_handle = flash_dev_handle;
++
++ return rc;
++}
+
+ /* Return an IO device handle and specification which can be used to access
+ * an image. This has to be implemented for the GPT parser. */
+ int32_t plat_get_image_source(unsigned int image_id, uintptr_t *dev_handle,
+ uintptr_t *image_spec) {
+- (void)image_id;
+- *dev_handle = NULL;
+- *image_spec = NULL;
++ if (image_id >= PLATFORM_IMAGE_COUNT) {
++ return -1;
++ }
++ *dev_handle = platform_image_source[image_id].dev_handle;
++ *image_spec = platform_image_source[image_id].image_spec;
+ return 0;
+ }
+diff --git a/platform/ext/target/arm/corstone1000/platform.h b/platform/ext/target/arm/corstone1000/platform.h
+index 250f9cd9f5..894f5e3090 100644
+--- a/platform/ext/target/arm/corstone1000/platform.h
++++ b/platform/ext/target/arm/corstone1000/platform.h
+@@ -8,6 +8,16 @@
+ #ifndef __PLATFORM_H__
+ #define __PLATFORM_H__
+
++typedef enum {
++ PLATFORM_GPT_IMAGE = 0,
++ PLATFORM_IMAGE_COUNT,
++}platform_image_id_t;
++
++/* Initialize io storage of the platform */
++int32_t plat_io_storage_init(void);
++
++/* Return an IO device handle and specification which can be used to access
++ * an image. This has to be implemented for the GPT parser. */
+ int32_t plat_get_image_source(unsigned int image_id, uintptr_t *dev_handle,
+ uintptr_t *image_spec);
+
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0010-Platform-corstone1000-flash_layout-simplification.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0010-Platform-corstone1000-flash_layout-simplification.patch
new file mode 100644
index 0000000..c3376e1
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0010-Platform-corstone1000-flash_layout-simplification.patch
@@ -0,0 +1,103 @@
+From c385b628aa3588aeb6f86f8b98fd3bdb304a296c Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Wed, 11 Jan 2023 12:47:45 +0000
+Subject: [PATCH 10/10] Platform: corstone1000:flash_layout simplification
+
+Complete the simplification of the flash layout.
+The flash layout contains only the static definitions
+that describe the static layout and the boundries of the dynamic
+regions.
+
+The dynamic regions addresses are known by the GPT parser.
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ .../arm/corstone1000/partition/flash_layout.h | 44 -------------------
+ 1 file changed, 44 deletions(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+index c5cf94a52c..b01a3621b3 100644
+--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h
++++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+@@ -142,28 +142,9 @@
+ * Host: FIP and Kernel image
+ */
+
+-/****** TODO: START : NEED SIMPLIFICATION BASED ON GPT *******************/
+ /* Bank configurations */
+ #define BANK_PARTITION_SIZE (0xFE0000) /* 15.875 MB */
+ #define TFM_PARTITION_SIZE (0x5E000) /* 376 KB */
+-#define FIP_PARTITION_SIZE (0x200000) /* 2 MB */
+-#define KERNEL_PARTITION_SIZE (0xC00000) /* 12 MB */
+-
+-/************************************************************/
+-/* Bank : Images flash offsets are with respect to the bank */
+-/************************************************************/
+-
+-/* Image 0: BL2 primary and secondary images */
+-#define FLASH_AREA_8_ID (1)
+-#define FLASH_AREA_8_OFFSET (0) /* starting from 0th offset of the bank */
+-#define FLASH_AREA_8_SIZE (SE_BL2_PARTITION_SIZE)
+-
+-#define FLASH_AREA_9_ID (FLASH_AREA_8_ID + 1)
+-#define FLASH_AREA_9_OFFSET (FLASH_AREA_8_OFFSET + FLASH_AREA_8_SIZE)
+-#define FLASH_AREA_9_SIZE (SE_BL2_PARTITION_SIZE)
+-
+-#define FWU_METADATA_IMAGE_0_OFFSET (FLASH_AREA_8_OFFSET)
+-#define FWU_METADATA_IMAGE_0_SIZE_LIMIT (FLASH_AREA_8_SIZE + FLASH_AREA_9_SIZE)
+
+ /* Macros needed to imgtool.py, used when creating BL2 signed image */
+ #define BL2_IMAGE_LOAD_ADDRESS (SRAM_BASE + TFM_PARTITION_SIZE + BL2_DATA_GAP_SIZE)
+@@ -172,33 +153,16 @@
+
+ /* Image 1: TF-M primary and secondary images */
+ #define FLASH_AREA_0_ID (1)
+-#define FLASH_AREA_0_OFFSET (FLASH_AREA_9_OFFSET + \
+- FLASH_AREA_9_SIZE)
+ #define FLASH_AREA_0_SIZE (TFM_PARTITION_SIZE)
+-
+ #define FLASH_AREA_1_ID (FLASH_AREA_0_ID + 1)
+-#define FLASH_AREA_1_OFFSET (FLASH_AREA_0_OFFSET + FLASH_AREA_0_SIZE)
+ #define FLASH_AREA_1_SIZE (TFM_PARTITION_SIZE)
+
+-#define FWU_METADATA_IMAGE_1_OFFSET (FLASH_AREA_0_OFFSET)
+-#define FWU_METADATA_IMAGE_1_SIZE_LIMIT (FLASH_AREA_0_SIZE + FLASH_AREA_1_SIZE)
+-
+ /* Image 2: Host FIP */
+ #define FIP_SIGNATURE_AREA_SIZE (0x1000) /* 4 KB */
+
+-#define FLASH_FIP_OFFSET (FLASH_AREA_1_OFFSET + \
+- FLASH_AREA_1_SIZE + FIP_SIGNATURE_AREA_SIZE)
+-#define FLASH_FIP_ADDRESS (FLASH_BASE_ADDRESS + FLASH_FIP_OFFSET)
+-#define FLASH_FIP_SIZE (FIP_PARTITION_SIZE)
+-
+ /* Host BL2 (TF-A) primary and secondary image. */
+ #define FLASH_AREA_2_ID (FLASH_AREA_1_ID + 1)
+ #define FLASH_AREA_3_ID (FLASH_AREA_2_ID + 1)
+-#define FLASH_INVALID_OFFSET (0xFFFFFFFF)
+-#define FLASH_INVALID_SIZE (0xFFFFFFFF)
+-
+-#define FWU_METADATA_IMAGE_2_OFFSET (FLASH_FIP_OFFSET)
+-#define FWU_METADATA_IMAGE_2_SIZE_LIMIT (FLASH_FIP_SIZE)
+
+ /* Macros needed to imgtool.py, used when creating TF-M signed image */
+ #define S_IMAGE_LOAD_ADDRESS (SRAM_BASE)
+@@ -216,14 +180,6 @@
+
+ #define FLASH_AREA_IMAGE_SCRATCH 255
+
+-/* Image 3: Kernel image */
+-#define KERNEL_PARTITION_OFFSET (FLASH_FIP_OFFSET + FLASH_FIP_SIZE)
+-
+-#define FWU_METADATA_IMAGE_3_OFFSET (KERNEL_PARTITION_OFFSET)
+-#define FWU_METADATA_IMAGE_3_SIZE_LIMIT (KERNEL_PARTITION_SIZE)
+-
+-/****** TODO: END : NEED SIMPLIFICATION BASED ON GPT *******************/
+-
+ /*******************************/
+ /*** ITS, PS and NV Counters ***/
+ /*******************************/
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0011-corstone1000-make-sure-to-write-fwu-metadata-to-repl.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0011-corstone1000-make-sure-to-write-fwu-metadata-to-repl.patch
new file mode 100644
index 0000000..24150b6
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0011-corstone1000-make-sure-to-write-fwu-metadata-to-repl.patch
@@ -0,0 +1,43 @@
+From 0ee6842d348e206d511ec89a7ff5b29a6f325456 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Sun, 29 Jan 2023 19:01:08 +0000
+Subject: [PATCH] corstone1000: make sure to write fwu metadata to replica 2
+
+u-boot and other, before using fwu metadata validate if
+the copies in both replicas are good. so, make sure
+we write fwu metadata in both replicas.
+
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../arm/corstone1000/fw_update_agent/fwu_agent.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+index e1fa297ac923..215902ce71b9 100644
+--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+@@ -238,6 +238,20 @@ static enum fwu_agent_error_t metadata_write(
+ return FWU_AGENT_ERROR;
+ }
+
++ FWU_LOG_MSG("%s: enter: flash addr = %u, size = %d\n\r", __func__,
++ FWU_METADATA_REPLICA_2_OFFSET, sizeof(struct fwu_metadata));
++
++ ret = FWU_METADATA_FLASH_DEV.EraseSector(FWU_METADATA_REPLICA_2_OFFSET);
++ if (ret != ARM_DRIVER_OK) {
++ return FWU_AGENT_ERROR;
++ }
++
++ ret = FWU_METADATA_FLASH_DEV.ProgramData(FWU_METADATA_REPLICA_2_OFFSET,
++ p_metadata, sizeof(struct fwu_metadata));
++ if (ret < 0 || ret != sizeof(struct fwu_metadata)) {
++ return FWU_AGENT_ERROR;
++ }
++
+ FWU_LOG_MSG("%s: success: active = %u, previous = %d\n\r", __func__,
+ p_metadata->active_index, p_metadata->previous_active_index);
+ return FWU_AGENT_SUCCESS;
+--
+2.39.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc
index d89aca3..a8e76d0 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc
@@ -11,9 +11,6 @@
EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}"
EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=OFF"
-## Setting SPM backend to IPC
-EXTRA_OECMAKE += "-DCONFIG_TFM_SPM_BACKEND=IPC"
-
# libmetal
LICENSE += "& BSD-3-Clause"
LIC_FILES_CHKSUM += "file://../libmetal/LICENSE.md;md5=fe0b8a4beea8f0813b606d15a3df3d3c"
@@ -30,8 +27,18 @@
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
-SRC_URI:append= " \
- file://0001-Platform-corstone1000-Increase-number-of-assets.patch \
+SRC_URI:append:corstone1000 = " \
+ file://0001-Platform-corstone1000-Introduce-IO-framework.patch \
+ file://0002-Platform-corstone1000-Add-IO-test-in-ci_regressions.patch \
+ file://0003-Platform-corstone1000-Add-soft-crc32-calculation.patch \
+ file://0004-Platform-corstone1000-calculate-metadata-crc32.patch \
+ file://0005-Platform-corstone1000-fwu-metadata_read-validate-crc.patch \
+ file://0006-Platform-corstone1000-Add-common-platform-logger.patch \
+ file://0007-Platform-corstone1000-Introduce-GPT-parser.patch \
+ file://0008-Platform-corstone1000-BL1-changes-to-adapt-to-new-fl.patch \
+ file://0009-Platform-corstone1000-BL2-uses-GPT-layout.patch \
+ file://0010-Platform-corstone1000-flash_layout-simplification.patch \
+ file://0011-corstone1000-make-sure-to-write-fwu-metadata-to-repl.patch \
"
do_install() {
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-drivers-nvmxip-introduce-NVM-XIP-block-storage-emula.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-drivers-nvmxip-introduce-NVM-XIP-block-storage-emula.patch
new file mode 100644
index 0000000..30baf68
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-drivers-nvmxip-introduce-NVM-XIP-block-storage-emula.patch
@@ -0,0 +1,595 @@
+From 1d277bc8c275fae8e8cd400344bdacbdce3a6b46 Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Tue, 13 Dec 2022 19:47:49 +0000
+Subject: [PATCH 27/43] drivers/nvmxip: introduce NVM XIP block storage
+ emulation
+
+add block storage emulation for NVM XIP flash devices
+
+Some paltforms such as Corstone-1000 need to see NVM XIP raw flash
+as a block storage device with read only capability.
+
+Here NVM flash devices are devices with addressable
+memory (e.g: QSPI NOR flash).
+
+The implementation is generic and can be used by different platforms.
+
+Two drivers are provided as follows.
+
+ nvmxip-blk :
+
+ a generic block driver allowing to read from the XIP flash
+
+ nvmxip_qspi :
+
+ The driver probed with the DT and parent of the nvmxip-blk device.
+ nvmxip_qspi can be reused by other platforms. If the platform
+ has custom settings to apply before using the flash, then the platform
+ can provide its own parent driver belonging to UCLASS_NVMXIP and reuse
+ nvmxip-blk. The custom driver can be implmented like nvmxip_qspi in
+ addition to the platform custom settings.
+
+Platforms can use multiple NVM XIP devices at the same time by defining a
+DT node for each one of them.
+
+For more details please refer to doc/develop/driver-model/nvmxip.rst
+
+Upstream-Status: Submitted
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ MAINTAINERS | 7 ++
+ doc/develop/driver-model/index.rst | 1 +
+ doc/develop/driver-model/nvmxip.rst | 70 ++++++++++++
+ doc/device-tree-bindings/nvmxip/nvmxip.txt | 56 +++++++++
+ drivers/Kconfig | 2 +
+ drivers/Makefile | 1 +
+ drivers/block/blk-uclass.c | 1 +
+ drivers/nvmxip/Kconfig | 17 +++
+ drivers/nvmxip/Makefile | 7 ++
+ drivers/nvmxip/nvmxip-uclass.c | 13 +++
+ drivers/nvmxip/nvmxip.c | 127 +++++++++++++++++++++
+ drivers/nvmxip/nvmxip.h | 46 ++++++++
+ drivers/nvmxip/nvmxip_qspi.c | 65 +++++++++++
+ include/dm/uclass-id.h | 1 +
+ 14 files changed, 414 insertions(+)
+ create mode 100644 doc/develop/driver-model/nvmxip.rst
+ create mode 100644 doc/device-tree-bindings/nvmxip/nvmxip.txt
+ create mode 100644 drivers/nvmxip/Kconfig
+ create mode 100644 drivers/nvmxip/Makefile
+ create mode 100644 drivers/nvmxip/nvmxip-uclass.c
+ create mode 100644 drivers/nvmxip/nvmxip.c
+ create mode 100644 drivers/nvmxip/nvmxip.h
+ create mode 100644 drivers/nvmxip/nvmxip_qspi.c
+
+diff --git a/MAINTAINERS b/MAINTAINERS
+index 9feaf0502f5b..ba15dd02d58d 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -1204,6 +1204,13 @@ F: cmd/nvme.c
+ F: include/nvme.h
+ F: doc/develop/driver-model/nvme.rst
+
++NVMXIP
++M: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++S: Maintained
++F: doc/develop/driver-model/nvmxip.rst
++F: doc/device-tree-bindings/nvmxip/nvmxip.txt
++F: drivers/nvmxip/
++
+ NVMEM
+ M: Sean Anderson <seanga2@gmail.com>
+ S: Maintained
+diff --git a/doc/develop/driver-model/index.rst b/doc/develop/driver-model/index.rst
+index 7366ef818c5a..8e12bbd9366a 100644
+--- a/doc/develop/driver-model/index.rst
++++ b/doc/develop/driver-model/index.rst
+@@ -20,6 +20,7 @@ subsystems
+ livetree
+ migration
+ nvme
++ nvmxip
+ of-plat
+ pci-info
+ pmic-framework
+diff --git a/doc/develop/driver-model/nvmxip.rst b/doc/develop/driver-model/nvmxip.rst
+new file mode 100644
+index 000000000000..91b24e4e50d2
+--- /dev/null
++++ b/doc/develop/driver-model/nvmxip.rst
+@@ -0,0 +1,70 @@
++.. SPDX-License-Identifier: GPL-2.0+
++
++NVM XIP Block Storage Emulation Driver
++=======================================
++
++Summary
++-------
++
++Non-Volatile Memory devices with addressable memory (e.g: QSPI NOR flash) could
++be used for block storage needs (e.g: parsing a GPT layout in a raw QSPI NOR flash).
++
++The NVMXIP class provides this functionality and can be used for any 64-bit platform.
++
++The NVMXIP class provides the following drivers:
++
++ nvmxip-blk :
++
++ A generic block driver allowing to read from the XIP flash.
++ The driver belongs to UCLASS_BLK.
++ The driver implemented by drivers/nvmxip/nvmxip.c
++
++ nvmxip_qspi :
++
++ The driver probed with the DT and parent of the nvmxip-blk device.
++ nvmxip_qspi can be reused by other platforms. If the platform
++ has custom settings to apply before using the flash, then the platform
++ can provide its own parent driver belonging to UCLASS_NVMXIP and reuse
++ nvmxip-blk. The custom driver can be implmented like nvmxip_qspi in
++ addition to the platform custom settings.
++ The nvmxip_qspi driver belongs to UCLASS_NVMXIP.
++ The driver implemented by drivers/nvmxip/nvmxip_qspi.c
++
++ The implementation is generic and can be used by different platforms.
++
++Supported hardware
++--------------------------------
++
++Any 64-bit plaform.
++
++Configuration
++----------------------
++
++config NVMXIP
++ This option allows the emulation of a block storage device
++ on top of a direct access non volatile memory XIP flash devices.
++ This support provides the read operation.
++ This option provides the block storage driver nvmxip-blk which
++ handles the read operation. This driver is HW agnostic and can support
++ multiple flash devices at the same time.
++
++config NVMXIP_QSPI
++ This option allows the emulation of a block storage device on top of a QSPI XIP flash.
++ Any platform that needs to emulate one or multiple XIP flash devices can turn this
++ option on to enable the functionality. NVMXIP config is selected automatically.
++ Platforms that need to add custom treatments before accessing to the flash, can
++ write their own driver (same as nvmxip_qspi in addition to the custom settings).
++
++Device Tree nodes
++--------------------
++
++Multiple XIP flash devices can be used at the same time by describing them through DT
++nodes.
++
++Please refer to the documentation of the DT binding at:
++
++doc/device-tree-bindings/nvmxip/nvmxip.txt
++
++Contributors
++------------
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+diff --git a/doc/device-tree-bindings/nvmxip/nvmxip.txt b/doc/device-tree-bindings/nvmxip/nvmxip.txt
+new file mode 100644
+index 000000000000..7c4b03f66b57
+--- /dev/null
++++ b/doc/device-tree-bindings/nvmxip/nvmxip.txt
+@@ -0,0 +1,56 @@
++Specifying NVMXIP information for devices
++======================================
++
++NVM XIP flash device nodes
++---------------------------
++
++Each flash device should have its own node.
++
++Each node must specify the following fields:
++
++1)
++ compatible = "nvmxip,qspi";
++
++This allows to bind the flash device with the nvmxip_qspi driver
++If a platform has its own driver, please provide your own compatible
++string.
++
++2)
++ reg = <0x0 0x08000000 0x0 0x00200000>;
++
++The start address and size of the flash device. The values give here are an
++example (when the cell size is 2).
++
++When cell size is 1, the reg field looks like this:
++
++ reg = <0x08000000 0x00200000>;
++
++3)
++
++ lba_shift = <9>;
++
++The number of bit shifts used to calculate the size in bytes of one block.
++In this example the block size is 1 << 9 = 2 ^ 9 = 512 bytes
++
++4)
++
++ lba = <4096>;
++
++The number of blocks.
++
++Example of multiple flash devices
++----------------------------------------------------
++
++ nvmxip-qspi1@08000000 {
++ compatible = "nvmxip,qspi";
++ reg = <0x0 0x08000000 0x0 0x00200000>;
++ lba_shift = <9>;
++ lba = <4096>;
++ };
++
++ nvmxip-qspi2@08200000 {
++ compatible = "nvmxip,qspi";
++ reg = <0x0 0x08200000 0x0 0x00100000>;
++ lba_shift = <9>;
++ lba = <2048>;
++ };
+diff --git a/drivers/Kconfig b/drivers/Kconfig
+index e51f0547c3da..d425ff1e76c7 100644
+--- a/drivers/Kconfig
++++ b/drivers/Kconfig
+@@ -78,6 +78,8 @@ source "drivers/net/Kconfig"
+
+ source "drivers/nvme/Kconfig"
+
++source "drivers/nvmxip/Kconfig"
++
+ source "drivers/pci/Kconfig"
+
+ source "drivers/pci_endpoint/Kconfig"
+diff --git a/drivers/Makefile b/drivers/Makefile
+index f0a7530295c5..fb1b62cbd6ff 100644
+--- a/drivers/Makefile
++++ b/drivers/Makefile
+@@ -89,6 +89,7 @@ obj-$(CONFIG_FWU_MDATA) += fwu-mdata/
+ obj-y += misc/
+ obj-$(CONFIG_MMC) += mmc/
+ obj-$(CONFIG_NVME) += nvme/
++obj-$(CONFIG_NVMXIP) += nvmxip/
+ obj-$(CONFIG_PCI_ENDPOINT) += pci_endpoint/
+ obj-y += dfu/
+ obj-$(CONFIG_PCH) += pch/
+diff --git a/drivers/block/blk-uclass.c b/drivers/block/blk-uclass.c
+index c69fc4d51829..e8ab576c3253 100644
+--- a/drivers/block/blk-uclass.c
++++ b/drivers/block/blk-uclass.c
+@@ -28,6 +28,7 @@ static struct {
+ { UCLASS_AHCI, "sata" },
+ { UCLASS_HOST, "host" },
+ { UCLASS_NVME, "nvme" },
++ { UCLASS_NVMXIP, "nvmxip" },
+ { UCLASS_EFI_MEDIA, "efi" },
+ { UCLASS_EFI_LOADER, "efiloader" },
+ { UCLASS_VIRTIO, "virtio" },
+diff --git a/drivers/nvmxip/Kconfig b/drivers/nvmxip/Kconfig
+new file mode 100644
+index 000000000000..6a23acaf1895
+--- /dev/null
++++ b/drivers/nvmxip/Kconfig
+@@ -0,0 +1,17 @@
++# SPDX-License-Identifier: GPL-2.0+
++#
++# Copyright (C) 2022, Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++
++config NVMXIP
++ bool "NVM XIP devices support"
++ select BLK
++ help
++ This option allows the emulation of a block storage device
++ on top of a direct access non volatile memory XIP flash devices.
++ This support provides the read operation.
++
++config NVMXIP_QSPI
++ bool "QSPI XIP support"
++ select NVMXIP
++ help
++ This option allows the emulation of a block storage device on top of a QSPI XIP flash
+diff --git a/drivers/nvmxip/Makefile b/drivers/nvmxip/Makefile
+new file mode 100644
+index 000000000000..d8ad2a160b47
+--- /dev/null
++++ b/drivers/nvmxip/Makefile
+@@ -0,0 +1,7 @@
++# SPDX-License-Identifier: GPL-2.0+
++#
++# (C) Copyright 2022
++# Abdellatif El Khlifi, Arm Limited, abdellatif.elkhlifi@arm.com.
++
++obj-y += nvmxip-uclass.o nvmxip.o
++obj-$(CONFIG_NVMXIP_QSPI) += nvmxip_qspi.o
+diff --git a/drivers/nvmxip/nvmxip-uclass.c b/drivers/nvmxip/nvmxip-uclass.c
+new file mode 100644
+index 000000000000..0f7e47b8af86
+--- /dev/null
++++ b/drivers/nvmxip/nvmxip-uclass.c
+@@ -0,0 +1,13 @@
++// SPDX-License-Identifier: GPL-2.0+
++/*
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#include <common.h>
++#include <dm.h>
++
++UCLASS_DRIVER(nvmxip) = {
++ .name = "nvmxip",
++ .id = UCLASS_NVMXIP,
++};
+diff --git a/drivers/nvmxip/nvmxip.c b/drivers/nvmxip/nvmxip.c
+new file mode 100644
+index 000000000000..6ba48183c575
+--- /dev/null
++++ b/drivers/nvmxip/nvmxip.c
+@@ -0,0 +1,127 @@
++// SPDX-License-Identifier: GPL-2.0+
++/*
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#include <common.h>
++#include <dm.h>
++#include <dm/device-internal.h>
++#include "nvmxip.h"
++
++static u32 nvmxip_bdev_max_devs;
++
++static int nvmxip_mmio_rawread(const phys_addr_t address, u64 *value)
++{
++ *value = readq(address);
++ return 0;
++}
++
++static ulong nvmxip_blk_read(struct udevice *udev, lbaint_t blknr, lbaint_t blkcnt, void *buffer)
++{
++ struct nvmxip_blk_priv *bpriv_data = dev_get_priv(udev);
++ struct blk_desc *desc = dev_get_uclass_plat(udev);
++
++ /* size of 1 block */
++ /* number of the u64 words to read */
++ u32 qwords = (blkcnt * desc->blksz) / sizeof(u64);
++ /* physical address of the first block to read */
++ phys_addr_t blkaddr = bpriv_data->pplat_data->phys_base + blknr * desc->blksz;
++ u64 *virt_blkaddr;
++ u64 *pdst = buffer;
++ u32 qdata_idx;
++
++ if (!pdst)
++ return -EINVAL;
++
++ pr_debug("[%s]: reading from blknr: %lu , blkcnt: %lu\n", udev->name, blknr, blkcnt);
++
++ virt_blkaddr = map_sysmem(blkaddr, 0);
++
++ /* assumption: the data is virtually contiguous */
++
++ for (qdata_idx = 0 ; qdata_idx < qwords ; qdata_idx++)
++ nvmxip_mmio_rawread((phys_addr_t)(virt_blkaddr + qdata_idx), pdst++);
++
++ pr_debug("[%s]: src[0]: 0x%llx , dst[0]: 0x%llx , src[-1]: 0x%llx , dst[-1]: 0x%llx\n",
++ udev->name,
++ *virt_blkaddr,
++ *(u64 *)buffer,
++ *(u64 *)((u8 *)virt_blkaddr + desc->blksz * blkcnt - sizeof(u64)),
++ *(u64 *)((u8 *)buffer + desc->blksz * blkcnt - sizeof(u64)));
++
++ unmap_sysmem(virt_blkaddr);
++
++ return blkcnt;
++}
++
++static int nvmxip_blk_probe(struct udevice *udev)
++{
++ struct nvmxip_priv *ppriv_data = dev_get_priv(udev->parent);
++ struct blk_desc *desc = dev_get_uclass_plat(udev);
++ struct nvmxip_blk_priv *bpriv_data = dev_get_priv(udev);
++
++ bpriv_data->bdev = udev;
++ bpriv_data->pplat_data = ppriv_data->plat_data;
++ desc->lba = bpriv_data->pplat_data->lba;
++ desc->log2blksz = bpriv_data->pplat_data->lba_shift;
++ desc->blksz = 1 << bpriv_data->pplat_data->lba_shift;
++ desc->bdev = bpriv_data->bdev;
++
++ pr_debug("[%s]: block storage layout\n lbas: %lu , log2blksz: %d, blksz: %lu\n",
++ udev->name, desc->lba, desc->log2blksz, desc->blksz);
++
++ return 0;
++}
++
++int nvmxip_init(struct udevice *udev)
++{
++ struct nvmxip_plat *plat_data = dev_get_plat(udev);
++ struct nvmxip_priv *priv_data = dev_get_priv(udev);
++ int ret;
++ struct udevice *bdev = NULL;
++ char bdev_name[NVMXIP_BLKDEV_NAME_SZ + 1] = {0};
++
++ priv_data->udev = udev;
++ priv_data->plat_data = plat_data;
++
++ nvmxip_bdev_max_devs++;
++
++ snprintf(bdev_name, NVMXIP_BLKDEV_NAME_SZ, "nvmxip-blk#%d", nvmxip_bdev_max_devs);
++
++ ret = blk_create_devicef(udev, NVMXIP_BLKDRV_NAME, bdev_name, UCLASS_NVMXIP,
++ nvmxip_bdev_max_devs, NVMXIP_DEFAULT_LBA_SZ,
++ NVMXIP_DEFAULT_LBA_COUNT, &bdev);
++ if (ret) {
++ pr_err("[%s]: failure during creation of the block device %s, error %d\n",
++ udev->name, bdev_name, ret);
++ goto blkdev_setup_error;
++ }
++
++ ret = blk_probe_or_unbind(bdev);
++ if (ret) {
++ pr_err("[%s]: failure during probing the block device %s, error %d\n",
++ udev->name, bdev_name, ret);
++ goto blkdev_setup_error;
++ }
++
++ pr_info("[%s]: the block device %s ready for use\n", udev->name, bdev_name);
++
++ return 0;
++
++blkdev_setup_error:
++ nvmxip_bdev_max_devs--;
++ return ret;
++}
++
++static const struct blk_ops nvmxip_blk_ops = {
++ .read = nvmxip_blk_read,
++};
++
++U_BOOT_DRIVER(nvmxip_blk) = {
++ .name = NVMXIP_BLKDRV_NAME,
++ .id = UCLASS_BLK,
++ .probe = nvmxip_blk_probe,
++ .ops = &nvmxip_blk_ops,
++ .priv_auto = sizeof(struct nvmxip_blk_priv),
++};
+diff --git a/drivers/nvmxip/nvmxip.h b/drivers/nvmxip/nvmxip.h
+new file mode 100644
+index 000000000000..393172cc2f86
+--- /dev/null
++++ b/drivers/nvmxip/nvmxip.h
+@@ -0,0 +1,46 @@
++/* SPDX-License-Identifier: GPL-2.0+ */
++/*
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#ifndef __DRIVER_NVMXIP_H__
++#define __DRIVER_NVMXIP_H__
++
++#include <asm/io.h>
++#include <blk.h>
++#include <linux/bitops.h>
++#include <linux/compat.h>
++#include <mapmem.h>
++
++#define NVMXIP_BLKDRV_NAME "nvmxip-blk"
++
++#define NVMXIP_BLKDEV_NAME_SZ 20
++
++#define NVMXIP_DEFAULT_LBA_SHIFT 10 /* 1024 bytes per block */
++#define NVMXIP_DEFAULT_LBA_COUNT 1024 /* block count */
++
++#define NVMXIP_DEFAULT_LBA_SZ BIT(NVMXIP_DEFAULT_LBA_SHIFT)
++
++/* NVM XIP device platform data */
++struct nvmxip_plat {
++ phys_addr_t phys_base; /* NVM XIP device base address */
++ u32 lba_shift; /* block size shift count (read from device tree) */
++ lbaint_t lba; /* number of blocks (read from device tree) */
++};
++
++/* NVM XIP device private data */
++struct nvmxip_priv {
++ struct udevice *udev;
++ struct nvmxip_plat *plat_data;
++};
++
++/* Private data of the block device associated with the NVM XIP device (the parent) */
++struct nvmxip_blk_priv {
++ struct udevice *bdev;
++ struct nvmxip_plat *pplat_data; /* parent device platform data */
++};
++
++int nvmxip_init(struct udevice *udev);
++
++#endif /* __DRIVER_NVMXIP_H__ */
+diff --git a/drivers/nvmxip/nvmxip_qspi.c b/drivers/nvmxip/nvmxip_qspi.c
+new file mode 100644
+index 000000000000..749625134acd
+--- /dev/null
++++ b/drivers/nvmxip/nvmxip_qspi.c
+@@ -0,0 +1,65 @@
++// SPDX-License-Identifier: GPL-2.0+
++/*
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#include <common.h>
++#include <dm.h>
++#include <fdt_support.h>
++#include "nvmxip.h"
++
++#include <asm/global_data.h>
++DECLARE_GLOBAL_DATA_PTR;
++
++#define NVMXIP_QSPI_DRV_NAME "nvmxip_qspi"
++
++static int nvmxip_qspi_probe(struct udevice *dev)
++{
++ pr_debug("[%s][%s]\n", __func__, dev->name);
++ return nvmxip_init(dev);
++}
++
++static int nvmxip_qspi_of_to_plat(struct udevice *dev)
++{
++ struct nvmxip_plat *plat_data = dev_get_plat(dev);
++ int ret;
++
++ plat_data->phys_base = (phys_addr_t)dev_read_addr(dev);
++ if (plat_data->phys_base == FDT_ADDR_T_NONE) {
++ pr_err("[%s]: can not get base address from device tree\n", dev->name);
++ return -EINVAL;
++ }
++
++ ret = dev_read_u32(dev, "lba_shift", &plat_data->lba_shift);
++ if (ret) {
++ pr_err("[%s]: can not get lba_shift from device tree\n", dev->name);
++ return -EINVAL;
++ }
++
++ ret = dev_read_u32(dev, "lba", (u32 *)&plat_data->lba);
++ if (ret) {
++ pr_err("[%s]: can not get lba from device tree\n", dev->name);
++ return -EINVAL;
++ }
++
++ pr_debug("[%s]: XIP device base addr: 0x%llx , lba_shift: %d , lbas: %lu\n",
++ dev->name, plat_data->phys_base, plat_data->lba_shift, plat_data->lba);
++
++ return 0;
++}
++
++static const struct udevice_id nvmxip_qspi_ids[] = {
++ { .compatible = "nvmxip,qspi" },
++ { /* sentinel */ }
++};
++
++U_BOOT_DRIVER(nvmxip_qspi) = {
++ .name = NVMXIP_QSPI_DRV_NAME,
++ .id = UCLASS_NVMXIP,
++ .of_match = nvmxip_qspi_ids,
++ .of_to_plat = nvmxip_qspi_of_to_plat,
++ .priv_auto = sizeof(struct nvmxip_priv),
++ .plat_auto = sizeof(struct nvmxip_plat),
++ .probe = nvmxip_qspi_probe,
++};
+diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h
+index fa08a66ac8e0..f3564a49d912 100644
+--- a/include/dm/uclass-id.h
++++ b/include/dm/uclass-id.h
+@@ -92,6 +92,7 @@ enum uclass_id {
+ UCLASS_NOP, /* No-op devices */
+ UCLASS_NORTHBRIDGE, /* Intel Northbridge / SDRAM controller */
+ UCLASS_NVME, /* NVM Express device */
++ UCLASS_NVMXIP, /* NVM XIP devices */
+ UCLASS_P2SB, /* (x86) Primary-to-Sideband Bus */
+ UCLASS_PANEL, /* Display panel, such as an LCD */
+ UCLASS_PANEL_BACKLIGHT, /* Backlight controller for panel */
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-sandbox64-fix-return-unsigned-long-in-readq.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-sandbox64-fix-return-unsigned-long-in-readq.patch
new file mode 100644
index 0000000..b0e8366
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-sandbox64-fix-return-unsigned-long-in-readq.patch
@@ -0,0 +1,46 @@
+From 3262ee6a5300221969e61eff7a8f18336a135a73 Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Fri, 16 Dec 2022 17:20:58 +0000
+Subject: [PATCH 28/43] sandbox64: fix: return unsigned long in readq()
+
+make readq return unsigned long
+
+readq should return 64-bit data
+
+Upstream-Status: Submitted
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ arch/sandbox/cpu/cpu.c | 2 +-
+ arch/sandbox/include/asm/io.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/sandbox/cpu/cpu.c b/arch/sandbox/cpu/cpu.c
+index 636d3545b954..248d17a85c82 100644
+--- a/arch/sandbox/cpu/cpu.c
++++ b/arch/sandbox/cpu/cpu.c
+@@ -230,7 +230,7 @@ phys_addr_t map_to_sysmem(const void *ptr)
+ return mentry->tag;
+ }
+
+-unsigned int sandbox_read(const void *addr, enum sandboxio_size_t size)
++unsigned long sandbox_read(const void *addr, enum sandboxio_size_t size)
+ {
+ struct sandbox_state *state = state_get_current();
+
+diff --git a/arch/sandbox/include/asm/io.h b/arch/sandbox/include/asm/io.h
+index ad6c29a4e26c..31ab7289b4bd 100644
+--- a/arch/sandbox/include/asm/io.h
++++ b/arch/sandbox/include/asm/io.h
+@@ -45,7 +45,7 @@ static inline void unmap_sysmem(const void *vaddr)
+ /* Map from a pointer to our RAM buffer */
+ phys_addr_t map_to_sysmem(const void *ptr);
+
+-unsigned int sandbox_read(const void *addr, enum sandboxio_size_t size);
++unsigned long sandbox_read(const void *addr, enum sandboxio_size_t size);
+ void sandbox_write(void *addr, unsigned int val, enum sandboxio_size_t size);
+
+ #define readb(addr) sandbox_read((const void *)addr, SB_SIZE_8)
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-sandbox64-add-support-for-NVMXIP-QSPI.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-sandbox64-add-support-for-NVMXIP-QSPI.patch
new file mode 100644
index 0000000..d6168b9
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-sandbox64-add-support-for-NVMXIP-QSPI.patch
@@ -0,0 +1,113 @@
+From 2b0606f603de13524ce9b63578f4c3358c3ac6df Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Thu, 22 Dec 2022 12:15:42 +0000
+Subject: [PATCH 29/43] sandbox64: add support for NVMXIP QSPI
+
+enable NVMXIP QSPI for sandbox 64-bit
+
+Adding two NVM XIP QSPI storage devices.
+
+Upstream-Status: Submitted
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ arch/sandbox/dts/sandbox64.dts | 13 +++++++++++++
+ arch/sandbox/dts/test.dts | 14 ++++++++++++++
+ configs/sandbox_defconfig | 1 +
+ drivers/nvmxip/nvmxip.c | 4 ++++
+ drivers/nvmxip/nvmxip.h | 3 +++
+ 5 files changed, 35 insertions(+)
+
+diff --git a/arch/sandbox/dts/sandbox64.dts b/arch/sandbox/dts/sandbox64.dts
+index a9cd7908f83e..aed3801af8a9 100644
+--- a/arch/sandbox/dts/sandbox64.dts
++++ b/arch/sandbox/dts/sandbox64.dts
+@@ -89,6 +89,19 @@
+ cs-gpios = <0>, <&gpio_a 0>;
+ };
+
++ nvmxip-qspi1@08000000 {
++ compatible = "nvmxip,qspi";
++ reg = <0x0 0x08000000 0x0 0x00200000>;
++ lba_shift = <9>;
++ lba = <4096>;
++ };
++
++ nvmxip-qspi2@08200000 {
++ compatible = "nvmxip,qspi";
++ reg = <0x0 0x08200000 0x0 0x00100000>;
++ lba_shift = <9>;
++ lba = <2048>;
++ };
+ };
+
+ #include "sandbox.dtsi"
+diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts
+index 2e580f980fc6..54f2b308e793 100644
+--- a/arch/sandbox/dts/test.dts
++++ b/arch/sandbox/dts/test.dts
+@@ -1756,6 +1756,20 @@
+ compatible = "u-boot,fwu-mdata-gpt";
+ fwu-mdata-store = <&mmc0>;
+ };
++
++ nvmxip-qspi1@08000000 {
++ compatible = "nvmxip,qspi";
++ reg = <0x08000000 0x00200000>;
++ lba_shift = <9>;
++ lba = <4096>;
++ };
++
++ nvmxip-qspi2@08200000 {
++ compatible = "nvmxip,qspi";
++ reg = <0x08200000 0x00100000>;
++ lba_shift = <9>;
++ lba = <2048>;
++ };
+ };
+
+ #include "sandbox_pmic.dtsi"
+diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
+index e6ea96a6b924..f22230b5cce2 100644
+--- a/configs/sandbox_defconfig
++++ b/configs/sandbox_defconfig
+@@ -138,6 +138,7 @@ CONFIG_NETCONSOLE=y
+ CONFIG_IP_DEFRAG=y
+ CONFIG_BOOTP_SERVERIP=y
+ CONFIG_IPV6=y
++CONFIG_NVMXIP_QSPI=y
+ CONFIG_DM_DMA=y
+ CONFIG_DEVRES=y
+ CONFIG_DEBUG_DEVRES=y
+diff --git a/drivers/nvmxip/nvmxip.c b/drivers/nvmxip/nvmxip.c
+index 6ba48183c575..af9c9a3b7270 100644
+--- a/drivers/nvmxip/nvmxip.c
++++ b/drivers/nvmxip/nvmxip.c
+@@ -85,6 +85,10 @@ int nvmxip_init(struct udevice *udev)
+ priv_data->udev = udev;
+ priv_data->plat_data = plat_data;
+
++#if CONFIG_IS_ENABLED(SANDBOX64)
++ sandbox_set_enable_memio(true);
++#endif
++
+ nvmxip_bdev_max_devs++;
+
+ snprintf(bdev_name, NVMXIP_BLKDEV_NAME_SZ, "nvmxip-blk#%d", nvmxip_bdev_max_devs);
+diff --git a/drivers/nvmxip/nvmxip.h b/drivers/nvmxip/nvmxip.h
+index 393172cc2f86..0384ce2e2b47 100644
+--- a/drivers/nvmxip/nvmxip.h
++++ b/drivers/nvmxip/nvmxip.h
+@@ -8,6 +8,9 @@
+ #define __DRIVER_NVMXIP_H__
+
+ #include <asm/io.h>
++#if CONFIG_IS_ENABLED(SANDBOX64)
++#include <asm/test.h>
++#endif
+ #include <blk.h>
+ #include <linux/bitops.h>
+ #include <linux/compat.h>
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0030-corstone1000-add-NVM-XIP-QSPI-device-tree-node.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0030-corstone1000-add-NVM-XIP-QSPI-device-tree-node.patch
new file mode 100644
index 0000000..21ad210
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0030-corstone1000-add-NVM-XIP-QSPI-device-tree-node.patch
@@ -0,0 +1,35 @@
+From 3f72e390fc8e1a0d774d80c3ccd21be38c9af1db Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Mon, 19 Dec 2022 13:20:19 +0000
+Subject: [PATCH 30/43] corstone1000: add NVM XIP QSPI device tree node
+
+add QSPI flash device node for block storage access
+
+Upstream-Status: Submitted
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ arch/arm/dts/corstone1000.dtsi | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi
+index 61e0c33247ce..faf4e12bab2a 100644
+--- a/arch/arm/dts/corstone1000.dtsi
++++ b/arch/arm/dts/corstone1000.dtsi
+@@ -38,6 +38,13 @@
+ reg = <0x88200000 0x77e00000>;
+ };
+
++ nvmxip-qspi@08000000 {
++ compatible = "nvmxip,qspi";
++ reg = <0x08000000 0x2000000>;
++ lba_shift = <9>;
++ lba = <65536>;
++ };
++
+ gic: interrupt-controller@1c000000 {
+ compatible = "arm,gic-400";
+ #interrupt-cells = <3>;
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0031-corstone1000-enable-NVM-XIP-QSPI-flash.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0031-corstone1000-enable-NVM-XIP-QSPI-flash.patch
new file mode 100644
index 0000000..64bf97d
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0031-corstone1000-enable-NVM-XIP-QSPI-flash.patch
@@ -0,0 +1,29 @@
+From 0c3d61d499039ff0828376bb21b4fb1de071b8d2 Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Mon, 19 Dec 2022 13:25:23 +0000
+Subject: [PATCH 31/43] corstone1000: enable NVM XIP QSPI flash
+
+add the QSPI flash device with block storage capability
+
+Upstream-Status: Submitted
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ configs/corstone1000_defconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index 1179bf5f3bfd..2986cc95932f 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -58,6 +58,7 @@ CONFIG_DM_SERIAL=y
+ CONFIG_USB=y
+ CONFIG_USB_ISP1760=y
+ CONFIG_ERRNO_STR=y
++CONFIG_NVMXIP_QSPI=y
+ CONFIG_EFI_MM_COMM_TEE=y
+ CONFIG_ARM_FFA_TRANSPORT=y
+ CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0032-sandbox64-add-a-test-case-for-UCLASS_NVMXIP.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0032-sandbox64-add-a-test-case-for-UCLASS_NVMXIP.patch
new file mode 100644
index 0000000..5724283
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0032-sandbox64-add-a-test-case-for-UCLASS_NVMXIP.patch
@@ -0,0 +1,174 @@
+From 3be91bde755c376a38c3affb9640b39df1acdd9c Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Thu, 22 Dec 2022 11:30:16 +0000
+Subject: [PATCH 32/43] sandbox64: add a test case for UCLASS_NVMXIP
+
+provide a test for NVM XIP devices
+
+The test case allows to make sure of the following:
+
+- The NVM XIP QSPI devices are probed
+- The DT entries are read correctly
+- the data read from the flash by the NVMXIP block driver is correct
+
+Upstream-Status: Submitted
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ MAINTAINERS | 1 +
+ test/dm/Makefile | 4 ++
+ test/dm/nvmxip.c | 115 +++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 120 insertions(+)
+ create mode 100644 test/dm/nvmxip.c
+
+diff --git a/MAINTAINERS b/MAINTAINERS
+index ba15dd02d58d..82cb6075cb32 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -1210,6 +1210,7 @@ S: Maintained
+ F: doc/develop/driver-model/nvmxip.rst
+ F: doc/device-tree-bindings/nvmxip/nvmxip.txt
+ F: drivers/nvmxip/
++F: test/dm/nvmxip.c
+
+ NVMEM
+ M: Sean Anderson <seanga2@gmail.com>
+diff --git a/test/dm/Makefile b/test/dm/Makefile
+index 85e99e1c120e..bc8214da2da2 100644
+--- a/test/dm/Makefile
++++ b/test/dm/Makefile
+@@ -18,6 +18,10 @@ obj-$(CONFIG_UT_DM) += test-uclass.o
+ obj-$(CONFIG_UT_DM) += core.o
+ obj-$(CONFIG_UT_DM) += read.o
+ obj-$(CONFIG_UT_DM) += phys2bus.o
++ifeq ($(CONFIG_NVMXIP_QSPI)$(CONFIG_SANDBOX64),yy)
++obj-y += nvmxip.o
++endif
++
+ ifneq ($(CONFIG_SANDBOX),)
+ ifeq ($(CONFIG_ACPIGEN),y)
+ obj-y += acpi.o
+diff --git a/test/dm/nvmxip.c b/test/dm/nvmxip.c
+new file mode 100644
+index 000000000000..484e6077b4a9
+--- /dev/null
++++ b/test/dm/nvmxip.c
+@@ -0,0 +1,115 @@
++// SPDX-License-Identifier: GPL-2.0+
++/*
++ * Functional tests for UCLASS_FFA class
++ *
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#include <common.h>
++#include <console.h>
++#include <blk.h>
++#include <dm.h>
++#include <dm/test.h>
++#include "../../drivers/nvmxip/nvmxip.h"
++#include <test/test.h>
++#include <test/ut.h>
++
++/* NVMXIP devices described in the device tree */
++#define SANDBOX_NVMXIP_DEVICES 2
++
++/* reference device tree data for the probed devices */
++static struct nvmxip_plat nvmqspi_refdata[SANDBOX_NVMXIP_DEVICES] = {
++ {0x08000000, 9, 4096}, {0x08200000, 9, 2048}
++};
++
++#define NVMXIP_BLK_START_PATTERN 0x1122334455667788ULL
++#define NVMXIP_BLK_END_PATTERN 0xa1a2a3a4a5a6a7a8ULL
++
++static int dm_nvmxip_flash_sanity(u8 device_idx, void *buffer)
++{
++ int i;
++ u64 *ptr = NULL;
++ u8 *base = NULL;
++ unsigned long blksz;
++
++ blksz = 1 << nvmqspi_refdata[device_idx].lba_shift;
++
++ /* if buffer not NULL, init the flash with the pattern data*/
++ if (!buffer)
++ base = map_sysmem(nvmqspi_refdata[device_idx].phys_base, 0);
++ else
++ base = buffer;
++
++ for (i = 0; i < nvmqspi_refdata[device_idx].lba ; i++) {
++ ptr = (u64 *)(base + i * blksz);
++
++ /* write an 8 bytes pattern at the start of the current block*/
++ if (!buffer)
++ *ptr = NVMXIP_BLK_START_PATTERN;
++ else if (*ptr != NVMXIP_BLK_START_PATTERN)
++ return -EINVAL;
++
++ ptr = (u64 *)((u8 *)ptr + blksz - sizeof(u64));
++
++ /* write an 8 bytes pattern at the end of the current block*/
++ if (!buffer)
++ *ptr = NVMXIP_BLK_END_PATTERN;
++ else if (*ptr != NVMXIP_BLK_END_PATTERN)
++ return -EINVAL;
++ }
++
++ if (!buffer)
++ unmap_sysmem(base);
++
++ return 0;
++}
++
++static int dm_test_nvmxip(struct unit_test_state *uts)
++{
++ struct nvmxip_plat *plat_data = NULL;
++ struct udevice *dev = NULL, *bdev = NULL;
++ u8 device_idx;
++ void *buffer = NULL;
++ unsigned long flashsz;
++
++ /* set the flash content first for both devices */
++ dm_nvmxip_flash_sanity(0, NULL);
++ dm_nvmxip_flash_sanity(1, NULL);
++
++ /* probing all NVM XIP QSPI devices */
++ for (device_idx = 0, uclass_first_device(UCLASS_NVMXIP, &dev);
++ dev;
++ uclass_next_device(&dev), device_idx++) {
++ plat_data = dev_get_plat(dev);
++
++ /* device tree entries checks */
++ ut_assertok(nvmqspi_refdata[device_idx].phys_base != plat_data->phys_base);
++ ut_assertok(nvmqspi_refdata[device_idx].lba_shift != plat_data->lba_shift);
++ ut_assertok(nvmqspi_refdata[device_idx].lba != plat_data->lba);
++
++ /* before reading all the flash blocks, let's calculate the flash size */
++ flashsz = plat_data->lba << plat_data->lba_shift;
++
++ /* allocate the user buffer where to copy the blocks data to */
++ buffer = calloc(flashsz, 1);
++ ut_assertok(!buffer);
++
++ /* the block device is the child of the parent device probed with DT*/
++ ut_assertok(device_find_first_child(dev, &bdev));
++
++ /* reading all the flash blocks*/
++ ut_asserteq(plat_data->lba, blk_read(bdev, 0, plat_data->lba, buffer));
++
++ /* compare the data read from flash with the expected data */
++ ut_assertok(dm_nvmxip_flash_sanity(device_idx, buffer));
++
++ free(buffer);
++ }
++
++ ut_assertok(device_idx != SANDBOX_NVMXIP_DEVICES);
++
++ return CMD_RET_SUCCESS;
++}
++
++DM_TEST(dm_test_nvmxip, UT_TESTF_SCAN_FDT | UT_TESTF_CONSOLE_REC);
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0033-nvmxip-provide-a-u-boot-shell-test-command.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0033-nvmxip-provide-a-u-boot-shell-test-command.patch
new file mode 100644
index 0000000..e8adbc1
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0033-nvmxip-provide-a-u-boot-shell-test-command.patch
@@ -0,0 +1,135 @@
+From 560ebe3eb6197322b9d00c8e3cf30fb7e679d8b2 Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Thu, 22 Dec 2022 16:20:46 +0000
+Subject: [PATCH 33/43] nvmxip: provide a u-boot shell test command
+
+nvmxip command allows probing the NVM XIP devices manually
+
+The command is provided for test purposes only.
+
+Use:
+
+nvmxip probe
+
+Upstream-Status: Submitted
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ cmd/Kconfig | 7 +++++
+ cmd/Makefile | 1 +
+ cmd/nvmxip.c | 47 ++++++++++++++++++++++++++++++++++
+ configs/corstone1000_defconfig | 1 +
+ configs/sandbox_defconfig | 1 +
+ 5 files changed, 57 insertions(+)
+ create mode 100644 cmd/nvmxip.c
+
+diff --git a/cmd/Kconfig b/cmd/Kconfig
+index 5e278ecb1597..b6a3e5908534 100644
+--- a/cmd/Kconfig
++++ b/cmd/Kconfig
+@@ -938,6 +938,13 @@ config CMD_ARMFFA
+ - Sending a data pattern to the specified partition
+ - Displaying the arm_ffa device info
+
++config CMD_NVMXIP
++ bool "NVM XIP probe command"
++ depends on NVMXIP
++ help
++ Probes all NVM XIP devices. The command is for
++ test purposes only (not to be upstreamed)
++
+ config CMD_ARMFLASH
+ #depends on FLASH_CFI_DRIVER
+ bool "armflash"
+diff --git a/cmd/Makefile b/cmd/Makefile
+index c757f1647da6..0a3d98100703 100644
+--- a/cmd/Makefile
++++ b/cmd/Makefile
+@@ -154,6 +154,7 @@ obj-$(CONFIG_CMD_RTC) += rtc.o
+ obj-$(CONFIG_SANDBOX) += host.o
+ obj-$(CONFIG_CMD_SATA) += sata.o
+ obj-$(CONFIG_CMD_NVME) += nvme.o
++obj-$(CONFIG_CMD_NVMXIP) += nvmxip.o
+ obj-$(CONFIG_SANDBOX) += sb.o
+ obj-$(CONFIG_CMD_SF) += sf.o
+ obj-$(CONFIG_CMD_SCSI) += scsi.o disk.o
+diff --git a/cmd/nvmxip.c b/cmd/nvmxip.c
+new file mode 100644
+index 000000000000..3eb0d84afc04
+--- /dev/null
++++ b/cmd/nvmxip.c
+@@ -0,0 +1,47 @@
++// SPDX-License-Identifier: GPL-2.0+
++/*
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#include <common.h>
++#include <command.h>
++#include <dm.h>
++
++int do_nvmxip_probe(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
++{
++ struct udevice *dev = NULL;
++ for (uclass_first_device(UCLASS_NVMXIP, &dev); dev; uclass_next_device(&dev));
++
++ return 0;
++}
++
++static struct cmd_tbl nvmxip_commands[] = {
++ U_BOOT_CMD_MKENT(probe, 1, 1, do_nvmxip_probe, "", ""),
++};
++
++static int do_nvmxip(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
++{
++ struct cmd_tbl *nvmxip_cmd;
++ int ret;
++
++ if (argc < 2)
++ return CMD_RET_USAGE;
++
++ nvmxip_cmd = find_cmd_tbl(argv[1], nvmxip_commands, ARRAY_SIZE(nvmxip_commands));
++
++ argc -= 2;
++ argv += 2;
++
++ if (!nvmxip_cmd || argc > nvmxip_cmd->maxargs)
++ return CMD_RET_USAGE;
++
++ ret = nvmxip_cmd->cmd(nvmxip_cmd, flag, argc, argv);
++
++ return cmd_process_error(nvmxip_cmd, ret);
++}
++
++U_BOOT_CMD(nvmxip, 4, 1, do_nvmxip,
++ "NVM XIP probe command",
++ "probe\n"
++ " - probes all NVM XIP devices\n");
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index 2986cc95932f..e009faee0252 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -59,6 +59,7 @@ CONFIG_USB=y
+ CONFIG_USB_ISP1760=y
+ CONFIG_ERRNO_STR=y
+ CONFIG_NVMXIP_QSPI=y
++CONFIG_CMD_NVMXIP=y
+ CONFIG_EFI_MM_COMM_TEE=y
+ CONFIG_ARM_FFA_TRANSPORT=y
+ CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
+diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
+index f22230b5cce2..3b895be9e4ba 100644
+--- a/configs/sandbox_defconfig
++++ b/configs/sandbox_defconfig
+@@ -139,6 +139,7 @@ CONFIG_IP_DEFRAG=y
+ CONFIG_BOOTP_SERVERIP=y
+ CONFIG_IPV6=y
+ CONFIG_NVMXIP_QSPI=y
++CONFIG_CMD_NVMXIP=y
+ CONFIG_DM_DMA=y
+ CONFIG_DEVRES=y
+ CONFIG_DEBUG_DEVRES=y
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0034-corstone1000-add-fwu-metadata-store-info.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0034-corstone1000-add-fwu-metadata-store-info.patch
new file mode 100644
index 0000000..facd19b
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0034-corstone1000-add-fwu-metadata-store-info.patch
@@ -0,0 +1,42 @@
+From 9ef889ff89e6d2e2e40edecbd4ab7601c3d68052 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Wed, 1 Feb 2023 15:58:07 +0000
+Subject: [PATCH 34/43] corstone1000: add fwu-metadata store info
+
+Add fwu-mdata node and handle for the reference
+nvmxip-qspi.
+
+Upstream-Status: Submitted
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ arch/arm/dts/corstone1000.dtsi | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi
+index faf4e12bab2a..b1d83b5ba861 100644
+--- a/arch/arm/dts/corstone1000.dtsi
++++ b/arch/arm/dts/corstone1000.dtsi
+@@ -38,7 +38,7 @@
+ reg = <0x88200000 0x77e00000>;
+ };
+
+- nvmxip-qspi@08000000 {
++ nvmxip: nvmxip-qspi@08000000 {
+ compatible = "nvmxip,qspi";
+ reg = <0x08000000 0x2000000>;
+ lba_shift = <9>;
+@@ -106,6 +106,11 @@
+ method = "smc";
+ };
+
++ fwu-mdata {
++ compatible = "u-boot,fwu-mdata-gpt";
++ fwu-mdata-store = <&nvmxip>;
++ };
++
+ soc {
+ compatible = "simple-bus";
+ #address-cells = <1>;
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0035-nvmxip-shorter-block-device-name.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0035-nvmxip-shorter-block-device-name.patch
new file mode 100644
index 0000000..74e4ccb
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0035-nvmxip-shorter-block-device-name.patch
@@ -0,0 +1,44 @@
+From 83823733015998702e4dc0365764fe7dde4a321f Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Wed, 1 Feb 2023 15:59:36 +0000
+Subject: [PATCH 35/43] nvmxip: shorter block device name
+
+Make the block device name shorter, so it will be set and presented
+inside the array limits.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ drivers/nvmxip/nvmxip.c | 2 +-
+ drivers/nvmxip/nvmxip_qspi.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/nvmxip/nvmxip.c b/drivers/nvmxip/nvmxip.c
+index af9c9a3b7270..91fe995f2d4d 100644
+--- a/drivers/nvmxip/nvmxip.c
++++ b/drivers/nvmxip/nvmxip.c
+@@ -91,7 +91,7 @@ int nvmxip_init(struct udevice *udev)
+
+ nvmxip_bdev_max_devs++;
+
+- snprintf(bdev_name, NVMXIP_BLKDEV_NAME_SZ, "nvmxip-blk#%d", nvmxip_bdev_max_devs);
++ snprintf(bdev_name, NVMXIP_BLKDEV_NAME_SZ, "blk#%d", nvmxip_bdev_max_devs);
+
+ ret = blk_create_devicef(udev, NVMXIP_BLKDRV_NAME, bdev_name, UCLASS_NVMXIP,
+ nvmxip_bdev_max_devs, NVMXIP_DEFAULT_LBA_SZ,
+diff --git a/drivers/nvmxip/nvmxip_qspi.c b/drivers/nvmxip/nvmxip_qspi.c
+index 749625134acd..f6f5435e6377 100644
+--- a/drivers/nvmxip/nvmxip_qspi.c
++++ b/drivers/nvmxip/nvmxip_qspi.c
+@@ -43,7 +43,7 @@ static int nvmxip_qspi_of_to_plat(struct udevice *dev)
+ return -EINVAL;
+ }
+
+- pr_debug("[%s]: XIP device base addr: 0x%llx , lba_shift: %d , lbas: %lu\n",
++ log_err("[%s]: XIP device base addr: 0x%llx , lba_shift: %d , lbas: %lu\n",
+ dev->name, plat_data->phys_base, plat_data->lba_shift, plat_data->lba);
+
+ return 0;
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0036-efi_boottime-allow-to-reset-a-path-after-boot.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0036-efi_boottime-allow-to-reset-a-path-after-boot.patch
new file mode 100644
index 0000000..59a60af
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0036-efi_boottime-allow-to-reset-a-path-after-boot.patch
@@ -0,0 +1,31 @@
+From 53d29d35cdbcf493f6a9046458947d3e91f01add Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Wed, 1 Feb 2023 16:11:25 +0000
+Subject: [PATCH 36/43] efi_boottime: allow to reset a path after boot
+
+Allow to install multiple protocol interfaces in an
+already installed root interface.
+This may need to be fix in other way, but for now
+looks like the get away fix.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ lib/efi_loader/efi_boottime.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
+index fea4eb7a342e..90f43ff9a62f 100644
+--- a/lib/efi_loader/efi_boottime.c
++++ b/lib/efi_loader/efi_boottime.c
+@@ -2669,7 +2669,6 @@ efi_install_multiple_protocol_interfaces_int(efi_handle_t *handle,
+ EFI_PRINT("Path %pD already installed\n",
+ protocol_interface);
+ ret = EFI_ALREADY_STARTED;
+- break;
+ }
+ }
+ ret = EFI_CALL(efi_install_protocol_interface(handle, protocol,
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0037-fwu_metadata-make-sure-structures-are-packed.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0037-fwu_metadata-make-sure-structures-are-packed.patch
new file mode 100644
index 0000000..7781a1e
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0037-fwu_metadata-make-sure-structures-are-packed.patch
@@ -0,0 +1,50 @@
+From a8142be9b32a769040b6238ff611c22cb31c8cb5 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Wed, 1 Feb 2023 16:13:24 +0000
+Subject: [PATCH 37/43] fwu_metadata: make sure structures are packed
+
+The fwu metadata in the metadata partitions
+should/are packed to guarantee that the info is
+correct in all platforms. Also the size of them
+are used to calculate the crc32 and that is important
+to get it right.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ include/fwu_mdata.h | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/include/fwu_mdata.h b/include/fwu_mdata.h
+index 8fda4f4ac225..c61221a91735 100644
+--- a/include/fwu_mdata.h
++++ b/include/fwu_mdata.h
+@@ -22,7 +22,7 @@ struct fwu_image_bank_info {
+ efi_guid_t image_uuid;
+ uint32_t accepted;
+ uint32_t reserved;
+-};
++} __packed;
+
+ /**
+ * struct fwu_image_entry - information for a particular type of image
+@@ -38,7 +38,7 @@ struct fwu_image_entry {
+ efi_guid_t image_type_uuid;
+ efi_guid_t location_uuid;
+ struct fwu_image_bank_info img_bank_info[CONFIG_FWU_NUM_BANKS];
+-};
++} __packed;
+
+ /**
+ * struct fwu_mdata - FWU metadata structure for multi-bank updates
+@@ -62,6 +62,6 @@ struct fwu_mdata {
+ uint32_t previous_active_index;
+
+ struct fwu_image_entry img_entry[CONFIG_FWU_NUM_IMAGES_PER_BANK];
+-};
++} __packed;
+
+ #endif /* _FWU_MDATA_H_ */
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0038-corstone1000-add-boot-index.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0038-corstone1000-add-boot-index.patch
new file mode 100644
index 0000000..afaf967
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0038-corstone1000-add-boot-index.patch
@@ -0,0 +1,33 @@
+From ceae4ec0d459b1ef12e544f4e36d6043a09d3b05 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Wed, 1 Feb 2023 16:15:30 +0000
+Subject: [PATCH 38/43] corstone1000: add boot index
+
+it is expected that the firmware that runs before
+u-boot somehow provide the information of the bank
+(index) of it is booting.
+We will need to extend tf-a to pass that info,
+meanwhile just set it to the default bank.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ board/armltd/corstone1000/corstone1000.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c
+index d6ca6e896140..0a58ccd99cdd 100644
+--- a/board/armltd/corstone1000/corstone1000.c
++++ b/board/armltd/corstone1000/corstone1000.c
+@@ -106,6 +106,7 @@ int dram_init_banksize(void)
+ return 0;
+ }
+
+-void reset_cpu(ulong addr)
++void fwu_plat_get_bootidx(int *boot_idx)
+ {
++ *boot_idx = 0;
+ }
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0039-corstone1000-adjust-boot-bank-and-kernel-location.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0039-corstone1000-adjust-boot-bank-and-kernel-location.patch
new file mode 100644
index 0000000..a42b3a2
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0039-corstone1000-adjust-boot-bank-and-kernel-location.patch
@@ -0,0 +1,36 @@
+From 80a2910370b0acc35f6fb2fbe3a7e56fecb1a08a Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Wed, 1 Feb 2023 16:17:21 +0000
+Subject: [PATCH 39/43] corstone1000: adjust boot bank and kernel location
+
+Adjust in the env boot script the address of the
+bootbank with the new gpt layout, and also the
+kernel partition address. Please be aware that
+this is hack and needs a proper fix, since the
+offset of the kernel partition is not fixed,
+but for the propose of PoC it is enough for testing.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ board/armltd/corstone1000/corstone1000.env | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/board/armltd/corstone1000/corstone1000.env b/board/armltd/corstone1000/corstone1000.env
+index b24ff07fc6bd..a6ee4962211b 100644
+--- a/board/armltd/corstone1000/corstone1000.env
++++ b/board/armltd/corstone1000/corstone1000.env
+@@ -1,8 +1,8 @@
+ /* SPDX-License-Identifier: GPL-2.0+ */
+
+ usb_pgood_delay=250
+-boot_bank_flag=0x08002000
+-kernel_addr_bank_0=0x083EE000
++boot_bank_flag=0x08005006
++kernel_addr_bank_0=0x08280000
+ kernel_addr_bank_1=0x0936E000
+ retrieve_kernel_load_addr=
+ if itest.l *${boot_bank_flag} == 0; then
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0040-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0040-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch
new file mode 100644
index 0000000..d1fa8ff
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0040-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch
@@ -0,0 +1,133 @@
+From 7c694af3fd5de372349f740b62cd3d909483fe2e Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Wed, 1 Feb 2023 16:19:40 +0000
+Subject: [PATCH 40/43] corstone1000: add nvmxip, fwu-mdata and gpt options
+
+Enable the newest features: nvmxip, fwu-metadata and
+gpt. Commands to print the partition info, gpt info
+and fwu metadata will be available.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ configs/corstone1000_defconfig | 31 +++++++++++++++++++------------
+ fs/fs.c | 5 +++++
+ 2 files changed, 24 insertions(+), 12 deletions(-)
+
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index e009faee0252..711cf13592db 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -4,13 +4,15 @@ CONFIG_TARGET_CORSTONE1000=y
+ CONFIG_TEXT_BASE=0x80000000
+ CONFIG_SYS_MALLOC_LEN=0x2000000
+ CONFIG_NR_DRAM_BANKS=1
++CONFIG_HAS_CUSTOM_SYS_INIT_SP_ADDR=y
++CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x83f00000
++CONFIG_DM_GPIO=y
+ CONFIG_DEFAULT_DEVICE_TREE="corstone1000-mps3"
+ CONFIG_SYS_PROMPT="corstone1000# "
+ CONFIG_IDENT_STRING=" corstone1000 aarch64 "
+ CONFIG_SYS_LOAD_ADDR=0x82100000
++CONFIG_FWU_NUM_IMAGES_PER_BANK=4
+ CONFIG_DISTRO_DEFAULTS=y
+-CONFIG_HAS_CUSTOM_SYS_INIT_SP_ADDR=y
+-CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x83f00000
+ CONFIG_FIT=y
+ CONFIG_BOOTDELAY=3
+ CONFIG_USE_BOOTARGS=y
+@@ -23,11 +25,16 @@ CONFIG_LOGLEVEL=7
+ CONFIG_SYS_MAXARGS=64
+ CONFIG_SYS_CBSIZE=512
+ # CONFIG_CMD_CONSOLE is not set
++CONFIG_CMD_FWU_METADATA=y
+ CONFIG_CMD_BOOTZ=y
+ CONFIG_SYS_BOOTM_LEN=0x800000
+ # CONFIG_CMD_XIMG is not set
++CONFIG_CMD_NVMXIP=y
++CONFIG_CMD_GPT=y
++# CONFIG_RANDOM_UUID is not set
+ CONFIG_CMD_LOADM=y
+ # CONFIG_CMD_LOADS is not set
++CONFIG_CMD_MMC=y
+ CONFIG_CMD_USB=y
+ # CONFIG_CMD_SETEXPR is not set
+ # CONFIG_CMD_NFS is not set
+@@ -39,29 +46,29 @@ CONFIG_OF_CONTROL=y
+ CONFIG_VERSION_VARIABLE=y
+ CONFIG_NET_RANDOM_ETHADDR=y
+ CONFIG_REGMAP=y
+-CONFIG_MISC=y
++CONFIG_ARM_FFA_TRANSPORT=y
+ CONFIG_CLK=y
+-CONFIG_CMD_MMC=y
+-CONFIG_DM_MMC=y
++CONFIG_FWU_MDATA=y
++CONFIG_FWU_MDATA_GPT_BLK=y
++CONFIG_MISC=y
+ CONFIG_ARM_PL180_MMCI=y
+-CONFIG_MMC_SDHCI_ADMA_HELPERS=y
+-CONFIG_MMC_WRITE=y
+-CONFIG_DM_GPIO=y
+ CONFIG_PHYLIB=y
+ CONFIG_PHY_SMSC=y
+ CONFIG_SMC911X=y
++CONFIG_NVMXIP_QSPI=y
+ CONFIG_PHY=y
+ CONFIG_RAM=y
+ CONFIG_DM_RTC=y
+ CONFIG_RTC_EMULATION=y
+ CONFIG_DM_SERIAL=y
++CONFIG_SYSRESET=y
+ CONFIG_USB=y
+ CONFIG_USB_ISP1760=y
+ CONFIG_ERRNO_STR=y
+-CONFIG_NVMXIP_QSPI=y
+-CONFIG_CMD_NVMXIP=y
+ CONFIG_EFI_MM_COMM_TEE=y
+-CONFIG_ARM_FFA_TRANSPORT=y
+ CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
++CONFIG_EFI_CAPSULE_ON_DISK=y
++CONFIG_EFI_IGNORE_OSINDICATIONS=y
+ CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
+-CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
++CONFIG_FWU_MULTI_BANK_UPDATE=y
++# CONFIG_TOOLS_MKEFICAPSULE is not set
+diff --git a/fs/fs.c b/fs/fs.c
+index 8324b4a22f20..f54955a2b7f6 100644
+--- a/fs/fs.c
++++ b/fs/fs.c
+@@ -437,11 +437,13 @@ int fs_set_blk_dev(const char *ifname, const char *dev_part_str, int fstype)
+ }
+ #endif
+
++ log_err("RUI: fs_set_blk_dev fstype: %d\n", fstype);
+ part = part_get_info_by_dev_and_name_or_num(ifname, dev_part_str, &fs_dev_desc,
+ &fs_partition, 1);
+ if (part < 0)
+ return -1;
+
++ log_err("RUI: fs_set_blk_dev 1\n");
+ for (i = 0, info = fstypes; i < ARRAY_SIZE(fstypes); i++, info++) {
+ if (fstype != FS_TYPE_ANY && info->fstype != FS_TYPE_ANY &&
+ fstype != info->fstype)
+@@ -450,6 +452,8 @@ int fs_set_blk_dev(const char *ifname, const char *dev_part_str, int fstype)
+ if (!fs_dev_desc && !info->null_dev_desc_ok)
+ continue;
+
++ log_err("RUI: fs_set_blk_dev 2: info->fstype: %d part: %d\n",
++ info->fstype, part);
+ if (!info->probe(fs_dev_desc, &fs_partition)) {
+ fs_type = info->fstype;
+ fs_dev_part = part;
+@@ -457,6 +461,7 @@ int fs_set_blk_dev(const char *ifname, const char *dev_part_str, int fstype)
+ }
+ }
+
++ log_err("RUI: fs_set_blk_dev 3\n");
+ return -1;
+ }
+
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0041-nvmxip-move-header-to-include.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0041-nvmxip-move-header-to-include.patch
new file mode 100644
index 0000000..4e4ae17
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0041-nvmxip-move-header-to-include.patch
@@ -0,0 +1,42 @@
+From 37b3c73d9307d1de3b78e3ccba0ba6ba0867d6b8 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Thu, 23 Feb 2023 10:32:04 +0000
+Subject: [PATCH 41/43] nvmxip: move header to include
+
+Move header to include to allow external code
+to get the internal bdev structures to access
+block device operations.
+
+as at it, just add the UCLASS_NVMXIP string
+so we get the correct output in partitions
+listing.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ disk/part.c | 3 +++
+ {drivers/nvmxip => include}/nvmxip.h | 0
+ 2 files changed, 3 insertions(+)
+ rename {drivers/nvmxip => include}/nvmxip.h (100%)
+
+diff --git a/disk/part.c b/disk/part.c
+index 5ee60a7fb591..593dd0004fa4 100644
+--- a/disk/part.c
++++ b/disk/part.c
+@@ -270,6 +270,9 @@ static void print_part_header(const char *type, struct blk_desc *dev_desc)
+ case UCLASS_NVME:
+ puts ("NVMe");
+ break;
++ case UCLASS_NVMXIP:
++ puts ("NVMXIP");
++ break;
+ case UCLASS_PVBLOCK:
+ puts("PV BLOCK");
+ break;
+diff --git a/drivers/nvmxip/nvmxip.h b/include/nvmxip.h
+similarity index 100%
+rename from drivers/nvmxip/nvmxip.h
+rename to include/nvmxip.h
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0042-corstone1000-set-kernel_addr-based-on-boot_idx.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0042-corstone1000-set-kernel_addr-based-on-boot_idx.patch
new file mode 100644
index 0000000..25e248b
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0042-corstone1000-set-kernel_addr-based-on-boot_idx.patch
@@ -0,0 +1,112 @@
+From e8272dc9390adfd0818d1093c83f3b5c07649a95 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Thu, 23 Feb 2023 10:35:00 +0000
+Subject: [PATCH 42/43] corstone1000: set kernel_addr based on boot_idx
+
+We need to distinguish between boot banks and from which
+partition to load the kernel+initramfs to memory.
+
+For that, fetch the boot index, fetch the correspondent
+partition, calculate the correct kernel address and
+then set the env variable kernel_addr with that value.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ board/armltd/corstone1000/corstone1000.c | 55 +++++++++++++++++++++++-
+ configs/corstone1000_defconfig | 1 +
+ 2 files changed, 55 insertions(+), 1 deletion(-)
+
+diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c
+index 0a58ccd99cdd..0923ca6e8c5b 100644
+--- a/board/armltd/corstone1000/corstone1000.c
++++ b/board/armltd/corstone1000/corstone1000.c
+@@ -5,13 +5,23 @@
+ * Rui Miguel Silva <rui.silva@linaro.org>
+ */
+
++#include <blk.h>
+ #include <common.h>
+ #include <dm.h>
++#include <env.h>
+ #include <netdev.h>
++#include <nvmxip.h>
++#include <part.h>
+ #include <dm/platform_data/serial_pl01x.h>
+ #include <asm/armv8/mmu.h>
+ #include <asm/global_data.h>
+
++#define CORSTONE1000_KERNEL_PARTS 2
++#define CORSTONE1000_KERNEL_PRIMARY "kernel_primary"
++#define CORSTONE1000_KERNEL_SECONDARY "kernel_secondary"
++
++static int corstone1000_boot_idx;
++
+ static struct mm_region corstone1000_mem_map[] = {
+ {
+ /* CVM */
+@@ -108,5 +118,48 @@ int dram_init_banksize(void)
+
+ void fwu_plat_get_bootidx(int *boot_idx)
+ {
+- *boot_idx = 0;
++ *boot_idx = corstone1000_boot_idx;
++}
++
++int board_late_init(void)
++{
++ struct disk_partition part_info;
++ struct udevice *dev, *bdev;
++ struct nvmxip_plat *plat;
++ struct blk_desc *desc;
++ int ret;
++
++ ret = uclass_first_device_err(UCLASS_NVMXIP, &dev);
++ if (ret < 0) {
++ log_err("Cannot find kernel device\n");
++ return ret;
++ }
++
++ plat = dev_get_plat(dev);
++ device_find_first_child(dev, &bdev);
++ desc = dev_get_uclass_plat(bdev);
++
++ if (!corstone1000_boot_idx)
++ ret = part_get_info_by_name(desc, CORSTONE1000_KERNEL_PRIMARY,
++ &part_info);
++ else
++ ret = part_get_info_by_name(desc, CORSTONE1000_KERNEL_SECONDARY,
++ &part_info);
++
++ if (ret < 0) {
++ log_err("failed to fetch kernel partition index: %d\n",
++ corstone1000_boot_idx);
++ return ret;
++ }
++
++ ret = 0;
++
++ ret |= env_set_hex("kernel_addr", plat->phys_base +
++ (part_info.start * part_info.blksz));
++ ret |= env_set_hex("kernel_size", part_info.size * part_info.blksz);
++
++ if (ret < 0)
++ log_err("failed to setup kernel addr and size\n");
++
++ return ret;
+ }
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index 711cf13592db..68054f755624 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -22,6 +22,7 @@ CONFIG_CONSOLE_RECORD=y
+ CONFIG_LOGLEVEL=7
+ # CONFIG_DISPLAY_CPUINFO is not set
+ # CONFIG_DISPLAY_BOARDINFO is not set
++CONFIG_BOARD_LATE_INIT=y
+ CONFIG_SYS_MAXARGS=64
+ CONFIG_SYS_CBSIZE=512
+ # CONFIG_CMD_CONSOLE is not set
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0043-corstone1000-boot-index-from-active.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0043-corstone1000-boot-index-from-active.patch
new file mode 100644
index 0000000..9080ecb
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0043-corstone1000-boot-index-from-active.patch
@@ -0,0 +1,42 @@
+From b32aee10c66a9c2a3b6b948ad957deca3391c4bf Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Mon, 27 Feb 2023 14:40:13 +0000
+Subject: [PATCH 43/43] corstone1000: boot index from active
+
+In our platform, the Secure Enclave is the one who control
+all the boot tries and status, so, every time we get here
+we know that the we are booting from the active index.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ board/armltd/corstone1000/corstone1000.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c
+index 0923ca6e8c5b..e949edb79745 100644
+--- a/board/armltd/corstone1000/corstone1000.c
++++ b/board/armltd/corstone1000/corstone1000.c
+@@ -118,7 +118,18 @@ int dram_init_banksize(void)
+
+ void fwu_plat_get_bootidx(int *boot_idx)
+ {
+- *boot_idx = corstone1000_boot_idx;
++ int ret;
++
++ /*
++ * in our platform, the Secure Enclave is the one who control
++ * all the boot tries and status, so, every time we get here
++ * we know that the we are booting from the active index
++ */
++ ret = fwu_get_active_index(boot_idx);
++ if (ret < 0)
++ log_err("corstone1000: failed to read active index\n");
++
++ return ret;
+ }
+
+ int board_late_init(void)
+--
+2.39.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base-arm32/0001-Add-vexpress_aemv8a_aarch32-variant.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base-arm32/0001-Add-vexpress_aemv8a_aarch32-variant.patch
deleted file mode 100644
index 5138335..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base-arm32/0001-Add-vexpress_aemv8a_aarch32-variant.patch
+++ /dev/null
@@ -1,184 +0,0 @@
-From 424d186ab0a0c4dd62dfb13ac87e8d1fd26c101e Mon Sep 17 00:00:00 2001
-From: Anders Dellien <anders.dellien@arm.com>
-Date: Thu, 23 Jul 2020 17:32:55 +0100
-Subject: [PATCH 1/2] Add vexpress_aemv8a_aarch32 variant
-
-The ARM AEMv8 FVP model can be run in Aarch64 or Aarch32 mode. Aarch32
-support is enable per-CPU when launching the model, eg:
-
--C cluster0.cpu0.CONFIG64=0
-
-This patch adds a new defconfig and some variant specific selections in
-vexpress_armv8a.h.
-
-This patch is co-authored with Soby Mathew <Soby.Mathew@arm.com>.
-
-Upstream-Status: Denied
-
-For upstream discussion, please visit
-https://www.mail-archive.com/u-boot@lists.denx.de/msg233429.html
-
-Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
-Signed-off-by: Asha R <asha.r@arm.com>
-Signed-off-by: Anders Dellien <anders.dellien@arm.com>
----
- arch/arm/Kconfig | 5 +++
- board/armltd/vexpress64/Kconfig | 2 +-
- configs/vexpress_aemv8a_aarch32_defconfig | 40 ++++++++++++++++++
- include/configs/vexpress_aemv8.h | 50 +++++++++++++++--------
- 4 files changed, 80 insertions(+), 17 deletions(-)
- create mode 100644 configs/vexpress_aemv8a_aarch32_defconfig
-
-diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
-index 4567c183fb84..99cc414d6760 100644
---- a/arch/arm/Kconfig
-+++ b/arch/arm/Kconfig
-@@ -1250,6 +1250,11 @@ config TARGET_VEXPRESS64_BASE_FVP
- select PL01X_SERIAL
- select SEMIHOSTING
-
-+config TARGET_VEXPRESS64_BASE_FVP_AARCH32
-+ bool "Support Versatile Express ARMv8a 32-bit FVP BASE model"
-+ select CPU_V7A
-+ select SEMIHOSTING
-+
- config TARGET_VEXPRESS64_JUNO
- bool "Support Versatile Express Juno Development Platform"
- select ARM64
-diff --git a/board/armltd/vexpress64/Kconfig b/board/armltd/vexpress64/Kconfig
-index 4aab3f092ecb..0a5e3fcc004a 100644
---- a/board/armltd/vexpress64/Kconfig
-+++ b/board/armltd/vexpress64/Kconfig
-@@ -1,4 +1,4 @@
--if TARGET_VEXPRESS64_BASE_FVP || TARGET_VEXPRESS64_JUNO
-+if TARGET_VEXPRESS64_BASE_FVP || TARGET_VEXPRESS64_JUNO || TARGET_VEXPRESS64_BASE_FVP_AARCH32
-
- config SYS_BOARD
- default "vexpress64"
-diff --git a/configs/vexpress_aemv8a_aarch32_defconfig b/configs/vexpress_aemv8a_aarch32_defconfig
-new file mode 100644
-index 000000000000..9c5c3367ec4d
---- /dev/null
-+++ b/configs/vexpress_aemv8a_aarch32_defconfig
-@@ -0,0 +1,40 @@
-+CONFIG_ARM=y
-+CONFIG_SYS_ARCH_TIMER=y
-+CONFIG_TARGET_VEXPRESS64_BASE_FVP_AARCH32=y
-+CONFIG_SYS_TEXT_BASE=0x88000000
-+CONFIG_SYS_MALLOC_F_LEN=0x2000
-+CONFIG_NR_DRAM_BANKS=2
-+CONFIG_IDENT_STRING=" vexpress_aemv8a fvp aarch32"
-+CONFIG_REMAKE_ELF=y
-+CONFIG_SYS_LOAD_ADDR=0x90000000
-+CONFIG_BOOTDELAY=1
-+CONFIG_USE_BOOTARGS=y
-+CONFIG_BOOTARGS="console=ttyAMA0 earlycon=pl011,0x1c090000 debug user_debug=31 systemd.log_target=null root=/dev/vda1 rw androidboot.hardware=fvpbase rootwait loglevel=9"
-+# CONFIG_DISPLAY_CPUINFO is not set
-+# CONFIG_DISPLAY_BOARDINFO is not set
-+CONFIG_HUSH_PARSER=y
-+CONFIG_SYS_PROMPT="fvp32# "
-+# CONFIG_CMD_CONSOLE is not set
-+CONFIG_CMD_BOOTZ=y
-+# CONFIG_CMD_XIMG is not set
-+# CONFIG_CMD_EDITENV is not set
-+# CONFIG_CMD_ENV_EXISTS is not set
-+CONFIG_CMD_MEMTEST=y
-+CONFIG_CMD_ARMFLASH=y
-+# CONFIG_CMD_LOADS is not set
-+# CONFIG_CMD_ITEST is not set
-+# CONFIG_CMD_SETEXPR is not set
-+CONFIG_CMD_DHCP=y
-+# CONFIG_CMD_NFS is not set
-+CONFIG_CMD_MII=y
-+CONFIG_CMD_PING=y
-+CONFIG_CMD_CACHE=y
-+CONFIG_CMD_FAT=y
-+CONFIG_DM=y
-+CONFIG_MTD_NOR_FLASH=y
-+CONFIG_FLASH_CFI_DRIVER=y
-+CONFIG_SYS_FLASH_CFI=y
-+CONFIG_DM_SERIAL=y
-+CONFIG_PL01X_SERIAL=y
-+CONFIG_OF_LIBFDT=y
-+CONFIG_REMAKE_ELF=y
-diff --git a/include/configs/vexpress_aemv8.h b/include/configs/vexpress_aemv8.h
-index f0c5ceb3849a..854fbb41bfc1 100644
---- a/include/configs/vexpress_aemv8.h
-+++ b/include/configs/vexpress_aemv8.h
-@@ -86,7 +86,7 @@
- #endif
- #endif /* !CONFIG_GICV3 */
-
--#if defined(CONFIG_TARGET_VEXPRESS64_BASE_FVP) && !defined(CONFIG_DM_ETH)
-+#if (defined(CONFIG_TARGET_VEXPRESS64_BASE_FVP) || defined(CONFIG_TARGET_VEXPRESS64_BASE_FVP_AARCH32)) && !defined(CONFIG_DM_ETH)
- /* The Vexpress64 BASE_FVP simulator uses SMSC91C111 */
- #define CONFIG_SMC91111 1
- #define CONFIG_SMC91111_BASE (V2M_PA_BASE + 0x01A000000)
-@@ -114,7 +114,7 @@
- #ifdef CONFIG_TARGET_VEXPRESS64_JUNO
- #define PHYS_SDRAM_2 (0x880000000)
- #define PHYS_SDRAM_2_SIZE 0x180000000
--#elif CONFIG_NR_DRAM_BANKS == 2
-+#elif CONFIG_TARGET_VEXPRESS64_BASE_FVP && CONFIG_NR_DRAM_BANKS == 2
- #define PHYS_SDRAM_2 (0x880000000)
- #define PHYS_SDRAM_2_SIZE 0x80000000
- #endif
-@@ -171,23 +171,41 @@
- "fdt_addr_r=0x80000000\0" \
- BOOTENV
-
--#elif CONFIG_TARGET_VEXPRESS64_BASE_FVP
-+#elif defined(CONFIG_TARGET_VEXPRESS64_BASE_FVP) || \
-+ defined(CONFIG_TARGET_VEXPRESS64_BASE_FVP_AARCH32)
-
--#define VEXPRESS_KERNEL_ADDR 0x80080000
--#define VEXPRESS_FDT_ADDR 0x8fc00000
--#define VEXPRESS_BOOT_ADDR 0x8fd00000
--#define VEXPRESS_RAMDISK_ADDR 0x8fe00000
-+#define VEXPRESS_KERNEL_ADDR 0x80080000
-+#define VEXPRESS_FDT_ADDR 0x8fc00000
-+#define VEXPRESS_BOOT_ADDR 0x8fd00000
-+#define VEXPRESS_RAMDISK_ADDR 0x8fe00000
-
--#define CONFIG_EXTRA_ENV_SETTINGS \
-+#define CONFIG_EXTRA_ENV_SETTINGS \
- "kernel_name=Image\0" \
-- "kernel_addr_r=" __stringify(VEXPRESS_KERNEL_ADDR) "\0" \
-- "ramdisk_name=ramdisk.img\0" \
-- "ramdisk_addr_r=" __stringify(VEXPRESS_RAMDISK_ADDR) "\0" \
-- "fdtfile=devtree.dtb\0" \
-- "fdt_addr_r=" __stringify(VEXPRESS_FDT_ADDR) "\0" \
-- "boot_name=boot.img\0" \
-- "boot_addr_r=" __stringify(VEXPRESS_BOOT_ADDR) "\0"
--
-+ "kernel_addr_r=" __stringify(VEXPRESS_KERNEL_ADDR) "\0" \
-+ "ramdisk_name=ramdisk.img\0" \
-+ "ramdisk_addr_r=" __stringify(VEXPRESS_RAMDISK_ADDR) "\0" \
-+ "fdtfile=devtree.dtb\0" \
-+ "fdt_addr_r=" __stringify(VEXPRESS_FDT_ADDR) "\0" \
-+ "boot_name=boot.img\0" \
-+ "boot_addr_r=" __stringify(VEXPRESS_BOOT_ADDR) "\0"
-+
-+#ifndef CONFIG_BOOTCOMMAND
-+#define CONFIG_BOOTCOMMAND "if smhload ${boot_name} ${boot_addr_r}; then " \
-+ " set bootargs; " \
-+ " abootimg addr ${boot_addr_r}; " \
-+ " abootimg get dtb --index=0 fdt_addr_r; " \
-+ " bootm ${boot_addr_r} ${boot_addr_r} " \
-+ " ${fdt_addr_r}; " \
-+ "else; " \
-+ " smhload ${kernel_name} ${kernel_addr_r}; " \
-+ " smhload ${fdtfile} ${fdt_addr_r}; " \
-+ " smhload ${ramdisk_name} ${initrd_addr_r} "\
-+ " initrd_end; " \
-+ " fdt addr ${fdt_addr_r}; fdt resize; " \
-+ " fdt chosen ${ramdisk_addr_r} ${initrd_end}; " \
-+ " bootz $kernel_addr_r - $fdt_addr_r; " \
-+ "fi"
-+#endif
- #endif
-
- /* Monitor Command Prompt */
---
-2.30.2
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base-arm32/0002-Revert-vexpress64-Enable-OF_CONTROL-and-OF_BOARD-for.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base-arm32/0002-Revert-vexpress64-Enable-OF_CONTROL-and-OF_BOARD-for.patch
deleted file mode 100644
index d916d42..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base-arm32/0002-Revert-vexpress64-Enable-OF_CONTROL-and-OF_BOARD-for.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From e896d48c57d272327410416887f34ac0db550390 Mon Sep 17 00:00:00 2001
-From: Jon Mason <jdmason@kudzu.us>
-Date: Mon, 13 Jun 2022 10:59:53 -0400
-Subject: [PATCH 2/2] Revert "vexpress64: Enable OF_CONTROL and OF_BOARD for
- VExpress64"
-
-This patch only works for aarch64 (as the 'x' registers are not
-available for ARMv7). Since this platform is ARMv7 in the previous
-patch, this either needs to be changed or removed. I opted to remove
-it, as it doesn't seem to be necessary to boot the virtual hardware.
-Given that the previous patch was rejected upstream, it is not
-appropriate to fix this upstream.
-
-Upstream-Status: Inappropriate
-Signed-off-by: Jon Mason <jon.mason@arm.com>
-
-This reverts commit 2661397464e47d45cd25bbc5e6b9de7594b3268d.
----
- board/armltd/vexpress64/Makefile | 2 +-
- board/armltd/vexpress64/lowlevel_init.S | 12 ------------
- board/armltd/vexpress64/vexpress64.c | 26 -------------------------
- 3 files changed, 1 insertion(+), 39 deletions(-)
- delete mode 100644 board/armltd/vexpress64/lowlevel_init.S
-
-diff --git a/board/armltd/vexpress64/Makefile b/board/armltd/vexpress64/Makefile
-index 1878fbed4ec9..868dc4f629f2 100644
---- a/board/armltd/vexpress64/Makefile
-+++ b/board/armltd/vexpress64/Makefile
-@@ -3,5 +3,5 @@
- # (C) Copyright 2000-2004
- # Wolfgang Denk, DENX Software Engineering, wd@denx.de.
-
--obj-y := vexpress64.o lowlevel_init.o
-+obj-y := vexpress64.o
- obj-$(CONFIG_TARGET_VEXPRESS64_JUNO) += pcie.o
-diff --git a/board/armltd/vexpress64/lowlevel_init.S b/board/armltd/vexpress64/lowlevel_init.S
-deleted file mode 100644
-index 3dcfb85d0e9a..000000000000
---- a/board/armltd/vexpress64/lowlevel_init.S
-+++ /dev/null
-@@ -1,12 +0,0 @@
--/* SPDX-License-Identifier: GPL-2.0 */
--/*
-- * (C) Copyright 2021 Arm Limited
-- */
--
--.global save_boot_params
--save_boot_params:
--
-- adr x8, prior_stage_fdt_address
-- str x0, [x8]
--
-- b save_boot_params_ret
-diff --git a/board/armltd/vexpress64/vexpress64.c b/board/armltd/vexpress64/vexpress64.c
-index 5e22e89824ee..cedab86d984b 100644
---- a/board/armltd/vexpress64/vexpress64.c
-+++ b/board/armltd/vexpress64/vexpress64.c
-@@ -92,15 +92,7 @@ int dram_init_banksize(void)
- return 0;
- }
-
--/* Assigned in lowlevel_init.S
-- * Push the variable into the .data section so that it
-- * does not get cleared later.
-- */
--unsigned long __section(".data") prior_stage_fdt_address;
--
- #ifdef CONFIG_OF_BOARD
--
--#ifdef CONFIG_TARGET_VEXPRESS64_JUNO
- #define JUNO_FLASH_SEC_SIZE (256 * 1024)
- static phys_addr_t find_dtb_in_nor_flash(const char *partname)
- {
-@@ -145,11 +137,9 @@ static phys_addr_t find_dtb_in_nor_flash(const char *partname)
-
- return ~0;
- }
--#endif
-
- void *board_fdt_blob_setup(int *err)
- {
--#ifdef CONFIG_TARGET_VEXPRESS64_JUNO
- phys_addr_t fdt_rom_addr = find_dtb_in_nor_flash(CONFIG_JUNO_DTB_PART);
-
- *err = 0;
-@@ -159,22 +149,6 @@ void *board_fdt_blob_setup(int *err)
- }
-
- return (void *)fdt_rom_addr;
--#endif
--
--#ifdef VEXPRESS_FDT_ADDR
-- if (fdt_magic(VEXPRESS_FDT_ADDR) == FDT_MAGIC) {
-- *err = 0;
-- return (void *)VEXPRESS_FDT_ADDR;
-- }
--#endif
--
-- if (fdt_magic(prior_stage_fdt_address) == FDT_MAGIC) {
-- *err = 0;
-- return (void *)prior_stage_fdt_address;
-- }
--
-- *err = -ENXIO;
-- return NULL;
- }
- #endif
-
---
-2.30.2
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0001-Revert-vexpress64-pick-DRAM-size-from-DT.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0001-Revert-vexpress64-pick-DRAM-size-from-DT.patch
new file mode 100644
index 0000000..d551622
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0001-Revert-vexpress64-pick-DRAM-size-from-DT.patch
@@ -0,0 +1,44 @@
+From 4f649e0a3e0f9ed1f0d6efdff5b14cdc40d84201 Mon Sep 17 00:00:00 2001
+From: Jon Mason <jon.mason@arm.com
+Date: Thu, 2 Mar 2023 15:22:08 +0000
+Subject: [PATCH] Revert "vexpress64: pick DRAM size from DT"
+
+This reverts commit 1a1143a45457161e90ea4cd5f3b0561d924ed8fe.
+
+DRAM is determined via dtb in recent versions. Since fvp isn't
+reading and specifying a dtb, this fails and hangs u-boot. Remove this
+and go back to the way things were.
+
+Signed-off-by: Jon Mason <jon.mason@arm.com>
+Upstream-Status: Inappropriate
+---
+ board/armltd/vexpress64/vexpress64.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/board/armltd/vexpress64/vexpress64.c b/board/armltd/vexpress64/vexpress64.c
+index af326dc6f453..e8ce88b22c5a 100644
+--- a/board/armltd/vexpress64/vexpress64.c
++++ b/board/armltd/vexpress64/vexpress64.c
+@@ -88,12 +88,20 @@ int board_init(void)
+
+ int dram_init(void)
+ {
+- return fdtdec_setup_mem_size_base();
++ gd->ram_size = PHYS_SDRAM_1_SIZE;
++ return 0;
+ }
+
+ int dram_init_banksize(void)
+ {
+- return fdtdec_setup_memory_banksize();
++ gd->bd->bi_dram[0].start = PHYS_SDRAM_1;
++ gd->bd->bi_dram[0].size = PHYS_SDRAM_1_SIZE;
++#ifdef PHYS_SDRAM_2
++ gd->bd->bi_dram[1].start = PHYS_SDRAM_2;
++ gd->bd->bi_dram[1].size = PHYS_SDRAM_2_SIZE;
++#endif
++
++ return 0;
+ }
+
+ /* Assigned in lowlevel_init.S
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/bootargs.cfg b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/bootargs.cfg
index 716600f..13f4cb4 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/bootargs.cfg
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/bootargs.cfg
@@ -1,3 +1,4 @@
CONFIG_BOOTARGS="console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda1 rw rootwait"
+CONFIG_BOOTCOMMAND="booti $kernel_addr_r - $fdt_addr_r"
# Our FVP support CRC instructions
CONFIG_ARM64_CRC32=y
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
index 9cc1bcd..6e68a42 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
@@ -44,19 +44,31 @@
file://0024-arm-corstone1000-esrt-support.patch \
file://0025-efi_setup-discover-FF-A-bus-before-raising-EFI-start.patch \
file://0026-corstone1000-enable-distro-booting-command.patch \
+ file://0027-drivers-nvmxip-introduce-NVM-XIP-block-storage-emula.patch \
+ file://0028-sandbox64-fix-return-unsigned-long-in-readq.patch \
+ file://0029-sandbox64-add-support-for-NVMXIP-QSPI.patch \
+ file://0030-corstone1000-add-NVM-XIP-QSPI-device-tree-node.patch \
+ file://0031-corstone1000-enable-NVM-XIP-QSPI-flash.patch \
+ file://0032-sandbox64-add-a-test-case-for-UCLASS_NVMXIP.patch \
+ file://0033-nvmxip-provide-a-u-boot-shell-test-command.patch \
+ file://0034-corstone1000-add-fwu-metadata-store-info.patch \
+ file://0035-nvmxip-shorter-block-device-name.patch \
+ file://0036-efi_boottime-allow-to-reset-a-path-after-boot.patch \
+ file://0037-fwu_metadata-make-sure-structures-are-packed.patch \
+ file://0038-corstone1000-add-boot-index.patch \
+ file://0039-corstone1000-adjust-boot-bank-and-kernel-location.patch \
+ file://0040-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch \
+ file://0041-nvmxip-move-header-to-include.patch \
+ file://0042-corstone1000-set-kernel_addr-based-on-boot_idx.patch \
+ file://0043-corstone1000-boot-index-from-active.patch \
"
#
# FVP BASE
#
-SRC_URI:append:fvp-base = " file://bootargs.cfg"
-
-#
-# FVP BASE ARM32
-#
-SRC_URI:append:fvp-base-arm32 = " file://0001-Add-vexpress_aemv8a_aarch32-variant.patch \
- file://0002-Revert-vexpress64-Enable-OF_CONTROL-and-OF_BOARD-for.patch \
- "
+SRC_URI:append:fvp-base = " file://bootargs.cfg \
+ file://0001-Revert-vexpress64-pick-DRAM-size-from-DT.patch \
+ "
#
# FVP BASER
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/arm-platforms-kmeta/bsp/arm-platforms/fvp-arm32-standard.scc b/meta-arm/meta-arm-bsp/recipes-kernel/linux/arm-platforms-kmeta/bsp/arm-platforms/fvp-arm32-standard.scc
deleted file mode 100644
index 6569027..0000000
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/arm-platforms-kmeta/bsp/arm-platforms/fvp-arm32-standard.scc
+++ /dev/null
@@ -1,8 +0,0 @@
-define KMACHINE fvp-arm32
-define KTYPE standard
-define KARCH arm
-
-include ktypes/standard/standard.scc
-
-include fvp-arm32.scc
-
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/arm-platforms-kmeta/bsp/arm-platforms/fvp-arm32.scc b/meta-arm/meta-arm-bsp/recipes-kernel/linux/arm-platforms-kmeta/bsp/arm-platforms/fvp-arm32.scc
deleted file mode 100644
index ff7ce57..0000000
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/arm-platforms-kmeta/bsp/arm-platforms/fvp-arm32.scc
+++ /dev/null
@@ -1,14 +0,0 @@
-include features/input/input.scc
-include features/net/net.scc
-include cfg/timer/no_hz.scc
-include cfg/virtio.scc
-
-kconf hardware fvp-arm32/fvp-board.cfg
-kconf hardware fvp-arm32/fvp-features.cfg
-kconf hardware fvp/fvp-net.cfg
-kconf hardware fvp/fvp-rtc.cfg
-kconf hardware fvp/fvp-serial.cfg
-kconf hardware fvp/fvp-cfi.cfg
-kconf hardware fvp/fvp-drm.cfg
-kconf hardware fvp/fvp-timer.cfg
-kconf hardware fvp/fvp-watchdog.cfg
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/arm-platforms-kmeta/bsp/arm-platforms/fvp-arm32/fvp-board.cfg b/meta-arm/meta-arm-bsp/recipes-kernel/linux/arm-platforms-kmeta/bsp/arm-platforms/fvp-arm32/fvp-board.cfg
deleted file mode 100644
index e49a1e3..0000000
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/arm-platforms-kmeta/bsp/arm-platforms/fvp-arm32/fvp-board.cfg
+++ /dev/null
@@ -1,12 +0,0 @@
-CONFIG_ARM=y
-
-CONFIG_ARCH_VEXPRESS=y
-CONFIG_SMP=y
-CONFIG_NR_CPUS=8
-CONFIG_HOTPLUG_CPU=y
-
-CONFIG_REGULATOR=y
-CONFIG_REGULATOR_FIXED_VOLTAGE=y
-
-CONFIG_CPU_IDLE=y
-CONFIG_ARM_CPUIDLE=y
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/arm-platforms-kmeta/bsp/arm-platforms/fvp-arm32/fvp-features.cfg b/meta-arm/meta-arm-bsp/recipes-kernel/linux/arm-platforms-kmeta/bsp/arm-platforms/fvp-arm32/fvp-features.cfg
deleted file mode 100644
index 12e7697..0000000
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/arm-platforms-kmeta/bsp/arm-platforms/fvp-arm32/fvp-features.cfg
+++ /dev/null
@@ -1,9 +0,0 @@
-CONFIG_BINFMT_MISC=y
-CONFIG_BOUNCE=y
-CONFIG_HIGHMEM=y
-CONFIG_HIGHPTE=y
-CONFIG_KERNEL_MODE_NEON=y
-CONFIG_NEON=y
-CONFIG_VFP=y
-CONFIG_VFPv3=y
-
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/fvp-base-arm32/0001-ARM-vexpress-enable-GICv3.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/fvp-base-arm32/0001-ARM-vexpress-enable-GICv3.patch
deleted file mode 100644
index 184a763..0000000
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/fvp-base-arm32/0001-ARM-vexpress-enable-GICv3.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 9fe529a146f4528ec80a3d04588e387f3651dc22 Mon Sep 17 00:00:00 2001
-From: Ryan Harkin <ryan.harkin@linaro.org>
-Date: Wed, 16 Nov 2016 14:43:02 +0000
-Subject: [PATCH] ARM: vexpress: enable GICv3
-
-Upstream-Status: Pending
-
-ARMv8 targets such as ARM's FVP Cortex-A32 model can run the 32-bit
-ARMv7 kernel. And these targets often contain GICv3.
-
-Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
-Signed-off-by: Jon Medhurst <tixy@linaro.org>
----
- arch/arm/mach-versatile/Kconfig | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/arch/arm/mach-versatile/Kconfig b/arch/arm/mach-versatile/Kconfig
-index 2ef226194c3a..3d54877fe339 100644
---- a/arch/arm/mach-versatile/Kconfig
-+++ b/arch/arm/mach-versatile/Kconfig
-@@ -251,6 +251,7 @@ menuconfig ARCH_VEXPRESS
- depends on ARCH_MULTI_V7
- select ARM_AMBA
- select ARM_GIC
-+ select ARM_GIC_V3
- select ARM_GLOBAL_TIMER
- select ARM_TIMER_SP804
- select GPIOLIB
---
-2.30.2
-
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
index 96873c9..dc6f34e 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
@@ -14,7 +14,6 @@
# Arm platforms kmeta
SRC_URI_KMETA = "file://arm-platforms-kmeta;type=kmeta;name=arm-platforms-kmeta;destsuffix=arm-platforms-kmeta"
SRC_URI:append:fvp-base = " ${SRC_URI_KMETA}"
-SRC_URI:append:fvp-base-arm32 = " ${SRC_URI_KMETA}"
SRC_URI:append:fvp-baser-aemv8r64 = " ${SRC_URI_KMETA}"
SRC_URI:append:juno = " ${SRC_URI_KMETA}"
SRC_URI:append:n1sdp = " ${SRC_URI_KMETA}"
@@ -68,21 +67,6 @@
SRC_URI:append:fvp-base = " file://0001-arm64-dts-fvp-Enable-virtio-rng-support.patch"
#
-# FVP BASE ARM32 KMACHINE
-#
-COMPATIBLE_MACHINE:fvp-base-arm32 = "fvp-base-arm32"
-KMACHINE:fvp-base-arm32 = "fvp-arm32"
-FILESEXTRAPATHS:prepend:fvp-base-arm32 := "${ARMBSPFILESPATHS}"
-SRC_URI:append:fvp-base-arm32 = " file://0001-ARM-vexpress-enable-GICv3.patch"
-# We want to use the DT in the arm64 tree but the kernel build doesn't like that, so symlink it
-do_compile:prepend:fvp-base-arm32() {
- mkdir --parents ${S}/arch/arm/boot/dts/arm
- for file in fvp-base-revc.dts rtsm_ve-motherboard.dtsi rtsm_ve-motherboard-rs2.dtsi; do
- ln -fsr ${S}/arch/arm64/boot/dts/arm/$file ${S}/arch/arm/boot/dts/arm
- done
-}
-
-#
# FVP BaseR AEMv8r64 Machine
#
COMPATIBLE_MACHINE:fvp-baser-aemv8r64 = "fvp-baser-aemv8r64"
@@ -112,7 +96,7 @@
#
# N1SDP KMACHINE
#
-FILESEXTRAPATHS:prepend:n1sdp := "${THISDIR}/linux-yocto-5.19/n1sdp:"
+FILESEXTRAPATHS:prepend:n1sdp := "${THISDIR}/linux-yocto-6.1/n1sdp:"
COMPATIBLE_MACHINE:n1sdp = "n1sdp"
KBUILD_DEFCONFIG:n1sdp = "defconfig"
KCONFIG_MODE:n1sdp = "--alldefconfig"
@@ -124,6 +108,7 @@
file://0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch \
file://0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch \
file://0006-arm64-defconfig-disable-config-options-that-does-not.patch \
+ file://enable-nvme.cfg \
file://enable-realtek-R8169.cfg \
file://enable-usb_conn_gpio.cfg \
file://usb_xhci_pci_renesas.cfg \
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0003-firmware-arm_ffa-Fix-uuid-argument-passed-to-ffa_par.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0003-firmware-arm_ffa-Fix-uuid-argument-passed-to-ffa_par.patch
index fa7c2ef..e6e1c00 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0003-firmware-arm_ffa-Fix-uuid-argument-passed-to-ffa_par.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0003-firmware-arm_ffa-Fix-uuid-argument-passed-to-ffa_par.patch
@@ -6,7 +6,7 @@
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: Ib2749ec3e02da5bb6d835f7dbf2d608c41fad1f2
-Upstream-Status: Pending [Not submitted to upstream yet]
+Upstream-Status: Backport [f3c45c045e25ed52461829d2ce07954f72b6ad15]
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
---
drivers/firmware/arm_ffa/driver.c | 2 +-
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0004-firmware-arm_ffa-Add-ffa_dev_get_drvdata.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0004-firmware-arm_ffa-Add-ffa_dev_get_drvdata.patch
index 752a94b..6e11823 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0004-firmware-arm_ffa-Add-ffa_dev_get_drvdata.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0004-firmware-arm_ffa-Add-ffa_dev_get_drvdata.patch
@@ -5,7 +5,7 @@
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: Icd09d686cab9922563b1deda5276307ea5d94923
-Upstream-Status: Pending [Not submitted to upstream yet]
+Upstream-Status: Backport [498af8d1678ae2351218337b47bbf3cb0fc16821]
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
---
include/linux/arm_ffa.h | 7 ++++++-
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0006-firmware-arm_ffa-Fix-FFA_MEM_SHARE-and-FFA_MEM_FRAG_.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0006-firmware-arm_ffa-Fix-FFA_MEM_SHARE-and-FFA_MEM_FRAG_.patch
index fccf346..5f076eb 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0006-firmware-arm_ffa-Fix-FFA_MEM_SHARE-and-FFA_MEM_FRAG_.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0006-firmware-arm_ffa-Fix-FFA_MEM_SHARE-and-FFA_MEM_FRAG_.patch
@@ -12,7 +12,7 @@
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I7ef44742d53a9e75d8587d1213be98a1352f16d4
-Upstream-Status: Pending [Not submitted to upstream yet]
+Upstream-Status: Backport [987756f67dee237ec35f3b249ab1ae25260c5340]
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
---
drivers/firmware/arm_ffa/driver.c | 12 ++++++++----
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0008-tee-add-sec_world_id-to-struct-tee_shm.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0008-tee-add-sec_world_id-to-struct-tee_shm.patch
index fd5bc79..2a22b10 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0008-tee-add-sec_world_id-to-struct-tee_shm.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0008-tee-add-sec_world_id-to-struct-tee_shm.patch
@@ -9,7 +9,7 @@
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
-Upstream-Status: Pending [Not submitted to upstream yet]
+Upstream-Status: Backport [9028b2463c1ea96f51c3ba53e2479346019ff6ad]
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
---
include/linux/tee_drv.h | 7 ++++++-
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0009-optee-simplify-optee_release.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0009-optee-simplify-optee_release.patch
index aaf96e8..32e05ed 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0009-optee-simplify-optee_release.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0009-optee-simplify-optee_release.patch
@@ -11,7 +11,7 @@
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
-Upstream-Status: Pending [Not submitted to upstream yet]
+Upstream-Status: Backport [c0ab6db39a908d86ed44e8a5632548e2ec1b4dca]
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
---
drivers/tee/optee/call.c | 31 ++++++++++-------
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0010-optee-refactor-driver-with-internal-callbacks.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0010-optee-refactor-driver-with-internal-callbacks.patch
index cc6863c..8dfb68d 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0010-optee-refactor-driver-with-internal-callbacks.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0010-optee-refactor-driver-with-internal-callbacks.patch
@@ -16,7 +16,7 @@
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
-Upstream-Status: Pending [Not submitted to upstream yet]
+Upstream-Status: Backport [4602c5842f649da2fbd2cea3560af750cfbd59e3]
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
---
drivers/tee/optee/call.c | 86 +++++++++--------
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0011-optee-isolate-smc-abi.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0011-optee-isolate-smc-abi.patch
index c2ac12a..15270bb 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0011-optee-isolate-smc-abi.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0011-optee-isolate-smc-abi.patch
@@ -22,7 +22,7 @@
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
-Upstream-Status: Pending [Not submitted to upstream yet]
+Upstream-Status: Backport [c51a564a5b48355f30309b84cdffe3f96d1ae0d3]
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
---
drivers/tee/optee/Makefile | 4 +-
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0012-optee-add-FF-A-support.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0012-optee-add-FF-A-support.patch
index 089d1b6..14d89d5 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0012-optee-add-FF-A-support.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0012-optee-add-FF-A-support.patch
@@ -16,7 +16,7 @@
[1] https://developer.arm.com/documentation/den0077/latest
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
-Upstream-Status: Pending [Not submitted to upstream yet]
+Upstream-Status: Backport [4615e5a34b95e0d81467f6d2176f19a5d184cb5d]
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
---
drivers/tee/optee/Makefile | 1 +
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0014-optee-Fix-spelling-mistake-reclain-reclaim.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0014-optee-Fix-spelling-mistake-reclain-reclaim.patch
index 78b5d41..3409d66 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0014-optee-Fix-spelling-mistake-reclain-reclaim.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0014-optee-Fix-spelling-mistake-reclain-reclaim.patch
@@ -10,7 +10,7 @@
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
[jw: added a fixes]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
-Upstream-Status: Pending [Not submitted to upstream yet]
+Upstream-Status: Backport [1b73a9e4986a4e9065bacf1e5ab2dfda17b54161]
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com
---
drivers/tee/optee/ffa_abi.c | 4 ++--
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0015-optee-fix-kfree-NULL-pointer.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0015-optee-fix-kfree-NULL-pointer.patch
index 60b6bf2..090ff3b 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0015-optee-fix-kfree-NULL-pointer.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0015-optee-fix-kfree-NULL-pointer.patch
@@ -15,7 +15,7 @@
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
[jw: removed the redundant braces]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
-Upstream-Status: Pending [Not submitted to upstream yet]
+Upstream-Status: Backport [c23ca66a4dadb6f050dc57358bc8d57a747c35bf]
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com
---
drivers/tee/optee/ffa_abi.c | 7 +++----
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch
similarity index 90%
rename from meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch
rename to meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch
index 188616f..d7a47c6 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch
@@ -1,4 +1,4 @@
-From 97caa9365f221b5aff93274a29ea894da55dce88 Mon Sep 17 00:00:00 2001
+From 32ae4539865e64bcfb0c6955bdac8db5904e493d Mon Sep 17 00:00:00 2001
From: Manoj Kumar <manoj.kumar3@arm.com>
Date: Mon, 1 Feb 2021 21:36:43 +0530
Subject: [PATCH] iommu/arm-smmu-v3: workaround for ATC_INV_SIZE_ALL in N1SDP
@@ -22,10 +22,10 @@
2 files changed, 2 insertions(+)
diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
-index 88817a3376ef..80e252d59a3a 100644
+index d4d8bfee9feb..0524bf2ec021 100644
--- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
+++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
-@@ -1731,6 +1731,7 @@ arm_smmu_atc_inv_to_cmd(int ssid, unsigned long iova, size_t size,
+@@ -1738,6 +1738,7 @@ arm_smmu_atc_inv_to_cmd(int ssid, unsigned long iova, size_t size,
};
if (!size) {
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch
similarity index 91%
rename from meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch
rename to meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch
index 6fc83fb..cb72ed0 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch
@@ -1,4 +1,4 @@
-From ba5ed426f6587d96418bc8bbe4ae908329d4a7a9 Mon Sep 17 00:00:00 2001
+From fc8605e74b51d9e0ab8efd0489eca2e11d807f07 Mon Sep 17 00:00:00 2001
From: Manoj Kumar <manoj.kumar3@arm.com>
Date: Tue, 31 Aug 2021 16:15:38 +0000
Subject: [PATCH] n1sdp: pci_quirk: add acs override for PCI devices
@@ -19,10 +19,10 @@
2 files changed, 110 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index 09836f2f1e74..b465592aa068 100644
+index 963cdaecabcb..8e94af513b9f 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -4084,6 +4084,14 @@
+@@ -4162,6 +4162,14 @@
nomsi [MSI] If the PCI_MSI kernel config parameter is
enabled, this kernel boot option can be used to
disable the use of MSI interrupts system-wide.
@@ -38,10 +38,10 @@
Safety option to keep boot IRQs enabled. This
should never be necessary.
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
-index 2e68f50bc7ae..2d32fa0df411 100644
+index 285acc4aaccc..d6ebef1f30db 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
-@@ -3601,6 +3601,107 @@ static void quirk_no_bus_reset(struct pci_dev *dev)
+@@ -3612,6 +3612,107 @@ static void quirk_no_bus_reset(struct pci_dev *dev)
dev->dev_flags |= PCI_DEV_FLAGS_NO_BUS_RESET;
}
@@ -149,10 +149,10 @@
/*
* Some NVIDIA GPU devices do not work with bus reset, SBR needs to be
* prevented for those affected devices.
-@@ -4969,6 +5070,7 @@ static const struct pci_dev_acs_enabled {
- { PCI_VENDOR_ID_NXP, 0x8d9b, pci_quirk_nxp_rp_acs },
- /* Zhaoxin Root/Downstream Ports */
+@@ -4980,6 +5081,7 @@ static const struct pci_dev_acs_enabled {
{ PCI_VENDOR_ID_ZHAOXIN, PCI_ANY_ID, pci_quirk_zhaoxin_pcie_ports_acs },
+ /* Wangxun nics */
+ { PCI_VENDOR_ID_WANGXUN, PCI_ANY_ID, pci_quirk_wangxun_nic_acs },
+ { PCI_ANY_ID, PCI_ANY_ID, pcie_acs_overrides },
{ 0 }
};
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch
similarity index 91%
rename from meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch
rename to meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch
index ef2ad8d..9b439e4 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch
@@ -1,6 +1,6 @@
-From e88326f652ac6d126d5df8b3c0b2ac40e8b73797 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Tue, 23 Aug 2022 15:17:28 +0100
+From 5aa5769af625c79589fd84b8afc06149c2362218 Mon Sep 17 00:00:00 2001
+From: Deepak Pandey <Deepak.Pandey@arm.com>
+Date: Fri, 31 May 2019 16:42:43 +0100
Subject: [PATCH] pcie: Add quirk for the Arm Neoverse N1SDP platform
The Arm N1SDP SoC suffers from some PCIe integration issues, most
@@ -25,6 +25,7 @@
[Andre: fix coding style issues, rewrite some parts, add DT support]
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
+Change-Id: I1d3a4b9bf6b3b883d262e3c4ff1f88a0eb81c1fe
Upstream-Status: Inappropriate [will not be submitted as its a workaround to address hardware issue]
Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
@@ -33,26 +34,26 @@
arch/arm64/configs/defconfig | 1 +
drivers/acpi/pci_mcfg.c | 7 +
drivers/pci/controller/Kconfig | 11 ++
- drivers/pci/controller/Makefile | 1 +
+ drivers/pci/controller/Makefile | 2 +-
drivers/pci/controller/pcie-n1sdp.c | 198 ++++++++++++++++++++++++++++
include/linux/pci-ecam.h | 2 +
- 6 files changed, 220 insertions(+)
+ 6 files changed, 220 insertions(+), 1 deletion(-)
create mode 100644 drivers/pci/controller/pcie-n1sdp.c
diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig
-index 3ccbe378f875..1ce32678ccc7 100644
+index bbbc31391a65..973aa3b4d407 100644
--- a/arch/arm64/configs/defconfig
+++ b/arch/arm64/configs/defconfig
-@@ -236,6 +236,7 @@ CONFIG_PCIE_LAYERSCAPE_GEN4=y
- CONFIG_PCI_ENDPOINT=y
- CONFIG_PCI_ENDPOINT_CONFIGFS=y
- CONFIG_PCI_EPF_TEST=m
+@@ -214,6 +214,7 @@ CONFIG_NFC_S3FWRN5_I2C=m
+ CONFIG_PCI=y
+ CONFIG_PCIEPORTBUS=y
+ CONFIG_PCIEAER=y
+CONFIG_PCI_QUIRKS=y
- CONFIG_DEVTMPFS=y
- CONFIG_DEVTMPFS_MOUNT=y
- CONFIG_FW_LOADER_USER_HELPER=y
+ CONFIG_PCI_IOV=y
+ CONFIG_PCI_PASID=y
+ CONFIG_HOTPLUG_PCI=y
diff --git a/drivers/acpi/pci_mcfg.c b/drivers/acpi/pci_mcfg.c
-index 63b98eae5e75..7700d36393ec 100644
+index 860014b89b8e..2d4c1c699ffe 100644
--- a/drivers/acpi/pci_mcfg.c
+++ b/drivers/acpi/pci_mcfg.c
@@ -171,6 +171,13 @@ static struct mcfg_fixup mcfg_quirks[] = {
@@ -67,10 +68,10 @@
+ N1SDP_ECAM_MCFG(0x20181101, 0, &pci_n1sdp_pcie_ecam_ops),
+ N1SDP_ECAM_MCFG(0x20181101, 1, &pci_n1sdp_ccix_ecam_ops),
#endif /* ARM64 */
- };
+ #ifdef CONFIG_LOONGARCH
diff --git a/drivers/pci/controller/Kconfig b/drivers/pci/controller/Kconfig
-index b8d96d38064d..3c5a8a218442 100644
+index bfd9bac37e24..7a65799dded7 100644
--- a/drivers/pci/controller/Kconfig
+++ b/drivers/pci/controller/Kconfig
@@ -50,6 +50,17 @@ config PCI_IXP4XX
@@ -92,17 +93,18 @@
bool "NVIDIA Tegra PCIe controller"
depends on ARCH_TEGRA || COMPILE_TEST
diff --git a/drivers/pci/controller/Makefile b/drivers/pci/controller/Makefile
-index 37c8663de7fe..5b8a9535a2f7 100644
+index 37c8663de7fe..08e5afcf6e86 100644
--- a/drivers/pci/controller/Makefile
+++ b/drivers/pci/controller/Makefile
-@@ -39,6 +39,7 @@ obj-$(CONFIG_PCI_LOONGSON) += pci-loongson.o
+@@ -39,7 +39,7 @@ obj-$(CONFIG_PCI_LOONGSON) += pci-loongson.o
obj-$(CONFIG_PCIE_HISI_ERR) += pcie-hisi-error.o
obj-$(CONFIG_PCIE_APPLE) += pcie-apple.o
obj-$(CONFIG_PCIE_MT7621) += pcie-mt7621.o
+-
+obj-$(CONFIG_PCIE_HOST_N1SDP_ECAM) += pcie-n1sdp.o
-
# pcie-hisi.o quirks are needed even without CONFIG_PCIE_DW
obj-y += dwc/
+ obj-y += mobiveil/
diff --git a/drivers/pci/controller/pcie-n1sdp.c b/drivers/pci/controller/pcie-n1sdp.c
new file mode 100644
index 000000000000..408699b9dcb1
@@ -308,13 +310,13 @@
+};
+builtin_platform_driver(n1sdp_pcie_driver);
diff --git a/include/linux/pci-ecam.h b/include/linux/pci-ecam.h
-index adea5a4771cf..e6bbc037cef8 100644
+index 6b1301e2498e..b3cf3adeab28 100644
--- a/include/linux/pci-ecam.h
+++ b/include/linux/pci-ecam.h
-@@ -87,6 +87,8 @@ extern const struct pci_ecam_ops xgene_v1_pcie_ecam_ops; /* APM X-Gene PCIe v1 *
- extern const struct pci_ecam_ops xgene_v2_pcie_ecam_ops; /* APM X-Gene PCIe v2.x */
+@@ -88,6 +88,8 @@ extern const struct pci_ecam_ops xgene_v2_pcie_ecam_ops; /* APM X-Gene PCIe v2.x
extern const struct pci_ecam_ops al_pcie_ops; /* Amazon Annapurna Labs PCIe */
extern const struct pci_ecam_ops tegra194_pcie_ops; /* Tegra194 PCIe */
+ extern const struct pci_ecam_ops loongson_pci_ecam_ops; /* Loongson PCIe */
+extern const struct pci_ecam_ops pci_n1sdp_pcie_ecam_ops; /* Arm N1SDP PCIe */
+extern const struct pci_ecam_ops pci_n1sdp_ccix_ecam_ops; /* Arm N1SDP PCIe */
#endif
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch
similarity index 87%
rename from meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch
rename to meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch
index 10fae06..b804658 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch
@@ -1,13 +1,12 @@
-From 74e052b7533827af9f43d093af8f430c99357eac Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Tue, 23 Aug 2022 15:18:38 +0100
+From b59e0d6c6035db80fc9044df0333f96ede53ad7a Mon Sep 17 00:00:00 2001
+From: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
+Date: Wed, 9 Feb 2022 20:37:43 +0530
Subject: [PATCH] n1sdp: pcie: add quirk support enabling remote chip PCIe
Base address mapping for remote chip Root PCIe ECAM space.
When two N1SDP boards are coupled via the CCIX connection, the PCI host
-complex of the remote board appears as PCIe segment 2 on the primary
-board.
+complex of the remote board appears as PCIe segment 2 on the primary board.
The resources of the secondary board, including the host complex, are
mapped at offset 0x40000000000 into the address space of the primary
board, so take that into account when accessing the remote PCIe segment.
@@ -29,7 +28,7 @@
3 files changed, 30 insertions(+), 4 deletions(-)
diff --git a/drivers/acpi/pci_mcfg.c b/drivers/acpi/pci_mcfg.c
-index 7700d36393ec..806ed8dd0d81 100644
+index 2d4c1c699ffe..27f1e9a45c17 100644
--- a/drivers/acpi/pci_mcfg.c
+++ b/drivers/acpi/pci_mcfg.c
@@ -178,6 +178,7 @@ static struct mcfg_fixup mcfg_quirks[] = {
@@ -38,10 +37,10 @@
N1SDP_ECAM_MCFG(0x20181101, 1, &pci_n1sdp_ccix_ecam_ops),
+ N1SDP_ECAM_MCFG(0x20181101, 2, &pci_n1sdp_remote_pcie_ecam_ops),
#endif /* ARM64 */
- };
+ #ifdef CONFIG_LOONGARCH
diff --git a/drivers/pci/controller/pcie-n1sdp.c b/drivers/pci/controller/pcie-n1sdp.c
-index 408699b9dcb1..a03665dd056a 100644
+index 408699b9dcb1..b3b02417fd7d 100644
--- a/drivers/pci/controller/pcie-n1sdp.c
+++ b/drivers/pci/controller/pcie-n1sdp.c
@@ -30,8 +30,10 @@
@@ -68,10 +67,10 @@
- table_base = AP_NS_SHARED_MEM_BASE + segment * BDF_TABLE_SIZE;
+ if (segment > 1) {
-+ rc_base_addr = REMOTE_CHIP_ADDR_OFFSET;
-+ table_base = AP_NS_SHARED_MEM_BASE + REMOTE_CHIP_ADDR_OFFSET;
-+ } else {
-+ table_base = AP_NS_SHARED_MEM_BASE + segment * BDF_TABLE_SIZE;
++ rc_base_addr = REMOTE_CHIP_ADDR_OFFSET;
++ table_base = AP_NS_SHARED_MEM_BASE + REMOTE_CHIP_ADDR_OFFSET;
++ } else {
++ table_base = AP_NS_SHARED_MEM_BASE + segment * BDF_TABLE_SIZE;
+ }
if (!request_mem_region(table_base, BDF_TABLE_SIZE,
@@ -100,7 +99,7 @@
+/* Called for ACPI segment 2. */
+static int pci_n1sdp_remote_pcie_init(struct pci_config_window *cfg)
+{
-+ return pci_n1sdp_init(cfg, 2);
++ return pci_n1sdp_init(cfg, 2);
+}
+
const struct pci_ecam_ops pci_n1sdp_pcie_ecam_ops = {
@@ -124,11 +123,11 @@
{ .compatible = "arm,n1sdp-pcie", .data = &pci_n1sdp_pcie_ecam_ops },
{ },
diff --git a/include/linux/pci-ecam.h b/include/linux/pci-ecam.h
-index e6bbc037cef8..7bd8c1d702ee 100644
+index b3cf3adeab28..d4316795c00d 100644
--- a/include/linux/pci-ecam.h
+++ b/include/linux/pci-ecam.h
-@@ -89,6 +89,7 @@ extern const struct pci_ecam_ops al_pcie_ops; /* Amazon Annapurna Labs PCIe */
- extern const struct pci_ecam_ops tegra194_pcie_ops; /* Tegra194 PCIe */
+@@ -90,6 +90,7 @@ extern const struct pci_ecam_ops tegra194_pcie_ops; /* Tegra194 PCIe */
+ extern const struct pci_ecam_ops loongson_pci_ecam_ops; /* Loongson PCIe */
extern const struct pci_ecam_ops pci_n1sdp_pcie_ecam_ops; /* Arm N1SDP PCIe */
extern const struct pci_ecam_ops pci_n1sdp_ccix_ecam_ops; /* Arm N1SDP PCIe */
+extern const struct pci_ecam_ops pci_n1sdp_remote_pcie_ecam_ops; /* Arm N1SDP PCIe */
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch
similarity index 84%
rename from meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch
rename to meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch
index 76518ae..cc9d871 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch
@@ -1,4 +1,4 @@
-From 748cb5125b381330563b5339a4573827b015b0e9 Mon Sep 17 00:00:00 2001
+From ff02f77788f8c01e9d675912c063e89415804b7d Mon Sep 17 00:00:00 2001
From: Andre Przywara <andre.przywara@arm.com>
Date: Fri, 17 May 2019 17:39:27 +0100
Subject: [PATCH] arm64: kpti: Whitelist early Arm Neoverse N1 revisions
@@ -10,7 +10,7 @@
Add this particular revision to the whitelist to avoid enabling KPTI.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
+Change-Id: I78df055a3e674aefd195d41cc6dc4ee08b0af099
Upstream-Status: Inappropriate
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
@@ -20,10 +20,10 @@
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
-index f34c9f8b9ee0..a778cf472d64 100644
+index b3f37e2209ad..b74210f38cd8 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
-@@ -1589,6 +1589,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
+@@ -1646,6 +1646,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_2XX_SILVER),
MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_3XX_SILVER),
MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_SILVER),
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0006-arm64-defconfig-disable-config-options-that-does-not.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0006-arm64-defconfig-disable-config-options-that-does-not.patch
similarity index 88%
rename from meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0006-arm64-defconfig-disable-config-options-that-does-not.patch
rename to meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0006-arm64-defconfig-disable-config-options-that-does-not.patch
index d761a71..8aea1f6 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/0006-arm64-defconfig-disable-config-options-that-does-not.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/0006-arm64-defconfig-disable-config-options-that-does-not.patch
@@ -1,4 +1,4 @@
-From ecd97611c3cc5169de45b8d0f87111ed5bb375b8 Mon Sep 17 00:00:00 2001
+From 330a620b5c73505e62a2e0accc155fbc78859cee Mon Sep 17 00:00:00 2001
From: Vishnu Banavath <vishnu.banavath@arm.com>
Date: Wed, 21 Sep 2022 15:54:14 +0100
Subject: [PATCH] arm64: defconfig: disable config options that does not apply
@@ -19,10 +19,10 @@
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig
-index 1ce32678ccc7..224b0fc152a4 100644
+index 973aa3b4d407..61f040394a2d 100644
--- a/arch/arm64/configs/defconfig
+++ b/arch/arm64/configs/defconfig
-@@ -191,10 +191,10 @@ CONFIG_BT_HCIUART=m
+@@ -198,10 +198,10 @@ CONFIG_BT_HCIUART=m
CONFIG_BT_HCIUART_LL=y
CONFIG_BT_HCIUART_BCM=y
CONFIG_BT_HCIUART_QCA=y
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/enable-nvme.cfg b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/enable-nvme.cfg
new file mode 100644
index 0000000..2681035
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/enable-nvme.cfg
@@ -0,0 +1,3 @@
+# Enable NVMe flash storage support
+CONFIG_NVME_CORE=y
+CONFIG_BLK_DEV_NVME=y
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/enable-realtek-R8169.cfg b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/enable-realtek-R8169.cfg
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/enable-realtek-R8169.cfg
rename to meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/enable-realtek-R8169.cfg
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/enable-usb_conn_gpio.cfg b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/enable-usb_conn_gpio.cfg
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/enable-usb_conn_gpio.cfg
rename to meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/enable-usb_conn_gpio.cfg
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/usb_xhci_pci_renesas.cfg b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/usb_xhci_pci_renesas.cfg
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.19/n1sdp/usb_xhci_pci_renesas.cfg
rename to meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.1/n1sdp/usb_xhci_pci_renesas.cfg
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_5.19.bb b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_5.19.bb
deleted file mode 100644
index 3bd4c75..0000000
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_5.19.bb
+++ /dev/null
@@ -1,28 +0,0 @@
-KBRANCH ?= "v5.19/standard/base"
-
-require recipes-kernel/linux/linux-yocto.inc
-
-SRCREV_machine ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
-SRCREV_meta ?= "239a6c0d3c3b046971909f1e066380465b0c331d"
-
-SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
- git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.19;destsuffix=${KMETA}"
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.19.17"
-
-DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
-DEPENDS += "openssl-native util-linux-native"
-DEPENDS += "gmp-native libmpc-native"
-
-PV = "${LINUX_VERSION}+git${SRCPV}"
-
-KMETA = "kernel-meta"
-KCONF_BSP_AUDIT_LEVEL = "1"
-
-# Functionality flags
-KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc"
-KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
-KERNEL_FEATURES:append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "", d)}"
-KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}"
-KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-Handle-logging-syscall.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-Handle-logging-syscall.patch
deleted file mode 100644
index 356be9e..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-Handle-logging-syscall.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-From b3fde6c2e1a950214f760ab9f194f3a6572292a8 Mon Sep 17 00:00:00 2001
-From: Balint Dobszay <balint.dobszay@arm.com>
-Date: Fri, 15 Jul 2022 13:45:54 +0200
-Subject: [PATCH] Handle logging syscall
-
-Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
-Change-Id: Ib8151cc9c66aea8bcc8fe8b1ecdc3f9f9c5f14e4
-
-%% original patch: 0004-Handle-logging-syscall.patch
-
-diff --git a/core/arch/arm/kernel/spmc_sp_handler.c b/core/arch/arm/kernel/spmc_sp_handler.c
-index e0fa0aa6..c7a45387 100644
---- a/core/arch/arm/kernel/spmc_sp_handler.c
-+++ b/core/arch/arm/kernel/spmc_sp_handler.c
-@@ -1004,6 +1004,12 @@ void spmc_sp_msg_handler(struct thread_smc_args *args,
- ffa_mem_reclaim(args, caller_sp);
- sp_enter(args, caller_sp);
- break;
-+ case 0xdeadbeef:
-+ ts_push_current_session(&caller_sp->ts_sess);
-+ IMSG("%s", (char *)args->a1);
-+ ts_pop_current_session();
-+ sp_enter(args, caller_sp);
-+ break;
- default:
- EMSG("Unhandled FFA function ID %#"PRIx32,
- (uint32_t)args->a0);
---
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service
deleted file mode 100644
index c273832..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service
+++ /dev/null
@@ -1,10 +0,0 @@
-[Unit]
-Description=TEE Supplicant
-
-[Service]
-User=root
-EnvironmentFile=-@sysconfdir@/default/tee-supplicant
-ExecStart=@sbindir@/tee-supplicant $OPTARGS
-
-[Install]
-WantedBy=basic.target
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh
deleted file mode 100644
index b4d2195..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/bin/sh
-
-# Source function library
-. /etc/init.d/functions
-
-NAME=tee-supplicant
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
-DESC="OP-TEE Supplicant"
-
-DAEMON=@sbindir@/$NAME
-
-test -f $DAEMON || exit 0
-
-test -f @sysconfdir@/default/$NAME && . @sysconfdir@/default/$NAME
-test -f @sysconfdir@/default/rcS && . @sysconfdir@/default/rcS
-
-SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- -d $OPTARGS"
-
-set -e
-
-case $1 in
- start)
- echo -n "Starting $DESC: "
- start-stop-daemon --start $SSD_OPTIONS
- echo "${DAEMON##*/}."
- ;;
- stop)
- echo -n "Stopping $DESC: "
- start-stop-daemon --stop $SSD_OPTIONS
- echo "${DAEMON##*/}."
- ;;
- restart|force-reload)
- $0 stop
- sleep 1
- $0 start
- ;;
- status)
- status ${DAEMON} || exit $?
- ;;
- *)
- echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2
- exit 1
- ;;
-esac
-
-exit 0
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bb
deleted file mode 100644
index 641fb0a..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require recipes-security/optee/optee-client.inc
-
-SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc
index c54e004..30f9966 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc
@@ -1,15 +1,7 @@
-SRCREV = "42f6617108fa43712652ef52f9d5b4ec5b2665f8"
-PV = "3.18.0+git${SRCPV}"
-
SRC_URI:remove = " \
- file://0008-no-warn-rwx-segments.patch \
+ file://0003-core-link-add-no-warn-rwx-segments.patch \
"
-FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:"
-SRC_URI:append = " \
- file://0004-Handle-logging-syscall.patch \
- "
-
COMPATIBLE_MACHINE = "corstone1000"
OPTEEMACHINE = "corstone1000"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.10.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.10.0.bb
deleted file mode 100644
index 19beaa7..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.10.0.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require recipes-security/optee/optee-os.inc
-
-SRCREV = "d1c635434c55b7d75eadf471bde04926bd1e50a7"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend
index 4b03985..bc933dd 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend
@@ -3,6 +3,5 @@
MACHINE_OPTEE_OS_REQUIRE ?= ""
MACHINE_OPTEE_OS_REQUIRE:n1sdp = "optee-os-n1sdp.inc"
MACHINE_OPTEE_OS_REQUIRE:tc = "optee-os-tc.inc"
-MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os-corstone1000-common.inc"
require ${MACHINE_OPTEE_OS_REQUIRE}
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.19.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.19.0.bbappend
deleted file mode 100644
index f80e09f..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.19.0.bbappend
+++ /dev/null
@@ -1,6 +0,0 @@
-# Machine specific configurations
-
-MACHINE_OPTEE_OS_REQUIRE ?= ""
-MACHINE_OPTEE_OS_REQUIRE:n1sdp = "optee-os-n1sdp.inc"
-
-require ${MACHINE_OPTEE_OS_REQUIRE}
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bbappend
new file mode 100644
index 0000000..e732c80
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bbappend
@@ -0,0 +1,6 @@
+# Machine specific configurations
+
+MACHINE_OPTEE_OS_REQUIRE ?= ""
+MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os-corstone1000-common.inc"
+
+require ${MACHINE_OPTEE_OS_REQUIRE}
diff --git a/meta-arm/meta-arm-bsp/wic/corstone1000-image.corstone1000.wks b/meta-arm/meta-arm-bsp/wic/corstone1000-image.corstone1000.wks
index 7625679..5668071 100644
--- a/meta-arm/meta-arm-bsp/wic/corstone1000-image.corstone1000.wks
+++ b/meta-arm/meta-arm-bsp/wic/corstone1000-image.corstone1000.wks
@@ -2,14 +2,34 @@
# Layout and maximum sizes (to be defined):
#
-part --source rawcopy --sourceparams="file=bl2_signed.bin" --align 1 --no-table --fixed-size 100k
-part --source rawcopy --sourceparams="file=bl2_signed.bin" --align 1 --no-table --fixed-size 100k
+# The entries with --offset parameter should not be relocated
+# because BL1 code is statically configured for the given positions
-part --source rawcopy --sourceparams="file=tfm_s_signed.bin" --align 1 --no-table --fixed-size 376k
-part --source rawcopy --sourceparams="file=tfm_s_signed.bin" --align 1 --no-table --fixed-size 376k
+part --source empty --size 3k --offset 17k --part-name="reserved_1" --uuid B1F2FC8C-A7A3-4485-87CB-16961B8847D7
+
+part --source empty --size 4k --align 4 --offset 20k --part-name="FWU-Metadata" --uuid 3FDFFEE1-3223-4C6B-80F9-B0E7D780C21D --part-type 8A7A84A0-8387-40F6-AB41-A8B9A5A60D23
+part --source empty --size 4k --align 4 --offset 24k --part-name="Bkup-FWU-Metadata" --uuid B3068316-5351-4998-823A-3A7B09133EC1 --part-type 8A7A84A0-8387-40F6-AB41-A8B9A5A60D23
+
+part --source empty --size 4k --align 4 --offset 28k --part-name="private_metadata_replica_2" --uuid 3CC3B456-DEC8-4CE3-BC5C-965483CE4828 --part-type ECB55DC3-8AB7-4A84-AB56-EB0A9974DB42
+part --source empty --size 4k --align 4 --offset 32k --part-name="private_metadata_replica_2" --uuid DCE9C503-8DFD-4DCB-8889-647E49641552 --part-type ECB55DC3-8AB7-4A84-AB56-EB0A9974DB42
+
+part --source rawcopy --sourceparams="file=bl2_signed.bin" --offset 36k --align 4 --part-name="bl2_primary" --uuid 9A3A8FBF-55EF-439C-80C9-A3F728033929 --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9
+
+part --source rawcopy --sourceparams="file=tfm_s_signed.bin" --align 4 --part-name="tfm_primary" --uuid 07F9616C-1233-439C-ACBA-72D75421BF70 --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E
# Rawcopy of the FIP binary
-part --source rawcopy --sourceparams="file=signed_fip-corstone1000.bin" --align 1 --no-table --fixed-size 2
+part --source rawcopy --sourceparams="file=signed_fip-corstone1000.bin" --align 4 --part-name="FIP_A" --uuid B9C7AC9D-40FF-4675-956B-EEF4DE9DF1C5 --part-type B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7
# Rawcopy of kernel with initramfs
-part --source rawcopy --sourceparams="file=Image.gz-initramfs-${MACHINE}.bin" --no-table --fixed-size 12
+part --source rawcopy --sourceparams="file=Image.gz-initramfs-${MACHINE}.bin" --align 4 --part-name="kernel_primary" --uuid BF7A6142-0662-47FD-9434-6A8811980816 --part-type 8197561D-6124-46FC-921E-141CC5745B05
+
+
+part --source empty --size 100k --offset 16392k --align 4 --part-name="bl2_secondary" --uuid 3F0C49A4-48B7-4D1E-AF59-3E4A3CE1BA9F --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9
+part --source empty --size 4k --align 4 --part-name="tfm_secondary" --uuid 009A6A12-64A6-4F0F-9882-57CD79A34A3D --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E
+part --source empty --size 4k --align 4 --part-name="FIP_B" --uuid 9424E370-7BC9-43BB-8C23-71EE645E1273 --part-type B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7
+part --source empty --size 4k --align 4 --part-name="kernel_secondary" --uuid A2698A91-F9B1-4629-9188-94E4520808F8 --part-type 8197561D-6124-46FC-921E-141CC5745B05
+
+
+part --source empty --size 3k --offset 32748k --part-name="reserved_2" --uuid CCB18569-C0BA-42E0-A429-FE1DC862D660
+
+bootloader --ptable gpt
diff --git a/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.10.0.bb b/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.10.0.bb
index b25b9a4..b9d0953 100644
--- a/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.10.0.bb
+++ b/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.10.0.bb
@@ -14,7 +14,7 @@
PROVIDES += "virtual/control-processor-firmware"
-SCP_BUILD_RELEASE ?= "1"
+CMAKE_BUILD_TYPE ?= "RelWithDebInfo"
SCP_PLATFORM ?= "invalid"
SCP_COMPILER ?= "arm-none-eabi"
SCP_LOG_LEVEL ?= "WARN"
@@ -29,8 +29,6 @@
# For now we only build with GCC, so stop meta-clang trying to get involved
TOOLCHAIN = "gcc"
-SCP_BUILD_STR = "${@bb.utils.contains('SCP_BUILD_RELEASE', '1', 'Release', 'Debug', d)}"
-
inherit deploy
B = "${WORKDIR}/build"
@@ -39,67 +37,70 @@
# Allow platform specific copying of only scp or both scp & mcp, default to both
FW_TARGETS ?= "scp mcp"
FW_INSTALL ?= "ramfw romfw"
+
PACKAGE_ARCH = "${MACHINE_ARCH}"
COMPATIBLE_MACHINE ?= "invalid"
-LDFLAGS[unexport] = "1"
-CFLAGS[unexport] = "1"
+export CFLAGS = "${DEBUG_PREFIX_MAP}"
+export ASMFLAGS = "${DEBUG_PREFIX_MAP}"
-EXTRA_OECMAKE = "-D CMAKE_BUILD_TYPE=${SCP_BUILD_STR} \
+LDFLAGS[unexport] = "1"
+
+EXTRA_OECMAKE = "-D CMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} \
-D SCP_LOG_LEVEL=${SCP_LOG_LEVEL} \
-D SCP_PLATFORM_FEATURE_SET=${SCP_PLATFORM_FEATURE_SET} \
-D DISABLE_CPPCHECK=1 \
"
do_configure() {
- for FW in ${FW_TARGETS}; do
- for TYPE in ${FW_INSTALL}; do
- cmake -GNinja ${EXTRA_OECMAKE} -S ${S} -B "${B}/${TYPE}/${FW}" -D SCP_FIRMWARE_SOURCE_DIR="${SCP_PLATFORM}/${FW}_${TYPE}"
- done
- done
+ for FW in ${FW_TARGETS}; do
+ for TYPE in ${FW_INSTALL}; do
+ cmake -GNinja ${EXTRA_OECMAKE} -S ${S} -B "${B}/${TYPE}/${FW}" -D SCP_FIRMWARE_SOURCE_DIR="${SCP_PLATFORM}/${FW}_${TYPE}"
+ done
+ done
}
do_configure[cleandirs] += "${B}"
do_compile() {
- for FW in ${FW_TARGETS}; do
- for TYPE in ${FW_INSTALL}; do
- cmake --build ${B}/${TYPE}/${FW} --target all
- done
- done
+ for FW in ${FW_TARGETS}; do
+ for TYPE in ${FW_INSTALL}; do
+ VERBOSE=1 cmake --build ${B}/${TYPE}/${FW} --target all
+ done
+ done
}
do_install() {
- install -d ${D}/firmware
- for TYPE in ${FW_INSTALL}; do
- for FW in ${FW_TARGETS}; do
- if [ "$TYPE" = "romfw" ]; then
- if [ "$FW" = "scp" ]; then
- install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-bl1.bin" "${D}/firmware/${FW}_${TYPE}.bin"
- install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-bl1" "${D}/firmware/${FW}_${TYPE}.elf"
- elif [ "$FW" = "mcp" ]; then
- install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-mcp-bl1.bin" "${D}/firmware/${FW}_${TYPE}.bin"
- install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-mcp-bl1" "${D}/firmware/${FW}_${TYPE}.elf"
- fi
- elif [ "$TYPE" = "ramfw" ]; then
- if [ "$FW" = "scp" ]; then
- install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-bl2.bin" "${D}/firmware/${FW}_${TYPE}.bin"
- install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-bl2" "${D}/firmware/${FW}_${TYPE}.elf"
- elif [ "$FW" = "mcp" ]; then
- install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-mcp-bl2.bin" "${D}/firmware/${FW}_${TYPE}.bin"
- install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-mcp-bl2" "${D}/firmware/${FW}_${TYPE}.elf"
- fi
- fi
- done
- done
+ install -d ${D}/firmware
+ for TYPE in ${FW_INSTALL}; do
+ for FW in ${FW_TARGETS}; do
+ if [ "$TYPE" = "romfw" ]; then
+ if [ "$FW" = "scp" ]; then
+ install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-bl1.bin" "${D}/firmware/${FW}_${TYPE}.bin"
+ install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-bl1" "${D}/firmware/${FW}_${TYPE}.elf"
+ elif [ "$FW" = "mcp" ]; then
+ install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-mcp-bl1.bin" "${D}/firmware/${FW}_${TYPE}.bin"
+ install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-mcp-bl1" "${D}/firmware/${FW}_${TYPE}.elf"
+ fi
+ elif [ "$TYPE" = "ramfw" ]; then
+ if [ "$FW" = "scp" ]; then
+ install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-bl2.bin" "${D}/firmware/${FW}_${TYPE}.bin"
+ install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-bl2" "${D}/firmware/${FW}_${TYPE}.elf"
+ elif [ "$FW" = "mcp" ]; then
+ install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-mcp-bl2.bin" "${D}/firmware/${FW}_${TYPE}.bin"
+ install -D "${B}/${TYPE}/${FW}/bin/${SCP_PLATFORM}-mcp-bl2" "${D}/firmware/${FW}_${TYPE}.elf"
+ fi
+ fi
+ done
+ done
}
FILES:${PN} = "/firmware"
SYSROOT_DIRS += "/firmware"
FILES:${PN}-dbg += "/firmware/*.elf"
-# Skip QA check for relocations in .text of elf binaries
-INSANE_SKIP:${PN}-dbg = "arch textrel"
+# These binaries are specifically for 32-bit arm
+INSANE_SKIP:${PN}-dbg += "arch"
INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
INHIBIT_PACKAGE_STRIP = "1"
diff --git a/meta-arm/meta-arm/recipes-devtools/edk2-basetools/edk2-basetools-native_202211.bb b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202302.bb
similarity index 92%
rename from meta-arm/meta-arm/recipes-devtools/edk2-basetools/edk2-basetools-native_202211.bb
rename to meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202302.bb
index 6a59c22..b331c36 100644
--- a/meta-arm/meta-arm/recipes-devtools/edk2-basetools/edk2-basetools-native_202211.bb
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202302.bb
@@ -10,7 +10,7 @@
SRC_URI = "git://github.com/tianocore/edk2.git;branch=master;protocol=https"
LIC_FILES_CHKSUM = "file://License.txt;md5=2b415520383f7964e96700ae12b4570a"
-SRCREV = "fff6d81270b57ee786ea18ad74f43149b9f03494"
+SRCREV = "f80f052277c88a67c55e107b550f504eeea947d3"
S = "${WORKDIR}/git"
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware.inc b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware.inc
index bc47747..4b9eda3 100644
--- a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware.inc
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware.inc
@@ -18,7 +18,6 @@
SRC_URI = "\
${SRC_URI_EDK2};branch=${SRCBRANCH_edk2_platforms};name=edk2;destsuffix=edk2 \
${SRC_URI_EDK2_PLATFORMS};branch=${SRCBRANCH_edk2};name=edk2-platforms;destsuffix=edk2/edk2-platforms \
- file://unaligned.patch \
file://default.patch;patchdir=edk2-platforms \
"
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend
index 7a39bb0..19b3354 100644
--- a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_%.bbappend
@@ -7,6 +7,10 @@
EDK2_PLATFORM:qemuarm64 = "ArmVirtQemu-AARCH64"
EDK2_PLATFORM_DSC:qemuarm64 = "ArmVirtPkg/ArmVirtQemu.dsc"
EDK2_BIN_NAME:qemuarm64 = "QEMU_EFI.fd"
+SRC_URI:append:qemuarm64 = " \
+ file://0001-Revert-ArmVirtPkg-QemuVirtMemInfoLib-use-HOB-not-PCD.patch \
+ file://0002-Revert-ArmVirtPkg-ArmVirtQemu-omit-PCD-PEIM-unless-T.patch \
+ "
COMPATIBLE_MACHINE:qemuarm = "qemuarm"
EDK2_PLATFORM:qemuarm = "ArmVirtQemu-ARM"
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_202205.bb b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_202205.bb
deleted file mode 100644
index e260665..0000000
--- a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_202205.bb
+++ /dev/null
@@ -1,4 +0,0 @@
-SRCREV_edk2 ?= "16779ede2d366bfc6b702e817356ccf43425bcc8"
-SRCREV_edk2-platforms ?= "3b896d1a325686de3942723c42f286090453e37a"
-
-require edk2-firmware.inc
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_202302.bb b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_202302.bb
new file mode 100644
index 0000000..fa26c3e
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_202302.bb
@@ -0,0 +1,4 @@
+SRCREV_edk2 ?= "f80f052277c88a67c55e107b550f504eeea947d3"
+SRCREV_edk2-platforms ?= "65e001a7f2abedf7799cfb36b057326c1540bd47"
+
+require edk2-firmware.inc
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/files/0001-Revert-ArmVirtPkg-QemuVirtMemInfoLib-use-HOB-not-PCD.patch b/meta-arm/meta-arm/recipes-bsp/uefi/files/0001-Revert-ArmVirtPkg-QemuVirtMemInfoLib-use-HOB-not-PCD.patch
new file mode 100644
index 0000000..824c6cc
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/files/0001-Revert-ArmVirtPkg-QemuVirtMemInfoLib-use-HOB-not-PCD.patch
@@ -0,0 +1,290 @@
+From 44b69c8d7c8ed665b4f8d8a9953ea23a731d221f Mon Sep 17 00:00:00 2001
+From: Your Name <you@example.com>
+Date: Fri, 10 Mar 2023 18:46:49 +0000
+Subject: [PATCH] Revert "ArmVirtPkg/QemuVirtMemInfoLib: use HOB not PCD to
+ record the memory size"
+
+This reverts commit 7136d5491e225c57f1d73e4a1b7ac27ed656ff72.
+
+Upstream-Status: Inappropriate [other]
+Signed-off-by: Jon Mason <jon.mason@arm.com>
+
+---
+ ArmVirtPkg/ArmVirtPkg.dec | 1 -
+ ArmVirtPkg/ArmVirtQemu.dsc | 6 ++--
+ .../ArmVirtMemoryInitPeiLib.c | 14 ++------
+ .../ArmVirtMemoryInitPeiLib.inf | 1 -
+ .../QemuVirtMemInfoLib/QemuVirtMemInfoLib.c | 35 ++-----------------
+ .../QemuVirtMemInfoLib/QemuVirtMemInfoLib.inf | 5 +--
+ .../QemuVirtMemInfoPeiLib.inf | 8 ++---
+ .../QemuVirtMemInfoPeiLibConstructor.c | 30 +++++++---------
+ 8 files changed, 25 insertions(+), 75 deletions(-)
+
+diff --git a/ArmVirtPkg/ArmVirtPkg.dec b/ArmVirtPkg/ArmVirtPkg.dec
+index 4645c91a83..d2d325d71e 100644
+--- a/ArmVirtPkg/ArmVirtPkg.dec
++++ b/ArmVirtPkg/ArmVirtPkg.dec
+@@ -32,7 +32,6 @@
+ gArmVirtTokenSpaceGuid = { 0x0B6F5CA7, 0x4F53, 0x445A, { 0xB7, 0x6E, 0x2E, 0x36, 0x5B, 0x80, 0x63, 0x66 } }
+ gEarlyPL011BaseAddressGuid = { 0xB199DEA9, 0xFD5C, 0x4A84, { 0x80, 0x82, 0x2F, 0x41, 0x70, 0x78, 0x03, 0x05 } }
+ gEarly16550UartBaseAddressGuid = { 0xea67ca3e, 0x1f54, 0x436b, { 0x97, 0x88, 0xd4, 0xeb, 0x29, 0xc3, 0x42, 0x67 } }
+- gArmVirtSystemMemorySizeGuid = { 0x504eccb9, 0x1bf0, 0x4420, { 0x86, 0x5d, 0xdc, 0x66, 0x06, 0xd4, 0x13, 0xbf } }
+
+ [PcdsFeatureFlag]
+ #
+diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
+index 72a0cacab4..2e786dad12 100644
+--- a/ArmVirtPkg/ArmVirtQemu.dsc
++++ b/ArmVirtPkg/ArmVirtQemu.dsc
+@@ -226,9 +226,6 @@
+ # Shadowing PEI modules is absolutely pointless when the NOR flash is emulated
+ gEfiMdeModulePkgTokenSpaceGuid.PcdShadowPeimOnBoot|FALSE
+
+- # System Memory Size -- 128 MB initially, actual size will be fetched from DT
+- gArmTokenSpaceGuid.PcdSystemMemorySize|0x8000000
+-
+ [PcdsFixedAtBuild.AARCH64]
+ # Clearing BIT0 in this PCD prevents installing a 32-bit SMBIOS entry point,
+ # if the entry point version is >= 3.0. AARCH64 OSes cannot assume the
+@@ -245,6 +242,9 @@
+ # enumeration to complete before installing ACPI tables.
+ gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration|TRUE
+
++ # System Memory Size -- 1 MB initially, actual size will be fetched from DT
++ gArmTokenSpaceGuid.PcdSystemMemorySize|0x00100000
++
+ gArmTokenSpaceGuid.PcdArmArchTimerSecIntrNum|0x0
+ gArmTokenSpaceGuid.PcdArmArchTimerIntrNum|0x0
+ gArmTokenSpaceGuid.PcdArmArchTimerVirtIntrNum|0x0
+diff --git a/ArmVirtPkg/Library/ArmVirtMemoryInitPeiLib/ArmVirtMemoryInitPeiLib.c b/ArmVirtPkg/Library/ArmVirtMemoryInitPeiLib/ArmVirtMemoryInitPeiLib.c
+index 72e5c65af7..98d90ad420 100644
+--- a/ArmVirtPkg/Library/ArmVirtMemoryInitPeiLib/ArmVirtMemoryInitPeiLib.c
++++ b/ArmVirtPkg/Library/ArmVirtMemoryInitPeiLib/ArmVirtMemoryInitPeiLib.c
+@@ -52,19 +52,10 @@ MemoryPeim (
+ {
+ EFI_RESOURCE_ATTRIBUTE_TYPE ResourceAttributes;
+ UINT64 SystemMemoryTop;
+- UINT64 SystemMemorySize;
+- VOID *Hob;
+
+ // Ensure PcdSystemMemorySize has been set
+ ASSERT (PcdGet64 (PcdSystemMemorySize) != 0);
+
+- SystemMemorySize = PcdGet64 (PcdSystemMemorySize);
+-
+- Hob = GetFirstGuidHob (&gArmVirtSystemMemorySizeGuid);
+- if (Hob != NULL) {
+- SystemMemorySize = *(UINT64 *)GET_GUID_HOB_DATA (Hob);
+- }
+-
+ //
+ // Now, the permanent memory has been installed, we can call AllocatePages()
+ //
+@@ -75,7 +66,8 @@ MemoryPeim (
+ EFI_RESOURCE_ATTRIBUTE_TESTED
+ );
+
+- SystemMemoryTop = PcdGet64 (PcdSystemMemoryBase) + SystemMemorySize;
++ SystemMemoryTop = PcdGet64 (PcdSystemMemoryBase) +
++ PcdGet64 (PcdSystemMemorySize);
+
+ if (SystemMemoryTop - 1 > MAX_ALLOC_ADDRESS) {
+ BuildResourceDescriptorHob (
+@@ -95,7 +87,7 @@ MemoryPeim (
+ EFI_RESOURCE_SYSTEM_MEMORY,
+ ResourceAttributes,
+ PcdGet64 (PcdSystemMemoryBase),
+- SystemMemorySize
++ PcdGet64 (PcdSystemMemorySize)
+ );
+ }
+
+diff --git a/ArmVirtPkg/Library/ArmVirtMemoryInitPeiLib/ArmVirtMemoryInitPeiLib.inf b/ArmVirtPkg/Library/ArmVirtMemoryInitPeiLib/ArmVirtMemoryInitPeiLib.inf
+index 48d9c66b22..21327f79f4 100644
+--- a/ArmVirtPkg/Library/ArmVirtMemoryInitPeiLib/ArmVirtMemoryInitPeiLib.inf
++++ b/ArmVirtPkg/Library/ArmVirtMemoryInitPeiLib/ArmVirtMemoryInitPeiLib.inf
+@@ -34,7 +34,6 @@
+ CacheMaintenanceLib
+
+ [Guids]
+- gArmVirtSystemMemorySizeGuid
+ gEfiMemoryTypeInformationGuid
+
+ [FeaturePcd]
+diff --git a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c
+index 9cf43f06c0..cf569bed99 100644
+--- a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c
++++ b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c
+@@ -6,12 +6,10 @@
+
+ **/
+
+-#include <Uefi.h>
+-#include <Pi/PiMultiPhase.h>
++#include <Base.h>
+ #include <Library/ArmLib.h>
+ #include <Library/BaseMemoryLib.h>
+ #include <Library/DebugLib.h>
+-#include <Library/HobLib.h>
+ #include <Library/MemoryAllocationLib.h>
+
+ // Number of Virtual Memory Map Descriptors
+@@ -26,28 +24,6 @@
+ #define MACH_VIRT_PERIPH_BASE 0x08000000
+ #define MACH_VIRT_PERIPH_SIZE SIZE_128MB
+
+-/**
+- Default library constructur that obtains the memory size from a PCD.
+-
+- @return Always returns RETURN_SUCCESS
+-
+-**/
+-RETURN_STATUS
+-EFIAPI
+-QemuVirtMemInfoLibConstructor (
+- VOID
+- )
+-{
+- UINT64 Size;
+- VOID *Hob;
+-
+- Size = PcdGet64 (PcdSystemMemorySize);
+- Hob = BuildGuidDataHob (&gArmVirtSystemMemorySizeGuid, &Size, sizeof Size);
+- ASSERT (Hob != NULL);
+-
+- return RETURN_SUCCESS;
+-}
+-
+ /**
+ Return the Virtual Memory Map of your platform
+
+@@ -67,16 +43,9 @@ ArmVirtGetMemoryMap (
+ )
+ {
+ ARM_MEMORY_REGION_DESCRIPTOR *VirtualMemoryTable;
+- VOID *MemorySizeHob;
+
+ ASSERT (VirtualMemoryMap != NULL);
+
+- MemorySizeHob = GetFirstGuidHob (&gArmVirtSystemMemorySizeGuid);
+- ASSERT (MemorySizeHob != NULL);
+- if (MemorySizeHob == NULL) {
+- return;
+- }
+-
+ VirtualMemoryTable = AllocatePool (
+ sizeof (ARM_MEMORY_REGION_DESCRIPTOR) *
+ MAX_VIRTUAL_MEMORY_MAP_DESCRIPTORS
+@@ -90,7 +59,7 @@ ArmVirtGetMemoryMap (
+ // System DRAM
+ VirtualMemoryTable[0].PhysicalBase = PcdGet64 (PcdSystemMemoryBase);
+ VirtualMemoryTable[0].VirtualBase = VirtualMemoryTable[0].PhysicalBase;
+- VirtualMemoryTable[0].Length = *(UINT64 *)GET_GUID_HOB_DATA (MemorySizeHob);
++ VirtualMemoryTable[0].Length = PcdGet64 (PcdSystemMemorySize);
+ VirtualMemoryTable[0].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_WRITE_BACK;
+
+ DEBUG ((
+diff --git a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.inf b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.inf
+index 6acad8bbd7..7150de6c10 100644
+--- a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.inf
++++ b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.inf
+@@ -14,7 +14,6 @@
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = ArmVirtMemInfoLib
+- CONSTRUCTOR = QemuVirtMemInfoLibConstructor
+
+ [Sources]
+ QemuVirtMemInfoLib.c
+@@ -31,9 +30,7 @@
+ BaseMemoryLib
+ DebugLib
+ MemoryAllocationLib
+-
+-[Guids]
+- gArmVirtSystemMemorySizeGuid
++ PcdLib
+
+ [Pcd]
+ gArmTokenSpaceGuid.PcdFvBaseAddress
+diff --git a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf
+index f045e39a41..7ecf6dfbb7 100644
+--- a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf
++++ b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf
+@@ -32,16 +32,16 @@
+ BaseMemoryLib
+ DebugLib
+ FdtLib
++ PcdLib
+ MemoryAllocationLib
+
+-[Guids]
+- gArmVirtSystemMemorySizeGuid
+-
+-[FixedPcd]
++[Pcd]
+ gArmTokenSpaceGuid.PcdFdBaseAddress
+ gArmTokenSpaceGuid.PcdFvBaseAddress
+ gArmTokenSpaceGuid.PcdSystemMemoryBase
+ gArmTokenSpaceGuid.PcdSystemMemorySize
++
++[FixedPcd]
+ gArmTokenSpaceGuid.PcdFdSize
+ gArmTokenSpaceGuid.PcdFvSize
+ gArmVirtTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress
+diff --git a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLibConstructor.c b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLibConstructor.c
+index c47ab82966..33d3597d57 100644
+--- a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLibConstructor.c
++++ b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLibConstructor.c
+@@ -6,10 +6,9 @@
+
+ **/
+
+-#include <Uefi.h>
+-#include <Pi/PiMultiPhase.h>
++#include <Base.h>
+ #include <Library/DebugLib.h>
+-#include <Library/HobLib.h>
++#include <Library/PcdLib.h>
+ #include <libfdt.h>
+
+ RETURN_STATUS
+@@ -18,14 +17,14 @@ QemuVirtMemInfoPeiLibConstructor (
+ VOID
+ )
+ {
+- VOID *DeviceTreeBase;
+- INT32 Node, Prev;
+- UINT64 NewBase, CurBase;
+- UINT64 NewSize, CurSize;
+- CONST CHAR8 *Type;
+- INT32 Len;
+- CONST UINT64 *RegProp;
+- VOID *Hob;
++ VOID *DeviceTreeBase;
++ INT32 Node, Prev;
++ UINT64 NewBase, CurBase;
++ UINT64 NewSize, CurSize;
++ CONST CHAR8 *Type;
++ INT32 Len;
++ CONST UINT64 *RegProp;
++ RETURN_STATUS PcdStatus;
+
+ NewBase = 0;
+ NewSize = 0;
+@@ -87,13 +86,8 @@ QemuVirtMemInfoPeiLibConstructor (
+ // Make sure the start of DRAM matches our expectation
+ //
+ ASSERT (FixedPcdGet64 (PcdSystemMemoryBase) == NewBase);
+-
+- Hob = BuildGuidDataHob (
+- &gArmVirtSystemMemorySizeGuid,
+- &NewSize,
+- sizeof NewSize
+- );
+- ASSERT (Hob != NULL);
++ PcdStatus = PcdSet64S (PcdSystemMemorySize, NewSize);
++ ASSERT_RETURN_ERROR (PcdStatus);
+
+ //
+ // We need to make sure that the machine we are running on has at least
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/files/0002-Revert-ArmVirtPkg-ArmVirtQemu-omit-PCD-PEIM-unless-T.patch b/meta-arm/meta-arm/recipes-bsp/uefi/files/0002-Revert-ArmVirtPkg-ArmVirtQemu-omit-PCD-PEIM-unless-T.patch
new file mode 100644
index 0000000..64e85ab
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/files/0002-Revert-ArmVirtPkg-ArmVirtQemu-omit-PCD-PEIM-unless-T.patch
@@ -0,0 +1,89 @@
+From caef501f2c05ba2170d0a449856900919021d6f6 Mon Sep 17 00:00:00 2001
+From: Your Name <you@example.com>
+Date: Fri, 10 Mar 2023 18:47:09 +0000
+Subject: [PATCH] Revert "ArmVirtPkg/ArmVirtQemu: omit PCD PEIM unless TPM
+ support is enabled"
+
+This reverts commit b6efc505e4d6eb2055a39afd0a1ee67846a1e5f9.
+
+Upstream-Status: Inappropriate [other]
+Signed-off-by: Jon Mason <jon.mason@arm.com>
+
+---
+ ArmVirtPkg/ArmVirtQemu.dsc | 22 +++++-----------------
+ ArmVirtPkg/ArmVirtQemu.fdf | 2 +-
+ 2 files changed, 6 insertions(+), 18 deletions(-)
+
+diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
+index 2e786dad12..0f8157a032 100644
+--- a/ArmVirtPkg/ArmVirtQemu.dsc
++++ b/ArmVirtPkg/ArmVirtQemu.dsc
+@@ -293,15 +293,10 @@
+ #
+ # TPM2 support
+ #
+-!if $(TPM2_ENABLE) == TRUE
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
++!if $(TPM2_ENABLE) == TRUE
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0
+-!else
+-[PcdsPatchableInModule]
+- # make this PCD patchable instead of dynamic when TPM support is not enabled
+- # this permits setting the PCD in unreachable code without pulling in dynamic PCD support
+- gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
+ !endif
+
+ [PcdsDynamicHii]
+@@ -314,13 +309,6 @@
+
+ gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5
+
+-[LibraryClasses.common.PEI_CORE, LibraryClasses.common.PEIM]
+-!if $(TPM2_ENABLE) == TRUE
+- PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
+-!else
+- PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
+-!endif
+-
+ ################################################################################
+ #
+ # Components Section - list of all EDK II Modules needed by this Platform
+@@ -332,6 +320,10 @@
+ #
+ ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
+ MdeModulePkg/Core/Pei/PeiMain.inf
++ MdeModulePkg/Universal/PCD/Pei/Pcd.inf {
++ <LibraryClasses>
++ PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
++ }
+ ArmPlatformPkg/PlatformPei/PlatformPeim.inf
+ ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf {
+ <LibraryClasses>
+@@ -342,10 +334,6 @@
+ ArmPkg/Drivers/CpuPei/CpuPei.inf
+
+ !if $(TPM2_ENABLE) == TRUE
+- MdeModulePkg/Universal/PCD/Pei/Pcd.inf {
+- <LibraryClasses>
+- PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
+- }
+ MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf {
+ <LibraryClasses>
+ ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf
+diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf
+index 764f652afd..c85e36b185 100644
+--- a/ArmVirtPkg/ArmVirtQemu.fdf
++++ b/ArmVirtPkg/ArmVirtQemu.fdf
+@@ -109,10 +109,10 @@ READ_LOCK_STATUS = TRUE
+ INF ArmPlatformPkg/PlatformPei/PlatformPeim.inf
+ INF ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf
+ INF ArmPkg/Drivers/CpuPei/CpuPei.inf
++ INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
+ INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+
+ !if $(TPM2_ENABLE) == TRUE
+- INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
+ INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf
+ INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/files/unaligned.patch b/meta-arm/meta-arm/recipes-bsp/uefi/files/unaligned.patch
deleted file mode 100644
index 783b764..0000000
--- a/meta-arm/meta-arm/recipes-bsp/uefi/files/unaligned.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 17f490101f51b03c1ffc7151cc35e9fbd42b6060 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@arm.com>
-Date: Tue, 22 Feb 2022 10:38:13 +0000
-Subject: [PATCH] Latest clang is causing build failures because -Werror is
- used
-
- edk2/MdeModulePkg/Include/Guid/ExtendedFirmwarePerformance.h:78:47:
- error: field Guid within 'FPDT_GUID_EVENT_RECORD' is less aligned than 'EFI_GUID'
- and is usually due to 'FPDT_GUID_EVENT_RECORD' being packed, which can lead to
- unaligned accesses [-Werror,-Wunaligned-access]
-
-This has been reported upstream[1] so until this is resolved, ignore the warnings.
-
-[1] https://edk2.groups.io/g/devel/message/86838
-
-Upstream-Status: Pending
-Signed-off-by: Ross Burton <ross.burton@arm.com>
----
- BaseTools/Conf/tools_def.template | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
-index 5ed19810b7..9b4f173519 100755
---- a/BaseTools/Conf/tools_def.template
-+++ b/BaseTools/Conf/tools_def.template
-@@ -2548,7 +2548,7 @@ DEFINE CLANG38_X64_PREFIX = ENV(CLANG38_BIN)
- DEFINE CLANG38_IA32_TARGET = -target i686-pc-linux-gnu
- DEFINE CLANG38_X64_TARGET = -target x86_64-pc-linux-gnu
-
--DEFINE CLANG38_WARNING_OVERRIDES = -Wno-parentheses-equality -Wno-tautological-compare -Wno-tautological-constant-out-of-range-compare -Wno-empty-body -Wno-unused-const-variable -Wno-varargs -Wno-unknown-warning-option -Wno-unused-but-set-variable -Wno-unused-const-variable
-+DEFINE CLANG38_WARNING_OVERRIDES = -Wno-parentheses-equality -Wno-tautological-compare -Wno-tautological-constant-out-of-range-compare -Wno-empty-body -Wno-unused-const-variable -Wno-varargs -Wno-unknown-warning-option -Wno-unused-but-set-variable -Wno-unused-const-variable -Wno-error=unaligned-access -Wno-unused-command-line-argument
- DEFINE CLANG38_ALL_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) DEF(CLANG38_WARNING_OVERRIDES) -fno-stack-protector -mms-bitfields -Wno-address -Wno-shift-negative-value -Wno-unknown-pragmas -Wno-incompatible-library-redeclaration -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -msoft-float -mno-implicit-float -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang -funsigned-char -fno-ms-extensions -Wno-null-dereference
-
- ###########################
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/shell.patch b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0002-Patch-in-the-paths-to-the-SBSA-test-suite.patch
similarity index 100%
rename from meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/shell.patch
rename to meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0002-Patch-in-the-paths-to-the-SBSA-test-suite.patch
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/use_bfd_linker.patch b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0003-Enforce-using-good-old-BFD-linker.patch
similarity index 81%
rename from meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/use_bfd_linker.patch
rename to meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0003-Enforce-using-good-old-BFD-linker.patch
index f0b1ac1..a921481 100644
--- a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/use_bfd_linker.patch
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0003-Enforce-using-good-old-BFD-linker.patch
@@ -1,4 +1,7 @@
-Enforce using good old BFD linker
+From 6673fb1de490575a414de7e4dd9442c921383019 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 7 Apr 2021 00:16:07 -0700
+Subject: [PATCH] Enforce using good old BFD linker
some distros may use gold as system linker and it crashes while linking the app
@@ -15,10 +18,10 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
-index 9b4f173519..ea78e81d31 100755
+index bca09e4648..b775391675 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
-@@ -1856,7 +1856,7 @@ DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
+@@ -1858,7 +1858,7 @@ DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
DEFINE GCC_AARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char -ffunction-sections -fdata-sections -Wno-address -fno-asynchronous-unwind-tables -fno-unwind-tables -fno-pic -fno-pie -ffixed-x18
DEFINE GCC_AARCH64_CC_XIPFLAGS = -mstrict-align -mgeneral-regs-only
DEFINE GCC_DLINK_FLAGS_COMMON = -nostdlib --pie
@@ -26,4 +29,4 @@
+DEFINE GCC_DLINK2_FLAGS_COMMON = -fuse-ld=bfd -Wl,--script=$(EDK_TOOLS_PATH)/Scripts/GccBase.lds
DEFINE GCC_IA32_X64_DLINK_COMMON = DEF(GCC_DLINK_FLAGS_COMMON) --gc-sections
DEFINE GCC_ARM_AARCH64_DLINK_COMMON= -Wl,--emit-relocs -nostdlib -Wl,--gc-sections -u $(IMAGE_ENTRY_POINT) -Wl,-e,$(IMAGE_ENTRY_POINT),-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map
- DEFINE GCC_ARM_DLINK_FLAGS = DEF(GCC_ARM_AARCH64_DLINK_COMMON) -z common-page-size=0x20 -Wl,--pic-veneer
+ DEFINE GCC_LOONGARCH64_DLINK_COMMON= -Wl,--emit-relocs -nostdlib -Wl,--gc-sections -u $(IMAGE_ENTRY_POINT) -Wl,-e,$(IMAGE_ENTRY_POINT),-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_6.1.0.bb b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_6.1.0.bb
index 6ef4f6c..7a29f55 100644
--- a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_6.1.0.bb
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_6.1.0.bb
@@ -1,4 +1,4 @@
-require recipes-bsp/uefi/edk2-firmware_202205.bb
+require recipes-bsp/uefi/edk2-firmware_202302.bb
PROVIDES:remove = "virtual/bootloader"
LICENSE += "& Apache-2.0"
@@ -6,8 +6,8 @@
SRC_URI += "git://github.com/ARM-software/sbsa-acs;destsuffix=edk2/ShellPkg/Application/sbsa-acs;protocol=https;branch=master;name=acs \
git://github.com/tianocore/edk2-libc;destsuffix=edk2/edk2-libc;protocol=https;branch=master;name=libc \
- file://shell.patch \
- file://use_bfd_linker.patch \
+ file://0002-Patch-in-the-paths-to-the-SBSA-test-suite.patch \
+ file://0003-Enforce-using-good-old-BFD-linker.patch \
file://0001-Fix-function-protype-mismatches.patch;patchdir=ShellPkg/Application/sbsa-acs \
file://0001-Fix-for-issue-245.patch;patchdir=ShellPkg/Application/sbsa-acs \
"
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/files/no-ipvs.cfg b/meta-arm/meta-arm/recipes-kernel/linux/files/no-ipvs.cfg
new file mode 100644
index 0000000..fcfd2b2
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-kernel/linux/files/no-ipvs.cfg
@@ -0,0 +1 @@
+CONFIG_IP_VS=n
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/files/qemuarm-phys-virt.cfg b/meta-arm/meta-arm/recipes-kernel/linux/files/qemuarm-phys-virt.cfg
new file mode 100644
index 0000000..b014e7f
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-kernel/linux/files/qemuarm-phys-virt.cfg
@@ -0,0 +1 @@
+CONFIG_ARM_PATCH_PHYS_VIRT=y
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend
similarity index 74%
rename from meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_%.bbappend
rename to meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend
index 91dc000..cab7f47 100644
--- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_%.bbappend
+++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend
@@ -1,9 +1,16 @@
ARMFILESPATHS := "${THISDIR}/files:"
+FILESEXTRAPATHS:prepend:aarch64 = "${ARMFILESPATHS}"
+SRC_URI:append:aarch64 = " \
+ file://0001-Revert-arm64-defconfig-Enable-Tegra-MGBE-driver.patch \
+ file://0002-Revert-arm64-defconfig-Add-Nuvoton-NPCM-family-suppo.patch \
+ "
+
COMPATIBLE_MACHINE:generic-arm64 = "generic-arm64"
FILESEXTRAPATHS:prepend:generic-arm64 = "${ARMFILESPATHS}"
SRC_URI:append:generic-arm64 = " \
file://generic-arm64-kmeta;type=kmeta;destsuffix=generic-arm64-kmeta \
+ file://no-ipvs.cfg \
"
FILESEXTRAPATHS:prepend:qemuarm64-secureboot = "${ARMFILESPATHS}"
@@ -25,7 +32,10 @@
SRC_URI:append:qemuarm64 = " file://efi.cfg"
FILESEXTRAPATHS:prepend:qemuarm = "${ARMFILESPATHS}"
-SRC_URI:append:qemuarm = " file://efi.cfg"
+SRC_URI:append:qemuarm = " \
+ file://efi.cfg \
+ file://qemuarm-phys-virt.cfg \
+ "
FFA_TRANSPORT_INCLUDE = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', 'arm-ffa-transport.inc', '' , d)}"
require ${FFA_TRANSPORT_INCLUDE}
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_6.1%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_6.1%.bbappend
deleted file mode 100644
index 754e5c2..0000000
--- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_6.1%.bbappend
+++ /dev/null
@@ -1,7 +0,0 @@
-ARMFILESPATHS := "${THISDIR}/files:"
-
-FILESEXTRAPATHS:prepend:aarch64 = "${ARMFILESPATHS}"
-SRC_URI:append:aarch64 = " \
- file://0001-Revert-arm64-defconfig-Enable-Tegra-MGBE-driver.patch \
- file://0002-Revert-arm64-defconfig-Add-Nuvoton-NPCM-family-suppo.patch \
- "
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0006-allow-setting-sysroot-for-libgcc-lookup.patch
rename to meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0001-core-Define-section-attributes-for-clang.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0001-core-Define-section-attributes-for-clang.patch
deleted file mode 100644
index a69d777..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0001-core-Define-section-attributes-for-clang.patch
+++ /dev/null
@@ -1,230 +0,0 @@
-From f189457b79989543f65b8a4e8729eff2cdf9a758 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 13 Aug 2022 19:24:55 -0700
-Subject: [PATCH] core: Define section attributes for clang
-
-Clang's attribute section is not same as gcc, here we need to add flags
-to sections so they can be eventually collected by linker into final
-output segments. Only way to do so with clang is to use
-
-pragma clang section ...
-
-The behavious is described here [1], this allows us to define names bss
-sections. This was not an issue until clang-15 where LLD linker starts
-to detect the section flags before merging them and throws the following
-errors
-
-| ld.lld: error: section type mismatch for .nozi.kdata_page
-| >>> /mnt/b/yoe/master/build/tmp/work/qemuarm64-yoe-linux/optee-os-tadevkit/3.17.0-r0/build/core/arch/arm/kernel/thread.o:(.nozi.kdata_page): SHT_PROGBITS
-| >>> output section .nozi: SHT_NOBITS
-|
-| ld.lld: error: section type mismatch for .nozi.mmu.l2
-| >>> /mnt/b/yoe/master/build/tmp/work/qemuarm64-yoe-linux/optee-os-tadevkit/3.17.0-r0/build/core/arch/arm/mm/core_mmu_lpae.o:(.nozi.mmu.l2): SHT_PROGBITS
-| >>> output section .nozi: SHT_NOBITS
-
-These sections should be carrying SHT_NOBITS but so far it was not
-possible to do so, this patch tries to use clangs pragma to get this
-going and match the functionality with gcc.
-
-[1] https://intel.github.io/llvm-docs/clang/LanguageExtensions.html#specifying-section-names-for-global-objects-pragma-clang-section
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- core/arch/arm/kernel/thread.c | 19 +++++++++++++++--
- core/arch/arm/mm/core_mmu_lpae.c | 35 ++++++++++++++++++++++++++++----
- core/arch/arm/mm/pgt_cache.c | 12 ++++++++++-
- core/kernel/thread.c | 13 +++++++++++-
- 4 files changed, 71 insertions(+), 8 deletions(-)
-
---- a/core/arch/arm/kernel/thread.c
-+++ b/core/arch/arm/kernel/thread.c
-@@ -44,16 +44,31 @@ static size_t thread_user_kcode_size __n
- #if defined(CFG_CORE_UNMAP_CORE_AT_EL0) && \
- defined(CFG_CORE_WORKAROUND_SPECTRE_BP_SEC) && defined(ARM64)
- long thread_user_kdata_sp_offset __nex_bss;
-+#ifdef __clang__
-+#ifndef CFG_VIRTUALIZATION
-+#pragma clang section bss=".nozi.kdata_page"
-+#else
-+#pragma clang section bss=".nex_nozi.kdata_page"
-+#endif
-+#endif
- static uint8_t thread_user_kdata_page[
- ROUNDUP(sizeof(struct thread_core_local) * CFG_TEE_CORE_NB_CORE,
- SMALL_PAGE_SIZE)]
- __aligned(SMALL_PAGE_SIZE)
-+#ifndef __clang__
- #ifndef CFG_VIRTUALIZATION
-- __section(".nozi.kdata_page");
-+ __section(".nozi.kdata_page")
- #else
-- __section(".nex_nozi.kdata_page");
-+ __section(".nex_nozi.kdata_page")
- #endif
- #endif
-+ ;
-+#endif
-+
-+/* reset BSS section to default ( .bss ) */
-+#ifdef __clang__
-+#pragma clang section bss=""
-+#endif
-
- #ifdef ARM32
- uint32_t __nostackcheck thread_get_exceptions(void)
---- a/core/arch/arm/mm/core_mmu_lpae.c
-+++ b/core/arch/arm/mm/core_mmu_lpae.c
-@@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t;
- typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES];
- typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES];
-
-+#ifdef __clang__
-+#pragma clang section bss=".nozi.mmu.base_table"
-+#endif
- static base_xlat_tbls_t base_xlation_table[NUM_BASE_TABLES]
- __aligned(NUM_BASE_LEVEL_ENTRIES * XLAT_ENTRY_SIZE)
-- __section(".nozi.mmu.base_table");
-+#ifndef __clang__
-+ __section(".nozi.mmu.base_table")
-+#endif
-+;
-+#ifdef __clang__
-+#pragma clang section bss=""
-+#endif
-
-+#ifdef __clang__
-+#pragma clang section bss=".nozi.mmu.l2"
-+#endif
- static xlat_tbl_t xlat_tables[MAX_XLAT_TABLES]
-- __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2");
-+ __aligned(XLAT_TABLE_SIZE)
-+#ifndef __clang__
-+ __section(".nozi.mmu.l2")
-+#endif
-+;
-+#ifdef __clang__
-+#pragma clang section bss=""
-+#endif
-
- #define XLAT_TABLES_SIZE (sizeof(xlat_tbl_t) * MAX_XLAT_TABLES)
-
-+#ifdef __clang__
-+#pragma clang section bss=".nozi.mmu.l2"
-+#endif
- /* MMU L2 table for TAs, one for each thread */
- static xlat_tbl_t xlat_tables_ul1[CFG_NUM_THREADS]
-- __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2");
--
-+#ifndef __clang__
-+ __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2")
-+#endif
-+;
-+#ifdef __clang__
-+#pragma clang section bss=""
-+#endif
- /*
- * TAs page table entry inside a level 1 page table.
- *
---- a/core/arch/arm/mm/pgt_cache.c
-+++ b/core/arch/arm/mm/pgt_cache.c
-@@ -104,8 +104,18 @@ void pgt_init(void)
- * has a large alignment, while .bss has a small alignment. The current
- * link script is optimized for small alignment in .bss
- */
-+#ifdef __clang__
-+#pragma clang section bss=".nozi.mmu.l2"
-+#endif
- static uint8_t pgt_tables[PGT_CACHE_SIZE][PGT_SIZE]
-- __aligned(PGT_SIZE) __section(".nozi.pgt_cache");
-+ __aligned(PGT_SIZE)
-+#ifndef __clang__
-+ __section(".nozi.pgt_cache")
-+#endif
-+ ;
-+#ifdef __clang__
-+#pragma clang section bss=""
-+#endif
- size_t n;
-
- for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) {
---- a/core/kernel/thread.c
-+++ b/core/kernel/thread.c
-@@ -37,13 +37,24 @@ struct thread_core_local thread_core_loc
- name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1]
- #endif
-
-+#define DO_PRAGMA(x) _Pragma (#x)
-+
-+#ifdef __clang__
-+#define DECLARE_STACK(name, num_stacks, stack_size, linkage) \
-+DO_PRAGMA (clang section bss=".nozi_stack." #name) \
-+linkage uint32_t name[num_stacks] \
-+ [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \
-+ STACK_ALIGNMENT) / sizeof(uint32_t)] \
-+ __attribute__((aligned(STACK_ALIGNMENT))); \
-+DO_PRAGMA(clang section bss="")
-+#else
- #define DECLARE_STACK(name, num_stacks, stack_size, linkage) \
- linkage uint32_t name[num_stacks] \
- [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \
- STACK_ALIGNMENT) / sizeof(uint32_t)] \
- __attribute__((section(".nozi_stack." # name), \
- aligned(STACK_ALIGNMENT)))
--
-+#endif
- #define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack))
-
- DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE,
---- a/core/arch/arm/mm/core_mmu_v7.c
-+++ b/core/arch/arm/mm/core_mmu_v7.c
-@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_EN
- typedef uint32_t l2_xlat_tbl_t[NUM_L2_ENTRIES];
- typedef uint32_t ul1_xlat_tbl_t[NUM_UL1_ENTRIES];
-
-+#ifdef __clang__
-+#pragma clang section bss=".nozi.mmu.l1"
-+#endif
- static l1_xlat_tbl_t main_mmu_l1_ttb
-- __aligned(L1_ALIGNMENT) __section(".nozi.mmu.l1");
-+ __aligned(L1_ALIGNMENT)
-+#ifndef __clang__
-+ __section(".nozi.mmu.l1")
-+#endif
-+;
-+#ifdef __clang__
-+#pragma clang section bss=""
-+#endif
-
- /* L2 MMU tables */
-+#ifdef __clang__
-+#pragma clang section bss=".nozi.mmu.l2"
-+#endif
- static l2_xlat_tbl_t main_mmu_l2_ttb[MAX_XLAT_TABLES]
-- __aligned(L2_ALIGNMENT) __section(".nozi.mmu.l2");
-+ __aligned(L2_ALIGNMENT)
-+#ifndef __clang__
-+ __section(".nozi.mmu.l2")
-+#endif
-+;
-+#ifdef __clang__
-+#pragma clang section bss=""
-+#endif
-
- /* MMU L1 table for TAs, one for each thread */
-+#ifdef __clang__
-+#pragma clang section bss=".nozi.mmu.ul1"
-+#endif
- static ul1_xlat_tbl_t main_mmu_ul1_ttb[CFG_NUM_THREADS]
-- __aligned(UL1_ALIGNMENT) __section(".nozi.mmu.ul1");
-+ __aligned(UL1_ALIGNMENT)
-+#ifndef __clang__
-+ __section(".nozi.mmu.ul1")
-+#endif
-+;
-+#ifdef __clang__
-+#pragma clang section bss=""
-+#endif
-
- struct mmu_partition {
- l1_xlat_tbl_t *l1_table;
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0007-allow-setting-sysroot-for-clang.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0002-optee-enable-clang-support.patch
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0007-allow-setting-sysroot-for-clang.patch
rename to meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0002-optee-enable-clang-support.patch
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0008-no-warn-rwx-segments.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0003-core-link-add-no-warn-rwx-segments.patch
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0008-no-warn-rwx-segments.patch
rename to meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0003-core-link-add-no-warn-rwx-segments.patch
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0001-core-Define-section-attributes-for-clang.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0004-core-Define-section-attributes-for-clang.patch
similarity index 93%
copy from meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0001-core-Define-section-attributes-for-clang.patch
copy to meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0004-core-Define-section-attributes-for-clang.patch
index a1dc251..0ab670f 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0001-core-Define-section-attributes-for-clang.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0004-core-Define-section-attributes-for-clang.patch
@@ -1,7 +1,7 @@
-From ff1b556ac2cd6bbb857a1ac03e0557eb490bc845 Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Wed, 21 Dec 2022 10:55:58 +0000
-Subject: [PATCH] [PATCH] core: Define section attributes for clang
+From 7218af04ce3af466e95d69e4995138cd2d26dd3f Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 13 Aug 2022 19:24:55 -0700
+Subject: [PATCH] core: Define section attributes for clang
Clang's attribute section is not same as gcc, here we need to add flags
to sections so they can be eventually collected by linker into final
@@ -39,7 +39,7 @@
5 files changed, 104 insertions(+), 11 deletions(-)
diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
-index 05dbbe56..8e6ea034 100644
+index f083b159..432983c8 100644
--- a/core/arch/arm/kernel/thread.c
+++ b/core/arch/arm/kernel/thread.c
@@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss;
@@ -185,10 +185,10 @@
struct mmu_partition {
l1_xlat_tbl_t *l1_table;
diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c
-index a7b1b10e..489859ce 100644
+index dee1d207..382cae1c 100644
--- a/core/arch/arm/mm/pgt_cache.c
+++ b/core/arch/arm/mm/pgt_cache.c
-@@ -410,8 +410,18 @@ void pgt_init(void)
+@@ -104,8 +104,18 @@ void pgt_init(void)
* has a large alignment, while .bss has a small alignment. The current
* link script is optimized for small alignment in .bss
*/
@@ -209,10 +209,10 @@
for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) {
diff --git a/core/kernel/thread.c b/core/kernel/thread.c
-index d1f2f382..8de124ae 100644
+index 18d34e6a..086129e2 100644
--- a/core/kernel/thread.c
+++ b/core/kernel/thread.c
-@@ -38,13 +38,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss;
+@@ -37,13 +37,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss;
name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1]
#endif
@@ -237,7 +237,4 @@
+#endif
#define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack))
- DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, STACK_TMP_SIZE,
---
-2.17.1
-
+ DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE,
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0009-add-z-execstack.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0009-add-z-execstack.patch
rename to meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0010-add-note-GNU-stack-section.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0010-add-note-GNU-stack-section.patch
rename to meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0006-allow-setting-sysroot-for-libgcc-lookup.patch
deleted file mode 100644
index ab4a6db..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0006-allow-setting-sysroot-for-libgcc-lookup.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 528aeb42652a3159c1bfd51d6c1442c3ff27b84c Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@arm.com>
-Date: Tue, 26 May 2020 14:38:02 -0500
-Subject: [PATCH] allow setting sysroot for libgcc lookup
-
-Explicitly pass the new variable LIBGCC_LOCATE_CFLAGS variable when searching
-for the compiler libraries as there's no easy way to reliably pass --sysroot
-otherwise.
-
-Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
----
- mk/gcc.mk | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/mk/gcc.mk b/mk/gcc.mk
-index adc77a24..81bfa78a 100644
---- a/mk/gcc.mk
-+++ b/mk/gcc.mk
-@@ -13,11 +13,11 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \
- -print-file-name=include 2> /dev/null)
-
- # Get location of libgcc from gcc
--libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
-+libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
- -print-libgcc-file-name 2> /dev/null)
--libstdc++$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
-+libstdc++$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
- -print-file-name=libstdc++.a 2> /dev/null)
--libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
-+libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
- -print-file-name=libgcc_eh.a 2> /dev/null)
-
- # Define these to something to discover accidental use
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0009-add-z-execstack.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0009-add-z-execstack.patch
deleted file mode 100644
index 3ba6c4e..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0009-add-z-execstack.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From ea932656461865ab9ac4036245c756c082aeb3e1 Mon Sep 17 00:00:00 2001
-From: Jerome Forissier <jerome.forissier@linaro.org>
-Date: Tue, 23 Aug 2022 11:41:00 +0000
-Subject: [PATCH] core, ldelf: link: add -z execstack
-
-When building for arm32 with GNU binutils 2.39, the linker outputs
-warnings when generating some TEE core binaries (all_obj.o, init.o,
-unpaged.o and tee.elf) as well as ldelf.elf:
-
- arm-poky-linux-gnueabi-ld.bfd: warning: atomic_a32.o: missing .note.GNU-stack section implies executable stack
- arm-poky-linux-gnueabi-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
-
-The permissions used when mapping the TEE core stacks do not depend on
-any metadata found in the ELF file. Similarly when the TEE core loads
-ldelf it already creates a non-executable stack regardless of ELF
-information. Therefore we can safely ignore the warnings. This is done
-by adding the '-z execstack' option.
-
-Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
-
-Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
-Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
-
----
- core/arch/arm/kernel/link.mk | 13 +++++++++----
- ldelf/link.mk | 3 +++
- 2 files changed, 12 insertions(+), 4 deletions(-)
-
-diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
-index c39d43cb..0e96e606 100644
---- a/core/arch/arm/kernel/link.mk
-+++ b/core/arch/arm/kernel/link.mk
-@@ -9,6 +9,11 @@ link-script-dep = $(link-out-dir)/.kern.ld.d
-
- AWK = awk
-
-+link-ldflags-common += $(call ld-option,--no-warn-rwx-segments)
-+ifeq ($(CFG_ARM32_core),y)
-+link-ldflags-common += $(call ld-option,--no-warn-execstack)
-+endif
-+
- link-ldflags = $(LDFLAGS)
- ifeq ($(CFG_CORE_ASLR),y)
- link-ldflags += -pie -Bsymbolic -z norelro $(ldflag-apply-dynamic-relocs)
-@@ -31,7 +36,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map
- link-ldflags += --sort-section=alignment
- link-ldflags += --fatal-warnings
- link-ldflags += --gc-sections
--link-ldflags += $(call ld-option,--no-warn-rwx-segments)
-+link-ldflags += $(link-ldflags-common)
-
- link-ldadd = $(LDADD)
- link-ldadd += $(ldflags-external)
-@@ -56,7 +61,7 @@ link-script-cppflags := \
- $(cppflagscore))
-
- ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \
-- $(call ld-option,--no-warn-rwx-segments) \
-+ $(link-ldflags-common) \
- $(link-objs) $(link-ldadd) $(libgcccore)
- cleanfiles += $(link-out-dir)/all_objs.o
- $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST)
-@@ -70,7 +75,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o
- $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@
-
- unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
-- $(call ld-option,--no-warn-rwx-segments)
-+ $(link-ldflags-common)
- unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore)
- cleanfiles += $(link-out-dir)/unpaged.o
- $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt
-@@ -99,7 +104,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o
- $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@
-
- init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
-- $(call ld-option,--no-warn-rwx-segments)
-+ $(link-ldflags-common)
- init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \
- $(libgcccore)
- cleanfiles += $(link-out-dir)/init.o
-diff --git a/ldelf/link.mk b/ldelf/link.mk
-index 64c8212a..bd49551e 100644
---- a/ldelf/link.mk
-+++ b/ldelf/link.mk
-@@ -20,6 +20,9 @@ link-ldflags += -z max-page-size=4096 # OP-TEE always uses 4K alignment
- ifeq ($(CFG_CORE_BTI),y)
- link-ldflags += $(call ld-option,-z force-bti) --fatal-warnings
- endif
-+ifeq ($(CFG_ARM32_$(sm)), y)
-+link-ldflags += $(call ld-option,--no-warn-execstack)
-+endif
- link-ldflags += $(link-ldflags$(sm))
-
- link-ldadd = $(addprefix -L,$(libdirs))
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0010-add-note-GNU-stack-section.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0010-add-note-GNU-stack-section.patch
deleted file mode 100644
index 4ea65d8..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0010-add-note-GNU-stack-section.patch
+++ /dev/null
@@ -1,128 +0,0 @@
-From ec30e84671aac9a2e9549754eb7bc6201728db4c Mon Sep 17 00:00:00 2001
-From: Jerome Forissier <jerome.forissier@linaro.org>
-Date: Tue, 23 Aug 2022 12:31:46 +0000
-Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to
-
- .S files
-
-When building for arm32 with GNU binutils 2.39, the linker outputs
-warnings when linking Trusted Applications:
-
- arm-unknown-linux-uclibcgnueabihf-ld.bfd: warning: utee_syscalls_a32.o: missing .note.GNU-stack section implies executable stack
- arm-unknown-linux-uclibcgnueabihf-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
-
-We could silence the warning by adding the '-z execstack' option to the
-TA link flags, like we did in the parent commit for the TEE core and
-ldelf. Indeed, ldelf always allocates a non-executable piece of memory
-for the TA to use as a stack.
-
-However it seems preferable to comply with the common ELF practices in
-this case. A better fix is therefore to add the missing .note.GNU-stack
-sections in the assembler files.
-
-Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
-
-Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
-Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
-
----
- lib/libutee/arch/arm/utee_syscalls_a32.S | 2 ++
- lib/libutils/ext/arch/arm/atomic_a32.S | 2 ++
- lib/libutils/ext/arch/arm/mcount_a32.S | 2 ++
- lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S | 2 ++
- lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S | 2 ++
- lib/libutils/isoc/arch/arm/setjmp_a32.S | 2 ++
- ta/arch/arm/ta_entry_a32.S | 2 ++
- 7 files changed, 14 insertions(+)
-
-diff --git a/lib/libutee/arch/arm/utee_syscalls_a32.S b/lib/libutee/arch/arm/utee_syscalls_a32.S
-index 6e621ca6..af405f62 100644
---- a/lib/libutee/arch/arm/utee_syscalls_a32.S
-+++ b/lib/libutee/arch/arm/utee_syscalls_a32.S
-@@ -7,6 +7,8 @@
- #include <tee_syscall_numbers.h>
- #include <asm.S>
-
-+ .section .note.GNU-stack,"",%progbits
-+
- .section .text
- .balign 4
- .code 32
-diff --git a/lib/libutils/ext/arch/arm/atomic_a32.S b/lib/libutils/ext/arch/arm/atomic_a32.S
-index eaef6914..2be73ffa 100644
---- a/lib/libutils/ext/arch/arm/atomic_a32.S
-+++ b/lib/libutils/ext/arch/arm/atomic_a32.S
-@@ -5,6 +5,8 @@
-
- #include <asm.S>
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /* uint32_t atomic_inc32(uint32_t *v); */
- FUNC atomic_inc32 , :
- ldrex r1, [r0]
-diff --git a/lib/libutils/ext/arch/arm/mcount_a32.S b/lib/libutils/ext/arch/arm/mcount_a32.S
-index 51439a23..54dc3c02 100644
---- a/lib/libutils/ext/arch/arm/mcount_a32.S
-+++ b/lib/libutils/ext/arch/arm/mcount_a32.S
-@@ -7,6 +7,8 @@
-
- #if defined(CFG_TA_GPROF_SUPPORT) || defined(CFG_FTRACE_SUPPORT)
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /*
- * Convert return address to call site address by subtracting the size of the
- * mcount call instruction (blx __gnu_mcount_nc).
-diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
-index a600c879..37ae9ec6 100644
---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
-+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
-@@ -5,6 +5,8 @@
-
- #include <asm.S>
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /*
- * signed ret_idivmod_values(signed quot, signed rem);
- * return quotient and remaining the EABI way (regs r0,r1)
-diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
-index 2dc50bc9..5c3353e2 100644
---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
-+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
-@@ -5,6 +5,8 @@
-
- #include <asm.S>
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /*
- * __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d)
- */
-diff --git a/lib/libutils/isoc/arch/arm/setjmp_a32.S b/lib/libutils/isoc/arch/arm/setjmp_a32.S
-index 43ea5937..f8a0b70d 100644
---- a/lib/libutils/isoc/arch/arm/setjmp_a32.S
-+++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S
-@@ -51,6 +51,8 @@
- #define SIZE(x)
- #endif
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /* Arm/Thumb interworking support:
-
- The interworking scheme expects functions to use a BX instruction
-diff --git a/ta/arch/arm/ta_entry_a32.S b/ta/arch/arm/ta_entry_a32.S
-index d2f8a69d..cd9a12f9 100644
---- a/ta/arch/arm/ta_entry_a32.S
-+++ b/ta/arch/arm/ta_entry_a32.S
-@@ -5,6 +5,8 @@
-
- #include <asm.S>
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /*
- * This function is the bottom of the user call stack. Mark it as such so that
- * the unwinding code won't try to go further down.
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
similarity index 100%
copy from meta-arm/meta-arm/recipes-security/optee/optee-os-3.18.0/0006-allow-setting-sysroot-for-libgcc-lookup.patch
copy to meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0007-allow-setting-sysroot-for-clang.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0002-optee-enable-clang-support.patch
similarity index 85%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0007-allow-setting-sysroot-for-clang.patch
rename to meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0002-optee-enable-clang-support.patch
index 067ba6e..af0ec94 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0007-allow-setting-sysroot-for-clang.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0002-optee-enable-clang-support.patch
@@ -1,4 +1,4 @@
-From db9e44af75c7cfd3316cab15aaa387383df3e57e Mon Sep 17 00:00:00 2001
+From 8846ab2b37781364088cc5c02b6bc6f518a66a0a Mon Sep 17 00:00:00 2001
From: Brett Warren <brett.warren@arm.com>
Date: Wed, 23 Sep 2020 09:27:34 +0100
Subject: [PATCH] optee: enable clang support
@@ -16,10 +16,10 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mk/clang.mk b/mk/clang.mk
-index c141a3f2..7d067cc0 100644
+index a045beee..1ebe2f70 100644
--- a/mk/clang.mk
+++ b/mk/clang.mk
-@@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
+@@ -30,7 +30,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
# Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of
# libgcc for clang
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0008-no-warn-rwx-segments.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0003-core-link-add-no-warn-rwx-segments.patch
similarity index 92%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0008-no-warn-rwx-segments.patch
rename to meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0003-core-link-add-no-warn-rwx-segments.patch
index 64a3d7e..5740461 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0008-no-warn-rwx-segments.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0003-core-link-add-no-warn-rwx-segments.patch
@@ -1,4 +1,4 @@
-From cf2a2451f4e9300532d677bb3a8315494a3b3a82 Mon Sep 17 00:00:00 2001
+From 188a39b139e0e2ccceb22bcf63559b451f0483e0 Mon Sep 17 00:00:00 2001
From: Jerome Forissier <jerome.forissier@linaro.org>
Date: Fri, 5 Aug 2022 09:48:03 +0200
Subject: [PATCH] core: link: add --no-warn-rwx-segments
@@ -19,8 +19,12 @@
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ core/arch/arm/kernel/link.mk | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
-index 0e96e606c..3fbcb6804 100644
+index 0e96e606..3fbcb680 100644
--- a/core/arch/arm/kernel/link.mk
+++ b/core/arch/arm/kernel/link.mk
@@ -37,6 +37,7 @@ link-ldflags += --sort-section=alignment
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0001-core-Define-section-attributes-for-clang.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0004-core-Define-section-attributes-for-clang.patch
similarity index 97%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0001-core-Define-section-attributes-for-clang.patch
rename to meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0004-core-Define-section-attributes-for-clang.patch
index a1dc251..f94d19f 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0001-core-Define-section-attributes-for-clang.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0004-core-Define-section-attributes-for-clang.patch
@@ -1,7 +1,7 @@
-From ff1b556ac2cd6bbb857a1ac03e0557eb490bc845 Mon Sep 17 00:00:00 2001
+From e74d8a02edd8c431c87786e22dbceee8e1e85bb8 Mon Sep 17 00:00:00 2001
From: Emekcan Aras <emekcan.aras@arm.com>
Date: Wed, 21 Dec 2022 10:55:58 +0000
-Subject: [PATCH] [PATCH] core: Define section attributes for clang
+Subject: [PATCH] core: Define section attributes for clang
Clang's attribute section is not same as gcc, here we need to add flags
to sections so they can be eventually collected by linker into final
@@ -30,6 +30,7 @@
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
---
core/arch/arm/kernel/thread.c | 19 +++++++++++++++--
core/arch/arm/mm/core_mmu_lpae.c | 35 +++++++++++++++++++++++++++----
@@ -39,7 +40,7 @@
5 files changed, 104 insertions(+), 11 deletions(-)
diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
-index 05dbbe56..8e6ea034 100644
+index 1cf76a0c..1e7f9f96 100644
--- a/core/arch/arm/kernel/thread.c
+++ b/core/arch/arm/kernel/thread.c
@@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss;
@@ -185,7 +186,7 @@
struct mmu_partition {
l1_xlat_tbl_t *l1_table;
diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c
-index a7b1b10e..489859ce 100644
+index 79553c6d..b9efdf42 100644
--- a/core/arch/arm/mm/pgt_cache.c
+++ b/core/arch/arm/mm/pgt_cache.c
@@ -410,8 +410,18 @@ void pgt_init(void)
@@ -238,6 +239,3 @@
#define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack))
DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, STACK_TMP_SIZE,
---
-2.17.1
-
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3_19.inc b/meta-arm/meta-arm/recipes-security/optee/optee-os-3_19.inc
deleted file mode 100644
index 61475dc..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3_19.inc
+++ /dev/null
@@ -1,82 +0,0 @@
-SUMMARY = "OP-TEE Trusted OS"
-DESCRIPTION = "Open Portable Trusted Execution Environment - Trusted side of the TEE"
-HOMEPAGE = "https://www.op-tee.org/"
-
-LICENSE = "BSD-2-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173"
-
-inherit deploy python3native
-require optee.inc
-
-FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os-3.19.0:"
-
-CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os"
-
-DEPENDS = "python3-pyelftools-native python3-cryptography-native"
-
-DEPENDS:append:toolchain-clang = " compiler-rt"
-
-SRC_URI = "git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https"
-
-SRC_URI:append = " \
- file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \
- file://0007-allow-setting-sysroot-for-clang.patch \
- file://0008-no-warn-rwx-segments.patch \
- "
-
-S = "${WORKDIR}/git"
-B = "${WORKDIR}/build"
-
-EXTRA_OEMAKE += " \
- PLATFORM=${OPTEEMACHINE} \
- CFG_${OPTEE_CORE}_core=y \
- CROSS_COMPILE_core=${HOST_PREFIX} \
- CROSS_COMPILE_ta_${OPTEE_ARCH}=${HOST_PREFIX} \
- NOWERROR=1 \
- ta-targets=ta_${OPTEE_ARCH} \
- O=${B} \
-"
-EXTRA_OEMAKE += " HOST_PREFIX=${HOST_PREFIX}"
-EXTRA_OEMAKE += " CROSS_COMPILE64=${HOST_PREFIX}"
-
-CFLAGS[unexport] = "1"
-LDFLAGS[unexport] = "1"
-CPPFLAGS[unexport] = "1"
-AS[unexport] = "1"
-LD[unexport] = "1"
-
-do_compile:prepend() {
- PLAT_LIBGCC_PATH=$(${CC} -print-libgcc-file-name)
-}
-
-do_compile() {
- oe_runmake -C ${S} all
-}
-do_compile[cleandirs] = "${B}"
-
-do_install() {
- #install core in firmware
- install -d ${D}${nonarch_base_libdir}/firmware/
- install -m 644 ${B}/core/*.bin ${B}/core/tee.elf ${D}${nonarch_base_libdir}/firmware/
-}
-
-PACKAGE_ARCH = "${MACHINE_ARCH}"
-
-do_deploy() {
- install -d ${DEPLOYDIR}/${MLPREFIX}optee
- install -m 644 ${D}${nonarch_base_libdir}/firmware/* ${DEPLOYDIR}/${MLPREFIX}optee
-}
-
-addtask deploy before do_build after do_install
-
-SYSROOT_DIRS += "${nonarch_base_libdir}/firmware"
-
-FILES:${PN} = "${nonarch_base_libdir}/firmware/"
-
-# note: "textrel" is not triggered on all archs
-INSANE_SKIP:${PN} = "textrel"
-# Build paths are currently embedded
-INSANE_SKIP:${PN} += "buildpaths"
-INSANE_SKIP:${PN}-dev = "staticdev"
-INHIBIT_PACKAGE_STRIP = "1"
-
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.18.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.18.0.bb
index 0982df3..ff0baf8 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.18.0.bb
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.18.0.bb
@@ -1,4 +1,3 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:"
require optee-os_3.18.0.bb
SUMMARY = "OP-TEE Trusted OS TA devkit"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/meta-arm/recipes-security/optee/optee-os.inc
index a03ea6a..bb6974b 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os.inc
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os.inc
@@ -17,9 +17,9 @@
SRC_URI = "git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https"
SRC_URI:append = " \
- file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \
- file://0007-allow-setting-sysroot-for-clang.patch \
- file://0008-no-warn-rwx-segments.patch \
+ file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \
+ file://0002-optee-enable-clang-support.patch \
+ file://0003-core-link-add-no-warn-rwx-segments.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb
index 31da5de..41b65c2 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb
@@ -2,11 +2,11 @@
DEPENDS += "dtc-native"
-FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}-3.18.0:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os-3.18.0:"
SRCREV = "1ee647035939e073a2e8dddb727c0f019cc035f1"
SRC_URI:append = " \
- file://0001-core-Define-section-attributes-for-clang.patch \
- file://0009-add-z-execstack.patch \
- file://0010-add-note-GNU-stack-section.patch \
+ file://0004-core-Define-section-attributes-for-clang.patch \
+ file://0005-core-ldelf-link-add-z-execstack.patch \
+ file://0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch \
"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.19.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.19.0.bb
deleted file mode 100644
index 656a097..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.19.0.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-require optee-os-3_19.inc
-
-DEPENDS += "dtc-native"
-
-SRCREV = "afacf356f9593a7f83cae9f96026824ec242ff52"
-
-SRC_URI:append = " \
- file://0001-core-Define-section-attributes-for-clang.patch \
- "
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb
new file mode 100644
index 0000000..5f4b066
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb
@@ -0,0 +1,10 @@
+require optee-os.inc
+
+DEPENDS += "dtc-native"
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os-3.20.0:"
+
+SRCREV = "8e74d47616a20eaa23ca692f4bbbf917a236ed94"
+SRC_URI:append = " \
+ file://0004-core-Define-section-attributes-for-clang.patch \
+ "
diff --git a/meta-raspberrypi/conf/machine/include/rpi-default-versions.inc b/meta-raspberrypi/conf/machine/include/rpi-default-versions.inc
index a29fd5e..2f76db9 100644
--- a/meta-raspberrypi/conf/machine/include/rpi-default-versions.inc
+++ b/meta-raspberrypi/conf/machine/include/rpi-default-versions.inc
@@ -1,4 +1,4 @@
# RaspberryPi BSP default versions
-PREFERRED_VERSION_linux-raspberrypi ??= "5.15.%"
+PREFERRED_VERSION_linux-raspberrypi ??= "6.1.%"
PREFERRED_VERSION_linux-raspberrypi-v7 ??= "${PREFERRED_VERSION_linux-raspberrypi}"
diff --git a/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/rpidistro-vlc/files/0008-configure-Disable-incompatible-function-pointer-type.patch b/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/rpidistro-vlc/files/0008-configure-Disable-incompatible-function-pointer-type.patch
new file mode 100644
index 0000000..3dbd08d
--- /dev/null
+++ b/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/rpidistro-vlc/files/0008-configure-Disable-incompatible-function-pointer-type.patch
@@ -0,0 +1,26 @@
+From 048e4fdd08ac588feb27b03e3ec1824e24f77d62 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sun, 5 Mar 2023 14:13:25 -0800
+Subject: [PATCH 3/3] configure: Disable incompatible-function-pointer-types
+ warning
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ configure.ac | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -105,6 +105,11 @@ AC_SUBST([AM_CFLAGS], [-fcommon])
+ dnl Prevent clang from accepting unknown flags with a mere warning
+ AX_APPEND_COMPILE_FLAGS([-Werror=unknown-warning-option -Werror=invalid-command-line-argument], [CFLAGS])
+ AX_APPEND_COMPILE_FLAGS([-Werror=unknown-warning-option -Werror=invalid-command-line-argument], [CXXFLAGS])
++dnl disable clang from erroring on function pointer protype mismatch, vlc seems to rely on that
++dnl especially in modules/video_filter/deinterlace/algo_yadif.c how it interpolates 'filter` variable
++dnl between different functions yadif_filter_line_c_16bit() and yadif_filter_line_c()
++AX_APPEND_COMPILE_FLAGS([-Wno-error=incompatible-function-pointer-types -Wno-error=incompatible-function-pointer-types], [CFLAGS])
++AX_APPEND_COMPILE_FLAGS([-Wno-error=incompatible-function-pointer-types -Wno-error=incompatible-function-pointer-types], [CXXFLAGS])
+
+ dnl
+ dnl Check the operating system
diff --git a/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/rpidistro-vlc/rpidistro-vlc_3.0.17.bb b/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/rpidistro-vlc/rpidistro-vlc_3.0.17.bb
index 2653b28..8b8ac4a 100644
--- a/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/rpidistro-vlc/rpidistro-vlc_3.0.17.bb
+++ b/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/rpidistro-vlc/rpidistro-vlc_3.0.17.bb
@@ -14,6 +14,7 @@
file://0005-mmal_exit_fix.patch \
file://0006-mmal_chain.patch \
file://0007-armv6.patch \
+ file://0008-configure-Disable-incompatible-function-pointer-type.patch \
file://2001-fix-luaL-checkint.patch \
file://2002-use-vorbisidec.patch \
file://3001-configure.ac-setup-for-OE-usage.patch \
diff --git a/meta-raspberrypi/recipes-core/psplash/files/framebuf.conf b/meta-raspberrypi/recipes-core/psplash/files/framebuf.conf
new file mode 100644
index 0000000..44e1ded
--- /dev/null
+++ b/meta-raspberrypi/recipes-core/psplash/files/framebuf.conf
@@ -0,0 +1,4 @@
+[Unit]
+Requires=sys-devices-platform-gpu-graphics-fb0.device
+After=sys-devices-platform-gpu-graphics-fb0.device
+
diff --git a/meta-raspberrypi/recipes-core/psplash/psplash_%.bbappend b/meta-raspberrypi/recipes-core/psplash/psplash_%.bbappend
index bf99b2b..57cade8 100644
--- a/meta-raspberrypi/recipes-core/psplash/psplash_%.bbappend
+++ b/meta-raspberrypi/recipes-core/psplash/psplash_%.bbappend
@@ -1,2 +1,12 @@
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
SPLASH_IMAGES:rpi = "file://psplash-raspberrypi-img.h;outsuffix=raspberrypi"
+
+SRC_URI:append:rpi = " file://framebuf.conf"
+
+do_install:append:rpi() {
+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then
+ install -Dm 0644 ${WORKDIR}/framebuf.conf ${D}${systemd_system_unitdir}/psplash-start.service.d/framebuf.conf
+ fi
+}
+
+FILES:${PN}:append:rpi = " ${systemd_system_unitdir}/psplash-start.service.d"
diff --git a/meta-raspberrypi/recipes-graphics/mesa/mesa-demos_%.bbappend b/meta-raspberrypi/recipes-graphics/mesa/mesa-demos_%.bbappend
index abb11ec..efcaf06 100644
--- a/meta-raspberrypi/recipes-graphics/mesa/mesa-demos_%.bbappend
+++ b/meta-raspberrypi/recipes-graphics/mesa/mesa-demos_%.bbappend
@@ -1,2 +1,3 @@
-# mesa-demos need libgles1 and userland driver does not have it
-COMPATIBLE_HOST:rpi = "${@bb.utils.contains('MACHINE_FEATURES', 'vc4graphics', '(.*)', 'null', d)}"
+# mesa-demos userland driver doesn't provide libgles1 and the EGL headers it provides break the mesa-demos build.
+# And enabling the `wayland` option without enabling `egl` is useless.
+PACKAGECONFIG:remove:rpi = "${@bb.utils.contains('MACHINE_FEATURES', 'vc4graphics', '', 'egl gles1 wayland', d)}"
diff --git a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-v7_6.1.bb b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-v7_6.1.bb
new file mode 100644
index 0000000..ef77b0b
--- /dev/null
+++ b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi-v7_6.1.bb
@@ -0,0 +1,6 @@
+# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com>
+#
+# SPDX-License-Identifier: MIT
+
+require linux-raspberrypi-v7.inc
+require linux-raspberrypi_6.1.bb
diff --git a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_6.1.bb b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_6.1.bb
new file mode 100644
index 0000000..c523457
--- /dev/null
+++ b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_6.1.bb
@@ -0,0 +1,31 @@
+LINUX_VERSION ?= "6.1.20"
+LINUX_RPI_BRANCH ?= "rpi-6.1.y"
+LINUX_RPI_KMETA_BRANCH ?= "yocto-6.1"
+
+SRCREV_machine = "a1cd5351f431caf7cf472825aff0e1c66bf31de4"
+SRCREV_meta = "1a97a82e62ebf4ef3787768a1f5937e2d2f280ce"
+
+KMETA = "kernel-meta"
+
+SRC_URI = " \
+ git://github.com/raspberrypi/linux.git;name=machine;branch=${LINUX_RPI_BRANCH};protocol=https \
+ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=${LINUX_RPI_KMETA_BRANCH};destsuffix=${KMETA} \
+ file://powersave.cfg \
+ file://android-drivers.cfg \
+ "
+
+require linux-raspberrypi.inc
+
+KERNEL_DTC_FLAGS += "-@ -H epapr"
+
+RDEPENDS:${KERNEL_PACKAGE_NAME}:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}"
+RDEPENDS:${KERNEL_PACKAGE_NAME}-base:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-base"
+RDEPENDS:${KERNEL_PACKAGE_NAME}-image:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-image"
+RDEPENDS:${KERNEL_PACKAGE_NAME}-dev:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-dev"
+RDEPENDS:${KERNEL_PACKAGE_NAME}-vmlinux:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-vmlinux"
+RDEPENDS:${KERNEL_PACKAGE_NAME}-modules:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-modules"
+RDEPENDS:${KERNEL_PACKAGE_NAME}-dbg:raspberrypi-armv7:append = " ${RASPBERRYPI_v7_KERNEL_PACKAGE_NAME}-dbg"
+
+DEPLOYDEP = ""
+DEPLOYDEP:raspberrypi-armv7 = "${RASPBERRYPI_v7_KERNEL}:do_deploy"
+do_deploy[depends] += "${DEPLOYDEP}"
diff --git a/meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_%.bbappend b/meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_%.bbappend
index 2bf6281..5b3f945 100644
--- a/meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_%.bbappend
+++ b/meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_%.bbappend
@@ -1,2 +1,2 @@
PACKAGECONFIG:append:rpi = " hls \
- ${@bb.utils.contains('LICENSE_FLAGS_ACCEPTED', 'commercial', 'gpl faad', '', d)}"
+ ${@bb.utils.contains('LICENSE_FLAGS_ACCEPTED', 'commercial', 'faad', '', d)}"
diff --git a/meta-raspberrypi/recipes-multimedia/rpidistro-ffmpeg/rpidistro-ffmpeg_4.3.4.bb b/meta-raspberrypi/recipes-multimedia/rpidistro-ffmpeg/rpidistro-ffmpeg_4.3.4.bb
index 30e7c57..a4a7f90 100644
--- a/meta-raspberrypi/recipes-multimedia/rpidistro-ffmpeg/rpidistro-ffmpeg_4.3.4.bb
+++ b/meta-raspberrypi/recipes-multimedia/rpidistro-ffmpeg/rpidistro-ffmpeg_4.3.4.bb
@@ -144,6 +144,9 @@
"
EXTRA_OECONF:append:linux-gnux32 = " --disable-asm"
+# Some patches introduce assembly files which needs preprocessing with
+# gcc e.g. src/libavutil/aarch64/rpi_sand_neon.S
+TOOLCHAIN = "gcc"
# gold crashes on x86, another solution is to --disable-asm but thats more hacky
# ld.gold: internal error in relocate_section, at ../../gold/i386.cc:3684
LDFLAGS:append:x86 = "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', ' -fuse-ld=bfd ', '', d)}"
diff --git a/meta-security/classes/dm-verity-img.bbclass b/meta-security/classes/dm-verity-img.bbclass
index e5946bc..d809985 100644
--- a/meta-security/classes/dm-verity-img.bbclass
+++ b/meta-security/classes/dm-verity-img.bbclass
@@ -25,6 +25,9 @@
# Define the data block size to use in veritysetup.
DM_VERITY_IMAGE_DATA_BLOCK_SIZE ?= "1024"
+# Define the hash block size to use in veritysetup.
+DM_VERITY_IMAGE_HASH_BLOCK_SIZE ?= "4096"
+
# Process the output from veritysetup and generate the corresponding .env
# file. The output from veritysetup is not very machine-friendly so we need to
# convert it to some better format. Let's drop the first line (doesn't contain
@@ -56,11 +59,18 @@
local SIZE=$(stat --printf="%s" $INPUT)
local OUTPUT=$INPUT.verity
+ if [ ${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} -ge ${DM_VERITY_IMAGE_HASH_BLOCK_SIZE} ]; then
+ align=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE}
+ else
+ align=${DM_VERITY_IMAGE_HASH_BLOCK_SIZE}
+ fi
+ SIZE=$(expr \( $SIZE + $align - 1 \) / $align \* $align)
+
cp -a $INPUT $OUTPUT
# Let's drop the first line of output (doesn't contain any useful info)
# and feed the rest to another function.
- veritysetup --data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} --hash-offset=$SIZE format $OUTPUT $OUTPUT | tail -n +2 | process_verity
+ veritysetup --data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} --hash-block-size=${DM_VERITY_IMAGE_HASH_BLOCK_SIZE} --hash-offset=$SIZE format $OUTPUT $OUTPUT | tail -n +2 | process_verity
}
VERITY_TYPES = " \
@@ -87,7 +97,7 @@
if verity_image != pn:
return # This doesn't concern this image
- if len(verity_type.split()) is not 1:
+ if len(verity_type.split()) != 1:
bb.fatal('DM_VERITY_IMAGE_TYPE must contain exactly one type')
d.appendVar('IMAGE_FSTYPES', ' %s.verity' % verity_type)
diff --git a/meta-security/docs/dm-verity-beaglebone.txt b/meta-security/docs/dm-verity-beaglebone.txt
new file mode 100644
index 0000000..5f0caa4
--- /dev/null
+++ b/meta-security/docs/dm-verity-beaglebone.txt
@@ -0,0 +1,37 @@
+dm-verity and beaglebone-black
+------------------------------
+Set/uncomment the MACHINE line for "beaglebone-yocto" if you haven't yet.
+
+In addition to the basic dm-verity settings, you'll also want in local.conf:
+
+IMAGE_BOOT_FILES:remove = "zImage"
+IMAGE_BOOT_FILES:append = " zImage-initramfs-${MACHINE}.bin;zImage"
+WKS_FILES = "${MACHINE}-verity.wks.in"
+
+Read-only issues: The beaglebone BSP by default declares the following:
+
+ SERIAL_CONSOLES ?= "115200;ttyS0 115200;ttyO0 115200;ttyAMA0"
+ SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}"
+
+...which are variables used by sysV init, in order to determine the
+appropriate /etc/inittab entries. The problem that arises is that by
+default, an on-target runtime check of /proc/consoles is used to finalize
+the /etc/inittab -- and of course that fails a build with read-only-rootfs
+[see the pkg_postinst_ontarget rule in the sysvinit rule for details.]
+
+If you don't need a serial console, the quick fix is to add in local.conf
+
+SERIAL_CONSOLES = ""
+
+If you do need/want a serial console, then probably a local bbappend to
+manually set the /etc/inittab as desired is easiest.
+
+After running "wic create -e core-image-minimal beaglebone-yocto-verity"
+you should have a "direct" image ready to write to a u-SD card. Remember
+that the "direct" image contains the bootloader and partition table
+already, so you'll be writing it to a device such as /dev/sdb and not
+just a partition -- like /dev/sdb1
+
+Also recall that booting from u-SD requires pressing and holding the S2
+(SYSBOOT) button during power-on in order to divert the boot from the normal
+soldered on storage and to the removable u-SD card.
diff --git a/meta-security/docs/dm-verity.txt b/meta-security/docs/dm-verity.txt
new file mode 100644
index 0000000..602a826
--- /dev/null
+++ b/meta-security/docs/dm-verity.txt
@@ -0,0 +1,114 @@
+dm-verity and Yocto/OE
+----------------------
+The dm-verity feature provides a level of data integrity and resistance to
+data tampering. It does this by creating a hash for each data block of
+the underlying device as the base of a hash tree. There are many
+documents out there to further explain the implementaion, such as the
+in-kernel one itself:
+
+https://docs.kernel.org/admin-guide/device-mapper/verity.html
+
+The goal of this document is not to reproduce that content, but instead to
+capture the Yocto/OE specifics of the dm-verity infrastructure used here.
+
+Ideally this should enable a person to build and deploy an image on one of
+the supported reference platforms, and then further adapt to their own
+platform and specific storage requirements.
+
+Basic Settings
+--------------
+Largely everything is driven off of a dm-verity image class; a typical
+block of non MACHINE specific settings are shown below:
+
+INITRAMFS_IMAGE = "dm-verity-image-initramfs"
+DM_VERITY_IMAGE = "core-image-minimal"
+DM_VERITY_IMAGE_TYPE = "ext4"
+IMAGE_CLASSES += "dm-verity-img"
+INITRAMFS_IMAGE_BUNDLE = "1"
+
+Kernel Configuration
+--------------------
+Kernel configuration for dm-verity happens automatically via IMAGE_CLASSES
+which will source features/device-mapper/dm-verity.scc when dm-verity-img
+is used. [See commit d9feafe991c]
+
+Supported Platforms
+-------------------
+In theory, you can use dm-verity anywhere - there is nothing arch/BSP
+specific in the core kernel support. However, at the BSP level, one
+eventually has to decide what device(s) are to be hashed, and where the
+hash tables are stored.
+
+To that end, the BSP storage specifics live in meta-security/wic dir and
+represent the current set of example configurations that have been tested
+and submitted at some point.
+
+Getting Started
+---------------
+This document assumes you are starting from the basic auto-created
+conf/local.conf and conf/bblayers.conf from the oe-init-build-env
+
+Firstly, you need the meta-security layer to conf/bblayers.conf along with
+the dependencies it has -- see the top level meta-security README for that.
+
+Next, assuming you'll be using dm-verity for validation of your rootfs,
+you'll need to enable read-only rootfs support in your local.conf with:
+
+EXTRA_IMAGE_FEATURES = "read-only-rootfs"
+
+For more details, see the associated documentation:
+
+https://docs.yoctoproject.org/dev/dev-manual/read-only-rootfs.html
+
+Also add the basic block of dm-verity settings shown above, and select
+your MACHINE from one of the supported platforms.
+
+If there is a dm-verity-<MACHINE>.txt file for your BSP, check that for
+any additional platform specific recommended settings, such as the
+WKS_FILES which can specify board specific storage layout discussed below.
+
+Then you should be able to do a "bitbake core-image-minimal" just like any
+other normal build. What you will notice, is the content in
+tmp/deploy/images/<MACHINE>/ now have suffixes like "rootfs.ext4.verity"
+
+While you can manually work with these images just like any other build,
+this is where the BSP specific recipes in meta-security/wic can simplify
+things and remove a bunch of manual steps that might be error prone.
+
+Consider for example, the beaglebone black WIC file, which contains:
+
+part /boot --source bootimg-partition --ondisk mmcblk0 --fstype=vfat
+--label boot --active --align 4 --fixed-size 32 --sourceparams="loader=u-boot" --use-uuid
+part / --source rawcopy --ondisk mmcblk0 --sourceparams="file=${IMGDEPLOYDIR}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity"
+bootloader --append="console=ttyS0,115200"
+
+As can be seen, it maps out the partitions, including the bootloader, and
+saves doing a whole bunch of manual partitioning and dd steps.
+
+This file is copied into tmp/deploy/images/<MACHINE>/ with bitbake
+variables expanded with their corresponding values for wic to make use of.
+
+Continuing with the beaglebone example, we'll see output similar to:
+
+ ----------------------
+$ wic create -e core-image-minimal beaglebone-yocto-verity
+
+[...]
+
+INFO: Creating image(s)...
+
+INFO: The new image(s) can be found here:
+ ./beaglebone-yocto-verity.wks-202303070223-mmcblk0.direct
+
+The following build artifacts were used to create the image(s):
+ BOOTIMG_DIR: /home/paul/poky/build-bbb-verity/tmp/work/beaglebone_yocto-poky-linux-gnueabi/core-image-minimal/1.0-r0/recipe-sysroot/usr/share
+ KERNEL_DIR: /home/paul/poky/build-bbb-verity/tmp/deploy/images/beaglebone-yocto
+ NATIVE_SYSROOT: /home/paul/poky/build-bbb-verity/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/wic-tools/1.0-r0/recipe-sysroot-native
+
+INFO: The image(s) were created using OE kickstart file:
+ /home/paul/poky/meta-security/wic/beaglebone-yocto-verity.wks.in
+ ----------------------
+
+The "direct" image contains the partition table, bootloader, and dm-verity
+enabled ext4 image all in one -- ready to write to a raw device, such as a
+u-SD card in the case of the beaglebone.
diff --git a/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb
similarity index 90%
rename from meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
rename to meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb
index 1f55267..9379494 100644
--- a/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb
@@ -11,11 +11,11 @@
DEPENDS = "python3-native"
-SRCREV ="4fe4ac8dde6ba14841da598ec37f8c6911fe0f64"
-SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \
- file://initd \
- file://run-ptest \
-"
+SRCREV = "e1d3006b0330e9777705a7baafe3989d442ed120"
+SRC_URI = "git://github.com/fail2ban/fail2ban.git;branch=master;protocol=https \
+ file://initd \
+ file://run-ptest \
+ "
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)"
diff --git a/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.4.bb b/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.8.1.bb
similarity index 95%
rename from meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.4.bb
rename to meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.8.1.bb
index b6a0e06..8bb88f1 100644
--- a/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.4.bb
+++ b/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.8.1.bb
@@ -6,7 +6,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=c0acfa7a8a03b718abee9135bc1a1c55"
PYPI_PACKAGE = "privacyIDEA"
-SRC_URI[sha256sum] = "187b6aa61f8b27e1972512123c8295ea6d2501b3d90d975d4603e753f146b50c"
+SRC_URI[sha256sum] = "e0dae763575c6300ccaebe6dcc8d3f119cb3e25c11302b1e78a96a12e8ab2b38"
inherit pypi setuptools3
diff --git a/meta-security/meta-hardening/conf/layer.conf b/meta-security/meta-hardening/conf/layer.conf
index add3cbc..1dbc537 100644
--- a/meta-security/meta-hardening/conf/layer.conf
+++ b/meta-security/meta-hardening/conf/layer.conf
@@ -6,7 +6,7 @@
BBFILE_COLLECTIONS += "harden-layer"
BBFILE_PATTERN_harden-layer = "^${LAYERDIR}/"
-BBFILE_PRIORITY_harden-layer = "10"
+BBFILE_PRIORITY_harden-layer = "6"
LAYERSERIES_COMPAT_harden-layer = "mickledore"
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.4.bb b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.4.bb
index 4f1d1a3..873aeeb 100644
--- a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.4.bb
+++ b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.4.bb
@@ -14,6 +14,7 @@
REQUIRED_DISTRO_FEATURES = "ima"
REQUIRED_DISTRO_FEATURES:class-native = ""
+EXTRA_OECONF += "MANPAGE_DOCBOOK_XSL=0"
EXTRA_OECONF:append:class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}"
# blkid is called by evmctl when creating evm checksums.
diff --git a/meta-security/meta-security-compliance/conf/layer.conf b/meta-security/meta-security-compliance/conf/layer.conf
index f07532c..82409a6 100644
--- a/meta-security/meta-security-compliance/conf/layer.conf
+++ b/meta-security/meta-security-compliance/conf/layer.conf
@@ -6,7 +6,7 @@
BBFILE_COLLECTIONS += "scanners-layer"
BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/"
-BBFILE_PRIORITY_scanners-layer = "10"
+BBFILE_PRIORITY_scanners-layer = "6"
LAYERSERIES_COMPAT_scanners-layer = "mickledore"
diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
deleted file mode 100644
index 192b008..0000000
--- a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-SUMARRY = "NIST Certified SCAP 1.2 toolkit"
-
-require openscap.inc
-
-SRCREV = "0cb55c55af6be9934d6fd0caf4563b206f289732"
-SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https \
-"
-
-DEFAULT_PREFERENCE = "-1"
diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.7.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.7.bb
new file mode 100644
index 0000000..cfe93f0
--- /dev/null
+++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.7.bb
@@ -0,0 +1,19 @@
+SUMARRY = "NIST Certified SCAP 1.2 toolkit"
+
+DEPENDS:append = " xmlsec1"
+
+require openscap.inc
+
+inherit systemd
+
+SRCREV = "55efbfda0f617e05862ab6ed4862e10dbee52b03"
+SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https"
+
+SYSTEMD_PACKAGES = "${PN}"
+SYSTEMD_SERVICE:${PN} = "oscap-remediate.service"
+
+do_install:append () {
+ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+ install -D -m 0644 ${B}/oscap-remediate.service ${D}${systemd_system_unitdir}/oscap-remediate.service
+ fi
+}
diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
index a18cbd1..3543e11 100644
--- a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
+++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
@@ -10,3 +10,5 @@
"
PV = "1.3.3+git${SRCPV}"
+
+DEFAULT_PREFERENCE = "-1"
diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf
index 81690ca..12bd6b7 100644
--- a/meta-security/meta-tpm/conf/layer.conf
+++ b/meta-security/meta-tpm/conf/layer.conf
@@ -6,7 +6,7 @@
BBFILE_COLLECTIONS += "tpm-layer"
BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/"
-BBFILE_PRIORITY_tpm-layer = "10"
+BBFILE_PRIORITY_tpm-layer = "6"
LAYERSERIES_COMPAT_tpm-layer = "mickledore"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
index 657a2cd..cc7e6ae 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
@@ -14,6 +14,8 @@
UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
+CVE_PRODUCT = "tpm2_software_stack"
+
inherit autotools pkgconfig systemd useradd
PACKAGECONFIG ??= "vendor"
diff --git a/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb b/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb
index 22c1245..b009a4d 100644
--- a/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb
+++ b/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb
@@ -40,16 +40,16 @@
sshguard \
firejail \
${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 ", "", " libseccomp",d)} \
- ${@bb.utils.contains("DISTRO_FEATURES", "pam", "google-authenticator-libpam krill", "",d)} \
+ ${@bb.utils.contains("DISTRO_FEATURES", "pam", "google-authenticator-libpam", "",d)} \
${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils packctl", "",d)} \
"
-RDEPENDS:packagegroup-security-utils:append:x86 = " chipsec"
-RDEPENDS:packagegroup-security-utils:append:x86-64 = " chipsec"
-RDEPENDS:packagegroup-security-utils:remove:mipsarch = "firejail krill"
+have_krill = "${@bb.utils.contains("DISTRO_FEATURES", "pam", "krill", "",d)}"
+RDEPENDS:packagegroup-security-utils:append:x86 = " chipsec ${have_krill}"
+RDEPENDS:packagegroup-security-utils:append:x86-64 = " chipsec ${have_krill}"
+RDEPENDS:packagegroup-security-utils:append:aarch64 = " ${have_krill}"
+RDEPENDS:packagegroup-security-utils:remove:mipsarch = "firejail"
RDEPENDS:packagegroup-security-utils:remove:libc-musl = "krill"
-RDEPENDS:packagegroup-security-utils:remove:riscv64 = "krill"
-RDEPENDS:packagegroup-security-utils:remove:armv7ve = " krill"
SUMMARY:packagegroup-security-scanners = "Security scanners"
RDEPENDS:packagegroup-security-scanners = "\
diff --git a/meta-security/recipes-ids/suricata/libhtp_0.5.40.bb b/meta-security/recipes-ids/suricata/libhtp_0.5.42.bb
similarity index 90%
rename from meta-security/recipes-ids/suricata/libhtp_0.5.40.bb
rename to meta-security/recipes-ids/suricata/libhtp_0.5.42.bb
index 08e285e..e2866c8 100644
--- a/meta-security/recipes-ids/suricata/libhtp_0.5.40.bb
+++ b/meta-security/recipes-ids/suricata/libhtp_0.5.42.bb
@@ -5,7 +5,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=596ab7963a1a0e5198e5a1c4aa621843"
SRC_URI = "git://github.com/OISF/libhtp.git;protocol=https;branch=0.5.x"
-SRCREV = "1733478f7fd09e936fea2e024f1d228d40741df2"
+SRCREV = "b14f81bfddbc7206ea713177fcf1e1090257dcd2"
DEPENDS = "zlib"
diff --git a/meta-security/recipes-ids/suricata/suricata_6.0.6.bb b/meta-security/recipes-ids/suricata/suricata_6.0.10.bb
similarity index 97%
rename from meta-security/recipes-ids/suricata/suricata_6.0.6.bb
rename to meta-security/recipes-ids/suricata/suricata_6.0.10.bb
index ce9aca8..0422ead 100644
--- a/meta-security/recipes-ids/suricata/suricata_6.0.6.bb
+++ b/meta-security/recipes-ids/suricata/suricata_6.0.10.bb
@@ -5,7 +5,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548"
SRC_URI = "http://www.openinfosecfoundation.org/download/suricata-${PV}.tar.gz"
-SRC_URI[sha256sum] = "00173634fa76aee636e38a90b1c02616c903e42173107d47b4114960b5fbe839"
+SRC_URI[sha256sum] = "59bfd1bf5d9c1596226fa4815bf76643ce59698866c107a26269c481f125c4d7"
DEPENDS = "lz4 libhtp"
@@ -190,6 +190,7 @@
sed -i -e "s:#!.*$:#!${USRBINPATH}/env ${PYTHON_PN}:g" ${D}${bindir}/suricatasc
sed -i -e "s:#!.*$:#!${USRBINPATH}/env ${PYTHON_PN}:g" ${D}${bindir}/suricatactl
+ sed -i -e "s:#!.*$:#!${USRBINPATH}/env ${PYTHON_PN}:g" ${D}${libdir}/suricata/python/suricata/sc/suricatasc.py
}
pkg_postinst_ontarget:${PN} () {
diff --git a/meta-security/recipes-kernel/lkrg/lkrg-module_0.9.5.bb b/meta-security/recipes-kernel/lkrg/lkrg-module_0.9.6.bb
similarity index 95%
rename from meta-security/recipes-kernel/lkrg/lkrg-module_0.9.5.bb
rename to meta-security/recipes-kernel/lkrg/lkrg-module_0.9.6.bb
index fa46cb6..421d924 100644
--- a/meta-security/recipes-kernel/lkrg/lkrg-module_0.9.5.bb
+++ b/meta-security/recipes-kernel/lkrg/lkrg-module_0.9.6.bb
@@ -11,7 +11,7 @@
SRC_URI = "git://github.com/lkrg-org/lkrg.git;protocol=https;branch=main"
-SRCREV = "c58cb52145b8e8ccc6bd19079f5c835933281cdc"
+SRCREV = "2481b3e2dd04eac945c31f99058b0aeee73c3a71"
S = "${WORKDIR}/git"
diff --git a/meta-security/recipes-mac/AppArmor/apparmor_3.0.7.bb b/meta-security/recipes-mac/AppArmor/apparmor_3.1.3.bb
similarity index 95%
rename from meta-security/recipes-mac/AppArmor/apparmor_3.0.7.bb
rename to meta-security/recipes-mac/AppArmor/apparmor_3.1.3.bb
index e7d677e..fd649e4 100644
--- a/meta-security/recipes-mac/AppArmor/apparmor_3.0.7.bb
+++ b/meta-security/recipes-mac/AppArmor/apparmor_3.1.3.bb
@@ -14,15 +14,14 @@
DEPENDS = "bison-native apr gettext-native coreutils-native swig-native"
SRC_URI = " \
- git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-3.0 \
+ git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-3.1 \
file://run-ptest \
file://crosscompile_perl_bindings.patch \
file://0001-Makefile.am-suppress-perllocal.pod.patch \
file://0001-Makefile-fix-hardcoded-installation-directories.patch \
- file://0001-rc.apparmor.debian-add-missing-functions.patch \
"
-SRCREV = "0ead606d9e608801f45e13a34358036135470729"
+SRCREV = "e69cb5047946818e6a9df326851483bb075a5cfe"
S = "${WORKDIR}/git"
PARALLEL_MAKE = ""
@@ -95,7 +94,7 @@
if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then
install -d ${D}${sysconfdir}/init.d
- install -m 755 ${B}/parser/rc.apparmor.debian ${D}${sysconfdir}/init.d/apparmor
+ install -m 755 ${B}/parser/rc.apparmor.functions ${D}${sysconfdir}/init.d/apparmor
fi
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
diff --git a/meta-security/recipes-mac/AppArmor/files/0001-rc.apparmor.debian-add-missing-functions.patch b/meta-security/recipes-mac/AppArmor/files/0001-rc.apparmor.debian-add-missing-functions.patch
deleted file mode 100644
index 53bdde8..0000000
--- a/meta-security/recipes-mac/AppArmor/files/0001-rc.apparmor.debian-add-missing-functions.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From a737c95ac0f887c365fe8f16583ea95da79de1e9 Mon Sep 17 00:00:00 2001
-From: Yi Zhao <yi.zhao@windriver.com>
-Date: Mon, 21 Jun 2021 16:53:39 +0800
-Subject: [PATCH] rc.apparmor.debian: add missing functions
-
-Add missing functions:
- aa_log_action_start
- aa_log_action_end
- aa_log_daemon_msg
- aa_log_end_msg
-
-Fixes:
-$ /etc/init.d/apparmor start
-/lib/apparmor/rc.apparmor.functions: line 294: aa_log_daemon_msg: command not found
-/lib/apparmor/rc.apparmor.functions: line 214: aa_log_action_start: command not found
-
-Upstream-Status: Pending
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- parser/rc.apparmor.debian | 20 ++++++++++++++++++++
- 1 file changed, 20 insertions(+)
-
-diff --git a/parser/rc.apparmor.debian b/parser/rc.apparmor.debian
-index 8efd4400..f35124e8 100644
---- a/parser/rc.apparmor.debian
-+++ b/parser/rc.apparmor.debian
-@@ -70,6 +70,26 @@ aa_log_skipped_msg() {
- echo ": Skipped."
- }
-
-+aa_log_action_start()
-+{
-+ echo "$@"
-+}
-+
-+aa_log_action_end()
-+{
-+ printf ""
-+}
-+
-+aa_log_daemon_msg()
-+{
-+ echo "$@"
-+}
-+
-+aa_log_end_msg()
-+{
-+ printf ""
-+}
-+
- usage() {
- echo "Usage: $0 {start|stop|restart|try-restart|reload|force-reload|status|kill}"
- }
---
-2.17.1
-
diff --git a/meta-security/recipes-scanners/rootkits/chkrootkit_0.55.bb b/meta-security/recipes-scanners/rootkits/chkrootkit_0.57.bb
similarity index 94%
rename from meta-security/recipes-scanners/rootkits/chkrootkit_0.55.bb
rename to meta-security/recipes-scanners/rootkits/chkrootkit_0.57.bb
index fe0e989..d35f5f6 100644
--- a/meta-security/recipes-scanners/rootkits/chkrootkit_0.55.bb
+++ b/meta-security/recipes-scanners/rootkits/chkrootkit_0.57.bb
@@ -7,7 +7,7 @@
SRC_URI = "http://archive.ubuntu.com/ubuntu/pool/universe/c/${BPN}/${BPN}_${PV}.orig.tar.gz \
file://musl_fix.patch"
-SRC_URI[sha256sum] = "a81c0286ec449313f953701202a00e81b204fc2cf43e278585a11c12a5e0258b"
+SRC_URI[sha256sum] = "06d1faee151aa3e3c0f91ac807ca92e60b75ed1c18268ccef2c45117156d253c"
inherit autotools-brokensep
diff --git a/meta-security/recipes-security/Firejail/firejail/exclude_seccomp_util_compiles.patch b/meta-security/recipes-security/Firejail/firejail/exclude_seccomp_util_compiles.patch
index a32720a..7e70692 100644
--- a/meta-security/recipes-security/Firejail/firejail/exclude_seccomp_util_compiles.patch
+++ b/meta-security/recipes-security/Firejail/firejail/exclude_seccomp_util_compiles.patch
@@ -5,28 +5,28 @@
we are currently doing this on the target.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-Index: git/Makefile.in
+Index: git/Makefile
===================================================================
---- git.orig/Makefile.in
-+++ git/Makefile.in
-@@ -34,7 +34,6 @@ MYDIRS = src/lib $(MAN_SRC) $(COMPLETION
+--- git.orig/Makefile
++++ git/Makefile
+@@ -18,7 +18,6 @@ MYDIRS = src/lib $(MAN_SRC) $(COMPLETION
MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so
COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion
MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 jailcheck.1
-SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32
ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS)
- .PHONY: all_items $(ALL_ITEMS)
-@@ -52,7 +51,7 @@ $(MANPAGES): src/man
+ .PHONY: all
+@@ -43,7 +42,7 @@ $(MANPAGES): src/man config.mk
man: $(MANPAGES)
-filters: $(SECCOMP_FILTERS) $(SBOX_APPS_NON_DUMPABLE)
-+filters: $(SBOX_APPS_NON_DUMPABLE)
++filters: $(SBOX_APPS_NON_DUMPABLE)
seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize
src/fseccomp/fseccomp default seccomp
src/fsec-optimize/fsec-optimize seccomp
-@@ -81,7 +80,6 @@ clean:
+@@ -72,7 +71,6 @@ clean:
done
$(MAKE) -C test clean
rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm
@@ -34,12 +34,12 @@
rm -f test/utils/index.html*
rm -f test/utils/wget-log
rm -f test/utils/firejail-test-file*
-@@ -119,7 +117,7 @@ endif
+@@ -110,7 +108,7 @@ endif
# libraries and plugins
install -m 0755 -d $(DESTDIR)$(libdir)/firejail
install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/firecfg/firejail-welcome.sh
- install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS)
-+ install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS)
++ install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS)
install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS)
install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/profstats/profstats
# plugins w/o read permission (non-dumpable)
diff --git a/meta-security/recipes-security/Firejail/firejail_0.9.70.bb b/meta-security/recipes-security/Firejail/firejail_0.9.72.bb
similarity index 95%
rename from meta-security/recipes-security/Firejail/firejail_0.9.70.bb
rename to meta-security/recipes-security/Firejail/firejail_0.9.72.bb
index 35f7b07..12a3105 100644
--- a/meta-security/recipes-security/Firejail/firejail_0.9.70.bb
+++ b/meta-security/recipes-security/Firejail/firejail_0.9.72.bb
@@ -9,7 +9,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
LICENSE = "GPL-2.0-only"
-SRCREV = "b4b08d21cd95725c9d55dfdb6987fcc6d7893247"
+SRCREV = "2551bc71f14052344666f3ca2ad67f5b798020b9"
SRC_URI = "git://github.com/netblue30/firejail.git;protocol=https;branch=master \
file://exclude_seccomp_util_compiles.patch \
"
@@ -46,6 +46,7 @@
FILES:${PN}-vim = "${datadir}/vim/"
FILES:${PN}-zsh = "${datadir}/zsh/"
+FILES:${PN}-dev = "${datadir}/gtksourceview-5/"
pkg_postinst_ontarget:${PN} () {
${libdir}/${BPN}/fseccomp default ${libdir}/${BPN}/seccomp
diff --git a/meta-security/recipes-security/cryptmount/cryptmount_6.0.bb b/meta-security/recipes-security/cryptmount/cryptmount_6.2.0.bb
similarity index 83%
rename from meta-security/recipes-security/cryptmount/cryptmount_6.0.bb
rename to meta-security/recipes-security/cryptmount/cryptmount_6.2.0.bb
index d712a61..d815e1d 100644
--- a/meta-security/recipes-security/cryptmount/cryptmount_6.0.bb
+++ b/meta-security/recipes-security/cryptmount/cryptmount_6.2.0.bb
@@ -1,12 +1,10 @@
SUMMARY = "Linux encrypted filesystem management tool"
HOMEPAGE = "http://cryptmount.sourceforge.net/"
-LIC_FILES_CHKSUM = "file://README;beginline=3;endline=4;md5=dae0772f0ff46fd927e7fdb08af51b71"
+LIC_FILES_CHKSUM = "file://COPYING;beginline=1;endline=4;md5=6e69c425bf32ecf9b1e11d29d146d03d"
LICENSE = "GPL-2.0-only"
+SRC_URI = "https://sourceforge.net/projects/cryptmount/files/${BPN}/${BPN}-6.2/${BPN}-${PV}.tar.gz"
-SRC_URI = "https://sourceforge.net/projects/cryptmount/files/${BPN}/${BPN}-${PV}/${BPN}-${PV}.tar.gz \
- "
-
-SRC_URI[sha256sum] = "86528a9175e1eb53f60613e3c3ea6ae6d69dbfe5ac2b53b2f58ba0f768371e7e"
+SRC_URI[sha256sum] = "90cc49fd598d636929c70479b1305f12b011edadf4a54578ace6c0fca8cb5ed2"
inherit autotools-brokensep gettext pkgconfig systemd
diff --git a/meta-security/recipes-security/fscrypt/fscrypt_1.0.0.bb b/meta-security/recipes-security/fscrypt/fscrypt_1.1.0.bb
similarity index 96%
rename from meta-security/recipes-security/fscrypt/fscrypt_1.0.0.bb
rename to meta-security/recipes-security/fscrypt/fscrypt_1.1.0.bb
index 8147fe6..ea9593b 100644
--- a/meta-security/recipes-security/fscrypt/fscrypt_1.0.0.bb
+++ b/meta-security/recipes-security/fscrypt/fscrypt_1.1.0.bb
@@ -11,7 +11,7 @@
# fscrypt depends on go and libpam
DEPENDS += "go-native libpam"
-SRCREV = "92b1e9a8670ccd3916a7d24a06cab1e4c9815bc4"
+SRCREV = "7c80c73c084ce9ea49a03b814dac7a82fd7b4c23"
SRC_URI = "git://github.com/google/fscrypt.git;branch=master;protocol=https"
GO_IMPORT = "import"
diff --git a/meta-security/recipes-security/krill/files/panic_workaround.patch b/meta-security/recipes-security/krill/files/panic_workaround.patch
index 9b08cb5..dc26416 100644
--- a/meta-security/recipes-security/krill/files/panic_workaround.patch
+++ b/meta-security/recipes-security/krill/files/panic_workaround.patch
@@ -5,7 +5,7 @@
===================================================================
--- git.orig/Cargo.toml
+++ git/Cargo.toml
-@@ -71,7 +71,7 @@ static-openssl = [ "openssl/vendored" ]
+@@ -91,7 +91,7 @@ hsm-tests-pkcs11 = [ "hsm" ]
# Make sure that Krill crashes on panics, rather than losing threads and
# limping on in a bad state.
[profile.release]
@@ -13,4 +13,4 @@
+#panic = "abort"
[dev-dependencies]
- # for user management
+ regex = "1.5.5"
diff --git a/meta-security/recipes-security/krill/krill.inc b/meta-security/recipes-security/krill/krill.inc
index bb40f57..22fe269 100644
--- a/meta-security/recipes-security/krill/krill.inc
+++ b/meta-security/recipes-security/krill/krill.inc
@@ -1,3 +1,6 @@
+# Auto-Generated by cargo-bitbake 0.3.16
+#
+
# please note if you have entries that do not begin with crate://
# you must change them to how that package can be fetched
SRC_URI += " \
@@ -5,46 +8,61 @@
crate://crates.io/adler/1.0.2 \
crate://crates.io/adler32/1.2.0 \
crate://crates.io/aho-corasick/0.7.18 \
+ crate://crates.io/android_system_properties/0.1.5 \
crate://crates.io/ansi_term/0.12.1 \
crate://crates.io/ascii-canvas/3.0.0 \
crate://crates.io/ascii/1.0.0 \
crate://crates.io/atty/0.2.14 \
crate://crates.io/autocfg/1.1.0 \
- crate://crates.io/backtrace/0.3.64 \
+ crate://crates.io/backoff/0.3.0 \
+ crate://crates.io/backtrace/0.3.66 \
crate://crates.io/base64/0.13.0 \
crate://crates.io/basic-cookies/0.1.4 \
- crate://crates.io/bcder/0.6.1 \
+ crate://crates.io/bcder/0.7.0 \
crate://crates.io/bit-set/0.5.2 \
crate://crates.io/bit-vec/0.6.3 \
crate://crates.io/bitflags/1.3.2 \
+ crate://crates.io/block-buffer/0.10.2 \
crate://crates.io/block-buffer/0.9.0 \
- crate://crates.io/bumpalo/3.9.1 \
+ crate://crates.io/bumpalo/3.10.0 \
crate://crates.io/bytes/1.1.0 \
crate://crates.io/cc/1.0.73 \
crate://crates.io/cfg-if/1.0.0 \
- crate://crates.io/chrono/0.4.19 \
+ crate://crates.io/chrono/0.4.22 \
crate://crates.io/chunked_transfer/1.4.0 \
crate://crates.io/cipher/0.2.5 \
crate://crates.io/clap/2.34.0 \
+ crate://crates.io/codespan-reporting/0.11.1 \
crate://crates.io/core-foundation-sys/0.8.3 \
crate://crates.io/core-foundation/0.9.3 \
- crate://crates.io/cpufeatures/0.2.1 \
+ crate://crates.io/cpufeatures/0.2.2 \
crate://crates.io/crc32fast/1.3.2 \
crate://crates.io/crunchy/0.2.2 \
+ crate://crates.io/crypto-common/0.1.6 \
crate://crates.io/crypto-mac/0.10.1 \
- crate://crates.io/ctrlc/3.2.1 \
+ crate://crates.io/cryptoki-sys/0.1.4 \
+ crate://crates.io/cryptoki/0.3.0 \
+ crate://crates.io/ctrlc/3.2.2 \
+ crate://crates.io/cxx-build/1.0.79 \
+ crate://crates.io/cxx/1.0.79 \
+ crate://crates.io/cxxbridge-flags/1.0.79 \
+ crate://crates.io/cxxbridge-macro/1.0.79 \
+ crate://crates.io/derivative/2.2.0 \
crate://crates.io/deunicode/0.4.3 \
- crate://crates.io/diff/0.1.12 \
+ crate://crates.io/diff/0.1.13 \
+ crate://crates.io/digest/0.10.3 \
crate://crates.io/digest/0.9.0 \
crate://crates.io/dirs-next/2.0.0 \
crate://crates.io/dirs-sys-next/0.1.2 \
- crate://crates.io/either/1.6.1 \
+ crate://crates.io/either/1.7.0 \
crate://crates.io/ena/0.14.0 \
- crate://crates.io/encoding_rs/0.8.30 \
+ crate://crates.io/encoding_rs/0.8.31 \
+ crate://crates.io/enum-display-derive/0.1.1 \
+ crate://crates.io/enum-flags/0.1.8 \
crate://crates.io/error-chain/0.11.0 \
crate://crates.io/fastrand/1.7.0 \
crate://crates.io/fern/0.5.9 \
- crate://crates.io/fixedbitset/0.2.0 \
+ crate://crates.io/fixedbitset/0.4.2 \
crate://crates.io/fnv/1.0.7 \
crate://crates.io/foreign-types-shared/0.1.1 \
crate://crates.io/foreign-types/0.3.2 \
@@ -60,181 +78,202 @@
crate://crates.io/futures-util/0.3.21 \
crate://crates.io/futures/0.3.21 \
crate://crates.io/generic-array/0.14.5 \
- crate://crates.io/getrandom/0.2.4 \
- crate://crates.io/gimli/0.26.1 \
- crate://crates.io/h2/0.3.11 \
- crate://crates.io/hashbrown/0.11.2 \
+ crate://crates.io/getrandom/0.2.7 \
+ crate://crates.io/gimli/0.26.2 \
+ crate://crates.io/h2/0.3.13 \
+ crate://crates.io/hashbrown/0.12.3 \
crate://crates.io/hermit-abi/0.1.19 \
crate://crates.io/hex/0.4.3 \
crate://crates.io/hmac/0.10.1 \
- crate://crates.io/http-body/0.4.4 \
- crate://crates.io/http/0.2.6 \
- crate://crates.io/httparse/1.6.0 \
+ crate://crates.io/http-body/0.4.5 \
+ crate://crates.io/http/0.2.8 \
+ crate://crates.io/httparse/1.7.1 \
crate://crates.io/httpdate/1.0.2 \
crate://crates.io/hyper-tls/0.5.0 \
- crate://crates.io/hyper/0.14.17 \
+ crate://crates.io/hyper/0.14.20 \
+ crate://crates.io/iana-time-zone-haiku/0.1.1 \
+ crate://crates.io/iana-time-zone/0.1.51 \
crate://crates.io/idna/0.2.3 \
crate://crates.io/impl-trait-for-tuples/0.2.2 \
- crate://crates.io/indexmap/1.8.0 \
+ crate://crates.io/indexmap/1.9.1 \
crate://crates.io/instant/0.1.12 \
crate://crates.io/intervaltree/0.2.7 \
- crate://crates.io/ipnet/2.3.1 \
+ crate://crates.io/ipnet/2.5.0 \
crate://crates.io/itertools/0.10.3 \
- crate://crates.io/itertools/0.9.0 \
- crate://crates.io/itoa/1.0.1 \
+ crate://crates.io/itoa/1.0.2 \
crate://crates.io/jmespatch/0.3.0 \
- crate://crates.io/js-sys/0.3.56 \
- crate://crates.io/lalrpop-util/0.19.7 \
- crate://crates.io/lalrpop/0.19.7 \
+ crate://crates.io/js-sys/0.3.58 \
+ crate://crates.io/kmip-protocol/0.4.2 \
+ crate://crates.io/kmip-ttlv/0.3.3 \
+ crate://crates.io/lalrpop-util/0.19.8 \
+ crate://crates.io/lalrpop/0.19.8 \
crate://crates.io/lazy_static/1.4.0 \
- crate://crates.io/libc/0.2.119 \
- crate://crates.io/libflate/1.1.2 \
+ crate://crates.io/libc/0.2.126 \
+ crate://crates.io/libflate/1.2.0 \
crate://crates.io/libflate_lz77/1.1.0 \
- crate://crates.io/lock_api/0.4.6 \
- crate://crates.io/log/0.4.14 \
+ crate://crates.io/libloading/0.7.3 \
+ crate://crates.io/link-cplusplus/1.0.7 \
+ crate://crates.io/lock_api/0.4.7 \
+ crate://crates.io/log/0.4.17 \
crate://crates.io/maplit/1.0.2 \
crate://crates.io/matchers/0.0.1 \
crate://crates.io/matches/0.1.9 \
- crate://crates.io/memchr/2.4.1 \
- crate://crates.io/memoffset/0.6.5 \
+ crate://crates.io/maybe-async/0.2.6 \
+ crate://crates.io/memchr/2.5.0 \
crate://crates.io/mime/0.3.16 \
- crate://crates.io/miniz_oxide/0.4.4 \
- crate://crates.io/mio/0.8.0 \
- crate://crates.io/miow/0.3.7 \
- crate://crates.io/native-tls/0.2.8 \
+ crate://crates.io/miniz_oxide/0.5.3 \
+ crate://crates.io/mio/0.8.4 \
+ crate://crates.io/native-tls/0.2.10 \
crate://crates.io/new_debug_unreachable/1.0.4 \
- crate://crates.io/nix/0.23.1 \
- crate://crates.io/ntapi/0.3.7 \
+ crate://crates.io/nix/0.24.2 \
crate://crates.io/num-bigint/0.4.3 \
- crate://crates.io/num-integer/0.1.44 \
- crate://crates.io/num-traits/0.2.14 \
+ crate://crates.io/num-integer/0.1.45 \
+ crate://crates.io/num-traits/0.2.15 \
crate://crates.io/num_cpus/1.13.1 \
- crate://crates.io/oauth2/4.1.0 \
- crate://crates.io/object/0.27.1 \
- crate://crates.io/once_cell/1.9.0 \
+ crate://crates.io/oauth2/4.2.3 \
+ crate://crates.io/object/0.29.0 \
+ crate://crates.io/once_cell/1.13.0 \
crate://crates.io/opaque-debug/0.3.0 \
- crate://crates.io/openidconnect/2.2.0 \
+ crate://crates.io/openidconnect/2.3.2 \
+ crate://crates.io/openssl-macros/0.1.0 \
crate://crates.io/openssl-probe/0.1.5 \
- crate://crates.io/openssl-src/111.17.0+1.1.1m \
- crate://crates.io/openssl-sys/0.9.72 \
- crate://crates.io/openssl/0.10.38 \
- crate://crates.io/ordered-float/1.1.1 \
+ crate://crates.io/openssl-src/111.25.0+1.1.1t \
+ crate://crates.io/openssl-sys/0.9.75 \
+ crate://crates.io/openssl/0.10.41 \
+ crate://crates.io/ordered-float/2.10.0 \
crate://crates.io/oso/0.12.4 \
- crate://crates.io/parking_lot/0.11.2 \
- crate://crates.io/parking_lot_core/0.8.5 \
+ crate://crates.io/parking_lot/0.12.1 \
+ crate://crates.io/parking_lot_core/0.9.3 \
crate://crates.io/pbkdf2/0.7.5 \
crate://crates.io/percent-encoding/2.1.0 \
- crate://crates.io/petgraph/0.5.1 \
+ crate://crates.io/petgraph/0.6.2 \
crate://crates.io/phf_shared/0.10.0 \
crate://crates.io/pico-args/0.4.2 \
- crate://crates.io/pin-project-lite/0.2.8 \
+ crate://crates.io/pin-project-lite/0.2.9 \
crate://crates.io/pin-utils/0.1.0 \
- crate://crates.io/pkg-config/0.3.24 \
+ crate://crates.io/pkg-config/0.3.25 \
crate://crates.io/polar-core/0.12.4 \
crate://crates.io/ppv-lite86/0.2.16 \
crate://crates.io/precomputed-hash/0.1.1 \
- crate://crates.io/priority-queue/1.2.1 \
- crate://crates.io/proc-macro2/1.0.36 \
- crate://crates.io/quick-xml/0.22.0 \
- crate://crates.io/quote/1.0.15 \
+ crate://crates.io/priority-queue/1.2.2 \
+ crate://crates.io/proc-macro2/1.0.40 \
+ crate://crates.io/quick-xml/0.23.0 \
+ crate://crates.io/quote/1.0.20 \
+ crate://crates.io/r2d2/0.8.10 \
crate://crates.io/rand/0.8.5 \
crate://crates.io/rand_chacha/0.3.1 \
crate://crates.io/rand_core/0.6.3 \
- crate://crates.io/redox_syscall/0.2.10 \
- crate://crates.io/redox_users/0.4.0 \
+ crate://crates.io/redox_syscall/0.2.13 \
+ crate://crates.io/redox_users/0.4.3 \
crate://crates.io/regex-automata/0.1.10 \
- crate://crates.io/regex-syntax/0.6.25 \
- crate://crates.io/regex/1.5.5 \
+ crate://crates.io/regex-syntax/0.6.27 \
+ crate://crates.io/regex/1.6.0 \
crate://crates.io/remove_dir_all/0.5.3 \
- crate://crates.io/reqwest/0.11.9 \
+ crate://crates.io/reqwest/0.11.11 \
crate://crates.io/ring/0.16.20 \
crate://crates.io/rle-decode-fast/1.0.3 \
+ crate://crates.io/routecore/0.2.0 \
crate://crates.io/rpassword/5.0.1 \
- crate://crates.io/rpki/0.13.2 \
+ crate://crates.io/rpki/0.15.8 \
crate://crates.io/rustc-demangle/0.1.21 \
- crate://crates.io/rustc_version/0.2.3 \
+ crate://crates.io/rustc_version/0.4.0 \
crate://crates.io/rustls/0.19.1 \
- crate://crates.io/rustversion/1.0.6 \
- crate://crates.io/ryu/1.0.9 \
+ crate://crates.io/rustversion/1.0.8 \
+ crate://crates.io/ryu/1.0.10 \
crate://crates.io/salsa20/0.7.2 \
- crate://crates.io/schannel/0.1.19 \
+ crate://crates.io/schannel/0.1.20 \
+ crate://crates.io/scheduled-thread-pool/0.2.6 \
crate://crates.io/scopeguard/1.1.0 \
+ crate://crates.io/scratch/1.0.2 \
crate://crates.io/scrypt/0.6.5 \
crate://crates.io/sct/0.6.1 \
crate://crates.io/security-framework-sys/2.6.1 \
crate://crates.io/security-framework/2.6.1 \
- crate://crates.io/semver-parser/0.7.0 \
- crate://crates.io/semver/0.9.0 \
- crate://crates.io/serde-value/0.6.0 \
- crate://crates.io/serde/1.0.136 \
- crate://crates.io/serde_derive/1.0.136 \
- crate://crates.io/serde_json/1.0.79 \
+ crate://crates.io/semver/1.0.12 \
+ crate://crates.io/serde-value/0.7.0 \
+ crate://crates.io/serde/1.0.139 \
+ crate://crates.io/serde_bytes/0.11.6 \
+ crate://crates.io/serde_derive/1.0.139 \
+ crate://crates.io/serde_json/1.0.82 \
crate://crates.io/serde_path_to_error/0.1.7 \
crate://crates.io/serde_urlencoded/0.7.1 \
+ crate://crates.io/sha2/0.10.2 \
crate://crates.io/sha2/0.9.9 \
crate://crates.io/sharded-slab/0.1.4 \
- crate://crates.io/siphasher/0.3.9 \
- crate://crates.io/slab/0.4.5 \
+ crate://crates.io/signal-hook-registry/1.4.0 \
+ crate://crates.io/siphasher/0.3.10 \
+ crate://crates.io/slab/0.4.6 \
crate://crates.io/slug/0.1.4 \
- crate://crates.io/smallvec/1.8.0 \
+ crate://crates.io/smallvec/1.9.0 \
crate://crates.io/socket2/0.4.4 \
crate://crates.io/spin/0.5.2 \
- crate://crates.io/string_cache/0.8.3 \
+ crate://crates.io/string_cache/0.8.4 \
crate://crates.io/strsim/0.8.0 \
crate://crates.io/subtle/2.4.1 \
- crate://crates.io/syn/1.0.86 \
+ crate://crates.io/syn/1.0.98 \
crate://crates.io/syslog/4.0.1 \
+ crate://crates.io/target-lexicon/0.12.4 \
crate://crates.io/tempfile/3.3.0 \
crate://crates.io/term/0.7.0 \
+ crate://crates.io/termcolor/1.1.3 \
crate://crates.io/textwrap/0.11.0 \
- crate://crates.io/thiserror-impl/1.0.30 \
- crate://crates.io/thiserror/1.0.30 \
+ crate://crates.io/thiserror-impl/1.0.31 \
+ crate://crates.io/thiserror/1.0.31 \
crate://crates.io/thread_local/1.1.4 \
- crate://crates.io/time/0.1.43 \
+ crate://crates.io/time/0.1.44 \
crate://crates.io/tiny-keccak/2.0.2 \
crate://crates.io/tiny_http/0.8.2 \
- crate://crates.io/tinyvec/1.5.1 \
+ crate://crates.io/tinyvec/1.6.0 \
crate://crates.io/tinyvec_macros/0.1.0 \
- crate://crates.io/tokio-macros/1.7.0 \
+ crate://crates.io/tokio-macros/1.8.0 \
crate://crates.io/tokio-native-tls/0.3.0 \
crate://crates.io/tokio-rustls/0.22.0 \
- crate://crates.io/tokio-util/0.6.9 \
- crate://crates.io/tokio/1.17.0 \
- crate://crates.io/toml/0.5.8 \
- crate://crates.io/tower-service/0.3.1 \
- crate://crates.io/tracing-attributes/0.1.19 \
- crate://crates.io/tracing-core/0.1.22 \
- crate://crates.io/tracing-log/0.1.2 \
+ crate://crates.io/tokio-util/0.7.3 \
+ crate://crates.io/tokio/1.20.4 \
+ crate://crates.io/toml/0.5.9 \
+ crate://crates.io/tower-service/0.3.2 \
+ crate://crates.io/tracing-attributes/0.1.22 \
+ crate://crates.io/tracing-core/0.1.28 \
+ crate://crates.io/tracing-log/0.1.3 \
crate://crates.io/tracing-serde/0.1.3 \
crate://crates.io/tracing-subscriber/0.2.25 \
- crate://crates.io/tracing/0.1.31 \
+ crate://crates.io/tracing/0.1.35 \
+ crate://crates.io/trait-set/0.2.0 \
crate://crates.io/try-lock/0.2.3 \
crate://crates.io/typenum/1.15.0 \
- crate://crates.io/unicode-bidi/0.3.7 \
- crate://crates.io/unicode-normalization/0.1.19 \
+ crate://crates.io/unicode-bidi/0.3.8 \
+ crate://crates.io/unicode-ident/1.0.2 \
+ crate://crates.io/unicode-normalization/0.1.21 \
crate://crates.io/unicode-width/0.1.9 \
- crate://crates.io/unicode-xid/0.2.2 \
+ crate://crates.io/unicode-xid/0.2.3 \
crate://crates.io/untrusted/0.7.1 \
crate://crates.io/url/2.2.2 \
crate://crates.io/urlparse/0.7.3 \
- crate://crates.io/uuid/0.8.2 \
+ crate://crates.io/uuid/1.1.2 \
crate://crates.io/valuable/0.1.0 \
crate://crates.io/vcpkg/0.2.15 \
crate://crates.io/vec_map/0.8.2 \
crate://crates.io/version_check/0.9.4 \
crate://crates.io/want/0.3.0 \
- crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \
- crate://crates.io/wasm-bindgen-backend/0.2.79 \
- crate://crates.io/wasm-bindgen-futures/0.4.29 \
- crate://crates.io/wasm-bindgen-macro-support/0.2.79 \
- crate://crates.io/wasm-bindgen-macro/0.2.79 \
- crate://crates.io/wasm-bindgen-shared/0.2.79 \
- crate://crates.io/wasm-bindgen/0.2.79 \
- crate://crates.io/web-sys/0.3.56 \
+ crate://crates.io/wasi/0.10.0+wasi-snapshot-preview1 \
+ crate://crates.io/wasi/0.11.0+wasi-snapshot-preview1 \
+ crate://crates.io/wasm-bindgen-backend/0.2.81 \
+ crate://crates.io/wasm-bindgen-futures/0.4.31 \
+ crate://crates.io/wasm-bindgen-macro-support/0.2.81 \
+ crate://crates.io/wasm-bindgen-macro/0.2.81 \
+ crate://crates.io/wasm-bindgen-shared/0.2.81 \
+ crate://crates.io/wasm-bindgen/0.2.81 \
+ crate://crates.io/web-sys/0.3.58 \
crate://crates.io/webpki/0.21.4 \
crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
+ crate://crates.io/winapi-util/0.1.5 \
crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
crate://crates.io/winapi/0.3.9 \
- crate://crates.io/winreg/0.7.0 \
- crate://crates.io/xml-rs/0.8.4 \
+ crate://crates.io/windows-sys/0.36.1 \
+ crate://crates.io/windows_aarch64_msvc/0.36.1 \
+ crate://crates.io/windows_i686_gnu/0.36.1 \
+ crate://crates.io/windows_i686_msvc/0.36.1 \
+ crate://crates.io/windows_x86_64_gnu/0.36.1 \
+ crate://crates.io/windows_x86_64_msvc/0.36.1 \
+ crate://crates.io/winreg/0.10.1 \
"
diff --git a/meta-security/recipes-security/krill/krill_0.9.6.bb b/meta-security/recipes-security/krill/krill_0.12.3.bb
similarity index 95%
rename from meta-security/recipes-security/krill/krill_0.9.6.bb
rename to meta-security/recipes-security/krill/krill_0.12.3.bb
index fd86c4b..a943c52 100644
--- a/meta-security/recipes-security/krill/krill_0.9.6.bb
+++ b/meta-security/recipes-security/krill/krill_0.12.3.bb
@@ -7,7 +7,7 @@
# SRC_URI += "crate://crates.io/krill/0.9.1"
SRC_URI = "git://github.com/NLnetLabs/krill.git;protocol=https;branch=main"
-SRCREV = "95e6681d5b4024cac7a1892d47fb76abc68f34fb"
+SRCREV = "e92098419c7ad82939e0483bc76df21eff705b80"
SRC_URI += "file://panic_workaround.patch"
include krill.inc
diff --git a/meta-security/recipes-security/libmspack/libmspack_1.9.1.bb b/meta-security/recipes-security/libmspack/libmspack_1.11.bb
similarity index 88%
rename from meta-security/recipes-security/libmspack/libmspack_1.9.1.bb
rename to meta-security/recipes-security/libmspack/libmspack_1.11.bb
index 1b91f46..59df84b 100644
--- a/meta-security/recipes-security/libmspack/libmspack_1.9.1.bb
+++ b/meta-security/recipes-security/libmspack/libmspack_1.11.bb
@@ -6,7 +6,7 @@
LIC_FILES_CHKSUM = "file://COPYING.LIB;beginline=1;endline=2;md5=5b1fd1f66ef926b3c8a5bb00a72a28dd"
-SRCREV = "63d3faf90423a4a6c174539a7d32111a840adadc"
+SRCREV = "305907723a4e7ab2018e58040059ffb5e77db837"
SRC_URI = "git://github.com/kyz/libmspack.git;branch=master;protocol=https"
inherit autotools
diff --git a/meta-security/wic/beaglebone-yocto-verity.wks.in b/meta-security/wic/beaglebone-yocto-verity.wks.in
index 658018b..a1d7738 100644
--- a/meta-security/wic/beaglebone-yocto-verity.wks.in
+++ b/meta-security/wic/beaglebone-yocto-verity.wks.in
@@ -10,6 +10,6 @@
#
# This .wks only works with the dm-verity-img class.
-part /boot --source bootimg-partition --ondisk mmcblk0 --fstype=vfat --label boot --active --align 4 --size 16 --sourceparams="loader=u-boot" --use-uuid
+part /boot --source bootimg-partition --ondisk mmcblk0 --fstype=vfat --label boot --active --align 4 --fixed-size 32 --sourceparams="loader=u-boot" --use-uuid
part / --source rawcopy --ondisk mmcblk0 --sourceparams="file=${IMGDEPLOYDIR}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity"
bootloader --append="console=ttyS0,115200"