subtree updates: raspberrypi security arm
meta-raspberrypi: e43af1e3a6..e15b876155:
Florian Frank (1):
linux-firmware-rpidistro: Fix wireless on model 3B and Zero W
Khem Raj (1):
linux-raspberrypi_5.15.bb: Upgrade to 5.15.92
Martin Jansa (1):
gstreamer1.0-plugins-good: rename bbappend, drop version
meta-arm: dc10b73cc5..eb9c47a4e1:
Gowtham Suresh Kumar (6):
arm/edk2-basetools: Add edk2 base tool native recipe
arm-bsp/uefi_capsule: Add UEFI capsule generation class
arm-bsp/corstone1000-image: Generate UEFI capsule for corstone1000 platform
arm/edk2-basetools: Convert edk2 basetools recipes to native only
arm-bsp/uefi_capsule: Use json file to pass capsule config
arm/uefi_capsule: Move UEFI capsule to IMGDEPLOYDIR
Jon Mason (5):
arm/boot-wrapper-aarch64: update to a newer SHA
arm/gn: update to a more recent SHA
arm/opencsd: update to v1.4.0
arm/trusted-firmware-a: update version and relocate fiptool
arm/sbsa-acs: update to v6.1.0
Mohamed Omar Asaker (5):
arm-bsp/trusted-services: corstone1000:Align psa crypto client with TF-Mv1.7
arm-bsp/trusted-services:corstone1000: disable obsolete algorithms for crypto
arm-bsp/trusted-services: corstone1000: Disable SHA512/384
arm-bsp/trusted-firmware-m:corstone1000: Increase number of assets
arm-bsp/trusted-firmware-m:corstone1000: Set SPM backend to IPC
Peter Hoyes (11):
arm,arm-bsp/classes: Move wic_nopt to meta-arm
arm-bsp/classes: Use :append to add to IMAGE_TYPES in wic_nopt
CI: Factor out CACHE_DIR to improve mirror configurability
CI: Collect testimage logs on failure
arm/trusted-firmware-m: Synchronize with 1.7.0 release
arm/classes: Factor out image signing arguments in tfm_image_sign
arm/trusted-firmware-m: Create common inc file for src definitions
arm/trusted-firmware-m: Create inc file for common config
arm/trusted-firmware-m-scripts: Create inc file for common config
arm/classes: Add sstate support to tfm_sign_images
CI: Add BUILD_ENABLE_REGEX option to conditionally enable builds
Ross Burton (8):
arm-bsp/external-system: fix the gen_module race, again
arm-bsp/linux-yocto: add 5.19 kernel recipe for N1SDP
arm/linux-yocto: remove obsolete 5.19 bbappend
arm/trusted-firmware-m: Do not use release branches
arm/boot-wrapper-aarch64: tell upgrade checker to look for new SHAs
CI/machine-summary: add missing recipes
arm-toolchain/gcc-arm: add missing Signed-off-by tag
arm/optee-os: add missing patch header
meta-security: 3529cfb43e..c06b9a18a6:
Maciej Borzęcki (1):
dm-verity-img.bbclass: add squashfs images
Petr Gotthard (4):
tpm2-tss: upgrade 3.2.0 -> 4.0.1
tpm2-tools: upgrade 5.3 -> 5.5
tpm2-pkcs11: upgrade 1.8.0 -> 1.9.0
tpm2-abrmd: upgrade 2.4.1 -> 3.0.0
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I0e1629b2f70ad1e5f7b97f5ae6d768bde101cc6f
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml
index 4060a5c..75d3609 100644
--- a/meta-arm/.gitlab-ci.yml
+++ b/meta-arm/.gitlab-ci.yml
@@ -3,6 +3,7 @@
variables:
CPU_REQUEST: ""
DEFAULT_TAG: ""
+ CACHE_DIR: $CI_BUILDS_DIR/persist
# These are needed as the k8s executor doesn't respect the container entrypoint
# by default
FF_KUBERNETES_HONOR_ENTRYPOINT: 1
@@ -20,11 +21,11 @@
interruptible: true
variables:
KAS_WORK_DIR: $CI_PROJECT_DIR/work
- KAS_REPO_REF_DIR: $CI_BUILDS_DIR/persist/repos
- SSTATE_DIR: $CI_BUILDS_DIR/persist/sstate
- DL_DIR: $CI_BUILDS_DIR/persist/downloads
+ KAS_REPO_REF_DIR: $CACHE_DIR/repos
+ SSTATE_DIR: $CACHE_DIR/sstate
+ DL_DIR: $CACHE_DIR/downloads
BB_LOGCONFIG: $CI_PROJECT_DIR/ci/logging.yml
- TOOLCHAIN_DIR: $CI_BUILDS_DIR/persist/toolchains
+ TOOLCHAIN_DIR: $CACHE_DIR/toolchains
IMAGE_DIR: $CI_PROJECT_DIR/work/build/tmp/deploy/images
TOOLCHAIN_LINK_DIR: $CI_PROJECT_DIR/work/build/toolchains
before_script:
@@ -41,6 +42,9 @@
extends: .setup
variables:
KUBERNETES_CPU_REQUEST: $CPU_REQUEST
+ only:
+ variables:
+ - $BUILD_ENABLE_REGEX == null || $CI_JOB_NAME =~ $BUILD_ENABLE_REGEX
script:
- KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME")
- kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES
@@ -51,6 +55,7 @@
when: on_failure
paths:
- $CI_PROJECT_DIR/work/build/tmp/work*/**/temp/log.do_*.*
+ - $CI_PROJECT_DIR/work/build/tmp/work*/**/testimage/*
#
# Prep stage, update repositories once
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0001-aarch64-Rename-labels-and-prepare-for-lower-EL-booti.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0001-aarch64-Rename-labels-and-prepare-for-lower-EL-booti.patch
index 566070a..31fd515 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0001-aarch64-Rename-labels-and-prepare-for-lower-EL-booti.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0001-aarch64-Rename-labels-and-prepare-for-lower-EL-booti.patch
@@ -1,4 +1,4 @@
-From 3e7cfbe39a2a053d2a6b0d928cc172ed9d1c6da8 Mon Sep 17 00:00:00 2001
+From 545f6950ae4dc55b4974986aa9629adb16eaf4e1 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 25 May 2021 07:25:00 +0100
Subject: [PATCH] aarch64: Rename labels and prepare for lower EL booting
@@ -18,10 +18,10 @@
3 files changed, 27 insertions(+), 14 deletions(-)
diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S
-index 27ba449..84e1646 100644
+index d682ba5..fab694e 100644
--- a/arch/aarch64/boot.S
+++ b/arch/aarch64/boot.S
-@@ -21,18 +21,30 @@ ASM_FUNC(_start)
+@@ -34,18 +34,30 @@ ASM_FUNC(_start)
/*
* EL3 initialisation
@@ -56,7 +56,7 @@
orr x0, x0, #(1 << 0) // Non-secure EL1
orr x0, x0, #(1 << 8) // HVC enable
-@@ -124,7 +136,7 @@ ASM_FUNC(_start)
+@@ -145,7 +157,7 @@ ASM_FUNC(_start)
bl gic_secure_init
@@ -65,7 +65,7 @@
err_invalid_id:
b .
-@@ -151,7 +163,7 @@ ASM_FUNC(jump_kernel)
+@@ -172,7 +184,7 @@ ASM_FUNC(jump_kernel)
bl find_logical_id
bl setup_stack // Reset stack pointer
@@ -74,7 +74,7 @@
cmp w0, #0 // Prepare Z flag
mov x0, x20
-@@ -160,7 +172,7 @@ ASM_FUNC(jump_kernel)
+@@ -181,7 +193,7 @@ ASM_FUNC(jump_kernel)
mov x3, x23
b.eq 1f
@@ -83,7 +83,7 @@
1: mov x4, #SPSR_KERNEL
-@@ -178,5 +190,5 @@ ASM_FUNC(jump_kernel)
+@@ -199,5 +211,5 @@ ASM_FUNC(jump_kernel)
.data
.align 3
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0002-aarch64-Prepare-for-EL1-booting.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0002-aarch64-Prepare-for-EL1-booting.patch
index 46447b8..4ef4507 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0002-aarch64-Prepare-for-EL1-booting.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0002-aarch64-Prepare-for-EL1-booting.patch
@@ -1,4 +1,4 @@
-From 26f9b5354c2de9cc052531096ff92b04c3a3846f Mon Sep 17 00:00:00 2001
+From bad32d3fc127a421be416b17e4f7d6d514f06abb Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 25 May 2021 07:25:00 +0100
Subject: [PATCH] aarch64: Prepare for EL1 booting
@@ -15,10 +15,10 @@
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S
-index 84e1646..b589744 100644
+index fab694e..5105b41 100644
--- a/arch/aarch64/boot.S
+++ b/arch/aarch64/boot.S
-@@ -156,10 +156,14 @@ ASM_FUNC(jump_kernel)
+@@ -177,10 +177,14 @@ ASM_FUNC(jump_kernel)
ldr x0, =SCTLR_EL1_KERNEL
msr sctlr_el1, x0
@@ -35,7 +35,7 @@
bl setup_stack // Reset stack pointer
diff --git a/arch/aarch64/include/asm/cpu.h b/arch/aarch64/include/asm/cpu.h
-index 63eb1c3..b1003f4 100644
+index 49d3f86..3767da3 100644
--- a/arch/aarch64/include/asm/cpu.h
+++ b/arch/aarch64/include/asm/cpu.h
@@ -11,6 +11,7 @@
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0003-aarch64-Prepare-for-lower-EL-booting.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0003-aarch64-Prepare-for-lower-EL-booting.patch
index db81355..c621187 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0003-aarch64-Prepare-for-lower-EL-booting.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0003-aarch64-Prepare-for-lower-EL-booting.patch
@@ -1,4 +1,4 @@
-From ce628de7699dd6401ddf713efaa49872e2733619 Mon Sep 17 00:00:00 2001
+From 252cbd36e51414b60ab68306f9c38e358709494d Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 25 May 2021 07:25:00 +0100
Subject: [PATCH] aarch64: Prepare for lower EL booting
@@ -17,11 +17,11 @@
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S
-index b589744..6b45afc 100644
+index 5105b41..243198d 100644
--- a/arch/aarch64/boot.S
+++ b/arch/aarch64/boot.S
-@@ -130,7 +130,16 @@ el3_init:
- mov x0, #ZCR_EL3_LEN_MASK // SVE: Enable full vector len
+@@ -151,7 +151,16 @@ el3_init:
+ mov x0, #ZCR_EL3_LEN_MAX // SVE: Enable full vector len
msr ZCR_EL3, x0 // for EL2.
-1:
@@ -38,7 +38,7 @@
ldr x0, =COUNTER_FREQ
msr cntfrq_el0, x0
-@@ -178,7 +187,7 @@ ASM_FUNC(jump_kernel)
+@@ -199,7 +208,7 @@ ASM_FUNC(jump_kernel)
b.eq 1f
br x19 // Keep current EL
@@ -47,7 +47,7 @@
/*
* If bit 0 of the kernel address is set, we're entering in AArch32
-@@ -196,3 +205,5 @@ ASM_FUNC(jump_kernel)
+@@ -217,3 +226,5 @@ ASM_FUNC(jump_kernel)
.align 3
flag_keep_el:
.long 0
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0004-gic-v3-Prepare-for-gicv3-with-EL2.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0004-gic-v3-Prepare-for-gicv3-with-EL2.patch
index e10182e..43885b9 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0004-gic-v3-Prepare-for-gicv3-with-EL2.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0004-gic-v3-Prepare-for-gicv3-with-EL2.patch
@@ -1,4 +1,4 @@
-From 483d363bf825082b6db6de3c57d169e741861891 Mon Sep 17 00:00:00 2001
+From bff110a95a5e4c9db2d61e629b4aa4b84530201e Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 25 May 2021 07:25:00 +0100
Subject: [PATCH] gic-v3: Prepare for gicv3 with EL2
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0005-aarch64-Prepare-for-booting-with-EL2.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0005-aarch64-Prepare-for-booting-with-EL2.patch
index 3b6f78a..c634345 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0005-aarch64-Prepare-for-booting-with-EL2.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0005-aarch64-Prepare-for-booting-with-EL2.patch
@@ -1,4 +1,4 @@
-From be814863cdd5f61d9a16eec012d500550053c8c6 Mon Sep 17 00:00:00 2001
+From ba955efb35ce1d41b562190d7c2fbcbcf8ef97ff Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 25 May 2021 07:25:00 +0100
Subject: [PATCH] aarch64: Prepare for booting with EL2
@@ -15,10 +15,10 @@
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S
-index 6b45afc..908764a 100644
+index 243198d..3593ca5 100644
--- a/arch/aarch64/boot.S
+++ b/arch/aarch64/boot.S
-@@ -195,10 +195,18 @@ ASM_FUNC(jump_kernel)
+@@ -216,10 +216,18 @@ ASM_FUNC(jump_kernel)
*/
bfi x4, x19, #5, #1
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0006-aarch64-Introduce-EL2-boot-code-for-Armv8-R-AArch64.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0006-aarch64-Introduce-EL2-boot-code-for-Armv8-R-AArch64.patch
index aaacc72..18dc7ed 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0006-aarch64-Introduce-EL2-boot-code-for-Armv8-R-AArch64.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0006-aarch64-Introduce-EL2-boot-code-for-Armv8-R-AArch64.patch
@@ -1,4 +1,4 @@
-From 81df76f8d94cb6c31c01739b078a72bdb8497441 Mon Sep 17 00:00:00 2001
+From 8e44fac113d935affed1550480631f3fe7f30584 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 25 May 2021 07:25:00 +0100
Subject: [PATCH] aarch64: Introduce EL2 boot code for Armv8-R AArch64
@@ -36,10 +36,10 @@
2 files changed, 92 insertions(+), 2 deletions(-)
diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S
-index 908764a..def9192 100644
+index 3593ca5..a219ea7 100644
--- a/arch/aarch64/boot.S
+++ b/arch/aarch64/boot.S
-@@ -24,16 +24,24 @@ ASM_FUNC(_start)
+@@ -37,16 +37,24 @@ ASM_FUNC(_start)
* Boot sequence
* If CurrentEL == EL3, then goto EL3 initialisation and drop to
* lower EL before entering the kernel.
@@ -66,7 +66,7 @@
mov w0, #1
ldr x1, =flag_keep_el
str w0, [x1]
-@@ -139,6 +147,85 @@ el3_init:
+@@ -160,6 +168,85 @@ el3_init:
str w0, [x1]
b el_max_init
@@ -152,7 +152,7 @@
el_max_init:
ldr x0, =COUNTER_FREQ
msr cntfrq_el0, x0
-@@ -148,6 +235,7 @@ el_max_init:
+@@ -169,6 +256,7 @@ el_max_init:
b start_el_max
err_invalid_id:
@@ -161,7 +161,7 @@
/*
diff --git a/arch/aarch64/include/asm/cpu.h b/arch/aarch64/include/asm/cpu.h
-index b1003f4..91f803c 100644
+index 3767da3..3c0e00d 100644
--- a/arch/aarch64/include/asm/cpu.h
+++ b/arch/aarch64/include/asm/cpu.h
@@ -25,6 +25,7 @@
@@ -172,7 +172,7 @@
#define SPSR_EL2H (9 << 0) /* EL2 Handler mode */
#define SPSR_HYP (0x1a << 0) /* M[3:0] = hyp, M[4] = AArch32 */
-@@ -43,6 +44,7 @@
+@@ -50,6 +51,7 @@
#else
#define SCTLR_EL1_KERNEL SCTLR_EL1_RES1
#define SPSR_KERNEL (SPSR_A | SPSR_D | SPSR_I | SPSR_F | SPSR_EL2H)
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0007-Allow-enable-psci-to-choose-between-smc-and-hvc.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0007-Allow-enable-psci-to-choose-between-smc-and-hvc.patch
index b130854..131e271 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0007-Allow-enable-psci-to-choose-between-smc-and-hvc.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0007-Allow-enable-psci-to-choose-between-smc-and-hvc.patch
@@ -1,4 +1,4 @@
-From f5a31b4f4ea8daaa0d337d5a2322ddb1912083fc Mon Sep 17 00:00:00 2001
+From 0b9a966b8a28961b078215ee7169e32a976d5e7d Mon Sep 17 00:00:00 2001
From: Qi Feng <qi.feng@arm.com>
Date: Wed, 26 May 2021 17:52:01 +0800
Subject: [PATCH] Allow --enable-psci to choose between smc and hvc
@@ -40,7 +40,7 @@
2 files changed, 14 insertions(+), 10 deletions(-)
diff --git a/Makefile.am b/Makefile.am
-index f941b07..88a27de 100644
+index 5731a19..fc66662 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -50,11 +50,11 @@ endif
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0008-aarch64-Disable-CNTPCT_EL0-trap-for-v8-R64.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0008-aarch64-Disable-CNTPCT_EL0-trap-for-v8-R64.patch
index 2ce28b7..d3ccb2e 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0008-aarch64-Disable-CNTPCT_EL0-trap-for-v8-R64.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0008-aarch64-Disable-CNTPCT_EL0-trap-for-v8-R64.patch
@@ -1,4 +1,4 @@
-From 3f4614e02f0f8d2522510578da2752f8e3511bb3 Mon Sep 17 00:00:00 2001
+From 521c121eccb386aca7c75d92528e495546adccec Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Mon, 25 Oct 2021 17:09:13 +0800
Subject: [PATCH] aarch64: Disable CNTPCT_EL0 trap for v8-R64
@@ -24,10 +24,10 @@
1 file changed, 12 insertions(+)
diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S
-index def9192..6dbd5cc 100644
+index a219ea7..27b1139 100644
--- a/arch/aarch64/boot.S
+++ b/arch/aarch64/boot.S
-@@ -219,6 +219,18 @@ el2_init:
+@@ -240,6 +240,18 @@ el2_init:
orr x0, x0, #(1 << 41) // HCR_EL2.API
1: msr hcr_el2, x0
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0009-lds-Mark-the-mem-range.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0009-lds-Mark-the-mem-range.patch
index 0c310eb..c34d01c 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0009-lds-Mark-the-mem-range.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0009-lds-Mark-the-mem-range.patch
@@ -1,4 +1,4 @@
-From 2851f0e6c1216894b9498d7b91256bb1ef49e544 Mon Sep 17 00:00:00 2001
+From 780df234d98db81485b1f351f902a68def35c9d4 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 2 Nov 2021 15:10:28 +0800
Subject: [PATCH] lds: Mark the mem range
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0010-common-Introduce-the-libfdt.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0010-common-Introduce-the-libfdt.patch
index 0305f8b..2d12db5 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0010-common-Introduce-the-libfdt.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0010-common-Introduce-the-libfdt.patch
@@ -1,4 +1,4 @@
-From fadf04f44b679d85e55b2e5f220fecbebb52ad03 Mon Sep 17 00:00:00 2001
+From b3762b6c5a56bf594bc5cb63d145e8efd86e106e Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 28 Dec 2021 17:02:17 +0800
Subject: [PATCH] common: Introduce the libfdt
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0011-common-Add-essential-libc-functions.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0011-common-Add-essential-libc-functions.patch
index 871a178..b7726f5 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0011-common-Add-essential-libc-functions.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0011-common-Add-essential-libc-functions.patch
@@ -1,4 +1,4 @@
-From 0f2c7ca446063be6b193fbf870d38c0af19e15c5 Mon Sep 17 00:00:00 2001
+From e2eff4f80e65cb3fcbe6345b5376a6bf7de7e2cc Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 28 Dec 2021 17:28:25 +0800
Subject: [PATCH] common: Add essential libc functions
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0012-Makefile-Add-the-libfdt-to-the-Makefile-system.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0012-Makefile-Add-the-libfdt-to-the-Makefile-system.patch
index 5917ef2..b77ab3e 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0012-Makefile-Add-the-libfdt-to-the-Makefile-system.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0012-Makefile-Add-the-libfdt-to-the-Makefile-system.patch
@@ -1,4 +1,4 @@
-From de5d2b6c200ae5dd8113751e58bf7cf5844eec5a Mon Sep 17 00:00:00 2001
+From f4d5cf4c3424598a2b3bb391717313b70c79ea28 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 28 Dec 2021 17:42:48 +0800
Subject: [PATCH] Makefile: Add the libfdt to the Makefile system
@@ -17,7 +17,7 @@
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
-index 88a27de..5e8668a 100644
+index fc66662..ab2c3a9 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -36,6 +36,9 @@ PSCI_CPU_OFF := 0x84000002
@@ -30,10 +30,10 @@
ARCH_OBJ := boot.o stack.o utils.o
if BOOTWRAPPER_32
-@@ -125,11 +128,12 @@ CHOSEN_NODE := chosen { \
- CPPFLAGS += $(INITRD_FLAGS)
- CFLAGS += -I$(top_srcdir)/include/ -I$(top_srcdir)/$(ARCH_SRC)/include/
+@@ -127,11 +130,12 @@ CFLAGS += -I$(top_srcdir)/include/ -I$(top_srcdir)/$(ARCH_SRC)/include/
CFLAGS += -Wall -fomit-frame-pointer
+ CFLAGS += -ffreestanding -nostdlib
+ CFLAGS += -fno-stack-protector
+CFLAGS += -fno-stack-protector
CFLAGS += -ffunction-sections -fdata-sections
CFLAGS += -fno-pic -fno-pie
@@ -44,7 +44,7 @@
# Don't lookup all prerequisites in $(top_srcdir), only the source files. When
# building outside the source tree $(ARCH_SRC) needs to be created.
-@@ -150,10 +154,13 @@ $(ARCH_SRC):
+@@ -152,10 +156,13 @@ $(ARCH_SRC):
$(COMMON_SRC):
$(MKDIR_P) $@
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0013-platform-Add-print_hex-func.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0013-platform-Add-print_hex-func.patch
index 136e18e..2346109 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0013-platform-Add-print_hex-func.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0013-platform-Add-print_hex-func.patch
@@ -1,4 +1,4 @@
-From 5b8cb5192dbd0332e027e8999c3afe4433983291 Mon Sep 17 00:00:00 2001
+From f0ece5e8cac761a76a86df7204bae7c6ef09215f Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Wed, 29 Dec 2021 10:50:21 +0800
Subject: [PATCH] platform: Add print_hex func
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0014-common-Add-mem-usage-to-memreserve.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0014-common-Add-mem-usage-to-memreserve.patch
index ea51816..f4ea89c 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0014-common-Add-mem-usage-to-memreserve.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0014-common-Add-mem-usage-to-memreserve.patch
@@ -1,4 +1,4 @@
-From b447242cd2457bec20d47fe6a8a5758d97a3bde3 Mon Sep 17 00:00:00 2001
+From f4704146e1af9f6e0a2220db6b39a328c813fac1 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Wed, 19 Jan 2022 16:19:02 +0800
Subject: [PATCH] common: Add mem usage to /memreserve/
@@ -20,7 +20,7 @@
create mode 100644 common/device_tree.c
diff --git a/Makefile.am b/Makefile.am
-index 5e8668a..734de92 100644
+index ab2c3a9..e905602 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -34,7 +34,7 @@ endif
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0015-boot-Add-the-enable-keep-el-compile-option.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0015-boot-Add-the-enable-keep-el-compile-option.patch
index 0411ef0..7d59e5f 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0015-boot-Add-the-enable-keep-el-compile-option.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0015-boot-Add-the-enable-keep-el-compile-option.patch
@@ -1,4 +1,4 @@
-From 8271c21bcff260295203214b7b8c87cdb8236453 Mon Sep 17 00:00:00 2001
+From 5995f83592aea874f5b423538e36675e2204582b Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 4 Jan 2022 17:01:55 +0800
Subject: [PATCH] boot: Add the --enable-keep-el compile option
@@ -23,7 +23,7 @@
4 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
-index 734de92..054becd 100644
+index e905602..6604baa 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -33,6 +33,10 @@ PSCI_CPU_ON := 0xc4000003
@@ -38,10 +38,10 @@
COMMON_OBJ := boot.o bakery_lock.o platform.o lib.o device_tree.o
diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S
-index 6dbd5cc..157c097 100644
+index 27b1139..c079d22 100644
--- a/arch/aarch64/boot.S
+++ b/arch/aarch64/boot.S
-@@ -233,7 +233,11 @@ el2_init:
+@@ -254,7 +254,11 @@ el2_init:
msr cnthctl_el2, x0
isb
@@ -53,7 +53,7 @@
ldr x1, =spsr_to_elx
str w0, [x1]
// fall through
-@@ -313,5 +317,5 @@ ASM_FUNC(jump_kernel)
+@@ -334,5 +338,5 @@ ASM_FUNC(jump_kernel)
.align 3
flag_keep_el:
.long 0
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0016-Makefile-Change-COUNTER_FREQ-to-100-MHz.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0016-Makefile-Change-COUNTER_FREQ-to-100-MHz.patch
index a6b16e4..e93a300 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0016-Makefile-Change-COUNTER_FREQ-to-100-MHz.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0016-Makefile-Change-COUNTER_FREQ-to-100-MHz.patch
@@ -1,4 +1,4 @@
-From dd3e3f414d0e6ed1643c2e2ccac676b7fc1dc7a9 Mon Sep 17 00:00:00 2001
+From 0c0695cd3160ccdb95bae29b7668918015c0b6aa Mon Sep 17 00:00:00 2001
From: Peter Hoyes <Peter.Hoyes@arm.com>
Date: Tue, 1 Feb 2022 11:28:46 +0000
Subject: [PATCH] Makefile: Change COUNTER_FREQ to 100 MHz
@@ -17,7 +17,7 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
-index 40bc5d6..b48173c 100644
+index 6604baa..cc6504e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -13,7 +13,7 @@ SCRIPT_DIR := $(top_srcdir)/scripts
@@ -29,6 +29,3 @@
CPU_IDS := $(shell perl -I $(SCRIPT_DIR) $(SCRIPT_DIR)/findcpuids.pl $(KERNEL_DTB))
NR_CPUS := $(shell echo $(CPU_IDS) | tr ',' ' ' | wc -w)
---
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0017-PSCI-Apply-flush-cache-after-setting-branch_data.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0017-PSCI-Apply-flush-cache-after-setting-branch_data.patch
index 8d981f5..b63d8d1 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0017-PSCI-Apply-flush-cache-after-setting-branch_data.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0017-PSCI-Apply-flush-cache-after-setting-branch_data.patch
@@ -1,4 +1,4 @@
-From 6923f2a0c59cf92ba5ad50ec1d658a357b4ba5d7 Mon Sep 17 00:00:00 2001
+From fa73d885be85eee4369b292ec601e7b024a68807 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 2 Nov 2021 10:48:39 +0800
Subject: [PATCH] PSCI: Apply flush cache after setting branch_data
@@ -47,6 +47,3 @@
return PSCI_RET_SUCCESS;
}
---
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0018-PSCI-Add-function-call-entry-point.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0018-PSCI-Add-function-call-entry-point.patch
index 97cd3cb..dd2b965 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0018-PSCI-Add-function-call-entry-point.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0018-PSCI-Add-function-call-entry-point.patch
@@ -1,4 +1,4 @@
-From ed46e83df2400b1b3f3364169aacf787bd91bd45 Mon Sep 17 00:00:00 2001
+From 9da48e3433b919868650cd60e28827273a42c63b Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 25 Jan 2022 14:56:36 +0800
Subject: [PATCH] PSCI: Add function call entry point
@@ -69,6 +69,3 @@
void __noreturn psci_first_spin(unsigned int cpu)
{
if (cpu == MPIDR_INVALID)
---
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0019-lds-Rearrange-and-mark-the-sections.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0019-lds-Rearrange-and-mark-the-sections.patch
index 1f10209..c0d1fcb 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0019-lds-Rearrange-and-mark-the-sections.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0019-lds-Rearrange-and-mark-the-sections.patch
@@ -1,4 +1,4 @@
-From 36b5fa3f4db49ac7aef42ff1d58a895226c7e96c Mon Sep 17 00:00:00 2001
+From 7c5e40d9f8699a55ac2187c035429c643e6d0ef0 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 2 Nov 2021 15:10:28 +0800
Subject: [PATCH] lds: Rearrange and mark the sections
@@ -56,6 +56,3 @@
PROVIDE(firmware_end = .);
ASSERT(etext <= (PHYS_OFFSET + TEXT_LIMIT), ".text overflow!")
---
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0020-common-Provide-firmware-info-using-libfdt.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0020-common-Provide-firmware-info-using-libfdt.patch
index cafcc09..1573be0 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0020-common-Provide-firmware-info-using-libfdt.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0020-common-Provide-firmware-info-using-libfdt.patch
@@ -1,4 +1,4 @@
-From 8bdbb64d13f14d40546b71dbcfee2b2a8ea002a5 Mon Sep 17 00:00:00 2001
+From 3c1140c29c39561848056fb4b9a03042b00279f3 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Wed, 29 Dec 2021 15:17:38 +0800
Subject: [PATCH] common: Provide firmware info using libfdt
@@ -340,6 +340,3 @@
+
+ dt_dump_all(fw_node);
+}
---
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0021-boot-Enable-firmware-node-initialization.patch b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0021-boot-Enable-firmware-node-initialization.patch
index 943afde..9b367a7 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0021-boot-Enable-firmware-node-initialization.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0021-boot-Enable-firmware-node-initialization.patch
@@ -1,4 +1,4 @@
-From 6dfc937d1ae54d2ae9f8c60ca29ba73ca14dc8c4 Mon Sep 17 00:00:00 2001
+From b1105e862e8f770fc195bc20e9c64d231dd32f66 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Wed, 29 Dec 2021 15:33:17 +0800
Subject: [PATCH] boot: Enable firmware node initialization
@@ -29,7 +29,7 @@
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
-index 054becd..b01809c 100644
+index cc6504e..fbe6b81 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -23,7 +23,7 @@ DEFINES += -DCPU_IDS=$(CPU_IDS)
@@ -41,20 +41,20 @@
if KERNEL_32
DEFINES += -DKERNEL_32
-@@ -132,7 +132,7 @@ CHOSEN_NODE := chosen { \
- CPPFLAGS += $(INITRD_FLAGS)
- CFLAGS += -I$(top_srcdir)/include/ -I$(top_srcdir)/$(ARCH_SRC)/include/
+@@ -134,7 +134,7 @@ CFLAGS += -I$(top_srcdir)/include/ -I$(top_srcdir)/$(ARCH_SRC)/include/
CFLAGS += -Wall -fomit-frame-pointer
+ CFLAGS += -ffreestanding -nostdlib
+ CFLAGS += -fno-stack-protector
-CFLAGS += -fno-stack-protector
+CFLAGS += -fno-stack-protector -fno-builtin
CFLAGS += -ffunction-sections -fdata-sections
CFLAGS += -fno-pic -fno-pie
LDFLAGS += --gc-sections
diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S
-index 157c097..f310387 100644
+index c079d22..daaa674 100644
--- a/arch/aarch64/boot.S
+++ b/arch/aarch64/boot.S
-@@ -240,6 +240,10 @@ el2_init:
+@@ -261,6 +261,10 @@ el2_init:
#endif
ldr x1, =spsr_to_elx
str w0, [x1]
@@ -65,7 +65,7 @@
// fall through
el_max_init:
-@@ -319,3 +323,5 @@ flag_keep_el:
+@@ -340,3 +344,5 @@ flag_keep_el:
.long 0
ASM_DATA(spsr_to_elx)
.long 0
@@ -93,6 +93,3 @@
*mbox = (unsigned long)&entrypoint;
sevl();
---
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb
index 5bb8c37..dce29a9 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb
@@ -8,7 +8,8 @@
LIC_FILES_CHKSUM = "file://license.md;md5=e44b2531cd6ffe9dece394dbe988d9a0 \
file://cmsis/LICENSE.txt;md5=e3fc50a88d0a364313df4b21ef20c29e"
-SRC_URI = "gitsm://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx.git;protocol=https;branch=master"
+SRC_URI = "gitsm://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx.git;protocol=https;branch=master \
+ file://race.patch"
SRCREV = "8c9dca74b104ff6c9722fb0738ba93dd3719c080"
PV .= "+git${SRCPV}"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/race.patch b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/race.patch
new file mode 100644
index 0000000..c6bc4f2
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/race.patch
@@ -0,0 +1,66 @@
+Upstream-Status: Submitted [https://gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx/-/issues/1]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 34e1c04534607f5605255f39fb46e26261fc9c4e Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Tue, 8 Sep 2020 11:49:08 +0100
+Subject: [PATCH] tools/gen_module_code: atomically rewrite the generated files
+
+The gen_module rule in rules.mk is marked as .PHONY, so make will
+execute it whenever it is mentioned. This results in gen_module_code
+being executed 64 times for a Juno build.
+
+However in heavily parallel builds there's a good chance that
+gen_module_code is writing a file whilst the compiler is reading it
+because make also doesn't know what files are generated by
+gen_module_code.
+
+The correct fix is to adjust the Makefiles so that the dependencies are
+correct but this isn't trivial, so band-aid the problem by atomically
+writing the generated files.
+
+Change-Id: I82d44f9ea6537a91002e1f80de8861d208571630
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ tools/gen_module_code.py | 19 ++++++++++++++-----
+ 1 file changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/tools/gen_module_code.py b/tools/gen_module_code.py
+index 7b3953845..ee099b713 100755
+--- a/tools/gen_module_code.py
++++ b/tools/gen_module_code.py
+@@ -17,6 +17,7 @@
+ import argparse
+ import os
+ import sys
++import tempfile
+
+ DEFAULT_PATH = 'build/'
+
+@@ -53,13 +54,21 @@
+
+ def generate_file(path, filename, content):
+ full_filename = os.path.join(path, filename)
+- with open(full_filename, 'a+') as f:
+- f.seek(0)
+- if f.read() != content:
++
++ try:
++ with open(full_filename) as f:
++ rewrite = f.read() != content
++ except FileNotFoundError:
++ rewrite = True
++
++ if rewrite:
++ with tempfile.NamedTemporaryFile(prefix="gen-module-code",
++ dir=path,
++ delete=False,
++ mode="wt") as f:
+ print("[GEN] {}...".format(full_filename))
+- f.seek(0)
+- f.truncate()
+ f.write(content)
++ os.replace(f.name, full_filename)
+
+
+ def generate_header(path, modules):
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
index 76a7126..3a1639e 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
@@ -7,10 +7,15 @@
inherit image
inherit wic_nopt tfm_sign_image
+inherit uefi_capsule
PACKAGE_INSTALL = ""
-IMAGE_FSTYPES += "wic wic.nopt"
+IMAGE_FSTYPES += "wic wic.nopt uefi_capsule"
+
+UEFI_FIRMWARE_BINARY = "${PN}-${MACHINE}.${CAPSULE_IMGTYPE}"
+UEFI_CAPSULE_CONFIG = "${THISDIR}/files/${PN}-capsule-update-image.json"
+CAPSULE_IMGTYPE = "wic.nopt"
do_sign_images() {
# Sign TF-A BL2
@@ -19,7 +24,8 @@
# Update BL2 in the FIP image
cp ${RECIPE_SYSROOT}/firmware/${TFA_FIP_BINARY} .
- fiptool update --tb-fw ${TFM_IMAGE_SIGN_DIR}/signed_${TFA_BL2_BINARY} \
+ fiptool update --tb-fw \
+ ${TFM_IMAGE_SIGN_DEPLOY_DIR}/signed_${TFA_BL2_BINARY} \
${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY}
# Sign the FIP image
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-image-capsule-update-image.json b/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-image-capsule-update-image.json
new file mode 100644
index 0000000..0f011ff
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-image-capsule-update-image.json
@@ -0,0 +1,11 @@
+{
+ "Payloads": [
+ {
+ "FwVersion": "5",
+ "Guid": "e2bb9c06-70e9-4b14-97a3-5a7913176e3f",
+ "LowestSupportedVersion": "1",
+ "Payload": "$UEFI_FIRMWARE_BINARY",
+ "UpdateImageIndex": "0"
+ }
+ ]
+}
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.7.0.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.7.0.bbappend
deleted file mode 100644
index ff22ff1..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.7.0.bbappend
+++ /dev/null
@@ -1,3 +0,0 @@
-# Machine specific TFAs
-
-COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bbappend
new file mode 100644
index 0000000..392c609
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bbappend
@@ -0,0 +1,4 @@
+# Machine specific TFAs
+
+COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
+SRCREV:corstone1000 = "5f591f67738a1bbe6b262c53d9dad46ed8bbcd67"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.%.bbappend
rename to meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-number-of-assets.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-number-of-assets.patch
new file mode 100644
index 0000000..f0368b8
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-number-of-assets.patch
@@ -0,0 +1,38 @@
+From decb355247c4ba4b876997f55c27ec3f55dbacd2 Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Mon, 23 Jan 2023 13:25:28 +0000
+Subject: [PATCH] Platform: corstone1000: Increase number of assets
+
+As Corstone1000 stores at boot time few efi variables.
+Therefore, number of assets is increased to compansate this early usage.
+
+Note: Adding platform customized configs to config_tfm.h
+ More information see:
+https://tf-m-user-guide.trustedfirmware.org/configuration/header_file_system.html
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Pending [Not submitted yet]
+---
+ platform/ext/target/arm/corstone1000/config_tfm_target.h | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h
+index bf8d2f95f7..e968366639 100644
+--- a/platform/ext/target/arm/corstone1000/config_tfm_target.h
++++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h
+@@ -16,4 +16,12 @@
+ #undef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE
+ #define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 256
+
++/* The maximum number of assets to be stored in the Internal Trusted Storage. */
++#undef ITS_NUM_ASSETS
++#define ITS_NUM_ASSETS 20
++
++/* The maximum number of assets to be stored in the Protected Storage area. */
++#undef PS_NUM_ASSETS
++#define PS_NUM_ASSETS 20
++
+ #endif /* __CONFIG_TFM_TARGET_H__ */
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc
index 279109e..d89aca3 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-corstone1000.inc
@@ -11,6 +11,9 @@
EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}"
EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=OFF"
+## Setting SPM backend to IPC
+EXTRA_OECMAKE += "-DCONFIG_TFM_SPM_BACKEND=IPC"
+
# libmetal
LICENSE += "& BSD-3-Clause"
LIC_FILES_CHKSUM += "file://../libmetal/LICENSE.md;md5=fe0b8a4beea8f0813b606d15a3df3d3c"
@@ -26,6 +29,11 @@
EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${S}/../openamp -DLIBOPENAMP_BIN_PATH=${B}/libopenamp-build"
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+SRC_URI:append= " \
+ file://0001-Platform-corstone1000-Increase-number-of-assets.patch \
+ "
+
do_install() {
install -D -p -m 0644 ${B}/install/outputs/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin
install -D -p -m 0644 ${B}/install/outputs/bl2_signed.bin ${D}/firmware/bl2_signed.bin
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_5.19.bb b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_5.19.bb
new file mode 100644
index 0000000..3bd4c75
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_5.19.bb
@@ -0,0 +1,28 @@
+KBRANCH ?= "v5.19/standard/base"
+
+require recipes-kernel/linux/linux-yocto.inc
+
+SRCREV_machine ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_meta ?= "239a6c0d3c3b046971909f1e066380465b0c331d"
+
+SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
+ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.19;destsuffix=${KMETA}"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
+LINUX_VERSION ?= "5.19.17"
+
+DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
+DEPENDS += "openssl-native util-linux-native"
+DEPENDS += "gmp-native libmpc-native"
+
+PV = "${LINUX_VERSION}+git${SRCPV}"
+
+KMETA = "kernel-meta"
+KCONF_BSP_AUDIT_LEVEL = "1"
+
+# Functionality flags
+KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc"
+KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "", d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
new file mode 100644
index 0000000..7e65de8
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
@@ -0,0 +1,413 @@
+From ca7d37502f9453125aead14c7ee5181336cbe8f4 Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Thu, 9 Feb 2023 00:22:40 +0000
+Subject: [PATCH 1/3] TF-Mv1.7 alignment: Align PSA Crypto SIDs
+
+This patch is to change the PSA Crypto SIDs to match the values of the
+PSA Crypto SID definitions in TF-M v1.7 running on the secure enclave
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Pending [Not submitted yet]
+---
+ .../service/common/include/psa/crypto_sid.h | 241 ++++++++++++++++++
+ components/service/common/include/psa/sid.h | 78 +-----
+ .../caller/psa_ipc/crypto_caller_sign_hash.h | 4 +-
+ .../psa_ipc/crypto_caller_verify_hash.h | 4 +-
+ 4 files changed, 249 insertions(+), 78 deletions(-)
+ create mode 100644 components/service/common/include/psa/crypto_sid.h
+
+diff --git a/components/service/common/include/psa/crypto_sid.h b/components/service/common/include/psa/crypto_sid.h
+new file mode 100644
+index 00000000..5b05f46d
+--- /dev/null
++++ b/components/service/common/include/psa/crypto_sid.h
+@@ -0,0 +1,241 @@
++/*
++ * Copyright (c) 2023, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __PSA_CRYPTO_SID_H__
++#define __PSA_CRYPTO_SID_H__
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++#include <stdint.h>
++
++/**
++ * \brief Type associated to the group of a function encoding. There can be
++ * nine groups (Random, Key management, Hash, MAC, Cipher, AEAD,
++ * Asym sign, Asym encrypt, Key derivation).
++ */
++enum tfm_crypto_group_id {
++ TFM_CRYPTO_GROUP_ID_RANDOM = 0x0,
++ TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT,
++ TFM_CRYPTO_GROUP_ID_HASH,
++ TFM_CRYPTO_GROUP_ID_MAC,
++ TFM_CRYPTO_GROUP_ID_CIPHER,
++ TFM_CRYPTO_GROUP_ID_AEAD,
++ TFM_CRYPTO_GROUP_ID_ASYM_SIGN,
++ TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT,
++ TFM_CRYPTO_GROUP_ID_KEY_DERIVATION,
++};
++
++/* X macro describing each of the available PSA Crypto APIs */
++#define KEY_MANAGEMENT_FUNCS \
++ X(TFM_CRYPTO_GET_KEY_ATTRIBUTES) \
++ X(TFM_CRYPTO_RESET_KEY_ATTRIBUTES) \
++ X(TFM_CRYPTO_OPEN_KEY) \
++ X(TFM_CRYPTO_CLOSE_KEY) \
++ X(TFM_CRYPTO_IMPORT_KEY) \
++ X(TFM_CRYPTO_DESTROY_KEY) \
++ X(TFM_CRYPTO_EXPORT_KEY) \
++ X(TFM_CRYPTO_EXPORT_PUBLIC_KEY) \
++ X(TFM_CRYPTO_PURGE_KEY) \
++ X(TFM_CRYPTO_COPY_KEY) \
++ X(TFM_CRYPTO_GENERATE_KEY)
++
++#define HASH_FUNCS \
++ X(TFM_CRYPTO_HASH_COMPUTE) \
++ X(TFM_CRYPTO_HASH_COMPARE) \
++ X(TFM_CRYPTO_HASH_SETUP) \
++ X(TFM_CRYPTO_HASH_UPDATE) \
++ X(TFM_CRYPTO_HASH_CLONE) \
++ X(TFM_CRYPTO_HASH_FINISH) \
++ X(TFM_CRYPTO_HASH_VERIFY) \
++ X(TFM_CRYPTO_HASH_ABORT)
++
++#define MAC_FUNCS \
++ X(TFM_CRYPTO_MAC_COMPUTE) \
++ X(TFM_CRYPTO_MAC_VERIFY) \
++ X(TFM_CRYPTO_MAC_SIGN_SETUP) \
++ X(TFM_CRYPTO_MAC_VERIFY_SETUP) \
++ X(TFM_CRYPTO_MAC_UPDATE) \
++ X(TFM_CRYPTO_MAC_SIGN_FINISH) \
++ X(TFM_CRYPTO_MAC_VERIFY_FINISH) \
++ X(TFM_CRYPTO_MAC_ABORT)
++
++#define CIPHER_FUNCS \
++ X(TFM_CRYPTO_CIPHER_ENCRYPT) \
++ X(TFM_CRYPTO_CIPHER_DECRYPT) \
++ X(TFM_CRYPTO_CIPHER_ENCRYPT_SETUP) \
++ X(TFM_CRYPTO_CIPHER_DECRYPT_SETUP) \
++ X(TFM_CRYPTO_CIPHER_GENERATE_IV) \
++ X(TFM_CRYPTO_CIPHER_SET_IV) \
++ X(TFM_CRYPTO_CIPHER_UPDATE) \
++ X(TFM_CRYPTO_CIPHER_FINISH) \
++ X(TFM_CRYPTO_CIPHER_ABORT)
++
++#define AEAD_FUNCS \
++ X(TFM_CRYPTO_AEAD_ENCRYPT) \
++ X(TFM_CRYPTO_AEAD_DECRYPT) \
++ X(TFM_CRYPTO_AEAD_ENCRYPT_SETUP) \
++ X(TFM_CRYPTO_AEAD_DECRYPT_SETUP) \
++ X(TFM_CRYPTO_AEAD_GENERATE_NONCE) \
++ X(TFM_CRYPTO_AEAD_SET_NONCE) \
++ X(TFM_CRYPTO_AEAD_SET_LENGTHS) \
++ X(TFM_CRYPTO_AEAD_UPDATE_AD) \
++ X(TFM_CRYPTO_AEAD_UPDATE) \
++ X(TFM_CRYPTO_AEAD_FINISH) \
++ X(TFM_CRYPTO_AEAD_VERIFY) \
++ X(TFM_CRYPTO_AEAD_ABORT)
++
++#define ASYMMETRIC_SIGN_FUNCS \
++ X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE) \
++ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE) \
++ X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH) \
++ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH)
++
++#define AYSMMETRIC_ENCRYPT_FUNCS \
++ X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT) \
++ X(TFM_CRYPTO_ASYMMETRIC_DECRYPT)
++
++#define KEY_DERIVATION_FUNCS \
++ X(TFM_CRYPTO_RAW_KEY_AGREEMENT) \
++ X(TFM_CRYPTO_KEY_DERIVATION_SETUP) \
++ X(TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY) \
++ X(TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY) \
++ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES) \
++ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY) \
++ X(TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT) \
++ X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES) \
++ X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY) \
++ X(TFM_CRYPTO_KEY_DERIVATION_ABORT)
++
++#define RANDOM_FUNCS \
++ X(TFM_CRYPTO_GENERATE_RANDOM)
++
++/*
++ * Define function IDs in each group. The function ID will be encoded into
++ * tfm_crypto_func_sid below.
++ * Each group is defined as a dedicated enum in case the total number of
++ * PSA Crypto APIs exceeds 256.
++ */
++#define X(func_id) func_id,
++enum tfm_crypto_key_management_func_id {
++ KEY_MANAGEMENT_FUNCS
++};
++enum tfm_crypto_hash_func_id {
++ HASH_FUNCS
++};
++enum tfm_crypto_mac_func_id {
++ MAC_FUNCS
++};
++enum tfm_crypto_cipher_func_id {
++ CIPHER_FUNCS
++};
++enum tfm_crypto_aead_func_id {
++ AEAD_FUNCS
++};
++enum tfm_crypto_asym_sign_func_id {
++ ASYMMETRIC_SIGN_FUNCS
++};
++enum tfm_crypto_asym_encrypt_func_id {
++ AYSMMETRIC_ENCRYPT_FUNCS
++};
++enum tfm_crypto_key_derivation_func_id {
++ KEY_DERIVATION_FUNCS
++};
++enum tfm_crypto_random_func_id {
++ RANDOM_FUNCS
++};
++#undef X
++
++#define FUNC_ID(func_id) (((func_id) & 0xFF) << 8)
++
++/*
++ * Numerical progressive value identifying a function API exposed through
++ * the interfaces (S or NS). It's used to dispatch the requests from S/NS
++ * to the corresponding API implementation in the Crypto service backend.
++ *
++ * Each function SID is encoded as uint16_t.
++ * | Func ID | Group ID |
++ * 15 8 7 0
++ * Func ID is defined in each group func_id enum above
++ * Group ID is defined in tfm_crypto_group_id.
++ */
++enum tfm_crypto_func_sid {
++
++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
++ (TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT & 0xFF)),
++
++ KEY_MANAGEMENT_FUNCS
++
++#undef X
++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
++ (TFM_CRYPTO_GROUP_ID_HASH & 0xFF)),
++ HASH_FUNCS
++
++#undef X
++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
++ (TFM_CRYPTO_GROUP_ID_MAC & 0xFF)),
++ MAC_FUNCS
++
++#undef X
++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
++ (TFM_CRYPTO_GROUP_ID_CIPHER & 0xFF)),
++ CIPHER_FUNCS
++
++#undef X
++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
++ (TFM_CRYPTO_GROUP_ID_AEAD & 0xFF)),
++ AEAD_FUNCS
++
++#undef X
++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
++ (TFM_CRYPTO_GROUP_ID_ASYM_SIGN & 0xFF)),
++ ASYMMETRIC_SIGN_FUNCS
++
++#undef X
++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
++ (TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT & 0xFF)),
++ AYSMMETRIC_ENCRYPT_FUNCS
++
++#undef X
++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
++ (TFM_CRYPTO_GROUP_ID_KEY_DERIVATION & 0xFF)),
++ KEY_DERIVATION_FUNCS
++
++#undef X
++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
++ (TFM_CRYPTO_GROUP_ID_RANDOM & 0xFF)),
++ RANDOM_FUNCS
++
++};
++#undef X
++
++/**
++ * \brief Define an invalid value for an SID
++ *
++ */
++#define TFM_CRYPTO_SID_INVALID (~0x0u)
++
++/**
++ * \brief This value is used to mark an handle as invalid.
++ *
++ */
++#define TFM_CRYPTO_INVALID_HANDLE (0x0u)
++
++/**
++ * \brief Define miscellaneous literal constants that are used in the service
++ *
++ */
++enum {
++ TFM_CRYPTO_NOT_IN_USE = 0,
++ TFM_CRYPTO_IN_USE = 1
++};
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __PSA_CRYPTO_SID_H__ */
+diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
+index 8103a9af..50ad070e 100644
+--- a/components/service/common/include/psa/sid.h
++++ b/components/service/common/include/psa/sid.h
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
++ * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+@@ -12,6 +12,9 @@
+ extern "C" {
+ #endif
+
++/******** PSA Crypto SIDs ********/
++#include "crypto_sid.h"
++
+ /******** TFM_SP_PS ********/
+ #define TFM_PROTECTED_STORAGE_SERVICE_SID (0x00000060U)
+ #define TFM_PROTECTED_STORAGE_SERVICE_VERSION (1U)
+@@ -43,79 +46,6 @@ extern "C" {
+ #define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U)
+
+
+-/**
+- * \brief Define a progressive numerical value for each SID which can be used
+- * when dispatching the requests to the service
+- */
+-enum {
+- TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u),
+- TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID,
+- TFM_CRYPTO_OPEN_KEY_SID,
+- TFM_CRYPTO_CLOSE_KEY_SID,
+- TFM_CRYPTO_IMPORT_KEY_SID,
+- TFM_CRYPTO_DESTROY_KEY_SID,
+- TFM_CRYPTO_EXPORT_KEY_SID,
+- TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
+- TFM_CRYPTO_PURGE_KEY_SID,
+- TFM_CRYPTO_COPY_KEY_SID,
+- TFM_CRYPTO_HASH_COMPUTE_SID,
+- TFM_CRYPTO_HASH_COMPARE_SID,
+- TFM_CRYPTO_HASH_SETUP_SID,
+- TFM_CRYPTO_HASH_UPDATE_SID,
+- TFM_CRYPTO_HASH_FINISH_SID,
+- TFM_CRYPTO_HASH_VERIFY_SID,
+- TFM_CRYPTO_HASH_ABORT_SID,
+- TFM_CRYPTO_HASH_CLONE_SID,
+- TFM_CRYPTO_MAC_COMPUTE_SID,
+- TFM_CRYPTO_MAC_VERIFY_SID,
+- TFM_CRYPTO_MAC_SIGN_SETUP_SID,
+- TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
+- TFM_CRYPTO_MAC_UPDATE_SID,
+- TFM_CRYPTO_MAC_SIGN_FINISH_SID,
+- TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
+- TFM_CRYPTO_MAC_ABORT_SID,
+- TFM_CRYPTO_CIPHER_ENCRYPT_SID,
+- TFM_CRYPTO_CIPHER_DECRYPT_SID,
+- TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
+- TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
+- TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
+- TFM_CRYPTO_CIPHER_SET_IV_SID,
+- TFM_CRYPTO_CIPHER_UPDATE_SID,
+- TFM_CRYPTO_CIPHER_FINISH_SID,
+- TFM_CRYPTO_CIPHER_ABORT_SID,
+- TFM_CRYPTO_AEAD_ENCRYPT_SID,
+- TFM_CRYPTO_AEAD_DECRYPT_SID,
+- TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
+- TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
+- TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
+- TFM_CRYPTO_AEAD_SET_NONCE_SID,
+- TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
+- TFM_CRYPTO_AEAD_UPDATE_AD_SID,
+- TFM_CRYPTO_AEAD_UPDATE_SID,
+- TFM_CRYPTO_AEAD_FINISH_SID,
+- TFM_CRYPTO_AEAD_VERIFY_SID,
+- TFM_CRYPTO_AEAD_ABORT_SID,
+- TFM_CRYPTO_SIGN_MESSAGE_SID,
+- TFM_CRYPTO_VERIFY_MESSAGE_SID,
+- TFM_CRYPTO_SIGN_HASH_SID,
+- TFM_CRYPTO_VERIFY_HASH_SID,
+- TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
+- TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
+- TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
+- TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
+- TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
+- TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
+- TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
+- TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
+- TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
+- TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
+- TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
+- TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
+- TFM_CRYPTO_GENERATE_RANDOM_SID,
+- TFM_CRYPTO_GENERATE_KEY_SID,
+- TFM_CRYPTO_SID_MAX,
+-};
+-
+ /******** TFM_SP_PLATFORM ********/
+ #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U)
+ #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U)
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
+index e4a2b167..9276748d 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
+@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_SIGN_HASH_SID,
++ .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID,
+ .key_id = id,
+ .alg = alg,
+ };
+@@ -70,7 +70,7 @@ static inline psa_status_t crypto_caller_sign_message(struct service_client *con
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID,
++ .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID,
+ .key_id = id,
+ .alg = alg,
+ };
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
+index cc9279ee..bcd8e0e4 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
+@@ -63,7 +63,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont
+ {
+
+ return crypto_caller_common(context,id,alg,hash,hash_length,
+- signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID);
++ signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH_SID);
+ }
+
+ static inline psa_status_t crypto_caller_verify_message(struct service_client *context,
+@@ -76,7 +76,7 @@ static inline psa_status_t crypto_caller_verify_message(struct service_client *c
+ {
+
+ return crypto_caller_common(context,id,alg,hash,hash_length,
+- signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID);
++ signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE_SID);
+ }
+
+ #ifdef __cplusplus
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
new file mode 100644
index 0000000..ecea236
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
@@ -0,0 +1,655 @@
+From a3e203136e7c552069ae582273e0540a219c105f Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Thu, 9 Feb 2023 00:01:06 +0000
+Subject: [PATCH 2/3] TF-Mv1.7 alignment: Align crypto iovec definition
+
+This patch is to align psa_ipc_crypto_pack_iovec with TF-M v1.7
+And propagate changes accross psa_ipc functions
+More accuratly change sfn_id to function_id
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Pending [Not submitted yet]
+---
+ .../backend/psa_ipc/crypto_ipc_backend.h | 34 +++++++++----------
+ .../caller/psa_ipc/crypto_caller_aead.h | 24 ++++++-------
+ .../crypto_caller_asymmetric_decrypt.h | 2 +-
+ .../crypto_caller_asymmetric_encrypt.h | 2 +-
+ .../caller/psa_ipc/crypto_caller_cipher.h | 14 ++++----
+ .../caller/psa_ipc/crypto_caller_copy_key.h | 2 +-
+ .../psa_ipc/crypto_caller_destroy_key.h | 2 +-
+ .../caller/psa_ipc/crypto_caller_export_key.h | 2 +-
+ .../psa_ipc/crypto_caller_export_public_key.h | 2 +-
+ .../psa_ipc/crypto_caller_generate_key.h | 2 +-
+ .../psa_ipc/crypto_caller_generate_random.h | 2 +-
+ .../crypto_caller_get_key_attributes.h | 2 +-
+ .../caller/psa_ipc/crypto_caller_hash.h | 12 +++----
+ .../caller/psa_ipc/crypto_caller_import_key.h | 2 +-
+ .../psa_ipc/crypto_caller_key_derivation.h | 20 +++++------
+ .../client/caller/psa_ipc/crypto_caller_mac.h | 12 +++----
+ .../caller/psa_ipc/crypto_caller_purge_key.h | 2 +-
+ .../caller/psa_ipc/crypto_caller_sign_hash.h | 4 +--
+ .../psa_ipc/crypto_caller_verify_hash.h | 4 +--
+ 19 files changed, 73 insertions(+), 73 deletions(-)
+
+diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
+index ec25eaf8..aacd3fcc 100644
+--- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
++++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
+@@ -28,23 +28,23 @@ struct psa_ipc_crypto_aead_pack_input {
+ };
+
+ struct psa_ipc_crypto_pack_iovec {
+- uint32_t sfn_id; /*!< Secure function ID used to dispatch the
+- * request
+- */
+- uint16_t step; /*!< Key derivation step */
+- psa_key_id_t key_id; /*!< Key id */
+- psa_algorithm_t alg; /*!< Algorithm */
+- uint32_t op_handle; /*!< Frontend context handle associated to a
+- * multipart operation
+- */
+- uint32_t capacity; /*!< Key derivation capacity */
+- uint32_t ad_length; /*!< Additional Data length for multipart AEAD */
+- uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */
+- struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for
+- * AEAD until the API is
+- * restructured
+- */
+-};
++ psa_key_id_t key_id; /*!< Key id */
++ psa_algorithm_t alg; /*!< Algorithm */
++ uint32_t op_handle; /*!< Frontend context handle associated to a
++ * multipart operation
++ */
++ uint32_t capacity; /*!< Key derivation capacity */
++ uint32_t ad_length; /*!< Additional Data length for multipart AEAD */
++ uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */
++
++ struct psa_ipc_crypto_aead_pack_input aead_in; /*!< Packs AEAD-related inputs */
++
++ uint16_t function_id; /*!< Used to identify the function in the
++ * API dispatcher to the service backend
++ * See tfm_crypto_func_sid for detail
++ */
++ uint16_t step; /*!< Key derivation step */
++}__packed;
+
+ #define iov_size sizeof(struct psa_ipc_crypto_pack_iovec)
+
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
+index f6aadd8b..efdffdf7 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
+@@ -44,7 +44,7 @@ static inline psa_status_t crypto_caller_aead_encrypt(
+ size_t in_len;
+ int i;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
++ .function_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
+ .key_id = key,
+ .alg = alg,
+ .aead_in = { .nonce = {0}, .nonce_length = nonce_length },
+@@ -105,7 +105,7 @@ static inline psa_status_t crypto_caller_aead_decrypt(
+ size_t in_len;
+ int i;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
++ .function_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
+ .key_id = key,
+ .alg = alg,
+ .aead_in = { .nonce = {0}, .nonce_length = nonce_length },
+@@ -156,7 +156,7 @@ static inline psa_status_t crypto_caller_aead_encrypt_setup(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
++ .function_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
+ .key_id = key,
+ .alg = alg,
+ .op_handle = (*op_handle),
+@@ -185,7 +185,7 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
++ .function_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
+ .key_id = key,
+ .alg = alg,
+ .op_handle = (*op_handle),
+@@ -214,7 +214,7 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
++ .function_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
+ .op_handle = op_handle,
+ };
+
+@@ -243,7 +243,7 @@ static inline psa_status_t crypto_caller_aead_set_nonce(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
++ .function_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
+ .op_handle = op_handle,
+ };
+
+@@ -270,7 +270,7 @@ static inline psa_status_t crypto_caller_aead_set_lengths(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
++ .function_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
+ .ad_length = ad_length,
+ .plaintext_length = plaintext_length,
+ .op_handle = op_handle,
+@@ -299,7 +299,7 @@ static inline psa_status_t crypto_caller_aead_update_ad(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
++ .function_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
+ .op_handle = op_handle,
+ };
+
+@@ -339,7 +339,7 @@ static inline psa_status_t crypto_caller_aead_update(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
++ .function_id = TFM_CRYPTO_AEAD_UPDATE_SID,
+ .op_handle = op_handle,
+ };
+
+@@ -383,7 +383,7 @@ static inline psa_status_t crypto_caller_aead_finish(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
++ .function_id = TFM_CRYPTO_AEAD_FINISH_SID,
+ .op_handle = op_handle,
+ };
+
+@@ -436,7 +436,7 @@ static inline psa_status_t crypto_caller_aead_verify(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
++ .function_id = TFM_CRYPTO_AEAD_VERIFY_SID,
+ .op_handle = op_handle,
+ };
+
+@@ -482,7 +482,7 @@ static inline psa_status_t crypto_caller_aead_abort(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
++ .function_id = TFM_CRYPTO_AEAD_ABORT_SID,
+ .op_handle = op_handle,
+ };
+
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
+index ff01815c..c387eb55 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
+@@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_decrypt(
+ psa_status_t status;
+ size_t in_len;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
++ .function_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
+ .key_id = id,
+ .alg = alg,
+ };
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
+index 1daf1689..8eb3de45 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
+@@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_encrypt(
+ psa_status_t status;
+ size_t in_len;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
++ .function_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
+ .key_id = id,
+ .alg = alg,
+ };
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
+index fbefb28d..20aa46a5 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
+@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_cipher_encrypt_setup(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
++ .function_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
+ .key_id = key,
+ .alg = alg,
+ .op_handle = *op_handle,
+@@ -62,7 +62,7 @@ static inline psa_status_t crypto_caller_cipher_decrypt_setup(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
++ .function_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
+ .key_id = key,
+ .alg = alg,
+ .op_handle = *op_handle,
+@@ -91,7 +91,7 @@ static inline psa_status_t crypto_caller_cipher_generate_iv(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
++ .function_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+@@ -120,7 +120,7 @@ static inline psa_status_t crypto_caller_cipher_set_iv(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID,
++ .function_id = TFM_CRYPTO_CIPHER_SET_IV_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+@@ -150,7 +150,7 @@ static inline psa_status_t crypto_caller_cipher_update(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID,
++ .function_id = TFM_CRYPTO_CIPHER_UPDATE_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+@@ -181,7 +181,7 @@ static inline psa_status_t crypto_caller_cipher_finish(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID,
++ .function_id = TFM_CRYPTO_CIPHER_FINISH_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+@@ -208,7 +208,7 @@ static inline psa_status_t crypto_caller_cipher_abort(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID,
++ .function_id = TFM_CRYPTO_CIPHER_ABORT_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
+index 9a988171..48157d7e 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
+@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_copy_key(struct service_client *context
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_COPY_KEY_SID,
++ .function_id = TFM_CRYPTO_COPY_KEY_SID,
+ .key_id = source_key,
+ };
+ struct psa_invec in_vec[] = {
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
+index d00f4faa..6d0a05e6 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
+@@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_destroy_key(struct service_client *cont
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_DESTROY_KEY_SID,
++ .function_id = TFM_CRYPTO_DESTROY_KEY_SID,
+ .key_id = id,
+ };
+ struct psa_invec in_vec[] = {
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
+index 8ac5477f..9a6b7013 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
+@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_key(struct service_client *conte
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_EXPORT_KEY_SID,
++ .function_id = TFM_CRYPTO_EXPORT_KEY_SID,
+ .key_id = id,
+ };
+ struct psa_invec in_vec[] = {
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
+index b24c47f1..52bdd757 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
+@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_public_key(struct service_client
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
++ .function_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
+ .key_id = id,
+ };
+ struct psa_invec in_vec[] = {
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
+index 1b66ed40..7ed1673b 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
+@@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_key(struct service_client *con
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_GENERATE_KEY_SID,
++ .function_id = TFM_CRYPTO_GENERATE_KEY_SID,
+ };
+ struct psa_invec in_vec[] = {
+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
+index 7c538237..4fb87aa8 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
+@@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_random(struct service_client *
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID,
++ .function_id = TFM_CRYPTO_GENERATE_RANDOM_SID,
+ };
+ struct psa_invec in_vec[] = {
+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
+index 22f1d18f..2caa3bd3 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
+@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_get_key_attributes(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID,
++ .function_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID,
+ .key_id = key,
+ };
+ struct psa_invec in_vec[] = {
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
+index 9f37908a..4fb60d44 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
+@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_hash_setup(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_HASH_SETUP_SID,
++ .function_id = TFM_CRYPTO_HASH_SETUP_SID,
+ .alg = alg,
+ .op_handle = *op_handle,
+ };
+@@ -60,7 +60,7 @@ static inline psa_status_t crypto_caller_hash_update(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_HASH_UPDATE_SID,
++ .function_id = TFM_CRYPTO_HASH_UPDATE_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+@@ -88,7 +88,7 @@ static inline psa_status_t crypto_caller_hash_finish(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_HASH_FINISH_SID,
++ .function_id = TFM_CRYPTO_HASH_FINISH_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+@@ -115,7 +115,7 @@ static inline psa_status_t crypto_caller_hash_abort(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_HASH_ABORT_SID,
++ .function_id = TFM_CRYPTO_HASH_ABORT_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+@@ -141,7 +141,7 @@ static inline psa_status_t crypto_caller_hash_verify(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_HASH_VERIFY_SID,
++ .function_id = TFM_CRYPTO_HASH_VERIFY_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+@@ -167,7 +167,7 @@ static inline psa_status_t crypto_caller_hash_clone(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_HASH_CLONE_SID,
++ .function_id = TFM_CRYPTO_HASH_CLONE_SID,
+ .op_handle = source_op_handle,
+ };
+ struct psa_invec in_vec[] = {
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
+index d4703366..1458163c 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
+@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_import_key(struct service_client *conte
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_IMPORT_KEY_SID,
++ .function_id = TFM_CRYPTO_IMPORT_KEY_SID,
+ };
+ struct psa_invec in_vec[] = {
+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
+index 5ce4fb6c..16be9916 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
+@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_key_derivation_setup(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
++ .function_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
+ .alg = alg,
+ .op_handle = *op_handle,
+ };
+@@ -59,7 +59,7 @@ static inline psa_status_t crypto_caller_key_derivation_get_capacity(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
++ .function_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+@@ -84,7 +84,7 @@ static inline psa_status_t crypto_caller_key_derivation_set_capacity(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
++ .function_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
+ .capacity = capacity,
+ .op_handle = op_handle,
+ };
+@@ -109,7 +109,7 @@ static inline psa_status_t crypto_caller_key_derivation_input_bytes(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
++ .function_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
+ .step = step,
+ .op_handle = op_handle,
+ };
+@@ -134,7 +134,7 @@ static inline psa_status_t crypto_caller_key_derivation_input_key(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
++ .function_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
+ .key_id = key,
+ .step = step,
+ .op_handle = op_handle,
+@@ -159,7 +159,7 @@ static inline psa_status_t crypto_caller_key_derivation_output_bytes(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
++ .function_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+@@ -185,7 +185,7 @@ static inline psa_status_t crypto_caller_key_derivation_output_key(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
++ .function_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+@@ -211,7 +211,7 @@ static inline psa_status_t crypto_caller_key_derivation_abort(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
++ .function_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+@@ -239,7 +239,7 @@ static inline psa_status_t crypto_caller_key_derivation_key_agreement(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
++ .function_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
+ .key_id = private_key,
+ .step = step,
+ .op_handle = op_handle,
+@@ -270,7 +270,7 @@ static inline psa_status_t crypto_caller_raw_key_agreement(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
++ .function_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
+ .alg = alg,
+ .key_id = private_key,
+ };
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
+index 3a820192..30222800 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
+@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_mac_sign_setup(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID,
++ .function_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID,
+ .key_id = key,
+ .alg = alg,
+ .op_handle = *op_handle,
+@@ -62,7 +62,7 @@ static inline psa_status_t crypto_caller_mac_verify_setup(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
++ .function_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
+ .key_id = key,
+ .alg = alg,
+ .op_handle = *op_handle,
+@@ -90,7 +90,7 @@ static inline psa_status_t crypto_caller_mac_update(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_MAC_UPDATE_SID,
++ .function_id = TFM_CRYPTO_MAC_UPDATE_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+@@ -118,7 +118,7 @@ static inline psa_status_t crypto_caller_mac_sign_finish(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID,
++ .function_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+@@ -147,7 +147,7 @@ static inline psa_status_t crypto_caller_mac_verify_finish(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
++ .function_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+@@ -172,7 +172,7 @@ static inline psa_status_t crypto_caller_mac_abort(
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_MAC_ABORT_SID,
++ .function_id = TFM_CRYPTO_MAC_ABORT_SID,
+ .op_handle = op_handle,
+ };
+ struct psa_invec in_vec[] = {
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
+index a3a796e2..f6ab0978 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
+@@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_purge_key(struct service_client *contex
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_PURGE_KEY_SID,
++ .function_id = TFM_CRYPTO_PURGE_KEY_SID,
+ .key_id = id,
+ };
+ struct psa_invec in_vec[] = {
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
+index 9276748d..8b53e3dc 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
+@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID,
++ .function_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID,
+ .key_id = id,
+ .alg = alg,
+ };
+@@ -70,7 +70,7 @@ static inline psa_status_t crypto_caller_sign_message(struct service_client *con
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID,
++ .function_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID,
+ .key_id = id,
+ .alg = alg,
+ };
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
+index bcd8e0e4..c9ed865b 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
+@@ -31,13 +31,13 @@ static inline psa_status_t crypto_caller_common(struct service_client *context,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length,
+- uint32_t sfn_id)
++ uint32_t function_id)
+ {
+ struct service_client *ipc = context;
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = sfn_id,
++ .function_id = function_id,
+ .key_id = id,
+ .alg = alg,
+ };
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
new file mode 100644
index 0000000..0dcdd5d
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
@@ -0,0 +1,117 @@
+From ee7e13dcc14110aa16f7c6453cfe72f088857ed2 Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Thu, 9 Feb 2023 00:34:23 +0000
+Subject: [PATCH 3/3] TF-Mv1.7 alignment: PSA crypto client in/out_vec
+
+Few psa crypto operations have different in/out_vec expectations
+This patch is fixing the differences between psa crypto client in TS
+and psa crypto service in TF-M running on the secure enclave
+
+operations:
+- aead_generate_nonce: TFM service doesn't expect op_handle in in_vec
+- aead_update: TFM service doesn't expect op_handle in in_vec
+- cipher_generate_iv: TFM service doesn't expect op_handle in in_vec
+- cipher_update: TFM service doesn't expect op_handle in in_vec
+- hash_clone: TFM service expects target_op_handle in the in_vec
+ rationale is target_op_handle according to the spec
+ must be initialized and not active. and since hash_clone
+ manipulates it. hence, target_op_handle should be passed
+ as input and output.
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Pending [Not submitted yet]
+---
+ .../crypto/client/caller/psa_ipc/crypto_caller_aead.h | 6 ++----
+ .../crypto/client/caller/psa_ipc/crypto_caller_cipher.h | 6 ++----
+ .../crypto/client/caller/psa_ipc/crypto_caller_hash.h | 2 ++
+ 3 files changed, 6 insertions(+), 8 deletions(-)
+
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
+index efdffdf7..e862c2de 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
+@@ -222,14 +222,13 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
+ };
+ struct psa_outvec out_vec[] = {
+- {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
+ {.base = psa_ptr_to_u32(nonce), .len = nonce_size}
+ };
+
+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+
+- *nonce_length = out_vec[1].len;
++ *nonce_length = out_vec[0].len;
+ return status;
+ }
+
+@@ -353,7 +352,6 @@ static inline psa_status_t crypto_caller_aead_update(
+ {.base = psa_ptr_const_to_u32(input), .len = input_length}
+ };
+ struct psa_outvec out_vec[] = {
+- {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
+ {.base = psa_ptr_const_to_u32(output), .len = output_size},
+ };
+
+@@ -365,7 +363,7 @@ static inline psa_status_t crypto_caller_aead_update(
+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
+ in_len, out_vec, IOVEC_LEN(out_vec));
+
+- *output_length = out_vec[1].len;
++ *output_length = out_vec[0].len;
+ return status;
+ }
+
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
+index 20aa46a5..948865e4 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
+@@ -98,14 +98,13 @@ static inline psa_status_t crypto_caller_cipher_generate_iv(
+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
+ };
+ struct psa_outvec out_vec[] = {
+- { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
+ { .base = psa_ptr_to_u32(iv), .len = iv_size },
+ };
+
+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+
+- *iv_length = out_vec[1].len;
++ *iv_length = out_vec[0].len;
+
+ return status;
+ }
+@@ -158,14 +157,13 @@ static inline psa_status_t crypto_caller_cipher_update(
+ { .base = psa_ptr_const_to_u32(input), .len = input_length },
+ };
+ struct psa_outvec out_vec[] = {
+- { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
+ { .base = psa_ptr_to_u32(output), .len = output_size },
+ };
+
+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+
+- *output_length = out_vec[1].len;
++ *output_length = out_vec[0].len;
+
+ return status;
+ }
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
+index 4fb60d44..1e422130 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
+@@ -172,6 +172,8 @@ static inline psa_status_t crypto_caller_hash_clone(
+ };
+ struct psa_invec in_vec[] = {
+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_to_u32(target_op_handle),
++ .len = sizeof(uint32_t) },
+ };
+ struct psa_outvec out_vec[] = {
+ { .base = psa_ptr_to_u32(target_op_handle),
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0002-corstone1000-Disable-obsolete-algorithms.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0002-corstone1000-Disable-obsolete-algorithms.patch
new file mode 100644
index 0000000..d13e167
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0002-corstone1000-Disable-obsolete-algorithms.patch
@@ -0,0 +1,32 @@
+From 1bc041813df89a1be953d0ba3471e608f6fa7ed8 Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Thu, 9 Feb 2023 20:54:40 +0000
+Subject: [PATCH] corstone1000: Disable obsolete algorithms
+
+curves of size <255 are obsolete algorithms
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Inappropriate [Discussions of having these configs
+ in a separate target is ongoing]
+---
+ .../targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+index c6d4aad..1d9b356 100755
+--- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
++++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+@@ -66,6 +66,10 @@
+ #endif
+ #endif
+
++/* curves of size <255 are obsolete algorithms, should be disabled. */
++#undef ARCH_TEST_ECC_CURVE_SECP192R1
++#undef ARCH_TEST_ECC_CURVE_SECP224R1
++
+ /**
+ * \def ARCH_TEST_AES
+ *
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0003-corstone1000-Disable-SHA512-384.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0003-corstone1000-Disable-SHA512-384.patch
new file mode 100644
index 0000000..a16bf3e
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0003-corstone1000-Disable-SHA512-384.patch
@@ -0,0 +1,32 @@
+From abdea43f1de61a0e76b13890cb403f7955998b02 Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Thu, 9 Feb 2023 21:06:22 +0000
+Subject: [PATCH] corstone1000: Disable SHA512/384
+
+SHA512 and SHA384 is not available on Cryptocell (hardware accelerator)
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Inappropriate [Discussions of having these configs
+ in a separate target is ongoing]
+---
+ .../targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+index 1d9b356..d6d552a 100755
+--- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
++++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+@@ -272,8 +272,8 @@
+ #define ARCH_TEST_SHA256
+ #ifndef TF_M_PROFILE_SMALL
+ #ifndef TF_M_PROFILE_MEDIUM
+-#define ARCH_TEST_SHA384
+-#define ARCH_TEST_SHA512
++// #define ARCH_TEST_SHA384
++// #define ARCH_TEST_SHA512
+ #endif
+ #endif
+ //#define ARCH_TEST_SHA512_224
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
index 5900955..867bd66 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
@@ -25,6 +25,10 @@
file://0021-smm_gateway-add-checks-for-null-attributes.patch;patchdir=../trusted-services \
file://0022-GetNextVariableName-Fix.patch;patchdir=../trusted-services \
file://0023-Use-the-stateless-platform-service.patch;patchdir=../trusted-services \
+ file://0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch;patchdir=../trusted-services \
+ file://0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch;patchdir=../trusted-services \
+ file://0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch;patchdir=../trusted-services \
"
+
COMPATIBLE_MACHINE:n1sdp = "n1sdp"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc
index a1f43d4..c9b1c78 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc
@@ -4,4 +4,6 @@
SRC_URI:append:corstone1000 = " \
file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \
+ file://0002-corstone1000-Disable-obsolete-algorithms.patch;patchdir=../psatest \
+ file://0003-corstone1000-Disable-SHA512-384.patch;patchdir=../psatest \
"
diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-12.2/0026-rust-recursion-limit.patch b/meta-arm/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-12.2/0026-rust-recursion-limit.patch
index bbe2f18..e13a996 100644
--- a/meta-arm/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-12.2/0026-rust-recursion-limit.patch
+++ b/meta-arm/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-12.2/0026-rust-recursion-limit.patch
@@ -9,6 +9,7 @@
* rust-demangle.c (demangle_const): Add recursion limit.
Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79]
+Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
---
libiberty/rust-demangle.c | 29 ++++++++++++++++++++---------
1 file changed, 20 insertions(+), 9 deletions(-)
diff --git a/meta-arm/meta-arm/classes/tfm_sign_image.bbclass b/meta-arm/meta-arm/classes/tfm_sign_image.bbclass
index 542b708..24df768 100644
--- a/meta-arm/meta-arm/classes/tfm_sign_image.bbclass
+++ b/meta-arm/meta-arm/classes/tfm_sign_image.bbclass
@@ -6,28 +6,28 @@
# * Write the signing logic, which may call the function sign_host_image,
# described below
-inherit python3native deploy
+inherit python3native
# The output and working directory
TFM_IMAGE_SIGN_DIR = "${WORKDIR}/tfm-signed-images"
+TFM_IMAGE_SIGN_DEPLOY_DIR = "${WORKDIR}/deploy-tfm-signed-images"
+SSTATETASKS += "do_sign_images"
+do_sign_images[sstate-inputdirs] = "${TFM_IMAGE_SIGN_DEPLOY_DIR}"
+do_sign_images[sstate-outputdirs] = "${DEPLOY_DIR_IMAGE}"
+do_sign_images[dirs] = "${TFM_IMAGE_SIGN_DEPLOY_DIR} ${TFM_IMAGE_SIGN_DIR}"
+do_sign_images[cleandirs] = "${TFM_IMAGE_SIGN_DEPLOY_DIR} ${TFM_IMAGE_SIGN_DIR}"
+do_sign_images[stamp-extra-info] = "${MACHINE_ARCH}"
tfm_sign_image_do_sign_images() {
:
}
-addtask sign_images after do_configure before do_compile
-do_sign_images[dirs] = "${TFM_IMAGE_SIGN_DIR}"
+addtask sign_images after do_prepare_recipe_sysroot before do_image
+EXPORT_FUNCTIONS do_sign_images
-tfm_sign_image_do_deploy() {
- :
+python do_sign_images_setscene () {
+ sstate_setscene(d)
}
-addtask deploy after do_sign_images
-
-deploy_signed_images() {
- cp ${TFM_IMAGE_SIGN_DIR}/signed_* ${DEPLOYDIR}/
-}
-do_deploy[postfuncs] += "deploy_signed_images"
-
-EXPORT_FUNCTIONS do_sign_images do_deploy
+addtask do_sign_images_setscene
DEPENDS += "trusted-firmware-m-scripts-native"
@@ -35,6 +35,21 @@
# right path until this is relocated automatically.
export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
+# The arguments passed to the TF-M image signing script. Override this variable
+# in an image recipe to customize the arguments.
+TFM_IMAGE_SIGN_ARGS ?= "\
+ -v ${RE_LAYOUT_WRAPPER_VERSION} \
+ --layout "${TFM_IMAGE_SIGN_DIR}/${host_binary_layout}" \
+ -k "${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}" \
+ --public-key-format full \
+ --align 1 \
+ --pad \
+ --pad-header \
+ --measured-boot-record \
+ -H ${RE_IMAGE_OFFSET} \
+ -s auto \
+"
+
#
# sign_host_image
#
@@ -62,18 +77,10 @@
};
EOF
- host_binary_signed="${TFM_IMAGE_SIGN_DIR}/signed_$(basename "${1}")"
+ host_binary_signed="${TFM_IMAGE_SIGN_DEPLOY_DIR}/signed_$(basename "${1}")"
${PYTHON} "${STAGING_LIBDIR_NATIVE}/tfm-scripts/wrapper/wrapper.py" \
- -v ${RE_LAYOUT_WRAPPER_VERSION} \
- --layout "${TFM_IMAGE_SIGN_DIR}/${host_binary_layout}" \
- -k "${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}" \
- --public-key-format full \
- --align 1 \
- --pad \
- --pad-header \
- -H ${RE_IMAGE_OFFSET} \
- -s auto \
+ ${TFM_IMAGE_SIGN_ARGS} \
"${1}" \
"${host_binary_signed}"
}
diff --git a/meta-arm/meta-arm/classes/uefi_capsule.bbclass b/meta-arm/meta-arm/classes/uefi_capsule.bbclass
new file mode 100644
index 0000000..690e7af
--- /dev/null
+++ b/meta-arm/meta-arm/classes/uefi_capsule.bbclass
@@ -0,0 +1,55 @@
+# This class generates UEFI capsules
+# The current class supports generating a capsule with single firmware binary
+
+DEPENDS += "gettext-native"
+inherit python3native
+
+IMAGE_TYPES += "uefi_capsule"
+
+# edk2 base tools should be installed in the native sysroot directory
+do_image_uefi_capsule[depends] += "edk2-basetools-native:do_populate_sysroot"
+
+# By default the wic image is used to create a capsule
+CAPSULE_IMGTYPE ?= "wic"
+
+# IMGDEPLOYDIR is used as the default location of firmware binary for which the capsule needs to be created
+CAPSULE_IMGLOCATION ?= "${IMGDEPLOYDIR}"
+
+# The generated capsule by default has uefi.capsule extension
+CAPSULE_EXTENSION ?= "uefi.capsule"
+
+# The following variables must be set to be able to generate a capsule update
+UEFI_FIRMWARE_BINARY ?= ""
+UEFI_CAPSULE_CONFIG ?= ""
+
+# Check if the required variables are set
+python() {
+ for var in ["UEFI_FIRMWARE_BINARY", "UEFI_CAPSULE_CONFIG"]:
+ if not d.getVar(var):
+ raise bb.parse.SkipRecipe(f"{var} not set")
+}
+
+IMAGE_CMD:uefi_capsule(){
+
+ # Force the GenerateCapsule script to use python3
+ export PYTHON_COMMAND=${PYTHON}
+
+ # Copy the firmware and the capsule config json to current directory
+ if [ -e ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} ]; then
+ cp ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} . ;
+ fi
+
+ export UEFI_FIRMWARE_BINARY=${UEFI_FIRMWARE_BINARY}
+ envsubst < ${UEFI_CAPSULE_CONFIG} > ./${MACHINE}-capsule-update-image.json
+
+ ${STAGING_DIR_NATIVE}/usr/bin/edk2-BaseTools/BinWrappers/PosixLike/GenerateCapsule \
+ -e -o ${IMGDEPLOYDIR}/${UEFI_FIRMWARE_BINARY}.${CAPSULE_EXTENSION} -j \
+ ${MACHINE}-capsule-update-image.json
+
+ # Remove the firmware to avoid contamination of IMGDEPLOYDIR
+ rm ${UEFI_FIRMWARE_BINARY}
+
+}
+
+# The firmware binary should be created before generating the capsule
+IMAGE_TYPEDEP:uefi_capsule:append = "${CAPSULE_IMGTYPE}"
diff --git a/meta-arm/meta-arm-bsp/classes/wic_nopt.bbclass b/meta-arm/meta-arm/classes/wic_nopt.bbclass
similarity index 91%
rename from meta-arm/meta-arm-bsp/classes/wic_nopt.bbclass
rename to meta-arm/meta-arm/classes/wic_nopt.bbclass
index 322be49..9c78fd7 100644
--- a/meta-arm/meta-arm-bsp/classes/wic_nopt.bbclass
+++ b/meta-arm/meta-arm/classes/wic_nopt.bbclass
@@ -1,7 +1,7 @@
# This class removes the empty partition table header
# in the WIC file when --no-table WKS option is used
-IMAGE_TYPES += "wic.nopt"
+IMAGE_TYPES:append = " wic.nopt"
CONVERSIONTYPES += "nopt"
diff --git a/meta-arm/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb b/meta-arm/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb
index 74adaf3..cb79069 100644
--- a/meta-arm/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb
+++ b/meta-arm/meta-arm/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_git.bb
@@ -4,7 +4,10 @@
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=bb63326febfb5fb909226c8e7ebcef5c"
SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/mark/boot-wrapper-aarch64.git;branch=master"
-SRCREV = "1044c77062573985f7c994c3b6cef5695f57e955"
+SRCREV = "d3b1a15d18542b2086e72bfdc3fc43f454772a3b"
+
+# boot-wrapper doesn't make releases
+UPSTREAM_CHECK_COMMITS = "1"
PV = "git${SRCPV}"
diff --git a/meta-arm/meta-arm/recipes-devtools/fiptool/fiptool-native_2.7.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.8.bb
similarity index 92%
rename from meta-arm/meta-arm/recipes-devtools/fiptool/fiptool-native_2.7.bb
rename to meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.8.bb
index 66cf2ce..578f5a2 100644
--- a/meta-arm/meta-arm/recipes-devtools/fiptool/fiptool-native_2.7.bb
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.8.bb
@@ -10,8 +10,8 @@
SRCBRANCH = "master"
LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
-# Use fiptool from TF-A v2.7
-SRCREV = "35f4c7295bafeb32c8bcbdfb6a3f2e74a57e732b"
+# Use fiptool from TF-A v2.8
+SRCREV = "9881bb93a3bc0a3ea37e9f093e09ab4b360a9e48"
DEPENDS += "openssl-native"
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.7.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bb
similarity index 95%
rename from meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.7.0.bb
rename to meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bb
index 8ded64d..0c09499 100644
--- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.7.0.bb
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bb
@@ -11,7 +11,7 @@
SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \
file://tf-a-tests-no-warn-rwx-segments.patch"
SRCBRANCH = "master"
-SRCREV = "5f591f67738a1bbe6b262c53d9dad46ed8bbcd67"
+SRCREV = "f7b3be91ab954c495912fc7bc48383cd83bfec2d"
DEPENDS += "optee-os"
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb
similarity index 71%
rename from meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.0.bb
rename to meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb
index 35817c0..3a5006e 100644
--- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.0.bb
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb
@@ -1,14 +1,14 @@
require trusted-firmware-a.inc
-# TF-A v2.7
-SRCREV_tfa = "35f4c7295bafeb32c8bcbdfb6a3f2e74a57e732b"
+# TF-A v2.8
+SRCREV_tfa = "9881bb93a3bc0a3ea37e9f093e09ab4b360a9e48"
SRC_URI += "file://rwx-segments.patch"
LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
-# mbed TLS v2.28.0
+# mbed TLS v2.28.2
SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=mbedtls-2.28"
-SRCREV_mbedtls = "8b3f26a5ac38d4fdccbc5c5366229f3e01dafcc0"
+SRCREV_mbedtls = "89f040a5c938985c5f30728baed21e49d0846a53"
LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-src.inc b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-src.inc
new file mode 100644
index 0000000..7d5b4b5
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-src.inc
@@ -0,0 +1,41 @@
+# Common src definitions for trusted-firmware-m and trusted-firmware-m-scripts
+
+LICENSE = "BSD-2-Clause & BSD-3-Clause & Apache-2.0"
+
+LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \
+ file://../tf-m-tests/license.rst;md5=02d06ffb8d9f099ff4961c0cb0183a18 \
+ file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \
+ file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8"
+
+SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https"
+SRC_URI_TRUSTED_FIRMWARE_M_TESTS ?= "git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https"
+SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS ?= "git://github.com/ARMmbed/mbedtls.git;protocol=https"
+SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT ?= "git://github.com/mcu-tools/mcuboot.git;protocol=https"
+SRC_URI_TRUSTED_FIRMWARE_M_QCBOR ?= "git://github.com/laurencelundblade/QCBOR.git;protocol=https"
+SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \
+ ${SRC_URI_TRUSTED_FIRMWARE_M_TESTS};branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \
+ ${SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS};branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \
+ ${SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT};branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \
+ ${SRC_URI_TRUSTED_FIRMWARE_M_QCBOR};branch=${SRCBRANCH_qcbor};name=qcbor;destsuffix=git/qcbor \
+ "
+
+# The required dependencies are documented in tf-m/config/config_default.cmake
+# TF-Mv1.7.0
+SRCBRANCH_tfm ?= "master"
+SRCREV_tfm = "b725a1346cdb9ec75b1adcdc4c84705881e8fd4e"
+# TF-Mv1.7.0
+SRCBRANCH_tfm-tests ?= "master"
+SRCREV_tfm-tests = "4c4b58041c6c01670266690538a780b4a23d08b8"
+# mbedtls-3.2.1
+SRCBRANCH_mbedtls ?= "master"
+SRCREV_mbedtls = "869298bffeea13b205343361b7a7daf2b210e33d"
+# v1.9.0
+SRCBRANCH_mcuboot ?= "main"
+SRCREV_mcuboot = "c657cbea75f2bb1faf1fceacf972a0537a8d26dd"
+# qcbor
+SRCBRANCH_qcbor ?= "master"
+SRCREV_qcbor = "b0e7033268e88c9f27146fa9a1415ef4c19ebaff"
+
+SRCREV_FORMAT = "tfm"
+
+S = "${WORKDIR}/git/tfm"
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc
new file mode 100644
index 0000000..9062df8
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc
@@ -0,0 +1,118 @@
+# SPDX-License-Identifier: MIT
+#
+# Copyright (c) 2020 Arm Limited
+#
+
+SUMMARY = "Trusted Firmware for Cortex-M"
+DESCRIPTION = "Trusted Firmware-M"
+HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git"
+PROVIDES = "virtual/trusted-firmware-m"
+
+SRC_URI += "file://rwx.patch"
+
+UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P<pver>\d+(\.\d+)+)$"
+
+# Note to future readers of this recipe: until the CMakeLists don't abuse
+# installation (see do_install) there is no point in trying to inherit
+# cmake here. You can easily short-circuit the toolchain but the install
+# is so convoluted there's no gain.
+
+inherit python3native deploy
+
+# Baremetal and we bring a compiler below
+INHIBIT_DEFAULT_DEPS = "1"
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+# See tools/requirements.txt for Python dependencies
+DEPENDS += "cmake-native \
+ ninja-native \
+ gcc-arm-none-eabi-native \
+ python3-cbor2-native \
+ python3-click-native \
+ python3-cryptography-native \
+ python3-pyasn1-native \
+ python3-imgtool-native \
+ python3-jinja2-native \
+ python3-pyyaml-native \
+ python3-pyhsslms-native \
+ python3-ecdsa-native \
+ python3-kconfiglib-native \
+"
+
+B = "${WORKDIR}/build"
+
+# Build for debug (set TFM_DEBUG to 1 to activate)
+TFM_DEBUG ?= "0"
+
+# Platform must be set, ideally in the machine configuration.
+TFM_PLATFORM ?= ""
+python() {
+ if not d.getVar("TFM_PLATFORM"):
+ raise bb.parse.SkipRecipe("TFM_PLATFORM needs to be set")
+}
+
+PACKAGECONFIG ??= ""
+# Whether to integrate the test suite
+PACKAGECONFIG[test-secure] = "-DTEST_S=ON,-DTEST_S=OFF"
+PACKAGECONFIG[test-nonsecure] = "-DTEST_NS=ON,-DTEST_NS=OFF"
+
+# Currently we only support using the Arm binary GCC
+EXTRA_OECMAKE += "-DTFM_TOOLCHAIN_FILE=${S}/toolchain_GNUARM.cmake"
+
+# Don't let FetchContent download more sources during do_configure
+EXTRA_OECMAKE += "-DFETCHCONTENT_FULLY_DISCONNECTED=ON"
+
+# Add platform parameters
+EXTRA_OECMAKE += "-DTFM_PLATFORM=${TFM_PLATFORM}"
+
+# Handle TFM_DEBUG parameter
+EXTRA_OECMAKE += "${@bb.utils.contains('TFM_DEBUG', '1', '-DCMAKE_BUILD_TYPE=Debug', '-DCMAKE_BUILD_TYPE=Release', d)}"
+
+# Verbose builds
+EXTRA_OECMAKE += "-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON"
+
+EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/../mbedtls -DTFM_TEST_REPO_PATH=${S}/../tf-m-tests -DMCUBOOT_PATH=${S}/../mcuboot -DQCBOR_PATH=${S}/../qcbor"
+
+export CMAKE_BUILD_PARALLEL_LEVEL = "${@oe.utils.parallel_make(d, False)}"
+
+# Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application
+CFLAGS[unexport] = "1"
+LDFLAGS[unexport] = "1"
+AS[unexport] = "1"
+LD[unexport] = "1"
+
+# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
+# right path until this is relocated automatically.
+export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
+
+do_configure[cleandirs] = "${B}"
+do_configure() {
+ cmake -GNinja -S ${S} -B ${B} ${EXTRA_OECMAKE} ${PACKAGECONFIG_CONFARGS}
+}
+
+# Invoke install here as there's no point in splitting compile from install: the
+# first thing the build does is 'install' inside the build tree thus causing a
+# rebuild. It also overrides the install prefix to be in the build tree, so you
+# can't use the usual install prefix variables.
+do_compile() {
+ cmake --build ${B} -- install
+}
+do_compile[progress] = "outof:^\[(\d+)/(\d+)\]\s+"
+
+do_install() {
+ # TODO install headers and static libraries when we know how they're used
+ install -d -m 755 ${D}/firmware
+ install -m 0644 ${B}/bin/* ${D}/firmware/
+}
+
+FILES:${PN} = "/firmware"
+SYSROOT_DIRS += "/firmware"
+
+addtask deploy after do_install
+do_deploy() {
+ cp -rf ${D}/firmware/* ${DEPLOYDIR}/
+}
+
+# Build paths are currently embedded
+INSANE_SKIP:${PN} += "buildpaths"
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb
index b4a4c41..32e6ed3 100644
--- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb
@@ -1,148 +1,2 @@
-# SPDX-License-Identifier: MIT
-#
-# Copyright (c) 2020 Arm Limited
-#
-
-SUMMARY = "Trusted Firmware for Cortex-M"
-DESCRIPTION = "Trusted Firmware-M"
-HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git"
-PROVIDES = "virtual/trusted-firmware-m"
-
-LICENSE = "BSD-2-Clause & BSD-3-Clause & Apache-2.0"
-
-LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \
- file://../tf-m-tests/license.rst;md5=02d06ffb8d9f099ff4961c0cb0183a18 \
- file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \
- file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8"
-
-SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https"
-SRC_URI_TRUSTED_FIRMWARE_M_TESTS ?= "git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https"
-SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS ?= "git://github.com/ARMmbed/mbedtls.git;protocol=https"
-SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT ?= "git://github.com/mcu-tools/mcuboot.git;protocol=https"
-SRC_URI_TRUSTED_FIRMWARE_M_QCBOR ?= "git://github.com/laurencelundblade/QCBOR.git;protocol=https"
-SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \
- ${SRC_URI_TRUSTED_FIRMWARE_M_TESTS};branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \
- ${SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS};branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \
- ${SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT};branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \
- ${SRC_URI_TRUSTED_FIRMWARE_M_QCBOR};branch=${SRCBRANCH_qcbor};name=qcbor;destsuffix=git/qcbor \
- file://rwx.patch \
- "
-
-# The required dependencies are documented in tf-m/config/config_default.cmake
-# TF-Mv1.7.0
-SRCBRANCH_tfm ?= "release/1.7.x"
-SRCREV_tfm = "b725a1346cdb9ec75b1adcdc4c84705881e8fd4e"
-# mbedtls-3.2.0
-SRCBRANCH_mbedtls ?= "master"
-SRCREV_mbedtls = "869298bffeea13b205343361b7a7daf2b210e33d"
-# TF-Mv1.6.0
-SRCBRANCH_tfm-tests ?= "release/1.7.x"
-SRCREV_tfm-tests = "4972e8df3fcbd386a5b0c18613d8a803f4dda082"
-# v1.9.0
-SRCBRANCH_mcuboot ?= "main"
-SRCREV_mcuboot = "c657cbea75f2bb1faf1fceacf972a0537a8d26dd"
-# qcbor
-SRCBRANCH_qcbor ?= "master"
-SRCREV_qcbor = "b0e7033268e88c9f27146fa9a1415ef4c19ebaff"
-
-UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P<pver>\d+(\.\d+)+)$"
-
-# Note to future readers of this recipe: until the CMakeLists don't abuse
-# installation (see do_install) there is no point in trying to inherit
-# cmake here. You can easily short-circuit the toolchain but the install
-# is so convoluted there's no gain.
-
-inherit python3native deploy
-
-# Baremetal and we bring a compiler below
-INHIBIT_DEFAULT_DEPS = "1"
-
-PACKAGE_ARCH = "${MACHINE_ARCH}"
-
-DEPENDS += "cmake-native \
- ninja-native \
- gcc-arm-none-eabi-native \
- python3-intelhex-native \
- python3-jinja2-native \
- python3-pyyaml-native \
- python3-click-native \
- python3-cryptography-native \
- python3-cbor2-native"
-
-S = "${WORKDIR}/git/tfm"
-B = "${WORKDIR}/build"
-
-# Build for debug (set TFM_DEBUG to 1 to activate)
-TFM_DEBUG ?= "0"
-
-# Platform must be set, ideally in the machine configuration.
-TFM_PLATFORM ?= ""
-python() {
- if not d.getVar("TFM_PLATFORM"):
- raise bb.parse.SkipRecipe("TFM_PLATFORM needs to be set")
-}
-
-PACKAGECONFIG ??= ""
-# Whether to integrate the test suite
-PACKAGECONFIG[test-secure] = "-DTEST_S=ON,-DTEST_S=OFF"
-PACKAGECONFIG[test-nonsecure] = "-DTEST_NS=ON,-DTEST_NS=OFF"
-
-# Currently we only support using the Arm binary GCC
-EXTRA_OECMAKE += "-DTFM_TOOLCHAIN_FILE=${S}/toolchain_GNUARM.cmake"
-
-# Don't let FetchContent download more sources during do_configure
-EXTRA_OECMAKE += "-DFETCHCONTENT_FULLY_DISCONNECTED=ON"
-
-# Add platform parameters
-EXTRA_OECMAKE += "-DTFM_PLATFORM=${TFM_PLATFORM}"
-
-# Handle TFM_DEBUG parameter
-EXTRA_OECMAKE += "${@bb.utils.contains('TFM_DEBUG', '1', '-DCMAKE_BUILD_TYPE=Debug', '-DCMAKE_BUILD_TYPE=Release', d)}"
-
-# Verbose builds
-EXTRA_OECMAKE += "-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON"
-
-EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/../mbedtls -DTFM_TEST_REPO_PATH=${S}/../tf-m-tests -DMCUBOOT_PATH=${S}/../mcuboot -DQCBOR_PATH=${S}/../qcbor"
-
-export CMAKE_BUILD_PARALLEL_LEVEL = "${@oe.utils.parallel_make(d, False)}"
-
-# Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application
-CFLAGS[unexport] = "1"
-LDFLAGS[unexport] = "1"
-AS[unexport] = "1"
-LD[unexport] = "1"
-
-# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
-# right path until this is relocated automatically.
-export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
-
-do_configure[cleandirs] = "${B}"
-do_configure() {
- cmake -GNinja -S ${S} -B ${B} ${EXTRA_OECMAKE} ${PACKAGECONFIG_CONFARGS}
-}
-
-# Invoke install here as there's no point in splitting compile from install: the
-# first thing the build does is 'install' inside the build tree thus causing a
-# rebuild. It also overrides the install prefix to be in the build tree, so you
-# can't use the usual install prefix variables.
-do_compile() {
- cmake --build ${B} -- install
-}
-do_compile[progress] = "outof:^\[(\d+)/(\d+)\]\s+"
-
-do_install() {
- # TODO install headers and static libraries when we know how they're used
- install -d -m 755 ${D}/firmware
- install -m 0644 ${B}/bin/* ${D}/firmware/
-}
-
-FILES:${PN} = "/firmware"
-SYSROOT_DIRS += "/firmware"
-
-addtask deploy after do_install
-do_deploy() {
- cp -rf ${D}/firmware/* ${DEPLOYDIR}/
-}
-
-# Build paths are currently embedded
-INSANE_SKIP:${PN} += "buildpaths"
+require recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-src.inc
+require recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-for-issue-245.patch b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-for-issue-245.patch
new file mode 100644
index 0000000..42bdf7d
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-for-issue-245.patch
@@ -0,0 +1,46 @@
+From 096150fa19014b397a5d8f8d774bb8236ac37679 Mon Sep 17 00:00:00 2001
+From: Shyamanth RH <shyamanth.rh@arm.com>
+Date: Wed, 4 Jan 2023 13:08:35 +0530
+Subject: [PATCH] Fix for issue #245
+
+* The change fixes the build issue observed in GCC 12.XX.
+* Looks like GCC is confusing label to a local variable and hence triggers dangling-pointer error when a label addres is assigned to a pointer.
+* Changed branch_to_test from void * pointer to uint64_t datatype since we just need the retrun address of the label while updating the ELR. This should suppress the dangling-pinter warning thrown by GCC 12.XX
+
+Signed-off-by: Shyamanth RH <shyamanth.rh@arm.com>
+Upstream-Status: Backport
+---
+ test_pool/peripherals/test_d003.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/test_pool/peripherals/test_d003.c b/test_pool/peripherals/test_d003.c
+index 9f36e1f..0658a45 100755
+--- a/test_pool/peripherals/test_d003.c
++++ b/test_pool/peripherals/test_d003.c
+@@ -30,7 +30,7 @@
+
+ static uint64_t l_uart_base;
+ static uint32_t int_id;
+-static void *branch_to_test;
++static uint64_t branch_to_test;
+ static uint32_t test_fail;
+
+ static
+@@ -40,7 +40,7 @@ esr(uint64_t interrupt_type, void *context)
+ uint32_t index = val_pe_get_index_mpid(val_pe_get_mpid());
+
+ /* Update the ELR to point to next instrcution */
+- val_pe_update_elr(context, (uint64_t)branch_to_test);
++ val_pe_update_elr(context, branch_to_test);
+
+ val_print(AVS_PRINT_ERR, "\n Error : Received Sync Exception type %d", interrupt_type);
+ val_set_status(index, RESULT_FAIL(g_sbsa_level, TEST_NUM, 01));
+@@ -150,7 +150,7 @@ payload(void)
+ val_pe_install_esr(EXCEPT_AARCH64_SYNCHRONOUS_EXCEPTIONS, esr);
+ val_pe_install_esr(EXCEPT_AARCH64_SERROR, esr);
+
+- branch_to_test = &&exception_taken;
++ branch_to_test = (uint64_t)&&exception_taken;
+
+ if (count == 0) {
+ val_print(AVS_PRINT_WARN, "\n No UART defined by Platform ", 0);
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-function-protype-mismatches.patch b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-function-protype-mismatches.patch
new file mode 100644
index 0000000..f603914
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-function-protype-mismatches.patch
@@ -0,0 +1,43 @@
+From df6006190f112a4ecc54ed0a35d3ea83a2350c73 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 2 Feb 2023 17:37:52 -0800
+Subject: [PATCH] Fix function protype mismatches
+
+These are flagged by gcc13
+avs_gic.c:241:1: error: conflicting types for 'val_gic_get_info' due to enum/integer mismatch; have 'uint32_t(uint32_t)' {aka 'unsigned int(unsigned int)'} [-Werror=enum-int-mismatch]
+| 241 | val_gic_get_info(uint32_t type)
+| | ^~~~~~~~~~~~~~~~
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+---
+ val/include/val_interface.h | 2 +-
+ val/src/avs_gic.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/val/include/val_interface.h b/val/include/val_interface.h
+index 053fdfa..8814b41 100644
+--- a/val/include/val_interface.h
++++ b/val/include/val_interface.h
+@@ -181,7 +181,7 @@ typedef enum {
+ void val_wd_create_info_table(uint64_t *wd_info_table);
+ void val_wd_free_info_table(void);
+ uint32_t val_wd_execute_tests(uint32_t level, uint32_t num_pe);
+-uint64_t val_wd_get_info(uint32_t index, uint32_t info_type);
++uint64_t val_wd_get_info(uint32_t index, WD_INFO_TYPE_e info_type);
+ uint32_t val_wd_set_ws0(uint32_t index, uint32_t timeout);
+ uint64_t val_get_counter_frequency(void);
+
+diff --git a/val/src/avs_gic.c b/val/src/avs_gic.c
+index b37f106..1146a01 100644
+--- a/val/src/avs_gic.c
++++ b/val/src/avs_gic.c
+@@ -249,7 +249,7 @@ val_get_cpuif_base(void)
+ @return 32-bit data
+ **/
+ uint32_t
+-val_gic_get_info(uint32_t type)
++val_gic_get_info(GIC_INFO_e type)
+ {
+ uint32_t rdbase_len;
+
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Revert-peripheral-test-3-updated-for-multiple-uarts.patch b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Revert-peripheral-test-3-updated-for-multiple-uarts.patch
deleted file mode 100644
index 13faefb..0000000
--- a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Revert-peripheral-test-3-updated-for-multiple-uarts.patch
+++ /dev/null
@@ -1,204 +0,0 @@
-Revert "peripheral test 3 updated for multiple uarts"
-
-This reverts commit 037be14cc1f149cdb25e754358de7b9066581d1c.
-
-Working around issue in the latest GCC of:
-ShellPkg/Application/sbsa-acs/test_pool/peripherals/test_d003.c:172:18: error: storing the address of local variable 'exception_taken' in 'branch_to_test' [-Werror=dangling-pointer=]
-
-Upstream-Status: Inappropriate [Problem reported, https://github.com/ARM-software/sbsa-acs/issues/245]
-Signed-off-by: Jon Mason <jon.mason@arm.com>
-
-diff --git a/test_pool/peripherals/test_d003.c b/test_pool/peripherals/test_d003.c
-index 68902ad..4858049 100755
---- a/test_pool/peripherals/test_d003.c
-+++ b/test_pool/peripherals/test_d003.c
-@@ -17,7 +17,6 @@
-
- #include "val/include/sbsa_avs_val.h"
- #include "val/include/val_interface.h"
--#include "val/include/sbsa_avs_pe.h"
-
- #include "val/include/sbsa_avs_peripherals.h"
- #include "val/include/sbsa_avs_gic.h"
-@@ -25,26 +24,11 @@
- #define TEST_NUM (AVS_PER_TEST_NUM_BASE + 3)
- /*one space character is removed from TEST_DESC, to nullify a space written as part of the test */
- #define TEST_DESC "Check SBSA UART register offsets "
--#define TEST_NUM1 (AVS_PER_TEST_NUM_BASE + 4)
-+#define TEST_NUM2 (AVS_PER_TEST_NUM_BASE + 4)
- #define TEST_DESC1 "Check Generic UART Interrupt "
-
--static uint64_t l_uart_base;
-+uint64_t l_uart_base;
- static uint32_t int_id;
--static void *branch_to_test;
--static uint32_t test_fail;
--
--static
--void
--esr(uint64_t interrupt_type, void *context)
--{
-- uint32_t index = val_pe_get_index_mpid(val_pe_get_mpid());
--
-- /* Update the ELR to point to next instrcution */
-- val_pe_update_elr(context, (uint64_t)branch_to_test);
--
-- val_print(AVS_PRINT_ERR, "\n Error : Received Sync Exception ", 0);
-- val_set_status(index, RESULT_FAIL(g_sbsa_level, TEST_NUM, 01));
--}
-
- uint32_t
- uart_reg_read(uint32_t offset, uint32_t width_mask)
-@@ -115,7 +99,7 @@ isr()
- uint32_t index = val_pe_get_index_mpid(val_pe_get_mpid());
- uart_disable_txintr();
- val_print(AVS_PRINT_DEBUG, "\n Received interrupt ", 0);
-- val_set_status(index, RESULT_PASS(g_sbsa_level, TEST_NUM1, 01));
-+ val_set_status(index, RESULT_PASS(g_sbsa_level, TEST_NUM, 0x01));
- val_gic_end_of_interrupt(int_id);
- }
-
-@@ -166,14 +150,9 @@ payload()
- uint32_t index = val_pe_get_index_mpid(val_pe_get_mpid());
- uint32_t data1, data2;
-
-- val_pe_install_esr(EXCEPT_AARCH64_SYNCHRONOUS_EXCEPTIONS, esr);
-- val_pe_install_esr(EXCEPT_AARCH64_SERROR, esr);
--
-- branch_to_test = &&exception_taken;
--
- if (count == 0) {
- val_print(AVS_PRINT_WARN, "\n No UART defined by Platform ", 0);
-- val_set_status(index, RESULT_FAIL(g_sbsa_level, TEST_NUM, 01));
-+ val_set_status(index, RESULT_SKIP(g_sbsa_level, TEST_NUM, 01));
- return;
- }
-
-@@ -213,7 +192,6 @@ payload()
-
- count--;
- }
--exception_taken:
- return;
- }
-
-@@ -223,49 +201,40 @@ payload1()
- {
- uint32_t count = val_peripheral_get_info(NUM_UART, 0);
- uint32_t index = val_pe_get_index_mpid(val_pe_get_mpid());
-- uint32_t timeout;
-+ uint32_t timeout = TIMEOUT_MEDIUM;
-
- if (count == 0) {
-- val_set_status(index, RESULT_SKIP(g_sbsa_level, TEST_NUM1, 01));
-+ val_set_status(index, RESULT_SKIP(g_sbsa_level, TEST_NUM2, 01));
- return;
- }
-
- while (count != 0) {
-- timeout = TIMEOUT_MEDIUM;
-+
- int_id = val_peripheral_get_info(UART_GSIV, count - 1);
-- l_uart_base = val_peripheral_get_info(UART_BASE0, count - 1);
-
- /* If Interrupt ID is available, check for interrupt generation */
- if (int_id != 0x0) {
- /* PASS will be set from ISR */
-- val_set_status(index, RESULT_PENDING(g_sbsa_level, TEST_NUM1));
-- if (val_gic_install_isr(int_id, isr)) {
-- val_print(AVS_PRINT_ERR, "\n GIC Install Handler Fail", 0);
-- val_set_status(index, RESULT_FAIL(g_sbsa_level, TEST_NUM1, 01));
-- return;
-- }
-+ val_set_status(index, RESULT_PENDING(g_sbsa_level, TEST_NUM2));
-+ val_gic_install_isr(int_id, isr);
- uart_enable_txintr();
-- val_print_raw(l_uart_base, g_print_level,
-- "\n Test Message ", 0);
-+ val_print_raw(g_print_level, "\n Test Message ", 0);
-
-- while ((--timeout > 0) && (IS_RESULT_PENDING(val_get_status(index)))){
-- };
-+ while ((--timeout > 0) && (IS_RESULT_PENDING(val_get_status(index))));
-
- if (timeout == 0) {
- val_print(AVS_PRINT_ERR,
-- "\n Did not receive UART interrupt %d ", int_id);
-- test_fail++;
-+ "\n Did not receive UART interrupt on %d ", int_id);
-+ val_set_status(index, RESULT_FAIL(g_sbsa_level, TEST_NUM2, 02));
-+ return;
- }
- } else {
-- val_set_status(index, RESULT_SKIP(g_sbsa_level, TEST_NUM1, 02));
-+ val_set_status(index, RESULT_SKIP(g_sbsa_level, TEST_NUM2, 01));
- }
-
- count--;
- }
-- if (test_fail)
-- val_set_status(index, RESULT_FAIL(g_sbsa_level, TEST_NUM1, 02));
-- else
-- val_set_status(index, RESULT_PASS(g_sbsa_level, TEST_NUM1, 02));
-+ return;
- }
-
-
-@@ -290,13 +259,13 @@ d003_entry(uint32_t num_pe)
- val_report_status(0, SBSA_AVS_END(g_sbsa_level, TEST_NUM));
-
- if (!status) {
-- status = val_initialize_test(TEST_NUM1, TEST_DESC1, val_pe_get_num(), g_sbsa_level);
-+ status = val_initialize_test(TEST_NUM2, TEST_DESC1, val_pe_get_num(), g_sbsa_level);
- if (status != AVS_STATUS_SKIP)
-- val_run_test_payload(TEST_NUM1, num_pe, payload1, 0);
-+ val_run_test_payload(TEST_NUM2, num_pe, payload1, 0);
-
- /* get the result from all PE and check for failure */
-- status = val_check_for_error(TEST_NUM1, num_pe);
-- val_report_status(0, SBSA_AVS_END(g_sbsa_level, TEST_NUM1));
-+ status = val_check_for_error(TEST_NUM2, num_pe);
-+ val_report_status(0, SBSA_AVS_END(g_sbsa_level, TEST_NUM2));
- }
-
-
-diff --git a/val/include/val_interface.h b/val/include/val_interface.h
-index c03edb7..0997c64 100644
---- a/val/include/val_interface.h
-+++ b/val/include/val_interface.h
-@@ -44,8 +44,7 @@
- void val_allocate_shared_mem(void);
- void val_free_shared_mem(void);
- void val_print(uint32_t level, char8_t *string, uint64_t data);
--void val_print_raw(uint64_t uart_address, uint32_t level, char8_t *string,
-- uint64_t data);
-+void val_print_raw(uint32_t level, char8_t *string, uint64_t data);
- void val_print_test_end(uint32_t status, char8_t *string);
- void val_set_test_data(uint32_t index, uint64_t addr, uint64_t test_data);
- void val_get_test_data(uint32_t index, uint64_t *data0, uint64_t *data1);
-diff --git a/val/src/avs_test_infra.c b/val/src/avs_test_infra.c
-index 4d4e80b..a39e85b 100644
---- a/val/src/avs_test_infra.c
-+++ b/val/src/avs_test_infra.c
-@@ -65,7 +65,6 @@ val_print_test_end(uint32_t status, char8_t *string)
- 1. Caller - Application layer
- 2. Prerequisite - None.
-
-- @param uart_address address of uart to be used
- @param level the print verbosity (1 to 5)
- @param string formatted ASCII string
- @param data 64-bit data. set to 0 if no data is to sent to console.
-@@ -73,11 +72,11 @@ val_print_test_end(uint32_t status, char8_t *string)
- @return None
- **/
- void
--val_print_raw(uint64_t uart_address, uint32_t level, char8_t *string,
-- uint64_t data)
-+val_print_raw(uint32_t level, char8_t *string, uint64_t data)
- {
-
- if (level >= g_print_level){
-+ uint64_t uart_address = val_peripheral_get_info(UART_BASE0, 0);
- pal_print_raw(uart_address, string, data);
- }
-
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/enum-int-mismatch.patch b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/enum-int-mismatch.patch
deleted file mode 100644
index 29b2e2f..0000000
--- a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/enum-int-mismatch.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Fix function protype mismatches
-
-These are flagged by gcc13
-avs_gic.c:241:1: error: conflicting types for 'val_gic_get_info' due to enum/integer mismatch; have 'uint32_t(uint32_t)' {aka 'unsigned int(unsigned int)'} [-Werror=enum-int-mismatch]
-| 241 | val_gic_get_info(uint32_t type)
-| | ^~~~~~~~~~~~~~~~
-
-Upstream-Status: Submitted [https://github.com/ARM-software/sbsa-acs/pull/291]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
---- a/ShellPkg/Application/sbsa-acs/val/include/val_interface.h
-+++ b/ShellPkg/Application/sbsa-acs/val/include/val_interface.h
-@@ -155,7 +155,7 @@ typedef enum {
- void val_wd_create_info_table(uint64_t *wd_info_table);
- void val_wd_free_info_table(void);
- uint32_t val_wd_execute_tests(uint32_t level, uint32_t num_pe);
--uint64_t val_wd_get_info(uint32_t index, uint32_t info_type);
-+uint64_t val_wd_get_info(uint32_t index, WD_INFO_TYPE_e info_type);
- uint32_t val_wd_set_ws0(uint32_t index, uint32_t timeout);
-
-
---- a/ShellPkg/Application/sbsa-acs/val/src/avs_gic.c
-+++ b/ShellPkg/Application/sbsa-acs/val/src/avs_gic.c
-@@ -238,7 +238,7 @@ val_get_cpuif_base(void)
- @return 32-bit data
- **/
- uint32_t
--val_gic_get_info(uint32_t type)
-+val_gic_get_info(GIC_INFO_e type)
- {
- uint32_t rdbase_len;
-
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/shell.patch b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/shell.patch
index 95b3bfa..0c784c6 100644
--- a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/shell.patch
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/shell.patch
@@ -1,13 +1,20 @@
-Patch in the paths to the SBSA test suite
+From 90d705333521dd85720a17a29abf1aff1612c917 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Thu, 16 Feb 2023 21:53:25 +0000
+Subject: [PATCH] Patch in the paths to the SBSA test suite
Upstream-Status: Inappropriate (required action)
Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ ShellPkg/ShellPkg.dsc | 3 +++
+ 1 file changed, 3 insertions(+)
+
diff --git a/ShellPkg/ShellPkg.dsc b/ShellPkg/ShellPkg.dsc
-index 38fde3dc71..7240a6b5f7 100644
+index dd0d88603f..7367c052fc 100644
--- a/ShellPkg/ShellPkg.dsc
+++ b/ShellPkg/ShellPkg.dsc
-@@ -22,6 +22,8 @@
+@@ -23,6 +23,8 @@
!include MdePkg/MdeLibs.dsc.inc
[LibraryClasses.common]
@@ -16,7 +23,7 @@
UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf
UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
-@@ -87,6 +89,7 @@
+@@ -88,6 +90,7 @@
# Build all the libraries when building this package.
# This helps developers test changes and how they affect the package.
#
@@ -24,6 +31,3 @@
ShellPkg/Library/UefiShellLib/UefiShellLib.inf
ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLib.inf
ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
---
-2.30.2
-
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/use_bfd_linker.patch b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/use_bfd_linker.patch
index 9c8ce5d..f0b1ac1 100644
--- a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/use_bfd_linker.patch
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/use_bfd_linker.patch
@@ -15,7 +15,7 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
-index 5ed19810b7..e08e6b4ff4 100755
+index 9b4f173519..ea78e81d31 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -1856,7 +1856,7 @@ DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
@@ -27,6 +27,3 @@
DEFINE GCC_IA32_X64_DLINK_COMMON = DEF(GCC_DLINK_FLAGS_COMMON) --gc-sections
DEFINE GCC_ARM_AARCH64_DLINK_COMMON= -Wl,--emit-relocs -nostdlib -Wl,--gc-sections -u $(IMAGE_ENTRY_POINT) -Wl,-e,$(IMAGE_ENTRY_POINT),-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map
DEFINE GCC_ARM_DLINK_FLAGS = DEF(GCC_ARM_AARCH64_DLINK_COMMON) -z common-page-size=0x20 -Wl,--pic-veneer
---
-2.30.2
-
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_1.0.bb b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_6.1.0.bb
similarity index 79%
rename from meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_1.0.bb
rename to meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_6.1.0.bb
index 8c0473a..6ef4f6c 100644
--- a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_1.0.bb
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_6.1.0.bb
@@ -8,12 +8,13 @@
git://github.com/tianocore/edk2-libc;destsuffix=edk2/edk2-libc;protocol=https;branch=master;name=libc \
file://shell.patch \
file://use_bfd_linker.patch \
- file://enum-int-mismatch.patch \
- file://0001-Revert-peripheral-test-3-updated-for-multiple-uarts.patch;patchdir=ShellPkg/Application/sbsa-acs \
+ file://0001-Fix-function-protype-mismatches.patch;patchdir=ShellPkg/Application/sbsa-acs \
+ file://0001-Fix-for-issue-245.patch;patchdir=ShellPkg/Application/sbsa-acs \
"
-SRCREV_acs = "28ecef569303af18b571ff3d66bbdcb6135eaed8"
-SRCREV_libc = "c32222fed9927420fc46da503dea1ebb874698b6"
+
+SRCREV_acs = "7d7a3fe81ad7e6f05143ba17db50107f1ab6c9cd"
+SRCREV_libc = "a806ea1062c254bd6e09db7d0f7beb4d14bc3ed0"
# GCC12 trips on it
#see https://src.fedoraproject.org/rpms/edk2/blob/rawhide/f/0032-Basetools-turn-off-gcc12-warning.patch
diff --git a/meta-arm/meta-arm/recipes-devtools/edk2-basetools/edk2-basetools-native_202211.bb b/meta-arm/meta-arm/recipes-devtools/edk2-basetools/edk2-basetools-native_202211.bb
new file mode 100644
index 0000000..6a59c22
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-devtools/edk2-basetools/edk2-basetools-native_202211.bb
@@ -0,0 +1,24 @@
+# Install EDK2 Base Tools in native sysroot. Currently the BaseTools are not
+# built, they are just copied to native sysroot. This is sufficient for
+# generating UEFI capsules as it only depends on some python scripts. Other
+# tools need to be built first before adding to sysroot.
+
+SUMMARY = "EDK2 Base Tools"
+LICENSE = "BSD-2-Clause-Patent"
+
+# EDK2
+SRC_URI = "git://github.com/tianocore/edk2.git;branch=master;protocol=https"
+LIC_FILES_CHKSUM = "file://License.txt;md5=2b415520383f7964e96700ae12b4570a"
+
+SRCREV = "fff6d81270b57ee786ea18ad74f43149b9f03494"
+
+S = "${WORKDIR}/git"
+
+inherit native
+
+RDEPENDS:${PN} += "python3-core"
+
+do_install () {
+ mkdir -p ${D}${bindir}/edk2-BaseTools
+ cp -r ${WORKDIR}/git/BaseTools/* ${D}${bindir}/edk2-BaseTools/
+}
diff --git a/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb b/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb
index 521e33e..2083201 100644
--- a/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb
+++ b/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb
@@ -6,7 +6,7 @@
SRC_URI = "git://gn.googlesource.com/gn;protocol=https;branch=main \
file://0001-Replace-lstat64-stat64-functions-on-linux.patch"
-SRCREV = "bf4e17dc67b2a2007475415e3f9e1d1cf32f6e35"
+SRCREV = "edf6ef4b06b42c58292faea78498aff76bdf68ed"
PV = "0+git${SRCPV}"
S = "${WORKDIR}/git"
diff --git a/meta-arm/meta-arm/recipes-devtools/opencsd/opencsd_1.3.1.bb b/meta-arm/meta-arm/recipes-devtools/opencsd/opencsd_1.4.0.bb
similarity index 94%
rename from meta-arm/meta-arm/recipes-devtools/opencsd/opencsd_1.3.1.bb
rename to meta-arm/meta-arm/recipes-devtools/opencsd/opencsd_1.4.0.bb
index 1c1abaa..59c4f9c 100644
--- a/meta-arm/meta-arm/recipes-devtools/opencsd/opencsd_1.3.1.bb
+++ b/meta-arm/meta-arm/recipes-devtools/opencsd/opencsd_1.4.0.bb
@@ -4,7 +4,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=ad8cb685eb324d2fa2530b985a43f3e5"
SRC_URI = "git://github.com/Linaro/OpenCSD;protocol=https;branch=master"
-SRCREV = "8dab50c35c8d181fc3ed6ad46e156398447d753f"
+SRCREV = "78ce8ef47c55a489b0ca575b981cd4856d03f44b"
S = "${WORKDIR}/git"
diff --git a/meta-arm/meta-arm/recipes-devtools/python/python3-pyhsslms_1.1.1.bb b/meta-arm/meta-arm/recipes-devtools/python/python3-pyhsslms_1.1.1.bb
new file mode 100644
index 0000000..6012ab2
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-devtools/python/python3-pyhsslms_1.1.1.bb
@@ -0,0 +1,10 @@
+SUMMARY = "Pure-Python implementation of HSS/LMS Digital Signatures (RFC 8554)"
+HOMEPAGE ="https://pypi.org/project/pyhsslms"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=58f6f7065b99f9d01d56e759256a6f1b"
+
+inherit pypi python_setuptools_build_meta
+PYPI_PACKAGE = "pyhsslms"
+SRC_URI[sha256sum] = "58bf03e34c6f9d5a3cfd77875d0a1356d4f23d7ad6ffd129b1e60de1208db753"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native.inc b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native.inc
new file mode 100644
index 0000000..afe655f
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native.inc
@@ -0,0 +1,25 @@
+SUMMARY = "Trusted Firmware image signing scripts"
+DESCRIPTION = "Trusted Firmware-M image signing scripts"
+HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git"
+
+inherit native
+
+# See bl2/ext/mcuboot/scripts/requirements.txt
+RDEPENDS:${PN} = "\
+ python3-cryptography-native \
+ python3-pyasn1-native \
+ python3-pyyaml-native \
+ python3-cbor2-native \
+ python3-imgtool-native \
+ python3-click-native \
+"
+
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+
+do_install() {
+ install -d ${D}/${libdir}
+ cp -rf ${S}/bl2/ext/mcuboot/scripts/ ${D}/${libdir}/tfm-scripts
+ cp -rf ${S}/bl2/ext/mcuboot/*.pem ${D}/${libdir}/tfm-scripts
+}
+FILES:${PN} = "${libdir}/tfm-scripts"
diff --git a/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb
deleted file mode 100644
index 217f08a..0000000
--- a/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb
+++ /dev/null
@@ -1,25 +0,0 @@
-
-SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https"
-SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH}"
-# Use the wrapper script from TF-Mv1.6.0
-SRCBRANCH ?= "release/1.6.x"
-SRCREV = "7387d88158701a3c51ad51c90a05326ee12847a8"
-
-LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa"
-
-S = "${WORKDIR}/git"
-
-inherit native
-
-RDEPENDS:${PN} = "python3-imgtool-native python3-click-native"
-
-do_configure[noexec] = "1"
-do_compile[noexec] = "1"
-
-do_install() {
- install -d ${D}/${libdir}
- cp -rf ${S}/bl2/ext/mcuboot/scripts/ ${D}/${libdir}/tfm-scripts
- cp -rf ${S}/bl2/ext/mcuboot/*.pem ${D}/${libdir}/tfm-scripts
-}
-FILES:${PN} = "${libdir}/tfm-scripts"
diff --git a/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.7.0.bb b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.7.0.bb
new file mode 100644
index 0000000..2e9e524
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.7.0.bb
@@ -0,0 +1,2 @@
+require recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.7.0-src.inc
+require recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native.inc
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.19%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.19%.bbappend
deleted file mode 100644
index 7dec2f5..0000000
--- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.19%.bbappend
+++ /dev/null
@@ -1,9 +0,0 @@
-# enable arm_ffa regardless on 5.19
-SRC_URI:append:qemuarm = " \
- file://tee.cfg \
- file://arm-ffa-transport.cfg \
-"
-SRC_URI:append:qemuarm64 = " \
- file://tee.cfg \
- file://arm-ffa-transport.cfg \
-"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0008-no-warn-rwx-segments.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0008-no-warn-rwx-segments.patch
index 2dc797b..64a3d7e 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0008-no-warn-rwx-segments.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.19.0/0008-no-warn-rwx-segments.patch
@@ -1,3 +1,24 @@
+From cf2a2451f4e9300532d677bb3a8315494a3b3a82 Mon Sep 17 00:00:00 2001
+From: Jerome Forissier <jerome.forissier@linaro.org>
+Date: Fri, 5 Aug 2022 09:48:03 +0200
+Subject: [PATCH] core: link: add --no-warn-rwx-segments
+
+Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
+Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474]
+
+binutils ld.bfd generates one RWX LOAD segment by merging several sections
+with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it
+also warns by default when that happens [1], which breaks the build due to
+--fatal-warnings. The RWX segment is not a problem for the TEE core, since
+that information is not used to set memory permissions. Therefore, silence
+the warning.
+
+Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
+Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448
+Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
+Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
+
diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
index 0e96e606c..3fbcb6804 100644
--- a/core/arch/arm/kernel/link.mk
diff --git a/meta-arm/scripts/machine-summary.py b/meta-arm/scripts/machine-summary.py
index 8bd0fa7..0f5d1d9 100755
--- a/meta-arm/scripts/machine-summary.py
+++ b/meta-arm/scripts/machine-summary.py
@@ -145,6 +145,10 @@
"edk2-firmware",
"u-boot",
"optee-os",
+ "hafnium",
+ "boot-wrapper-aarch64",
+ "gator-daemon",
+ "opencsd",
"gcc-aarch64-none-elf-native",
"gcc-arm-none-eabi-native")
diff --git a/meta-raspberrypi/recipes-kernel/linux-firmware-rpidistro/linux-firmware-rpidistro_git.bb b/meta-raspberrypi/recipes-kernel/linux-firmware-rpidistro/linux-firmware-rpidistro_git.bb
index f491241..653f6e0 100644
--- a/meta-raspberrypi/recipes-kernel/linux-firmware-rpidistro/linux-firmware-rpidistro_git.bb
+++ b/meta-raspberrypi/recipes-kernel/linux-firmware-rpidistro/linux-firmware-rpidistro_git.bb
@@ -50,6 +50,10 @@
ln -s brcmfmac43455-sdio.txt ${D}${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.raspberrypi,4-compute-module.txt
# brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.raspberrypi,4-model-b.bin failed with error -2
ln -s brcmfmac43455-sdio.bin ${D}${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.raspberrypi,4-model-b.bin
+ # brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43430-sdio.raspberrypi,model-zero-w.bin failed with error -2
+ ln -s brcmfmac43430-sdio.bin ${D}${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.raspberrypi,model-zero-w.bin
+ # brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43430-sdio.raspberrypi,3-model-b.bin failed with error -2
+ ln -s brcmfmac43430-sdio.bin ${D}${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.raspberrypi,3-model-b.bin
}
PACKAGES = "\
diff --git a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.15.bb b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.15.bb
index 02ab825..3f167bb 100644
--- a/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.15.bb
+++ b/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.15.bb
@@ -1,9 +1,9 @@
-LINUX_VERSION ?= "5.15.90"
+LINUX_VERSION ?= "5.15.92"
LINUX_RPI_BRANCH ?= "rpi-5.15.y"
LINUX_RPI_KMETA_BRANCH ?= "yocto-5.15"
-SRCREV_machine = "18d8d0236d45f0fe9082548f23a0ab4379d8c106"
-SRCREV_meta = "3b1dc2f1fcd869f97901402759b859035984aa7f"
+SRCREV_machine = "14b35093ca68bf2c81bbc90aace5007142b40b40"
+SRCREV_meta = "509f4b9d68337f103633d48b621c1c9aa0dc975d"
KMETA = "kernel-meta"
diff --git a/meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.%.bbappend b/meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_%.bbappend
similarity index 100%
rename from meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.%.bbappend
rename to meta-raspberrypi/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_%.bbappend
diff --git a/meta-security/classes/dm-verity-img.bbclass b/meta-security/classes/dm-verity-img.bbclass
index dd447e6..e5946bc 100644
--- a/meta-security/classes/dm-verity-img.bbclass
+++ b/meta-security/classes/dm-verity-img.bbclass
@@ -63,7 +63,12 @@
veritysetup --data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} --hash-offset=$SIZE format $OUTPUT $OUTPUT | tail -n +2 | process_verity
}
-VERITY_TYPES = "ext2.verity ext3.verity ext4.verity btrfs.verity erofs.verity erofs-lz4.verity erofs-lz4hc.verity"
+VERITY_TYPES = " \
+ ext2.verity ext3.verity ext4.verity \
+ btrfs.verity \
+ erofs.verity erofs-lz4.verity erofs-lz4hc.verity \
+ squashfs.verity squashfs-xz.verity squashfs-lzo.verity squashfs-lz4.verity squashfs-zst.verity \
+"
IMAGE_TYPES += "${VERITY_TYPES}"
CONVERSIONTYPES += "verity"
CONVERSION_CMD:verity = "verity_setup ${type}"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_3.0.0.bb
similarity index 95%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_3.0.0.bb
index 75e9588..ea2433c 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_3.0.0.bb
@@ -18,7 +18,7 @@
file://tpm2-abrmd.default \
"
-SRC_URI[sha256sum] = "a7844a257eaf5176f612fe9620018edc0880cca7036465ad2593f83ae0ad6673"
+SRC_URI[sha256sum] = "d59aff34164aa705b05155b86607f6b66918a433104f754a3fcf76216dd9f465"
UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb
similarity index 85%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb
index 38847a8..e0def0f 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb
@@ -8,7 +8,7 @@
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "79f28899047defd6b4b72b7268dd56abf27774954022315f818c239af33e05bd"
+SRC_URI[sha256sum] = "35bf06c30cfa76fc0eba2c5f503cf7dd0d34a66afb2d292fee896b90362f633b"
UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
@@ -16,11 +16,6 @@
EXTRA_OECONF += "--disable-ptool-checks"
-do_configure:prepend() {
- # do not extract the version number from git
- sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac
-}
-
do_compile:append() {
cd ${S}/tools
python3 setup.py build
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb
similarity index 65%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.3.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb
index 53d5abb..ef73238 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.3.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb
@@ -8,16 +8,11 @@
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "e7ce2fd36ef5cdbd7872d823a442e8754a4f0ca7c54b60efcdb75c12a1f98f8f"
+SRC_URI[sha256sum] = "1fdb49c730537bfdaed088884881a61e3bfd121e957ec0bdceeec0261236c123"
UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
inherit autotools pkgconfig bash-completion
-do_configure:prepend() {
- # do not extract the version number from git
- sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac
-}
-
# need tss-esys
RDEPENDS:${PN} = "libtss2 tpm2-abrmd"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch
index 450698f..04a2964 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch
@@ -5,16 +5,16 @@
Upstream-Status: OE [inappropriate]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-Index: tpm2-tss-3.2.0/configure.ac
+Index: tpm2-tss-4.0.1/configure.ac
===================================================================
---- tpm2-tss-3.2.0.orig/configure.ac
-+++ tpm2-tss-3.2.0/configure.ac
-@@ -488,17 +488,6 @@
+--- tpm2-tss-4.0.1.orig/configure.ac
++++ tpm2-tss-4.0.1/configure.ac
+@@ -554,17 +554,6 @@ AM_CONDITIONAL(SYSD_SYSUSERS, test "x$systemd_sysusers" = "xyes")
AC_CHECK_PROG(systemd_tmpfiles, systemd-tmpfiles, yes)
AM_CONDITIONAL(SYSD_TMPFILES, test "x$systemd_tmpfiles" = "xyes")
-# Check all tools used by make install
--AS_IF([test "$HOSTOS" = "Linux"],
+-AS_IF([test "$HOSTOS" = "Linux" && test "x$systemd_sysusers" != "xyes"],
- [ AC_CHECK_PROG(useradd, useradd, yes)
- AC_CHECK_PROG(groupadd, groupadd, yes)
- AC_CHECK_PROG(adduser, adduser, yes)
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
similarity index 90%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
index 1556273..657a2cd 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb
@@ -10,15 +10,16 @@
file://fixup_hosttools.patch \
"
-SRC_URI[sha256sum] = "48305e4144dcf6d10f3b25b7bccf0189fd2d1186feafd8cd68c6b17ecf0d7912"
+SRC_URI[sha256sum] = "532a70133910b6bd842289915b3f9423c0205c0ea009d65294ca18a74087c950"
UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
inherit autotools pkgconfig systemd useradd
-PACKAGECONFIG ??= ""
+PACKAGECONFIG ??= "vendor"
PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, "
-PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,curl json-c "
+PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,curl json-c util-linux-libuuid "
+PACKAGECONFIG[policy] = "--enable-policy,--disable-policy,json-c util-linux-libuuid "
EXTRA_OECONF += "--enable-static --with-udevrulesdir=${nonarch_base_libdir}/udev/rules.d/"
EXTRA_OECONF += "--runstatedir=/run"
@@ -28,11 +29,6 @@
GROUPADD_PARAM:${PN} = "--system tss"
USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss"
-do_configure:prepend() {
- # do not extract the version number from git
- sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac
-}
-
do_install:append() {
# Remove /run as it is created on startup
rm -rf ${D}/run