subtree updates - june 19 2024
meta-openembedded: 4958bfe013..487a2d5695:
Abhilash Raju (1):
opentelemetry-cpp: Add recipe
Alex Kiernan (1):
mdns: Upgrade 2200.100.94.0.2 -> 2200.120.24
Alexander Kanavin (2):
vlc: do not depend on mpeg2dec
libgweather: fix build with gobject-introspection 1.80.0
Alexander Vickberg (2):
Revert "nng: upgrade 1.5.2 -> 12"
nng: upgrade 1.5.2 -> 1.7.3
Alexandre Truong (4):
evince: Update status for CVE-2011-0433 and CVE-2011-5244
source-han-sans-*-fonts: Switch away from SVN fetcher in SRC_URI
source-han-sans-*-fonts: rename downloaded files in SRC_URI
iniparser: use SHA hash for srcrev
Andre Paiusco (1):
ydotool: Add new package
Archana Polampalli (1):
nodejs: upgrade 20.11.1 -> 20.12.2
Bartosz Golaszewski (3):
libgpiod: update to v2.1.2
libgpiod: update to v1.6.5
libgpiod: disable C++ tests for libgpiod v1.6.x
Beniamin Sandu (3):
libtorrent: remove incorrect CVE mapping
libtorrent-rasterbar: fix CVE mapping
unbound: upgrade 1.19.3 -> 1.20.0
Changqing Li (3):
python3-grpcio: fix do_compile failure for qemuppc64/qemuppc
fuse3: remove sysv init script and install fuse kernel module explictly
tnftp: fix lib32-tnftp build failure with gcc-14
Chen Qi (1):
xscreensaver: remove obsolete append_libtool_sysroot
Christophe Vu-Brugier (4):
nvme-cli: upgrade 2.8 -> 2.9.1
exfatprogs: upgrade 1.2.2 -> 1.2.3
usbguard: upgrade 1.1.2 -> 1.1.3
exfatprogs: upgrade 1.2.3 -> 1.2.4
Dan McGregor (1):
libcbor: use shared libraries
Dmitry Baryshkov (12):
android-tools: fix building with GCC 14
android-tools: fix UNPACKDIR conversion leftovers
android-tools-configfs: Fix build-time warning about S being non-existent
layers: stop declaring compatibility with scarthgap
android-tools: fix adb/libssl-1.1 patch
android-tools-configfs: Fix build-time warning about S in a second instance of recipe
libcamera: update to 0.3.0
dhrystone: fix building with the GCC 14
rrdtool: fix compilation with GCC 14
lmsensors: fix building with GCC 14
ntopng: fix building with GCC 14
cabextract: add utility to extract Microsft cabinet files
Eero Aaltonen (2):
docopt.cpp: turn boost to a PACKAGECONFIG option
docopt.cpp: add support for native and nativesdk
Electric Worry (1):
meta-python: missing closing brace
Enguerrand de Ribaucourt (2):
cukinia: upgrade 0.6.2 -> 0.7.0
udpcast: add recipe
Etienne Cordonnier (1):
uutils-coreutils: upgrade 0.0.25 -> 0.0.26
Geoff Parker (2):
python3-tornado: extend for native and nativesdk
python3-pycurl: extend for native and nativesdk
Gerard Salvatella (1):
libwebsockets: fix buildpath warnings
Gianfranco Costamagna (1):
vbxguestdrivers: upgrade 7.0.14 -> 7.0.18
Grygorii Tertychnyi (1):
python3-pytest-html: add missing runtime dependencies
Guðni Már Gilbert (8):
python3-twisted: cleanup FILES and recipe in general
python3-twisted: upgrade 22.10.0 -> 24.3.0
python3-incremental: cleanup RDEPENDS and use python_setuptools_build_meta
python3-txdbus: cleanup RDEPENDS
python3-pyhamcrest: cleanup RDEPENDS and correct build backend
python3-protobuf: drop python3-six from RDEPENDS
python3-twisted: remove obsolete python3-twisted-flow
python3-twisted: prepend split PACKAGES
Jan Luebbe (1):
Add class for appending dm-verity hash data to block device images
Jan Vermaete (4):
python3-werkzeug: added python3-difflib as RDEPENDS
python3-flask: add ptest
python3-flask: upgrade 3.0.2 -> 3.0.3
python3-typer: add new recipe
Jiaying Song (1):
rrdtool: Fix do_populate_sysroot QA issues
Jonas Gorski (1):
frr: update 9.1 to 10.0
Jose Quaresma (6):
composefs: remove fuse3 dependencie
composefs: move from meta-filesystems to meta-oe layer
composefs: refactor
composefs: bump ecef20c1
composefs: add native target support
ostree: Upgrade 2024.5 -> 2024.6
Justin Bronder (2):
python3-colorlog: BBCLASEXTEND native nativesdk
python3-gcovr: add dep on python3-colorlog
Kacper Dalach (1):
libsdl2-image: upgrade to 2.8.2
Kai Kang (7):
apache2: fix multilib file conflicts
usleep: fix compile errors
cdrkit: fix incompatible pointer type error
uw-imap: fix incompatible pointer type errors
daq: fix incompatible pointer type error
libdbd-mysql-perl,rrdtool: Disable gcc option -Wincompatible-pointer-types
xfwm4: fix gcc -Wincompatible-pointer-types
Khem Raj (92):
ostree: Add missing dependencies for ptests
unixodbc: Upgrade to 2.3.12
pv: Fix ptest failures
unixodbc: Enable UTF8 init
psqlodbc: Fix ptests
python3-websockets: Remove recipe
freediameter: Upgrade to latest on master 1.5.0+
Revert "libtorrent: remove CVE mention"
python3-traitlets: Upgrade to 5.14.3
sdbus-c++: Fix build and upgrade to latest git
ydotool: Do not package systemd unit files on non-systemd distros
layers: Add styhead to compatible release series
fwupd: Upgrade to 1.9.18 release
librelp: Fix build with gcc-14
pcapplusplus: Fix build with gcc14
oprofile: Fix file_manip_tests ptest
nodejs: Upgrade to 20.13.0 release
freerdp: Upgrade to 2.11.7
freerdp3: Upgrade to 3.5.1 release
transmission: Upgrade to 4.0.5
fvwm: Fix build with gcc-14
python3-wxgtk4: Fix build with gcc-14
gtk+: Disable incompatible-pointer-types warning as error
fluentbit: Upgrade to 1.9.9
libteam: Upgrade to 1.32 release
rsyslog: Upgrade to 8.2404.0
mcelog: Fix build with GCC14 and musl
geoip-perl: Add ptest missing dependency on perl-modules
python3-looseversion: Move to meta-oe
orrery: Drop recipe
poke: Upgrade to 4.0
tinyalsa: Upgrade to tip of trunk
xterm: Upgrade to 391
libndp: Fix build with gcc-14/musl
openflow: Fix build build with musl/gcc14
nvme-cli: Fix build on musl
libsdl: Fix build with musl
folks: Upgrade to 0.15.9
xfce4-notes-plugin: Upgrade to 1.11.0
etcd: Adjust for UNPACKDIR/WORKDIR rework
crucible: Adjust for UNPACKDIR/WORKDIR rework
gosu: Adjust for UNPACKDIR/WORKDIR rework
influxdb: Do not remove non-existing files
xfmpc: Disable incompatible-pointer-types warning as error
sox: Fix build with GCC-14
nbd: Upgrade to 3.26.1
vlc: Backport fixes to enable GCC-14 based builds
gnome-font-viewer: Fix build with GCC-14
gtksourceview3: Use -Wno-error=incompatible-pointer-types in cflags
menulibre: Upgrade to 2.4.0
gimp: Upgrade to 2.10.38
nbd: Fix build with GCC14 on musl targets
nbd: Do not inherit systemd
pipewire-0.2: Include time.h for timespec struct signature
directfb: Fix build with musl+GCC14
etcd-cpp-apiv3: Fix build on musl + GCC14
etcd-cpp-apiv3: Upgrade to 0.15.4 release
syzkaller: Fix build with musl + gcc14
gsoap: Upgrade to 2.8.134
duktape: Use S instead of ${WORKDIR}/duktape-2.7.0
recipes: Start WORKDIR -> UNPACKDIR transition
recipes: Switch away from S = WORKDIR
python3-pyruvate: Adjust for WORKDIR -> UNPACKDIR changes
oscam: Upgrade to 1.20
uim: Upgrade to 1.8.9
liburing: Use libc on rv64/clang18
ckermit: Define return type for main
googlebenchmark: Fix type conversion errors found with clang
protobuf: Fix build on riscv32
mariadb: Fix build on riscv32
minifi-cpp: Fix build with clang and riscv32
sdbus-c++-libsystemd: Upgrade to 255.6
ostree: Append to UNKNOWN_CONFIGURE_OPT_IGNORE instead of override
sdbus-c++-libsystemd: Refresh patches to work with systemd 255.6
python3-pydantic-core: Remove crutch to get module working on musl
python3-pydantic: Upgrade to 2.7.2
googlebenchmark: Update patch and its status to backport
networkmanager: Fix undefined symbol errors on musl+lld
python3-pefile: Move from meta-python to meta-oe
fwupd-efi: Upgrade to 1.6
googlebenchmark: Fix build on riscv64
libjxl: Turn sizeless vectors as a packageconfig option
catch2: Upgrade to 3.x release series
libgpiod: Migrate to catch2 v3
python3-pydantic-core: Fix build with python 3.12.4
python3-whitenoise,python-libusb1: Remove AUTHOR field
aravis: Remove AUTHOR field
nss: Upgrade to 3.101 release
packagegroup-sdk-target: Drop g77-symlinks
libio-compress-perl: Use update alternatives for streamzip and zipdetails
fmt: Remove
packagegroup-sdk-target: update runtime dependencies for gfortran
Lars Möllendorf (2):
iniparser: upgrade 4.2 -> 4.2.1
iniparser: remove dependency on doxygen-native
Lei Maohui (1):
cmpi-bindings: Fix build error with gcc14.
Markus Volk (53):
edid-decode: allow to build native variant
pipewire: update 1.0.4 -> 1.0.5
wireplumber: update 0.5.0 -> 0.5.1
gnome-shell: update 46.0 -> 46.1
mutter: update 46.0 -> 46.1
xdg-desktop-portal-gnome: update 46.0 -> 46.1
gnome-calendar: update 46.0 -> 46.1
gnome-shell-extensions: update 46.0 -> 46.1
spice-gtk: use hwdata instead of usbids
spice-gtk: add PACKAGECONFIG for webdav
gnome-remote-desktop: update 46.0 -> 46.1
gnome-control-center: update 46.0.1 -> 46.1
gupnp: fix reproducibility issue
gssdp: fix a reproducibility issue
rygel: update 0.42.4 -> 0.42.5
networkmanager: fix gir build
nautilus: update 45.1 -> 46.1
gnome-control-center: move printing RDEPENDS to cups PACKAGECONFIG
networkmanager: add missing glib-2.0 dependency
gnome-software: update 46.0 -> 46.1
gnome-calculator: update 46.0 -> 46.1
evince: update 46.0 -> 46.1
gnome-boxes: update 46.0 -> 46.1
file-roller: update 44.1 -> 44.2
flatpak: update 1.15.6 -> 1.15.8
xdg-desktop-portal: update 1.18.1 -> 1.18.4
fuse3: move from meta-filesystems to meta-oe
flatpak;xdg-desktop-portal: add missing runtime dependency on fuse3-utils
glib-testing: add recipe
malcontent: add recipe
malcontent-ui: fix lib install
malcontent: move PV to malcontent.inc
pipewire: update 1.0.5 -> 1.0.6
wireplumber: update 0.5.1 -> 0.5.2
flatpak: add PACKAGECONFIG knob for malcontent
gnome-boxes: fix build with gcc14
gnome-control-center: add PACKAGECONFIG knob for malcontent
unicode-ucd: fix UNPACKDIR conversion leftovers
lvm2: remove subitted patch
mutter: update 46.1 -> 46.2
gnome-control-center: update 46.1 -> 46.2
gnome-shell: update 46.1 -> 46.2
gnome-software: update 46.1 -> 46.2
xdg-desktop-portal-gnome: update 46.1 -> 46.2
gnome-remote-desktop: update 46.1 -> 46.2
dav1d: update 1.4.1 -> 1.4.2
mozjs-115: update 115.8.0 -> 115.11.0
libdbd-mysql-perl: update 4.050 -> 5.006
libgee: downgrade incompatible-pointer-types back to warning
replace libdbd-mysql-perl with dbd-mariadb
iwd: update 2.16 -> 2.18
wireplumber: update 0.5.2 -> 0.5.3
pipewire: update 1.0.6 -> 1.0.7
Martin Hundebøll (1):
nodejs-oe-cache: fix offline install of dependencies
Martin Jansa (15):
libjxl: drop -mfp16-format=ieee
freediameter: fix dependency from libidn to libidn2
gst-instruments: enable ui PACKAGECONFIG only with GTK3DISTROFEATURES
aravis: fix LICENSE and enable viewer PACKAGECONFIG only with GTK3DISTROFEATURES
spdlog=v1.14.1
libdeflate: fix build with -mcpu=cortex-a76+crypto without -march=armv8.2-a+crypto
python3-grpcio: Fix build with gcc-14
syslog-ng: ignore incompatible-pointer-types issues with gcc-14
freerdp: fix build with gcc-14
nodejs-oe-cache-native: use UNPACKDIR
source-han-sans-*-fonts: move common part to .inc file
libwebsockets: remove STAGING_LIBDIR with /
lvm2: restore Upstream-Status
libgphoto2: fix build with gcc-14
python3-icu: upgrade from 2.12 to 2.13.1 to fix build with icu-75
Michael Olbrich (1):
nftables: avoid python dependencies when building without python
Mike Looijmans (1):
nvme-cli: Support read-only systems
Mikko Rapeli (1):
fwupd: fix uefi capsule update build error
Mingli Yu (4):
c-ares: Improve the ptest output
msgraph: Add opengl to REQUIRED_DISTRO_FEATURES
python3-dasbus: Add new recipe
python3-dasbus: Add ptest support
Nikhil R (1):
giflib: upgrade to version 5.2.2
Ninette Adhikari (7):
st: Update status for CVE-2017-16224
procmail: Update status for CVE-1999-0475
mpd: Update status for CVE-2020-7465 and CVE-2020-7466
sthttpd: Update status for CVE-2017-10671
open-vm-tools: Update status for CVE-2014-4199 and CVE-2014-4200
smarty: Update status for CVE-2020-10375
imagemagick: Update status for CVE
Pavel Zhukov (1):
fbida: Require opengl feature for pdf only
Perceval Arenou (1):
aravis: new recipe
Peter Hoyes (2):
python3-networkx: Add BBCLASSEXTEND for native and nativesdk
python3-decorator: Add BBCLASSEXTEND for native and nativesdk
Peter Kjellerstedt (3):
hostapd: Support running "devtool modify hostapd"
hostapd: Only include the relevant parts from README in LIC_FILES_CHKSUM
libjs-jquery-icheck: Correct LIC_FILES_CHKSUM
Peter Marko (9):
autoconf-2.13-native_2.13: replace oldincludedir
waf-samba: replace oldincludedir
soci: update build options
nginx: Upgrade stable 1.24.0 -> 1.26.0
re2: remove dev dependencies from main package
gnome-shell: correct regression with glib-2.0 2.78.5
gdm: add missing json-glib dependency
jemalloc: add +git to version
re2: rework solibs handling
Randy MacLeod (1):
python3-pyyaml-include: support native and nativesdk build
Rasmus Villemoes (1):
dfu-util: allow building nativesdk variant
Ricardo Simoes (1):
mbedtls: Fix warning for missing program
Ross Burton (4):
yajl: set correct homepage
renderdoc: remove vim-native DEPENDS
python3-gevent: fix build with Cython 3.0.10
python3-h5py: upgrade to 3.11.0
Rui Costa (1):
avro: extend avro-c++ to native and nativesdk
Scott Murray (2):
abseil-cpp: backport RISC-V fix
python3-grpcio: backport abseil-cpp RISC-V fix
Soumya Sambu (3):
apache2: Upgrade v2.4.58 -> v2.4.59
php: Upgrade to 8.2.18
unixodbc: Fix CVE-2024-1013
Stanislav Angelovic (1):
chore(sdbus-c++): upgrade to 2.0.0 release
Stefano Babic (1):
lvgl: add gridnav to packageconfig
Sven Fischer (1):
trompeloeil: new recipe
Timo Schuster (1):
mbedtls: Do not set LIB_INSTALL_DIR to an absolute path to make MbedTLSTargets.cmake relocateable.
Tom Geelen (8):
python3-pychromecast: upgrade 14.0.0 -> 14.0.1
python3-zeroconf: upgrade 0.131.0 -> 0.132.0
python3-sqlalchemy: upgrade 2.0.27 -> 2.0.29
python3-zeroconf 0.132.0 -> 0.132.2
python3-pytest-freezer: new recipe
python3-pytest-socket: new recipe
python3-pytest-unordered: new recipe
python3-requests-mock: new recipe
Trevor Gamblin (2):
xlsfonts: upgrade 1.0.7 -> 1.0.8
xkbutils: upgrade 1.0.5 -> 1.0.6
Vijay Anusuri (1):
c-ares: Update SRC tarball path
Wang Mingyu (259):
abseil-cpp: upgrade 20240116.1 -> 20240116.2
adw-gtk3: upgrade 5.2 -> 5.3
bindfs: upgrade 1.17.6 -> 1.17.7
cryptsetup: upgrade 2.7.1 -> 2.7.2
file-roller: upgrade 44.0 -> 44.1
gnome-online-accounts: upgrade 3.50.0 -> 3.50.1
gnome-text-editor: upgrade 46.0 -> 46.1
gtkwave: upgrade 3.3.117 -> 3.3.119
hwdata: upgrade 0.380 -> 0.381
libbpf: upgrade 1.3.0 -> 1.4.0
libcrypt-openssl-random-perl: upgrade 0.15 -> 0.16
libopus: upgrade 1.5.1 -> 1.5.2
makedumpfile: upgrade 1.7.4 -> 1.7.5
opensc: upgrade 0.25.0 -> 0.25.1
python3-aiodns: upgrade 3.1.1 -> 3.2.0
python3-aiohttp: upgrade 3.9.3 -> 3.9.4
python3-cbor2: upgrade 5.6.2 -> 5.6.3
python3-django: upgrade 5.0.3 -> 5.0.4
python3-eth-abi: upgrade 5.0.1 -> 5.1.0
python3-eth-account: upgrade 0.11.0 -> 0.12.1
python3-eth-typing: upgrade 4.0.0 -> 4.1.0
python3-execnet: upgrade 2.0.2 -> 2.1.1
python3-filelock: upgrade 3.13.3 -> 3.13.4
python3-google-api-python-client: upgrade 2.124.0 -> 2.125.0
python3-ipython: upgrade 8.22.2 -> 8.23.0
python3-javaobj-py3: upgrade 0.4.3 -> 0.4.4
python3-joblib: upgrade 1.3.2 -> 1.4.0
python3-parso: upgrade 0.8.3 -> 0.8.4
python3-path: upgrade 16.10.0 -> 16.14.0
python3-pdm: upgrade 2.13.2 -> 2.14.0
python3-pulsectl: upgrade 23.5.2 -> 24.4.0
python3-pydantic: upgrade 2.6.4 -> 2.7.0
python3-pymodbus: upgrade 3.6.6 -> 3.6.7
python3-rarfile: upgrade 4.1 -> 4.2
python3-send2trash: upgrade 1.8.2 -> 1.8.3
python3-sentry-sdk: upgrade 1.44.0 -> 1.45.0
python3-validators: upgrade 0.24.0 -> 0.28.0
python3-web3: upgrade 6.16.0 -> 6.17.0
python3-zopeinterface: upgrade 6.2 -> 6.3
rdma-core: upgrade 50.0 -> 51.0
sngrep: upgrade 1.8.0 -> 1.8.1
squid: upgrade 6.8 -> 6.9
st: upgrade 0.9.1 -> 0.9.2
tcsh: upgrade 6.24.11 -> 6.24.12
toybox: upgrade 0.8.10 -> 0.8.11
webkitgtk3: upgrade 2.44.0 -> 2.44.1
xmlsec1: upgrade 1.3.3 -> 1.3.4
asio: upgrade 1.28.0 -> 1.30.2
gensio: upgrade 2.8.3 -> 2.8.4
mpich: upgrade 4.2.0 -> 4.2.1
openfortivpn: upgrade 1.21.0 -> 1.22.0
python3-argcomplete: upgrade 3.2.3 -> 3.3.0
python3-croniter: upgrade 2.0.3 -> 2.0.5
python3-grpcio-tools: upgrade 1.62.1 -> 1.62.2
python3-grpcio: upgrade 1.62.1 -> 1.62.2
python3-pycups: upgrade 2.0.1 -> 2.0.4
python3-pymisp: upgrade 2.4.188 -> 2.4.190
python3-pywbem: upgrade 1.6.3 -> 1.7.2
python3-pywbemtools: upgrade 1.2.1 -> 1.3.0
python3-regex: upgrade 2023.12.25 -> 2024.4.16
python3-yamlloader: upgrade 1.3.2 -> 1.4.1
sanlock: upgrade 3.9.1 -> 3.9.2
fping: upgrade 5.1 -> 5.2
iniparser: upgrade 4.1 -> 4.2
libgedit-gtksourceview: upgrade 299.1.0 -> 299.2.1
libmodule-build-tiny-perl: upgrade 0.047 -> 0.048
libmxml: upgrade 3.3.1 -> 4.0.3
python3-aiohttp: upgrade 3.9.4 -> 3.9.5
python3-bitstring: upgrade 4.1.4 -> 4.2.1
python3-freezegun: upgrade 1.4.0 -> 1.5.0
python3-google-api-python-client: upgrade 2.125.0 -> 2.127.0
python3-imageio: upgrade 2.34.0 -> 2.34.1
python3-ipython: upgrade 8.23.0 -> 8.24.0
python3-mypy: upgrade 1.9.0 -> 1.10.0
python3-pdm: upgrade 2.14.0 -> 2.15.1
python3-platformdirs: upgrade 4.2.0 -> 4.2.1
python3-pydantic: upgrade 2.7.0 -> 2.7.1
python3-pymodbus: upgrade 3.6.7 -> 3.6.8
python3-regex: upgrade 2023.04.16 -> 2024.4.28
python3-rlp: upgrade 4.0.0 -> 4.0.1
python3-tox: upgrade 4.14.2 -> 4.15.0
python3-types-psutil: upgrade 5.9.5.20240316 -> 5.9.5.20240423
python3-validators: upgrade 0.28.0 -> 0.28.1
python3-virtualenv: upgrade 20.25.0 -> 20.26.0
python3-web3: upgrade 6.17.0 -> 6.17.2
python3-xmlschema: upgrade 3.0.1 -> 3.3.1
qcbor: upgrade 1.2 -> 1.3
ser2net: upgrade 4.6.1 -> 4.6.2
spdlog: upgrade 1.13.0 -> 1.14.0
tracker-miners: upgrade 3.7.1 -> 3.7.2
tracker: upgrade 3.7.1 -> 3.7.2
uftrace: upgrade 0.15.2 -> 0.16
dool: upgrade 1.3.1 -> 1.3.2
gnome-text-editor: upgrade 46.1 -> 46.3
hwdata: upgrade 0.381 -> 0.382
libbpf: upgrade 1.4.0 -> 1.4.2
libnet-dns-perl: upgrade 1.40 -> 1.45
libnvme: upgrade 1.8 -> 1.9
liburing: upgrade 2.5 -> 2.6
nano: upgrade 7.2 -> 8.0
ndctl: upgrade v78 -> v79
networkmanager-openvpn: upgrade 1.10.2 -> 1.11.0
opencl-headers: upgrade 2023.12.14 -> 2024.05.08
opencl-icd-loader: upgrade 2023.12.14 -> 2024.05.08
openipmi: upgrade 2.0.34 -> 2.0.35
postgresql: upgrade 16.2 -> 16.3
python3-astroid: upgrade 3.1.0 -> 3.2.0
python3-asyncinotify: upgrade 4.0.6 -> 4.0.9
python3-bitstring: upgrade 4.2.1 -> 4.2.2
python3-dbus-fast: upgrade 2.21.1 -> 2.21.2
python3-django: upgrade 5.0.4 -> 5.0.6
python3-filelock: upgrade 3.13.4 -> 3.14.0
python3-freezegun: upgrade 1.5.0 -> 1.5.1
python3-gmqtt: upgrade 0.6.14 -> 0.6.16
python3-google-api-core: upgrade 2.18.0 -> 2.19.0
python3-google-api-python-client: upgrade 2.127.0 -> 2.129.0
python3-imgtool: upgrade 2.0.0 -> 2.1.0
python3-joblib: upgrade 1.4.0 -> 1.4.2
python3-langtable: upgrade 0.0.65 -> 0.0.66
python3-marshmallow: upgrade 3.21.1 -> 3.21.2
python3-moteus: upgrade 0.3.67 -> 0.3.68
python3-nocasedict: upgrade 2.0.1 -> 2.0.3
python3-nocaselist: upgrade 2.0.0 -> 2.0.2
python3-pdm: upgrade 2.15.1 -> 2.15.2
python3-pyudev: upgrade 0.24.1 -> 0.24.3
python3-regex: upgrade 2024.4.28 -> 2024.5.10
python3-sqlalchemy: upgrade 2.0.29 -> 2.0.30
python3-tqdm: upgrade 4.66.2 -> 4.66.4
python3-types-psutil: upgrade 5.9.5.20240423 -> 5.9.5.20240511
python3-uswid: upgrade 0.4.7 -> 0.5.0
python3-virtualenv: upgrade 20.26.0 -> 20.26.1
python3-web3: upgrade 6.17.2 -> 6.18.0
smcroute: upgrade 2.5.6 -> 2.5.7
tracker-miners: upgrade 3.7.2 -> 3.7.3
tracker: upgrade 3.7.2 -> 3.7.3
uriparser: upgrade 0.9.7 -> 0.9.8
nana: Fix buildpaths warning.
fetchmail: Fix buildpaths warning.
arno-iptables-firewall: upgrade 2.1.1 -> 2.1.2
cjson: upgrade 1.7.17 -> 1.7.18
evince: upgrade 46.1 -> 46.3
file-roller: upgrade 44.2 -> 44.3
gnome-online-accounts: upgrade 3.50.1 -> 3.50.2
googlebenchmark: upgrade 1.8.3 -> 1.8.4
gsl: upgrade 2.7.1 -> 2.8
libass: upgrade 0.17.1 -> 0.17.2
libdevmapper: upgrade 2.03.22 -> 2.03.24
msgraph: upgrade 0.2.1 -> 0.2.2
nautilus: upgrade 46.1 -> 46.2
python3-annotated-types: upgrade 0.6.0 -> 0.7.0
python3-astroid: upgrade 3.2.0 -> 3.2.2
python3-bitstring: upgrade 4.2.2 -> 4.2.3
python3-dbus-fast: upgrade 2.21.2 -> 2.21.3
python3-google-api-python-client: upgrade 2.129.0 -> 2.130.0
python3-gspread: upgrade 6.1.0 -> 6.1.2
python3-moteus: upgrade 0.3.68 -> 0.3.70
python3-pdm: upgrade 2.15.2 -> 2.15.3
python3-platformdirs: upgrade 4.2.1 -> 4.2.2
python3-pycurl: upgrade 7.45.2 -> 7.45.3
python3-pylint: upgrade 3.1.0 -> 3.2.2
python3-pyperf: upgrade 2.6.3 -> 2.7.0
python3-pyzstd: upgrade 0.15.10 -> 0.16.0
python3-rapidjson: upgrade 1.14 -> 1.17
python3-regex: upgrade 2024.5.10 -> 2024.5.15
python3-transitions: upgrade 0.9.0 -> 0.9.1
python3-twine: upgrade 5.0.0 -> 5.1.0
python3-types-psutil: upgrade 5.9.5.20240511 -> 5.9.5.20240516
python3-types-setuptools: upgrade 69.0.0.20240125 -> 70.0.0.20240524
python3-ujson: upgrade 5.9.0 -> 5.10.0
python3-validators: upgrade 0.28.1 -> 0.28.3
python3-virtualenv: upgrade 20.26.1 -> 20.26.2
python3-watchdog: upgrade 4.0.0 -> 4.0.1
python3-web3: upgrade 6.18.0 -> 6.19.0
redis: upgrade 7.2.4 -> 7.2.5
thingsboard-gateway: upgrade 3.4.6 -> 3.5
webkitgtk3: upgrade 2.44.1 -> 2.44.2
wireshark: upgrade 4.2.4 -> 4.2.5
xterm: upgrade 391 -> 392
atkmm-2.36: upgrade 2.36.2 -> 2.36.3
botan: upgrade 3.2.0 -> 3.4.0
bubblewrap: upgrade 0.8.0 -> 0.9.0
cglm: upgrade 0.9.2 -> 0.9.4
colord-native: upgrade 1.4.6 -> 1.4.7
composefs: upgrade 1.0.3 -> 1.0.4
ctags: upgrade 6.1.20240310.0 -> 6.1.20240602.0
editorconfig-core-c: upgrade 0.12.6 -> 0.12.7
exiftool: upgrade 12.72 -> 12.85
glibmm-2.68: upgrade 2.78.0 -> 2.80.0
highway: upgrade 1.1.0 -> 1.2.0
hwdata: upgrade 0.382 -> 0.383
iperf3: upgrade 3.16 -> 3.17.1
iscsi-initiator-utils: upgrade 2.1.8 -> 2.1.10
libcgi-perl: upgrade 4.60 -> 4.64
libcompress-raw-bzip2-perl: upgrade 2.206 -> 2.212
libcompress-raw-lzma-perl: upgrade 2.206 -> 2.212
libcompress-raw-zlib-perl: upgrade 2.206 -> 2.212
libiec61850: upgrade 1.5.1 -> 1.5.3
libio-compress-lzma-perl: upgrade 2.206 -> 2.212
libio-compress-perl: upgrade 2.206 -> 2.212
libsodium: upgrade 1.0.19 -> 1.0.20
libtracefs: upgrade 1.7.0 -> 1.8.0
libvpx: upgrade 1.14.0 -> 1.14.1
mcelog: upgrade 198 -> 199
mercurial: upgrade 6.5 -> 6.6.3
monit: upgrade 5.33.0 -> 5.34.0
networkmanager: upgrade 1.46.0 -> 1.48.0
ntp: upgrade 4.2.8p17 -> 4.2.8p18
openfortivpn: upgrade 1.22.0 -> 1.22.1
pangomm-2.48: upgrade 2.50.1 -> 2.52.0
pmdk: upgrade 2.0.0 -> 2.1.0
poco: upgrade 1.12.5p2 -> 1.13.3
poke: upgrade 4.0 -> 4.1
libimobiledevice-glue: upgrade 1.0.0 -> 1.2.0
libirecovery: upgrade 1.1.0 -> 1.2.0
python3-anyio: upgrade 4.3.0 -> 4.4.0
python3-autoflake: upgrade 2.2.1 -> 2.3.1
python3-bidict: upgrade 0.23.0 -> 0.23.1
python3-cantools: upgrade 39.4.4 -> 39.4.5
python3-coverage: upgrade 7.4.1 -> 7.5.3
python3-email-validator: upgrade 2.1.0 -> 2.1.1
python3-eth-hash: upgrade 0.6.0 -> 0.7.0
python3-evdev: upgrade 1.6.1 -> 1.7.1
python3-future: upgrade 0.18.3 -> 1.0.0
python3-google-api-python-client: upgrade 2.130.0 -> 2.131.0
python3-hexbytes: upgrade 1.0.0 -> 1.2.0
python3-html2text: upgrade 2020.1.16 -> 2024.2.26
python3-httpcore: upgrade 1.0.3 -> 1.0.5
python3-ipython: upgrade 8.24.0 -> 8.25.0
python3-msgpack: upgrade 1.0.7 -> 1.0.8
python3-netaddr: upgrade 1.2.1 -> 1.3.0
python3-openpyxl: upgrade 3.1.2 -> 3.1.3
python3-pdm-backend: upgrade 2.1.8 -> 2.3.0
python3-pdm: upgrade 2.15.3 -> 2.15.4
python3-prompt-toolkit: upgrade 3.0.43 -> 3.0.45
python3-py7zr: upgrade 0.20.8 -> 0.21.0
python3-pyalsaaudio: upgrade 0.10.0 -> 0.11.0
python3-pybind11-json: upgrade 0.2.13 -> 0.2.14
python3-pymongo: upgrade 4.6.1 -> 4.7.2
python3-pyroute2: upgrade 0.7.10 -> 0.7.12
python3-pyyaml-include: upgrade 1.3.2 -> 2.1
python3-redis: upgrade 5.0.1 -> 5.0.4
python3-rich: upgrade 13.7.0 -> 13.7.1
python3-sdbus: upgrade 0.11.1 -> 0.12.0
python3-sh: upgrade 2.0.6 -> 2.0.7
python3-snagboot: upgrade 1.2 -> 1.3
python3-stevedore: upgrade 5.1.0 -> 5.2.0
python3-sympy: upgrade 1.12 -> 1.12.1
python3-tomlkit: upgrade 0.12.3 -> 0.12.5
python3-typeguard: upgrade 4.2.1 -> 4.3.0
python3-xlsxwriter: upgrade 3.1.9 -> 3.2.0
qpdf: upgrade 11.8.0 -> 11.9.0
remmina: upgrade 1.4.34 -> 1.4.35
sanlock: upgrade 3.9.2 -> 3.9.3
sdmon: upgrade 0.8.1 -> 0.9.0
squashfs-tools-ng: upgrade 1.2.0 -> 1.3.1
tslib: upgrade 1.22 -> 1.23
usbredir: upgrade 0.13.0 -> 0.14.0
frr: use update-alternatives to solve conflicts with libsmi
libsmi: use update-alternatives to solve conflicts with frr
Weisser, Pascal (2):
libblockdev: Add missing dependency on e2fsprogs to fs PACKAGECONFIG.
libblockdev: Add missing dependency on keyutils to crypto PACKAGECONFIG.
Wentao Zhang (1):
meta-oe/conf/layer.conf: remove libbpf from NON_MULTILIB_RECIPES for x86 and x86-64
Yi Zhao (4):
libdaq: update to latest stable version 3.0.14
snort3: update to latest stable version 3.1.84.0
libtevent: upgrade 0.16.0 -> 0.16.1
samba: upgrade 4.19.5 -> 4.19.6
Yoann Congal (8):
reproducibility: move repro excludes from AB config.json to meta-oe
squid: workaround a build failure with native gcc10
mdio-tools: fix mdio-netlink kernel module reproducibility
packagegroup-meta-oe: fix lvgl inclusion
hddtemp: Fix reproducibility in fr locale
libfido2: remove non-functional native and nativesdk BBCLASSEXTEND
sample-content: Set UNPACKDIR to S to avoid a QA warning
packagegroup-meta-oe: replace libdbd-mysql-perl with dbd-mariadb
Zhang Peng (1):
hiredis: change ptest output format
Zoltán Böszörményi (3):
uw-imap: Add a patch to support newer than TLSv1.0
dracut: Switch to dracut-ng and upgrade to version 102
dracut: Drop an unnecessary patch
alperak (4):
libcoap: fix CVE-2024-0962
python3-ecdsa: enable ptest and add missing runtime dependency
Use PYTHON_SITEPACKAGES_DIR instead of hard-coded site-packages directory path
python3-scrypt: Move from PTESTS_PROBLEMS_META_PYTHON to PTESTS_SLOW_META_PYTHON
baruch@tkos.co.il (1):
sexpect: add new recipe
maffan (1):
networkd-dispatcher: Add dependency on python3-json
magicWenli (1):
serial: Fix empty package and use shared lib instead of static lib.
poky: a88251b3e7..5d88faa0f3:
Adithya Balakumar (1):
wic/partition.py: Set hash_seed for empty ext partition
Adriaan Schmidt (1):
libcgroup_3.1.0: fix build on non-systemd systems
Alejandro Hernandez Samaniego (2):
tclibc-newlib: update security cflags override
newlib: Use mcmodel=medany for RISCV64
Aleksandar Nikolic (4):
install-buildtools: remove md5 checksum validation
install-buildtools: fix "test installation" step
install-buildtools: update base-url, release and installer version
ref-manual: introduce CVE_CHECK_REPORT_PATCHED variable
Alexander Kanavin (63):
liba52: remove the recipe
package_rpm: remove support for DIRFILES
mpeg2dec: remove the recipe
libtraceevent: submit meson.patch upstream
swig: merge .inc into .bb
swig: convert from autotools to cmake
serf: mark patch as inappropriate for upstream submission
kea: remove unnecessary reproducibility patch
expect: mark patches as Inactive-Upstream
apr: submit 0001-Add-option-to-disable-timed-dependant-tests.patch upstream
busybox: submit CVE-2022-28391 patches upstream
busybox: remove busybox-udhcpc-no_deconfig.patch
apr: drop 0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch
gstreamer1.0-plugins-good: remove 0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch
xinput-calibrator: mark upstream as inactive in a patch
bash: mark build-tests.patch as Inappropriate
connman: make 0002-resolve-musl-does-not-implement-res_ninit.patch libc-agnostic
connman: submit 0002-resolve-musl-does-not-implement-res_ninit.patch upstream
icu: add upstream submission links for fix-install-manx.patch
libical: disable introspection in -native
scripts/oe-setup-build: write a build environment initialization one-liner into the build directory
bitbake: fetch2/crate: add upstream latest version check function
python3-pyproject-hooks: fix upstream version check
wayland: fix upstream version check
documentation/poky.yaml.in: drop mesa/sdl from essential host packages
glib/gobject-introspection: update 2.78.4 -> 2.80.0, 1.78.1 -> 1.80.0
glib-2.0: correct deprecated man/gtk-doc options
rust: correctly link rust-snapshot into build/stage0
bblayers/makesetup: raise exceptions when errors happen
bblayers/makesetup: include local repository paths in discovered layer repo data
bblayers/makesetup: move check for existence of git remotes to oe-setup-layers plugin
selftest/sstatetests: separate sstate presence check into its own class
selftest/sstatetests: move exception list for cache objects to the parent class
mesa: remove obsolete 0001-meson.build-check-for-all-linux-host_os-combinations.patch
kexec-tools: submit 0003-kexec-ARM-Fix-add_buffer_phys_virt-align-issue.patch upstream
vorbis: mark patch as Inactive-Upstream
grub: mark grub-module-explicitly-keeps-symbole-.module_license.patch as a workaround
grub: remove unneeded 0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch
gdb: remove unneeded 0006-resolve-restrict-keyword-conflict.patch
perl: submit the rest of determinism.patch upstream
iptables: submit 0001-configure-Add-option-to-enable-disable-libnfnetlink.patch upstream
iptables: remove unneeded 0002-iptables-xshared.h-add-missing-sys.types.h-include.patch
iptables: correctly enable libnetfilter_conntrack support
x264: update to latest revision on official git
elfutils: remove unneeded 0006-Fix-build-on-aarch64-musl.patch
glib-2.0: remove obsolete 0001-Set-host_machine-correctly-when-building-with-mingw3.patch
rust: add reproducibility patch to eliminate host leakage
rust: use rust-snapshot binaries only in rust-native
rust: build the default set of tools
selftest/rust: correctly form the PATH environment variable
boost: update 1.84.0 -> 1.85.0
libgit2: update 1.7.2 -> 1.8.1
pinentry: update 1.2.1 -> 1.3.0
mobile-broadband-provider-info: upgrade 20230416 -> 20240407
zstd: upgrade 1.5.5 -> 1.5.6
icu: upgrade 74-2 -> 75-1
libxcb: upgrade 1.16.1 -> 1.17.0
xserver-xorg: upgrade 21.1.12 -> 21.1.13
meson: upgrade 1.3.1 -> 1.4.0
gtk-doc: upgrade 1.33.2 -> 1.34.0
gstreamer1.0: update 1.22.11 -> 1.24.3
libomxil: remove the recipe
cmake: upgrade 3.28.3 -> 3.29.3
Alexandre Truong (3):
oeqa/selftest/devtool: fix _test_devtool_add_git_url
Revert "oeqa/selftest/devtool: fix test_devtool_add_git_style2"
recipe style guide: add recommendation for patches without signature
Andrew Fernandes (1):
gtk+: add missing libdrm dependency
Anton Almqvist (1):
devtool: modify: Catch git submodule error for go code
Antonin Godard (4):
devtool: ide-sdk: correct help typo
bitbake: codeparser: support shell substitutions in quotes
bitbake: codeparser: remove redundant list conversion
bitbake: tests.codeparser: add tests for shell expansions
Anuj Mittal (9):
enchant2: upgrade 2.6.9 -> 2.7.2
harfbuzz: upgrade 8.3.1 -> 8.4.0
libproxy: upgrade 0.5.4 -> 0.5.6
libsolv: upgrade 0.7.28 -> 0.7.29
mmc-utils: upgrade to latest revision
sqlite3: upgrade 3.45.1 -> 3.45.3
harfbuzz: upgrade 8.4.0 -> 8.5.0
stress-ng: upgrade 0.17.07 -> 0.17.08
glib-2.0: upgrade 2.80.0 -> 2.80.2
Archana Polampalli (1):
xserver-xorg: upgrade 21.1.11 -> 21.1.12
Bartosz Golaszewski (1):
linux-firmware: add a package for ath12k firmware
Benjamin Bara (1):
gstreamer1.0-plugins-bad: adapt webrtc audio dependency
Benjamin Szőke (2):
archiver.bbclass: Fix work-shared checking for kernel recipes
populate_sdk_base: add 7zip archive type for SDK
Bruce Ashfield (21):
linux-yocto/6.6: update to v6.6.24
linux-yocto/6.6: update CVE exclusions (6.6.24)
linux-yocto/6.6: update to v6.6.25
linux-yocto/6.6: update CVE exclusions (6.6.25)
linux-yocto/6.6: nft: enable veth
linux-yocto/6.6: update to v6.6.27
linux-yocto/6.6: update CVE exclusions (6.6.27)
linux-yocto/6.6: cfg: drop obselete options
linux-yocto/6.6: update to v6.6.28
linux-yocto/6.6: update CVE exclusions (6.6.28)
linux-yocto/6.6: update to v6.6.29
linux-yocto/6.6: update CVE exclusions (6.6.29)
linux-yocto/6.6: fix kselftest failures
systemd: fix build against 6.9 libc-headers
linux-yocto/6.6: update to v6.6.30
linux-yocto/6.6: intel configuration changes
linux-libc-headers: bump to v6.9
linux-yocto/6.6: update to v6.6.32
linux-yocto/6.6: cfg: introduce Intel NPU fragment
linux-yocto-dev: bump to v6.10
lttng-modules: update to 2.13.13 and fix for 6.10+
Changhyeok Bae (1):
iproute2: upgrade 6.7.0 -> 6.8.0
Changqing Li (5):
ptest-runner: Bump to 2.4.4 (95f528c)
ghostscript: upgrade 10.03.0 -> 10.03.1
gettext: fix a parallel build issue
man-pages: upgrade 6.06 -> 6.8
systemd: fix wrong path of tmp.mount
Chen Qi (8):
systemd/systemd-boot: upgrade from 255.4 to 255.6
pciutils: upgrade from 3.11.1 to 3.12.0
shadow: upgrade from 4.15.0 to 4.15.1
cups: upgrade from 2.4.7 to 2.4.8
kmod: upgrade from 31 to 32
libnl: change HOMEPAGE
coreutils: split out coreutils-getlimits
findutils: upgrade from 4.9.0 to 4.10.0
Christian Bräuner Sørensen (1):
systemd: sed ROOT_HOME only if sysusers PACKAGECONFIG is set
Dan McGregor (2):
shadow: install manpages
gcc: Allow using libc++
Daniel Klauer (1):
cmake.bbclass: Add ${COREBASE}/scripts to CMAKE_FIND_ROOT_PATH
Denys Dmytriyenko (2):
wayland: upgrade 1.22.0 -> 1.23.0
weston: upgrade 13.0.0 -> 13.0.1
Dmitry Baryshkov (3):
ffmpeg: backport patches to use new Vulkan AV1 codec API
site/x86_64-linux: add ac_cv_func_fnmatch_works
ffmpeg: backport patch to fix errors with GCC 14
Emil Kronborg (5):
at-spi2-core: add at-spi2-atk to CVE_PRODUCT
gtk+3: add gtk+ to CVE_PRODUCT
insane.bbclass: remove skipping of cross-compiled packages
insane.bbclass: fix HOST_ variable names
insane.bbclass: remove leftover variables and comment
Enrico Jorns (1):
oeqa/utils/commands: extend docstring for runqemu context manager
Enrico Jörns (3):
oeqa/core: remove duplicate 'os' import
wic: engine.py: use raw string for escape sequence
wic: bootimg-efi: fix error handling
Etienne Cordonnier (3):
oeqa/runtime: fix regression in minidebuginfo test
oeqa/runtime: make minidebuginfo test work with coreutils
selftests: add test_minidebuginfo_qemu
Felix Nilsson (1):
base-files: profile: fix error sh: 1: unknown operand
Guðni Már Gilbert (4):
python3-bcrypt: drop python3-six from RDEPENDS
python3-pyopenssl: drop python3-six from RDEPENDS
python3-pycparser: cleanup RDEPENDS
python3-requests: cleanup RDEPENDS
Heiko (1):
kernel.bbclass: check, if directory exists before removing empty module directory
Igor Opaniuk (1):
initramfs-framework: support force reboot if fatal error occurs
Iskander Amara (1):
linux-firmware: Move Intel AC 9260 bluetooth firmware to a separate package
Jan Vermaete (1):
python3-mako: added ptest
Jasper Orschulko (1):
dev-manual: Add info on build env initialization
Joe Slater (1):
oe-debuginfod: add option for data storage
John Ripple (1):
rootfs.py: Fix logger error message format
Jonas Gorski (1):
linuxloader: add -armhf on arm only for TARGET_FPU 'hard'
Jookia (1):
populate_sdk_ext.bbclass: Fix undefined variable error
Jordan Crouse (1):
libxcrypt-compat: Rename libcrypto.so.1 -> libcrypt.so.1
Jose Quaresma (3):
go: Drop the linkmode completely
Revert "goarch: disable dynamic linking globally"
go: upgrade 1.22.2 -> 1.22.3
Joshua Watt (18):
bitbake: bitbake-hashclient: Add ping command
bitbake: bitbake-hashclient: Improve stress statistics reporting
bitbake: bitbake-hashclient: Improve ping command line options
bitbake: bb: Use namedtuple for Task data
bitbake: hashserv: client: Add batch stream API
bitbake: siggen: Enable batching of unihash queries
bitbake: hashserv: server: Add support for SO_REUSEPORT
bitbake: siggen: Drop client pool support
bitbake: asyncrpc: Remove ClientPool
bitbake: siggen: Batch unihash_exists checks
bitbake: hashserv: client: Fix changing stream modes
sstatesig: Drop BB_HASHSERVE_MAX_PARALLEL
lib: package: Add file_reverse_translate
lib: package: Replace ":" in file names
bitbake: asyncrpc: Use client timeout for websocket open timeout
classes/spdx-common: Move common SPDX to new class
classes/spdx-common: Add SPDX version to path
classes/spdx-common: Return empty list from extract_licenses
Julien Stephan (3):
oeqa: selftest: context: run tests serially if testtools/subunit modules are not found
devtool: standard: update-recipe/finish: fix update localfile in another layer
oeqa/selftest/devtool: add test for updating local files into another layer
Kai Kang (5):
webkitgtk: 2.44.0 -> 2.44.1
multilib.bbclass: replace deprecated e.data with d
cmake-qemu.bbclass: fix if criterion
gcc: remove g77/f77
gfortran: update runtime dependencies
Kari Sivonen (1):
bitbake: fetch2/svn: Fix mirroring issue with svn
Khem Raj (27):
oeqa/postactions: Do not use -l option with df
llvm: Upgrade to 18.1.4
strace: Upgrade to 6.8
pcmanfm: Disable incompatible-pointer-types warning as error
kea: Remove -fvisibility-inlines-hidden from C++ flags
consolekit: Disable incompatible-pointer-types warning as error
gtk4: Disable int-conversion warning as error
llvm: Upgrade to 18.1.5
llvm: Switch to using release tarballs
python3: Treat UID/GID overflow as failure
ltp: Fix build with GCC-14
iproute2: Fix build with GCC-14
strace: Use locale-base-en-us for locale
zip: Fix build with gcc-14
linux-yocto: Enable team net driver
valgrind: Upgrade to 3.23.0
gcc: Upgrade to GCC 14.1 release
openssl: Fix build on riscv
kexec-tools: Fix build with GCC-14 on musl
systemd-bootchart: Fix build on musl
systemd.bbclass: Clarify error message
python3: Drop empty patch
grub,grub-efi: Remove -mfpmath=sse on x86
ltp: Fix build break with clang on risv64
gstreamer1.0-plugins-bad: Fix build with musl
gcc: Fix typo in increment expression in unicode from libstdc++
gawk: Remove References to /usr/local/bin/gawk
Kirill Yatsenko (1):
iptables: fix save/restore symlinks with libnftnl PACKAGECONFIG enabled
Konrad Weihmann (1):
insane: error out on UNPACKDIR = WORKDIR
Lee Chee Yang (5):
release-notes-5.0: update recipes changes
migration-notes: add release notes for 4.0.18
release-notes-5.0: update Repositories / Downloads section
release-notes-4.0.18: specify backported license
migration-notes: add release notes for 5.0.1
Lei Maohui (1):
run-postinsts.service: Removed --no-reload to fix reload warning when users execute systemctl in the first boot.
Marc Ferland (1):
libinput: fix building with debug-gui option
Marek Vasut (1):
gstreamer1.0-plugins-good: Include qttools-native during the build with qt5 PACKAGECONFIG
Mark Hatle (2):
sstate.bbclass: Add _SSTATE_EXCLUDEDEPS_SYSROOT to vardepsexclude
binutils: Fix aarch64 disassembly abort
Markus Volk (7):
gtk4: update 4.14.1 -> 4.14.2
xwayland: update 23.2.5 -> 23.2.6
wayland-protocols: update 1.35 -> 1.36
gtk4: update 4.14.2 -> 4.14.4
libadwaita: update 1.5.0 -> 1.5.1
xcb-util-errors: add recipe
ell: update 0.65 -> 0.66
Marlon Rodriguez Garcia (1):
bitbake: ui/buildinfohelper: Add exception treatment to fix missing target_file
Martin Hundeb?ll (4):
classes: image_types: apply EXTRA_IMAGECMD:squashfs* in oe_mksquashfs()
ell: upgrade 0.64 -> 0.65
ofono: upgrade 2.4 -> 2.7
classes: image_types: quote variable assignment needed by dash
Martin Hundebøll (1):
qemu: upgrade 8.2.1 -> 9.0.0
Martin Jansa (10):
rng-tools: ignore incompatible-pointer-types errors for now
expect: ignore various issues now fatal with gcc-14
libunwind: ignore various issues now fatal with gcc-14
p11-kit: ignore various issues fatal with gcc-14 (for 32bit MACHINEs)
lrzsz connman-gnome libfm: ignore various issues fatal with gcc-14
cdrtools-native: fix build with gcc-14
db: ignore implicit-int and implicit-function-declaration issues fatal with gcc-14
selftest: add Upstream-Status to .patch files
insane: add patch-status to default ERROR_QA
bitbake: siggen: catch FileNotFoundError everywhere and ConnectionError also in get_unihashes
Maxin B. John (1):
iproute2: drop obsolete patch
Michael Glembotzki (1):
rootfs-postcommands.bbclass: Only set DROPBEAR_RSAKEY_DIR once
Michael Halstead (2):
docs: add support for scarthgap 5.0 release
yocto-uninative: Update to 4.5 for gcc 14
Michael Opdenacker (15):
manuals: standards.md5: add standard for project names
ref-manual: update releases.svg
bitbake: prserv: declare "max_package_pr" client hook
bitbake: prserv: move code from __init__ to bitbake-prserv
bitbake: prserv: add "upstream" server support
bitbake: prserv: enable database sharing
bitbake: prserv: avoid possible race condition in database code
bitbake: prserv: store_value() improvements
bitbake: prserv: import simplification
bitbake: prserv: add bitbake selftests
migration-guides: placeholder files for 5.1
ref-manual: introduce UNPACKDIR variable
migration-5.1.rst: preliminary description of UNPACKDIR changes
maintainers.inc: update self e-mail address
documentation/README: refer to doc package requirements
Mingli Yu (1):
ncurses: Fix CVE-2023-50495
Naveen Saini (1):
gstreamer1.0-plugins-bad: rename onevpl-intel-gpu -> vpl-gpu-rt
Ninette Adhikari (6):
oe-build-perf-report: Add apache echarts to make report interactive
oe-build-perf-report: Display more than 300 commits and date instead of commit number
oe-build-perf-report: Improve report styling and add descriptions
oe-build-perf-report: Update chart tooltip and chart type
oe-build-perf-report: Add dark mode
oe-build-perf-report: Add commit hash link to chart tooltip
Noe Galea (1):
manuals: document NVDCVE_API_KEY variable
Ola x Nilsson (2):
binutils: Remove conflict markers from 0008-Use-libtool-2.4.patch
oeqa/selftest/devtool: add test for modifying recipes using go.bbclass
Paul Eggleton (2):
ref-manual: variables: add USERADD_DEPENDS
release-notes: add a few more new features
Peter Marko (9):
update-rc.d: add +git to PV
ttyrun: define CVE_PRODUCT
glibc: Update to latest on stable 2.39 branch
glibc: correct license
glibc: Update to latest on stable 2.39 branch
openssl: patch CVE-2024-4603
ncurses: switch to new mirror
ncurses: Upgrade 6.4 -> 6.5
openssl: Upgrade 3.3.0 -> 3.3.1
Philip Lorenz (4):
lib/package_manager/ipk: Do not hardcode payload compression algorithm
ipk: Fix clean up of extracted IPK payload
package_manager: Move OpkgDpkgPM into common module
package_manager: Share more common DEB / IPK code
Poonam Jadhav (1):
ppp: Add RSA-MD in LICENSE
Quentin Schulz (5):
docs: brief-yoctoprojectqs: explicit version dependency on websockets python module
mmc-utils: fix URL
kernel-yocto: fix incorrect debug message for defconfig in WORKDIR
linux-firmware: update to 20240513
linux-firmware: add new package for Mali CSFFW Valhall firmware
Ralph Siemsen (1):
uboot-sign: fix loop in do_uboot_assemble_fitimage
Rasmus Villemoes (2):
openssh: add After dependencies on nss-user-lookup.target
git: set --with-gitconfig=/etc/gitconfig for -native builds
Ricardo Simoes (1):
libusb1: Set CVE_PRODUCT
Richard Purdie (74):
curl: Backport patch to fix buildtools issues
base/bitbake.conf: Introduce UNPACKDIR
classes/lib/scripts: Initial WORKDIR -> UNPACKDIR updates
recipes: Update S = WORKDIR recipes to use ${S} correctly
recipes: Update WORKDIR references to UNPACKDIR
local.conf.sample: Fix hashequivalence server address
brief-yoctoprojectqs: Update to the correct hash equivalence server address
linux-yocto-custom: Fix comment override syntax
bitbake: build: Handle conflict between cwd and cleandirs
bitbake: bitbake: update to version 2.9.1
sanity.conf: Require bitbake 2.9.1
oeqa/selftest/recipetool: Fix for usrmerge in DISTRO_FEATURES
oeqa/selftest/devtool: Fix for usrmerge in DISTRO_FEATURES
insane: Fix case where S doesn't exist
ssh-pregen-hostkeys: Limit to qemu machines by default
oeqa/systemd_boot: Ensure ssh-pregen-hostkeys are available for the test
bitbake: asyncrpc/client: Fix websockets minimum version for python 3.10
at: Tweak UNPACKDIR reference
bitbake: parse: Improve/fix cache invalidation via mtime
selftest/cases/runtime_test: Exclude centos-9 from virgl tests
bitbake: cooker: Ensure generateTaskDepTreeData fails for NoProvider
dwarfsrcfiles: Switch to S = UNPACKDIR
recipes: Start WORKDIR -> UNPACKDIR transition
recipes: Switch away from S = WORKDIR
devtool: Drop oe-local-files and simplify
systemd-conf: Convert to use a dedicated UNPACKDIR
recipes: Ensure S is set to a valid directory
build-appliance-image: Remove warning about S not existing
go: Drop fork of unpack code, mandate GO_SRCURI_DESTSUFFIX
linux-yocto: Avoid QA check
oeqa/sdk/assimp: Upgrade and fix for gcc 14
gcc-runtime: libgomp fix for gcc 14 warnings with mandb selftest
tiny-init: Stop using S == WORKDIR
base: Switch UNPACKDIR to a subdir of WORKDIR
recipetool/devtool: Update to work correctly with UNPACKDIR
insane: Error for S == WORKDIR
usbinit: Drop recipe
insane: Add error for B = WORKDIR
base/bitbake.conf: Move S/B to PSEUDO_IGNORE_PATHS unconditionally
base/insane: Move S/B checks to more logical place in insane class
useradd-example: Fix S = WORKDIR reference
bitbake: fetch/npmsw: The fetcher shouldn't have any knowledge of S
layer.conf: Add os-release to SIGGEN_EXCLUDERECIPES_ABISAFE
pseudo: Update to pull in python 3.12+ fix
bitbake: runqueue: Add timing warnings around slow loops
bitbake: runqueue: Allow rehash loop to exit in case of interrupts
bitbake: runqueue: Process unihashes in parallel at init
bitbake: runqueue: Improve rehash get_unihash parallelism
bs4: Update to 4.12.3 from 4.4.1
bitbake: lib/bs4: Avoid soupsieve warning
bitbake: cooker: Improve handling errors during parsing when profiling
bitbake: bitbake: Drop older python version compatibility code
bitbake: fetch2/wget: Fix failure path for files that are empty or don't exist
bitbake: tests/fetch: Tweak to work on Fedora40
busybox: Disable CONFIG_TC for poky-tiny
siteconfig: Drop siteconfig class/code/support
sstate: Drop intercept functions support
sstate/buildhistory: Fix plaindirs handling to occur before SSTATEPOSTINSTFUNCS
sstatesig/populate_sdk_ext: Improve unihash cache handling
libtool: 2.4.7 -> 2.5.0
autotools/libtool: Drop libtool sysroot patch as not needed
libtool-native: Drop obsolete systroot config
libtool: Drop obsolete configure/compile prepends
python3-jinja2: Upgrade 3.1.3 -> 3.1.4
nasm: Upgrade 2.16.01 -> 2.16.03
oeqa/runtime/ltp: Drop groups that were removed in new version
openssl: Add passthrough variables to work with bitbake
build-appliance-image: Update to master head revision
bitbake: tests/fetch: Tweak test to match upstream repo url change
cve-exclusion: Drop the version comparision/warning
bitbake: siggen: Drop copy_unihashes function
bitbake: runqueue: Avoid save_unitaskhashes
selftest/spdx: Fix for SPDX_VERSION addition
oeqa/sdk/case: Ensure DL_DIR is populated with artefacts if used
Robert Joslyn (2):
curl: Update to 8.8.0
libgloss: Do not apply non-existent patch
Robert Kovacsics (1):
sdk: Fix path length limit to match reserved size
Robert Yang (5):
strace: upgrade 6.8 -> 6.9
git: 2.44.1 -> 2.45.1
quilt: 0.67 -> 0.68
fmt: Add it from meta-oe for ccache 4.10
ccache: 4.9.1 -> 4.10
Ross Burton (42):
waffle: remove dependency on udev
ruby: remove obsolete build dependences
npth: update homepage
npth: remove obsolete pkgconfig patch
npth: remove obsolete binconfig-disabled inherit
npth: remove redundant FILES
insane: handle dangling symlinks in the libdir QA check
openssl: fix pkgconfig path problems
curl: locale-base-en-us isn't glibc-specific
gstreamer1.0: skip another known flaky test
libportal: fix rare build race
cpio: mark CVE-2023-7216 as disputed
enchant2: upgrade to 2.7.3
lib/oe/package-manager: allow including self in create_packages_dir
selftest/classes: add localpkgfeed class
oeqa/selftest/debuginfod: use localpkgfeed to speed server startup
oeqa/sdkext/devtool: replace use of librdfa
genericarm64: depend on u-boot in testimage
oeqa/sdk: rename test cases
oeqa/sdk: remove unused imports from test cases
meson: don't use deprecated pkgconfig variable
toolchain-scripts: export the target endianism and word size
curl: skip FTP tests in run-ptest
gawk: fix readline detection
python3-hatchling: upgrade 1.24.1 -> 1.24.2
gdk-pixbuf: upgrade 2.42.11 -> 2.42.12
fribidi: upgrade 1.0.13 -> 1.0.14
oeqa/manual: remove obsolete CROPS and Eclipse manually testing scripts
gawk: update patch status
python3-cryptodome: remove redundant PYPI_PACKAGE_EXT
python3-cython: remove redundant .inc file
site: move ac_cv_func_fnmatch_works to libc files
site: remove libc definitions in nios2-linux
site: remove obsolete evolution-data-server entries
site: remove obsolete dbus entry
insane: show cleaned build paths in more tests
site: fix ac_cv_uint typo
site: move ac_cv_func_posix_getpwnam_r to libc files
pciutils: rewrite recipe
procps: fix build with new glibc but old kernel headers
scripts/makefile-getvar: add script to get values from Makefiles
curl: rewrite ptest installation
Rudolf J Streif (1):
bitbake: fetch2/wget: Canonicalize DL_DIR paths for wget2 compatibility
Siddharth Doshi (1):
cups: Upgrade 2.4.8 -> 2.4.9
Simone Weiß (4):
gnutls: Fix failing ptests
bitbake: bitbake-layers: adapt force option to not use tinfoil
tzdata: Add tzdata.zi to tzdata-core package
sanity: Check if tar is gnutar
Soumya Sambu (2):
ncurses: Fix CVE-2023-45918
git: upgrade 2.44.0 -> 2.44.1
Sundeep KOKKONDA (2):
binutils: stable 2.42 branch updates.
glibc: stable 2.39 branch updates.
Sven Schwermer (3):
bitbake: fetch2/gcp: Add missing runfetchcmd import
recipetool: Handle unclean response in go resolver
recipetool: Handle several go-import tags in go resolver
Thomas Perrot (1):
maintainers.inc: maintainer for opensbi
Tim Orling (32):
python3-maturin: upgrade 1.4.0 -> 1.5.1
glslang: upgrade to 1.3.283.0
vulkan-headers: upgrade to 1.3.283.0
vulkan-loader: upgrade to 1.3.283.0
vulkan-tools: upgrade to 1.3.283.0
spirv-headers: upgrade to 1.3.283.0
spirv-tools: upgrade to 1.3.283.0
vulkan-validation-layers: upgrade to 1.3.283.0
vulkan-utility-libraries: upgrade to 1.3.283.0
vulkan-volk: upgrade to 1.3.283.0
python3-cryptography: upgrade 42.0.5 -> 42.0.7
python3-bcrypt: upgrade 4.1.2 -> 4.1.3
python3-rpds-py: upgrade 0.18.0 -> 0.18.1
pythonn3-rpds-py: enable ptest
python3-maturin: upgrade 1.5.1 -> 1.6.0
python3-meson-python: ugprade 0.15.0 -> 0.16.0
python3-babel: upgrade 2.14.0 -> 2.15.0
python3-cryptography: upgrade 42.0.7 -> 42.0.8
python3-certifi: upgrade 2024.2.2 -> 2024.6.2
python3-more-itertools: upgrade 10.2.0 -> 10.3.0
python3-packaging: upgrade 24.0 -> 24.1
python3-requests: upgrade 2.32.1 -> 2.32.3
python3-typing-extensions: upgrade 4.11.0 -> 4.12.2
python3-zipp: upgrade 3.18.2 -> 3.19.2
bitbake: taoster: update fixtures for scarthgap, current
bitbake: toaster test_cerate_new_project: add scarthgap
bitbake: test_project_page: fix failing test_single_layer_page
devtool upgrade: enable RECIPE_UPDATE_EXTRA_TASKS
cargo-update-recipe-crates: add RECIPE_UPDATE_EXTRA_TASKS
meta-selftest: add python3-guessing-game
oe-selftest: add RECIPE_UPDATE_EXTRA_TASKS test
ref-manual: add RECIPE_UPDATE_EXTRA_TASKS variable
Trevor Gamblin (26):
patchtest: test_metadata: fix invalid escape sequences
python3-pytest: upgrade 8.1.1 -> 8.2.0
python3: skip test_concurrent_futures/test_shutdown
patchtest: requirements.txt: add GitPython
patchtest: repo: refactor to use GitPython
patchtest: tests: update bugzilla_entry_format.fail testfile
patchtest: utils: remove unused functions
python3-hypothesis: upgrade 6.100.1 -> 6.102.4
python3-pygments: upgrade 2.17.2 -> 2.18.0
python3-pytest: upgrade 8.2.0 -> 8.2.1
python3-referencing: upgrade 0.34.0 -> 0.35.1
python3-requests: upgrade 2.31.0 -> 2.32.1
python3-pyproject-metadata: upgrade 0.7.1 -> 0.8.0
python3-setuptools-scm: upgrade 8.0.4 -> 8.1.0
python3-sphinx: upgrade 7.2.6 -> 7.3.7
python3-trove-classifiers: upgrade 2024.4.10 -> 2024.5.17
maintainers.inc: transfer some python recipes to tgamblin
ref-manual: variables: document PYPI_PACKAGE_EXT, PYPI_SRC_URI
patchtest: selftest: fix patch files
python3-hypothesis: upgrade 6.102.4 -> 6.103.0
python3-trove-classifiers: upgrade 2024.5.17 -> 2024.5.22
python3-docutils: upgrade 0.20.1 -> 0.21.2
python3: upgrade 3.12.3 -> 3.12.4
python3-pytest: upgrade 8.2.1 -> 8.2.2
python3: skip test_concurrent_futures/test_deadlock
python3: skip test_multiprocessing/test_active_children test
Victor Kamensky (2):
systemtap: upgrade 5.0 -> 5.1
systemtap: fix systemtap-native build error on Fedora 40
Vincent Kriek (1):
devtool: sync: Fix Execution error
Wang Mingyu (70):
llvm: upgrade 18.1.2 -> 18.1.3
dropbear: upgrade 2022.83 -> 2024.84
python3-pycparser: upgrade 2.21 -> 2.22
gnutls: upgrade 3.8.4 -> 3.8.5
bind: upgrade 9.18.25 -> 9.18.26
cronie: upgrade 1.7.1 -> 1.7.2
diffoscope: upgrade 260 -> 265
dpkg: upgrade 1.22.5 -> 1.22.6
gcr: upgrade 4.2.1 -> 4.3.0
gdk-pixbuf: upgrade 2.42.10 -> 2.42.11
libarchive: upgrade 3.7.2 -> 3.7.3
libpam: upgrade 1.6.0 -> 1.6.1
libsdl2: upgrade 2.30.1 -> 2.30.2
libwebp: upgrade 1.3.2 -> 1.4.0
libxmlb: upgrade 0.3.17 -> 0.3.18
libxmu: upgrade 1.2.0 -> 1.2.1
lighttpd: upgrade 1.4.75 -> 1.4.76
lttng-ust: upgrade 2.13.7 -> 2.13.8
ninja: upgrade 1.11.1 -> 1.12.0
openssl: upgrade 3.2.1 -> 3.3.0
pango: upgrade 1.52.1 -> 1.52.2
python3-beartype: upgrade 0.18.2 -> 0.18.5
python3-cython: upgrade 3.0.9 -> 3.0.10
python3-dtschema: upgrade 2024.2 -> 2024.4
python3-hatchling: upgrade 1.22.4 -> 1.24.1
python3-hypothesis: upgrade 6.99.4 -> 6.100.1
python3-idna: upgrade 3.6 -> 3.7
python3-lxml: upgrade 5.1.0 -> 5.2.1
python3-mako: upgrade 1.3.2 -> 1.3.3
python3-pluggy: upgrade 1.4.0 -> 1.5.0
python3-pygobject: upgrade 3.48.1 -> 3.48.2
python3-setuptools: upgrade 69.2.0 -> 69.5.1
python3-trove-classifiers: upgrade 2024.3.3 -> 2024.4.10
repo: upgrade 2.44 -> 2.45
stress-ng: upgrade 0.17.06 -> 0.17.07
taglib: upgrade 2.0 -> 2.0.1
util-macros: upgrade 1.20.0 -> 1.20.1
vala: upgrade 0.56.16 -> 0.56.17
wayland-protocols: upgrade 1.34 -> 1.35
xcb-proto: upgrade 1.16.0 -> 1.17.0
mesa: upgrade 24.0.3 -> 24.0.5
appstream: upgrade 1.0.2 -> 1.0.3
bash-completion: upgrade 2.13.0 -> 2.14.0
bind: upgrade 9.18.26 -> 9.18.27
btrfs-tools: upgrade 6.8 -> 6.8.1
createrepo-c: upgrade 1.1.0 -> 1.1.1
diffoscope: upgrade 265 -> 267
dmidecode: upgrade 3.5 -> 3.6
dnf: upgrade 4.19.2 -> 4.20.0
ed: upgrade 1.20.1 -> 1.20.2
gtk+3: upgrade 3.24.41 -> 3.24.42
iproute2: upgrade 6.8.0 -> 6.9.0
iw: upgrade 6.7 -> 6.9
libedit: upgrade 20230828-3.1 -> 20240517-3.1
libgpg-error: upgrade 1.48 -> 1.49
libslirp: upgrade 4.7.0 -> 4.8.0
libxml2: upgrade 2.12.6 -> 2.12.7
libxmlb: upgrade 0.3.18 -> 0.3.19
llvm: upgrade 18.1.5 -> 18.1.6
mesa: upgrade 24.0.5 -> 24.0.7
msmtp: upgrade 1.8.25 -> 1.8.26
nghttp2: upgrade 1.61.0 -> 1.62.0
ninja: upgrade 1.12.0 -> 1.12.1
python3-jsonschema: upgrade 4.21.1 -> 4.22.0
python3-lxml: upgrade 5.2.1 -> 5.2.2
python3-mako: upgrade 1.3.3 -> 1.3.5
python3-zipp: upgrade 3.18.1 -> 3.18.2
shaderc: upgrade 2024.0 -> 2024.1
wireless-regdb: upgrade 2024.01.23 -> 2024.05.08
xwayland: upgrade 23.2.6 -> 24.1.0
Willy Tu (1):
rust-target-config: fix feature for vfpv4f16
Xiangyu Chen (2):
iputils: splitting the ping6 as a package
ltp: add iputils-ping6 to RDEPENDS
Yi Zhao (9):
libcap-ng: upgrade 0.8.4 -> 0.8.5
libcap-ng-python: upgrade 0.8.4 -> 0.8.5
dropbear: upgrade 2024.84 -> 2024.85
libsdl2: upgrade 2.30.2 -> 2.30.3
gnu-efi: upgrade 3.0.17 -> 3.0.18
libcap: upgrade 2.69 -> 2.70
ltp: upgrade 20240129 -> 20240524
logrotate: upgrade 3.21.0 -> 3.22.0
debianutils: upgrade 5.17 -> 5.19
Yoann Congal (1):
migration-5.1: add the recommended pattern for S/UNPACKDIR definition
Yogita Urade (1):
libarchive: upgrade 3.7.3 -> 3.7.4
Zev Weiss (1):
bash: Fix file-substitution error-handling bug
Zoltan Boszormenyi (2):
cracklib: Modify patch to compile with GCC 14
cdrtools-native: Fix build with GCC 14
joshua Watt (6):
classes/create-spdx-2.2: Fix SPDX Namespace Prefix
bitbake: cooker: Use hash client to ping upstream server
bitbake: siggen/runqueue: Report which dependencies affect the taskhash
bitbake: cooker: Handle ImportError for websockets
bitbake: asyncrpc: Check websockets version
classes/create-spdx-2.2: Fix SPDX dependencies for ABI Safe recipes
meta-security: d1522af21d..b4a8bc606f:
Changqing Li (2):
recipes: WORKDIR -> UNPACKDIR transition
scap-security-guide: WORKDIR -> UNPACKDIR
Gael PORTAY (1):
sssd: remove duplicate option --without-python2-bindings
Gowtham Suresh Kumar (1):
meta-parsec: Update parsec-service to 1.4.1
Marta Rybczynska (1):
packagegroup-core-security: update libseccomp dependencies
Martin Jansa (2):
{tcp,udp}-smack-test: fix implicit-function-declaration issues fatal with gcc-14
mmap-smack-test, smack-test, tcp-smack-test, udp-smack-test: don't use S = ${WORKDIR}
Tim Orling (5):
swtpm: upgrade 0.8.1 -> 0.8.2
tpm2-pkcs11: BBCLASSEXTEND native and nativesdk
tpm2-tools: BBCLASSEXTEND native and nativesdk
libtpm: BBCLASSEXTEND nativesdk
tpm2-tss: BBCLASSEXTEND nativesdk
Valentin Kunin (1):
tpm2-tss: upgrade 4.0.1 -> 4.1.2
Wang Mingyu (1):
lynis: upgrade 3.0.9 -> 3.1.1
Yi Zhao (6):
ibmswtpm2: upgrade 164-2020-192.1 -> 183-2024-03-27
ibmtpm2tss: upgrade 1661 -> 2.2.0
scap-security-guide: remove __pycache__ in ptest directory
openscap: upgrade 1.3.9 -> 1.3.10
scap-security-guide: upgrade 0.1.71 -> 0.1.72
scap-security-guide: upgrade 0.1.72 -> 0.1.73
meta-raspberrypi: 1879cb831f..eb8ffc4e63:
Khem Raj (1):
recipes: Switch to using UNPACKDIR instead of WORKDIR
Martin Jansa (5):
linux: drop unused rpi4-64-kernel-misc.cfg
linux: drop unused 5.15 version
rpi-u-boot-scr: use UNPACKDIR
layer.conf: declare compatibility only with styhead
gstreamer1.0-omx: remove the .bbappend
Matthias Klein (1):
linux-firmware-rpidistro: Fix wireless on model Zero 2 W
Tim Orling (3):
layer.conf: rpi5 recommends lts-u-boot-mixin
u-boot: re-enable rapsberrypi5
raspberrypi5.conf: Fix KERNEL_IMAGETYPE_UBOOT
Vincent Davis Jr (1):
rpidistro-ffmpeg: upgrade 4.3.4 -> 5.1.4
alperak (1):
rpi-cmdline: Fix being renamed of network interfaces
meta-arm: 17df9c4ebc..981425c54e:
Abdellatif El Khlifi (4):
arm-bsp/external-system: costone1000: install the firmware in the filesystem
arm-bsp/u-boot: corstone1000: add external system DTS node
arm-bsp/linux-yocto: corstone1000: add external system control support
arm-bsp/corstone1000-recovery-image: replace core-image-minimal
Adam Johnston (1):
arm-bsp/corstone1000: Fix RSA key generation issue
Ali Can Ozaslan (1):
arm-bsp/trusted-firmware-m: corstone1000: fix crypto failure on mps3
Amr Mohamed (3):
arm-systemready/linux-distros: Upgrade the Debian version to 12.4
arm-systemready/linux-distros: Upgrade the Debian license
arm-systemready/linux-distros: Add a third Linux distribution installation
Andrey Zhizhikin (1):
optee-client: Switch away from S = WORKDIR
Ben Cownley (1):
arm-systemready/linux-distros: Upgrade the openSUSE version to 15.5
Bence Balogh (25):
kas: corstone1000: disable multiconfig for firmware builds
arm-bsp/corstone1000-flash-firmware-image: add nopt generation
arm/uefi_capsule: use U-Boot for capsule generation
arm-bsp/documentation: corstone1000: update capsule generation steps
arm-bsp/u-boot: corstone1000: update TS RPC protocol
arm-bsp/trusted-services:cs1000: fix deployments
arm-bsp/trusted-services: rebase corstone1000 patches
arm-bsp/trusted-firmware-m: replace OpenAMP with RSE Comms
arm-bsp/corstone1000-flash-firmware-image: add nopt generation
arm/uefi_capsule: use U-Boot for capsule generation
arm-bsp/documentation: corstone1000: update capsule generation steps
arm-bsp/corstone1000-flash-firmware-image: fix capsule dependency issue
arm-bsp/doc: corstone1000: update A+M communication
arm-bsp/trusted-firmware-m: remove OpenAMP and Libmetal
arm/trusted-services: remove OpenAMP and Libmetal
arm-bsp/trusted-services: corstone1000: fix IAT test
arm-bsp/trusted-services: corstone1000: add EFI var handling fixes
arm-bsp/trusted-services: corstone1000: add fixes for private auth vars
arm-bsp/trusted-firmware-m: corstone1000: increase PS sizes
arm-bsp/trusted-services: corstone1000: increase comm buffer size
arm-bsp/trusted-firmware-m: corstone1000: increase RSE_COMMS buff size
arm-bsp/trusted-firmware-m: corstone1000: remove capsule update reset
kas: corstone1000: remove Arm-FVP-EULA flag
arm-bsp/documentation: corstone1000: update the boot chain
arm-bsp/documentation: corstone1000: improve tests documentation
Delane Brandy (1):
arm-bsp/corstone1000: update the documentation
Drew Reed (6):
arm-systemready: Fix regex in arm-systemready-ir-acs recipe
arm: Handle nodistro in firmware deployment
arm-bsp: corstone1000: Configure Corstone-1000 to use the meta-arm-systemready layer
arm-bsp: corstone1000: Make ESP partition available to Corstone-1000
arm-bsp/corstone1000: Update Corstone-1000 user guide
ci: Add Corstone-1000 to the SystemReady ACS build
Emekcan Aras (6):
arm-bsp/u-boot: corstone1000: Change MMCOMM buffer location
arm-bsp/trusted-services: corstone1000: Change MM comm buffer location
arm-bsp/trusted-firmware-m: corstone1000: Enable host firewall in FVP
arm-bsp/trusted-firmware-a: corstone1000: Remove unused NS_SHARED_RAM region
kas: corstone1000: include TS and PSA dependency for firmware image build
arm-bsp/trusted-firmware-a: corstone1000: fix reset sequence
Gyorgy Szing (10):
arm/trusted-services: Update FFA TEE driver to v2.0.0
arm/trusted-services: Update TS to v1.0.0
arm/trusted-services: fix MbedTLS build issue
arm/trusted-services: fix environment handling
arm/devtools/fvp-base-a-aem: update the AEM FVP to 11.25.15
arm-bsp: enable Trusted Services on the fvp-base platform
arm-bsp/trusted-services: rebase corstone1000 patches
Add support for the TS Firmware Update service
arm/trusted-services: update to 2024 April 19
arm/trusted-services: fix oeqa script
Harsimran Singh Tungal (8):
arm-bsp: corstone1000: Enable SMM gateway authenticated variables
arm-bsp/u-boot: corstone1000: Enable UEFI secure boot
arm-bsp/documentation: corstone1000: Update user guide for secureboot test
arm-bsp/optee: corstone1000: Remove MMCOMM buffer address
arm-bsp/u-boot: corstone1000: Enable secondary cores for Corstone-1000 FVP
arm-bsp/trusted-firmware-a: corstone1000: Multicore support for Corstone-1000 FVP
arm-bsp/trusted-firmware-m: corstone1000: Multicore support for Corstone-1000 FVP
ci,arm-bsp: corstone1000: New MACHINE_FEATURES for Corstone-1000 FVP multicore
Jon Mason (29):
arm-bsp/linux: remove kmeta SRCREV SHA
Revert "arm-bsp/documentation: corstone1000: update capsule generation steps"
Revert "arm/uefi_capsule: use U-Boot for capsule generation"
Revert "arm-bsp/corstone1000-flash-firmware-image: add nopt generation"
CI: add Yocto Project SSTATE Mirror
CI: use scarthgap branch for meta-clang
arm/edk2-basetools: add UPSTREAM_CHECK logic
arm/boot-wrapper-aarch64: add to fvp-base CI
arm/fvp-corstone1000: tweak the versioning
arm/fvp-base-a-aem: disable version checking
arm/trusted-firmware-a: update to lts-2.10.4
arm/trusted-firmware-a: add comment about location of deps
README: add backporting process information
arm/gn: update to latest commit
arm-bsp: remove support for n1sdp
arm-bsp: remove unused recipes
CI: increase bitbake server timeout
arm/optee: update to 4.2.0
arm/oeqa: increase optee and ftpm test timeouts
CI: correct BB_HASHSERVE_UPSTREAM
arm/trusted-firmware-m: update to 2.1.0
arm/trusted-firmware-a: add support for 2.11.0
arm/hafnium: update to v2.11
arm/edk2: update to edk2-stable202405
arm/trusted-firmware-rmm: add UPSTREAM_CHECK and tweak recipe version
arm/trusted-firmware-rmm: update to 0.5.0
arm/arm-tstee: add UPSTREAM_CHECK
Revert "CI: temporarily backport the procps fix"
Docs: add ci/kas, quick start, and release information
Mathieu Poirier (1):
arm/trusted-firmware-rmm: Add bitbake, include and patch file for RMM
Mikko Rapeli (6):
trusted-firmware-a: continue if TPM device is missing
optee-os: inrease heap size with fTPM
oeqa runtime: add optee.py test
oeqa runtime: add ftpm.py test
ci/qemuarm64-secureboot.yml: install optee and test both optee and ftpm
ci/qemuarm-secureboot.yml: install optee and test both optee and ftpm
Ross Burton (36):
arm-bsp/sgi575: upgrade trusted-firmware-a to 2.10
arm-bsp/trusted-firmware-a: remove now-unused 2.9.0 recipe
arm-bsp/linux-yocto-dev: add bbappend to enable this kernel for our BSPs
arm-bsp/fvp-base: improve FVP performance
CI: use scarthgap branches
arm/classes/wic_nopt: remove unused class
arm-bsp/linux-yocto-rt: include linux-arm-platforms unconditionally
ci/testimage: don't :append to IMAGE_FEATURES
CI: add genericarm64
arm-bsp: add new sbsa-ref machine
arm: remove generic-arm64 and qemu-generic-arm64
CI: sort jobs alphabetically
CI: show the evaluated KASFILES
arm-bsp/u-boot: add optimised timer implementation for fvp-base
CI: add Kas schema comments
CI: temporarily backport the procps fix
external-arm-toolchain: ignore warnings about 32-bit time types
CI: remove 32-bit time_t workaround
CI: disable ptest in external-gccarm builds
arm-systemready/arm-systemready-linux-distros: disable buildhistory
CI: build arm-systemready distro images
arm/boot-wrapper-aarch64: use https to fetch git source
arm/trusted-firmware-a: use correct git URL
arm-bsp/ssh-pregen-hostkeys: enable on virtual machines
arm/oeqa/runtime/fvp_boot: move pexpect import into test method
arm-bsp/linux-yocto: fvp-base: remove fvp-timer.cfg
CI: back to master
CI: use pregenerated SSH keys in genericarm64
arm/u-boot: remove obsolete qemuarm patch
arm-bsp/u-boot: update tick.patch to merged patches
arm-bsp/ssh-pregen-hostkeys: fix corstone1000 typo
arm-bsp/edk2-firmware: work around alignment problem with EDK/qemu
documentation/runfvp: use IMAGE_CLASSES instead of INHERIT
arm/optee-ftpm: silence new compiler errors from GCC 14.1
arm-bsp/firmware-image-juno: use UNPACKDIR
arm/libts: use UNPACKDIR
Ryan Eatmon (1):
arm/test-pacbti: Use UNPACKDIR
Thomas Perrot (1):
optee-os: remove NOWERROR from EXTRA_OEMAKE
Change-Id: Iee426a0247f08b126a12ca85bd47eea629285850
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml
index 4f16fcf..506cb48 100644
--- a/meta-arm/.gitlab-ci.yml
+++ b/meta-arm/.gitlab-ci.yml
@@ -72,6 +72,7 @@
- if: '$KERNEL != "linux-yocto-dev"'
script:
- KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME" $EXTRA_KAS_FILES):lockfile.yml
+ - echo KASFILES=$KASFILES
- kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES
- kas build $KASFILES
- ./ci/check-warnings $KAS_WORK_DIR/build/warnings.log
@@ -119,31 +120,6 @@
# VIRT: [none, xen]
# TESTING: testimage
-corstone1000-fvp:
- extends: .build
- parallel:
- matrix:
- - FIRMWARE: corstone1000-firmware-only
- TESTING: [testimage, tftf]
- - FIRMWARE: none
- TESTING: testimage
-
-corstone1000-mps3:
- extends: .build
- parallel:
- matrix:
- - FIRMWARE: corstone1000-firmware-only
- TESTING: [none, tftf]
- - FIRMWARE: none
-
-fvp-base:
- extends: .build
- parallel:
- matrix:
- - TESTING: testimage
- - FIRMWARE: edk2
- - SYSTEMREADY_FIRMWARE: arm-systemready-firmware
-
arm-systemready-ir-acs:
extends: .build
timeout: 12h
@@ -157,11 +133,90 @@
tags:
- ${ACS_TAG}
+# Validate layers are Yocto Project Compatible
+check-layers:
+ extends: .setup
+ script:
+ - kas shell --update --force-checkout ci/base.yml:ci/meta-openembedded.yml:lockfile.yml --command \
+ "yocto-check-layer-wrapper $CI_PROJECT_DIR/$LAYER --dependency $CI_PROJECT_DIR/meta-* $KAS_WORK_DIR/meta-openembedded/meta-oe --no-auto-dependency"
+ parallel:
+ matrix:
+ - LAYER: [meta-arm, meta-arm-bsp, meta-arm-toolchain]
+
+corstone1000-fvp:
+ extends: .build
+ parallel:
+ matrix:
+ - FIRMWARE: corstone1000-firmware-only
+ TESTING: [testimage, tftf]
+ - FIRMWARE: none
+ TESTING: testimage
+ - SYSTEMREADY_FIRMWARE: arm-systemready-firmware
+
+corstone1000-mps3:
+ extends: .build
+ parallel:
+ matrix:
+ - FIRMWARE: corstone1000-firmware-only
+ TESTING: [none, tftf]
+ - FIRMWARE: none
+
+documentation:
+ extends: .setup
+ script:
+ - |
+ # This can be removed when the kas container has python3-venv installed
+ sudo apt-get update && sudo apt-get install --yes python3-venv
+
+ python3 -m venv venv
+ . ./venv/bin/activate
+
+ pip3 install -r meta-arm-bsp/documentation/requirements.txt
+
+ for CONF in meta-*/documentation/*/conf.py ; do
+ echo Building $CONF...
+ SOURCE_DIR=$(dirname $CONF)
+ MACHINE=$(basename $SOURCE_DIR)
+ sphinx-build -vW $SOURCE_DIR build-docs/$MACHINE
+ done
+ test -d build-docs/
+ artifacts:
+ paths:
+ - build-docs/
+
+fvp-base:
+ extends: .build
+ parallel:
+ matrix:
+ - TS: [none, fvp-base-ts]
+ TESTING: testimage
+ - FIRMWARE: edk2
+ - SYSTEMREADY_FIRMWARE: arm-systemready-firmware
+
+arm-systemready-ir-acs:
+ extends: .build
+ timeout: 12h
+ parallel:
+ matrix:
+ # arm-systemready-ir-acs must be specified after fvp-base for ordering
+ # purposes for the jobs-to-kas output. It is not enough to just have it
+ # in the job name because fvp-base.yml overwrites the target.
+ - PLATFORM: [fvp-base, corstone1000-fvp]
+ ARM_SYSTEMREADY_IR_ACS: arm-systemready-ir-acs
+ tags:
+ - ${ACS_TAG}
+
fvps:
extends: .build
-generic-arm64:
+genericarm64:
extends: .build
+ parallel:
+ matrix:
+ - TOOLCHAINS: [gcc, clang]
+ TESTING: testimage
+ - KERNEL: linux-yocto-dev
+ TESTING: testimage
juno:
extends: .build
@@ -170,27 +225,41 @@
- TOOLCHAINS: [gcc, clang]
FIRMWARE: [u-boot, edk2]
+# What percentage of machines in the layer do we build
+machine-coverage:
+ extends: .setup
+ script:
+ - ./ci/check-machine-coverage
+ coverage: '/Coverage: \d+/'
+
+metrics:
+ extends: .setup
+ artifacts:
+ reports:
+ metrics: metrics.txt
+ script:
+ - kas shell --update --force-checkout ci/base.yml --command \
+ "$CI_PROJECT_DIR/ci/patchreview $CI_PROJECT_DIR/meta-* --verbose --metrics $CI_PROJECT_DIR/metrics.txt"
+
musca-b1:
extends: .build
musca-s1:
extends: .build
-n1sdp:
- extends: .build
- parallel:
- matrix:
- - TESTING: [none, n1sdp-ts, n1sdp-optee, tftf]
-
-qemu-generic-arm64:
- extends: .build
- parallel:
- matrix:
- - KERNEL: [linux-yocto, linux-yocto-rt]
- TOOLCHAINS: [gcc, clang]
- TESTING: testimage
- - KERNEL: linux-yocto-dev
- TESTING: testimage
+pending-updates:
+ extends: .setup
+ artifacts:
+ paths:
+ - update-report
+ script:
+ - rm -fr update-report
+ # This configuration has all of the layers we need enabled
+ - kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/meta-secure-core.yml:lockfile.yml --command \
+ "$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)"
+ # Do this on x86 whilst the compilers are x86-only
+ tags:
+ - x86_64
qemuarm64-secureboot:
extends: .build
@@ -257,11 +326,15 @@
- DISTRO: poky-tiny
TESTING: testimage
-sgi575:
+sbsa-ref:
extends: .build
-
-toolchains:
- extends: .build
+ parallel:
+ matrix:
+ - KERNEL: [linux-yocto, linux-yocto-rt]
+ TOOLCHAINS: [gcc, clang]
+ TESTING: testimage
+ - KERNEL: linux-yocto-dev
+ TESTING: testimage
selftest:
extends: .setup
@@ -269,65 +342,8 @@
- KASFILES=./ci/qemuarm64.yml:./ci/selftest.yml:lockfile.yml
- kas shell --update --force-checkout $KASFILES -c 'oe-selftest --num-processes 2 --select-tag meta-arm --run-all-tests'
-# Validate layers are Yocto Project Compatible
-check-layers:
- extends: .setup
- script:
- - kas shell --update --force-checkout ci/base.yml:ci/meta-openembedded.yml:lockfile.yml --command \
- "yocto-check-layer-wrapper $CI_PROJECT_DIR/$LAYER --dependency $CI_PROJECT_DIR/meta-* $KAS_WORK_DIR/meta-openembedded/meta-oe --no-auto-dependency"
- parallel:
- matrix:
- - LAYER: [meta-arm, meta-arm-bsp, meta-arm-toolchain]
+sgi575:
+ extends: .build
-pending-updates:
- extends: .setup
- artifacts:
- paths:
- - update-report
- script:
- - rm -fr update-report
- # This configuration has all of the layers we need enabled
- - kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/meta-secure-core.yml:lockfile.yml --command \
- "$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)"
- # Do this on x86 whilst the compilers are x86-only
- tags:
- - x86_64
-
-# What percentage of machines in the layer do we build
-machine-coverage:
- extends: .setup
- script:
- - ./ci/check-machine-coverage
- coverage: '/Coverage: \d+/'
-
-metrics:
- extends: .setup
- artifacts:
- reports:
- metrics: metrics.txt
- script:
- - kas shell --update --force-checkout ci/base.yml --command \
- "$CI_PROJECT_DIR/ci/patchreview $CI_PROJECT_DIR/meta-* --verbose --metrics $CI_PROJECT_DIR/metrics.txt"
-
-documentation:
- extends: .setup
- script:
- - |
- # This can be removed when the kas container has python3-venv installed
- sudo apt-get update && sudo apt-get install --yes python3-venv
-
- python3 -m venv venv
- . ./venv/bin/activate
-
- pip3 install -r meta-arm-bsp/documentation/requirements.txt
-
- for CONF in meta-*/documentation/*/conf.py ; do
- echo Building $CONF...
- SOURCE_DIR=$(dirname $CONF)
- MACHINE=$(basename $SOURCE_DIR)
- sphinx-build -vW $SOURCE_DIR build-docs/$MACHINE
- done
- test -d build-docs/
- artifacts:
- paths:
- - build-docs/
+toolchains:
+ extends: .build
diff --git a/meta-arm/README.md b/meta-arm/README.md
index e77e5ac..7988152 100644
--- a/meta-arm/README.md
+++ b/meta-arm/README.md
@@ -8,7 +8,7 @@
* meta-arm-bsp
- This layer contains machines for Arm reference platforms, for example FVP Base, N1SDP, and Juno.
+ This layer contains machines for Arm reference platforms, for example FVP Base, Corstone1000, and Juno.
* meta-arm-toolchain
@@ -19,19 +19,23 @@
* ci
- This directory contains gitlab continuous integration configuration files (KAS yaml files) as well as scripts needed for this
+ This directory contains gitlab continuous integration configuration files (KAS yaml files) as well as scripts needed for this.
+
+* documentation
+
+ This directory contains information on the files in this repository, building, and other relevant documents.
* kas
- This directory contains KAS yaml files to describe builds for systems not used in CI
+ This directory contains KAS yaml files to describe builds for systems not used in CI.
* scripts
- This directory contains scripts used in running the CI tests
+ This directory contains scripts used in running the CI tests.
Mailing List
------------
-To interact with the meta-arm developer community, please email the meta-arm mailing list at meta-arm@lists.yoctoproject.org
+To interact with the meta-arm developer community, please email the meta-arm mailing list at <meta-arm@lists.yoctoproject.org>.
Currently, it is configured to only allow emails to members from those subscribed.
To subscribe to the meta-arm mailing list, please go to
https://lists.yoctoproject.org/g/meta-arm
@@ -42,32 +46,51 @@
information on how to submit a patch, please read
https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded
-E-mail meta-arm@lists.yoctoproject.org with patches created using this process. You can configure git-send-email to automatically use this address for the meta-arm repository with the following git command:
+E-mail <meta-arm@lists.yoctoproject.org> with patches created using this process. You can configure git-send-email to automatically use this address for the meta-arm repository with the following git command:
-$ git config --local --add sendemail.to meta-arm@lists.yoctoproject.org
+`$ git config --local --add sendemail.to meta-arm@lists.yoctoproject.org`
Commits and patches added should follow the OpenEmbedded patch guidelines:
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
The component being changed in the shortlog should be prefixed with the layer name (without the meta- prefix), for example:
+> arm-bsp/trusted-firmware-a: decrease frobbing level
- arm-bsp/trusted-firmware-a: decrease frobbing level
+> arm-toolchain/gcc: enable foobar v2
- arm-toolchain/gcc: enable foobar v2
+All contributions are under the [MIT License](/COPYING.MIT).
+
+For a quick start guide on how to build and use meta-arm, go to [quick-start.md](/documentation/quick-start.md).
+
+For information on the continuous integration done on meta-arm and how to use it, go to [continuous-integration-and-kas.md](/documentation/continuous-integration-and-kas.md).
+
+Backporting
+--------------
+Backporting patches to older releases may be done upon request, but only after a version of the patch has been accepted into the master branch. This is done by adding the branch name to email subject line. This should be between the square brackets (e.g., "[" and "]"), and before or after the "PATCH". For example,
+> [nanbield PATCH] arm/linux-yocto: backport patch to fix 6.5.13 networking issues
+
+Automatic backporting will be done to all branches if the "Fixes: <SHA>" wording is added to the patch commit message. This is similar to how the Linux kernel community does their LTS kernel backporting. For more information see the "Fixes" portion of
+https://www.kernel.org/doc/html/latest/process/submitting-patches.html#submittingpatches
Releases and Release Schedule
--------------
We follow the Yocto Project release methodology, schedule, and stable/LTS support timelines. For more information on these, please reference:
-https://docs.yoctoproject.org/ref-manual/release-process.html
-https://wiki.yoctoproject.org/wiki/Releases
-https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS
+* https://docs.yoctoproject.org/ref-manual/release-process.html
+* https://wiki.yoctoproject.org/wiki/Releases
+* https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS
+
+For more in-depth information on the meta-arm release and branch methodology, go to </documentation/releases.md>.
Reporting bugs
--------------
-E-mail meta-arm@lists.yoctoproject.org with the error encountered and the steps
+E-mail <meta-arm@lists.yoctoproject.org> with the error encountered and the steps
to reproduce the issue.
+Security and Reporting Security Issues
+--------------
+For information on the security of meta-arm and how to report issues, please consult [SECURITY.md](/SECURITY.md).
+
Maintainer(s)
-------------
* Jon Mason <jon.mason@arm.com>
diff --git a/meta-arm/SECURITY.md b/meta-arm/SECURITY.md
index 0fa6cbc..403d62f 100644
--- a/meta-arm/SECURITY.md
+++ b/meta-arm/SECURITY.md
@@ -18,7 +18,7 @@
meta-arm@lists.yoctoproject.org and arm-security@arm.com.
If you are dealing with a not-yet released or urgent issue, please send a mail
-to the maintainers (see README.md) and arm-security@arm.com, including as much
+to the maintainers \(see [README.md](/README.md)\) and arm-security@arm.com, including as much
detail as possible. Encrypted emails using PGP are welcome.
For more information, please visit https://developer.arm.com/support/arm-security-updates/report-security-vulnerabilities.
@@ -27,11 +27,20 @@
## Branches maintained with security fixes
meta-arm follows the Yocto release model, so see
-[https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and
-LTS] for detailed info regarding the policies and maintenance of stable
+[Stable release and LTS](https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS)
+for detailed info regarding the policies and maintenance of stable
branches.
-The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
+The [Release page](https://wiki.yoctoproject.org/wiki/Releases) contains a list of all
releases of the Yocto Project. Versions in grey are no longer actively maintained with
security patches, but well-tested patches may still be accepted for them for
significant issues.
+
+
+# Disclaimer
+
+Arm reference solutions are Arm public example software projects that track and
+pull upstream components, incorporating their respective security fixes
+published over time. Arm partners are responsible for ensuring that the
+components they use contain all the required security fixes, if and when they
+deploy a product derived from Arm reference solutions.
diff --git a/meta-arm/ci/arm-systemready-firmware.yml b/meta-arm/ci/arm-systemready-firmware.yml
index 1854c2a..4b97537 100644
--- a/meta-arm/ci/arm-systemready-firmware.yml
+++ b/meta-arm/ci/arm-systemready-firmware.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 11
includes:
diff --git a/meta-arm/ci/arm-systemready-ir-acs.yml b/meta-arm/ci/arm-systemready-ir-acs.yml
index 6cfead6..e31a264 100644
--- a/meta-arm/ci/arm-systemready-ir-acs.yml
+++ b/meta-arm/ci/arm-systemready-ir-acs.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 11
includes:
@@ -12,3 +14,6 @@
target:
- arm-systemready-ir-acs
+ - arm-systemready-linux-distros-debian
+ - arm-systemready-linux-distros-opensuse
+ - arm-systemready-linux-distros-fedora
diff --git a/meta-arm/ci/base.yml b/meta-arm/ci/base.yml
index 4296d27..d1c933d 100644
--- a/meta-arm/ci/base.yml
+++ b/meta-arm/ci/base.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
@@ -27,12 +29,12 @@
local_conf_header:
base: |
CONF_VERSION = "2"
+ BB_SERVER_TIMEOUT = "300"
setup: |
PACKAGE_CLASSES = "package_ipk"
PACKAGECONFIG:remove:pn-qemu-system-native = "gtk+ sdl"
PACKAGECONFIG:append:pn-perf = " coresight"
INHERIT += "rm_work"
- DISTRO_FEATURES:remove = "ptest"
extrapackages: |
CORE_IMAGE_EXTRA_INSTALL += "perf opencsd"
CORE_IMAGE_EXTRA_INSTALL:append:aarch64 = " gator-daemon"
diff --git a/meta-arm/ci/clang.yml b/meta-arm/ci/clang.yml
index b9425fa..9b2d194 100644
--- a/meta-arm/ci/clang.yml
+++ b/meta-arm/ci/clang.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/corstone1000-common.yml b/meta-arm/ci/corstone1000-common.yml
index 7fe9e87..3f47b3a 100644
--- a/meta-arm/ci/corstone1000-common.yml
+++ b/meta-arm/ci/corstone1000-common.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
diff --git a/meta-arm/ci/corstone1000-firmware-only.yml b/meta-arm/ci/corstone1000-firmware-only.yml
index 8af0146..a229891 100644
--- a/meta-arm/ci/corstone1000-firmware-only.yml
+++ b/meta-arm/ci/corstone1000-firmware-only.yml
@@ -1,4 +1,5 @@
----
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
diff --git a/meta-arm/ci/corstone1000-fvp.yml b/meta-arm/ci/corstone1000-fvp.yml
index c4e5737..c2bf945 100644
--- a/meta-arm/ci/corstone1000-fvp.yml
+++ b/meta-arm/ci/corstone1000-fvp.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
diff --git a/meta-arm/ci/corstone1000-mps3.yml b/meta-arm/ci/corstone1000-mps3.yml
index 7a1fc9e..9b87b25 100644
--- a/meta-arm/ci/corstone1000-mps3.yml
+++ b/meta-arm/ci/corstone1000-mps3.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
diff --git a/meta-arm/ci/cve.yml b/meta-arm/ci/cve.yml
index e2aca0e..d060d29 100644
--- a/meta-arm/ci/cve.yml
+++ b/meta-arm/ci/cve.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/debug.yml b/meta-arm/ci/debug.yml
index 6ca1a07..371035a 100644
--- a/meta-arm/ci/debug.yml
+++ b/meta-arm/ci/debug.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/edk2.yml b/meta-arm/ci/edk2.yml
index 3a5c4ce..d32e364 100644
--- a/meta-arm/ci/edk2.yml
+++ b/meta-arm/ci/edk2.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/external-gccarm.yml b/meta-arm/ci/external-gccarm.yml
index a3313d8..8985a1b 100644
--- a/meta-arm/ci/external-gccarm.yml
+++ b/meta-arm/ci/external-gccarm.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
@@ -6,6 +8,6 @@
SKIP_RECIPE[gcc-cross-arm] = "Using external toolchain"
TCMODE = "external-arm"
EXTERNAL_TOOLCHAIN = "${TOPDIR}/toolchains/${TARGET_ARCH}"
- # Temporary workaround for a number binaries in the toolchains that are using 32bit timer API
- # This must be done here instead of the recipe because of all the libraries in the toolchain have the issue
- INSANE_SKIP:append = " 32bit-time"
+ # Disable ptest as this pulls target compilers, which don't
+ # work with external toolchain currently
+ DISTRO_FEATURES:remove = "ptest"
diff --git a/meta-arm/ci/fvp-base-ts.yml b/meta-arm/ci/fvp-base-ts.yml
new file mode 100644
index 0000000..ae74334
--- /dev/null
+++ b/meta-arm/ci/fvp-base-ts.yml
@@ -0,0 +1,34 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
+header:
+ version: 14
+ includes:
+ - ci/fvp-base.yml
+ - ci/meta-openembedded.yml
+ - ci/testimage.yml
+
+local_conf_header:
+ trusted_services: |
+ # Enable the needed test suites
+ TEST_SUITES = " ping ssh trusted_services"
+ # Include all Secure Partitions into the image
+ MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
+ MACHINE_FEATURES:append = " ts-attestation ts-smm-gateway optee-spmc-test"
+ MACHINE_FEATURES:append = " ts-block-storage ts-fwu"
+ # Include TS demo/test tools into image
+ IMAGE_INSTALL:append = " packagegroup-ts-tests"
+ # Include TS PSA Arch tests into image
+ IMAGE_INSTALL:append = " packagegroup-ts-tests-psa"
+ CORE_IMAGE_EXTRA_INSTALL += "optee-test"
+ # Set the TS environment
+ TS_ENV="sp"
+ # Enable and configure semihosting
+ FVP_CONFIG[cluster0.cpu0.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
+ FVP_CONFIG[cluster0.cpu1.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
+ FVP_CONFIG[cluster0.cpu2.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
+ FVP_CONFIG[cluster0.cpu3.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
+ FVP_CONFIG[cluster1.cpu0.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
+ FVP_CONFIG[cluster1.cpu1.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
+ FVP_CONFIG[cluster1.cpu2.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
+ FVP_CONFIG[cluster1.cpu3.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
+ FVP_CONFIG[semihosting-enable] = "True"
diff --git a/meta-arm/ci/fvp-base.yml b/meta-arm/ci/fvp-base.yml
index 7441ea4..bbc6c44 100644
--- a/meta-arm/ci/fvp-base.yml
+++ b/meta-arm/ci/fvp-base.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
@@ -5,3 +7,7 @@
- ci/fvp.yml
machine: fvp-base
+
+target:
+ - core-image-sato
+ - boot-wrapper-aarch64
diff --git a/meta-arm/ci/fvp.yml b/meta-arm/ci/fvp.yml
index e9f3fa9..2bf1cef 100644
--- a/meta-arm/ci/fvp.yml
+++ b/meta-arm/ci/fvp.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/fvps.yml b/meta-arm/ci/fvps.yml
index c651614..8f1de17 100644
--- a/meta-arm/ci/fvps.yml
+++ b/meta-arm/ci/fvps.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
# Simple target to build the FVPs that are publically available
header:
diff --git a/meta-arm/ci/gcc.yml b/meta-arm/ci/gcc.yml
index 260199a..1f368c2 100644
--- a/meta-arm/ci/gcc.yml
+++ b/meta-arm/ci/gcc.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/generic-arm64.yml b/meta-arm/ci/generic-arm64.yml
deleted file mode 100644
index 5d944ef..0000000
--- a/meta-arm/ci/generic-arm64.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-header:
- version: 14
- includes:
- - ci/base.yml
-
-machine: generic-arm64
diff --git a/meta-arm/ci/genericarm64.yml b/meta-arm/ci/genericarm64.yml
new file mode 100644
index 0000000..2fbe766
--- /dev/null
+++ b/meta-arm/ci/genericarm64.yml
@@ -0,0 +1,21 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
+header:
+ version: 14
+ includes:
+ - ci/base.yml
+
+repos:
+ poky:
+ layers:
+ meta-yocto-bsp:
+
+local_conf_header:
+ bootloader: |
+ # If running genericarm64 in a qemu we need to manually build the bootloader
+ EXTRA_IMAGEDEPENDS += "virtual/bootloader"
+ sshpregen: |
+ # Allow the use of the pregen keys as this is CI so safe
+ COMPATIBLE_MACHINE:pn-ssh-pregen-hostkeys:genericarm64 = "genericarm64"
+
+machine: genericarm64
diff --git a/meta-arm/ci/glibc.yml b/meta-arm/ci/glibc.yml
index 3c9f9eb..0bfe026 100644
--- a/meta-arm/ci/glibc.yml
+++ b/meta-arm/ci/glibc.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/juno.yml b/meta-arm/ci/juno.yml
index 552e325..e812ec8 100644
--- a/meta-arm/ci/juno.yml
+++ b/meta-arm/ci/juno.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
diff --git a/meta-arm/ci/linux-yocto-dev.yml b/meta-arm/ci/linux-yocto-dev.yml
index 5ee7afb..1b8d976 100644
--- a/meta-arm/ci/linux-yocto-dev.yml
+++ b/meta-arm/ci/linux-yocto-dev.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/linux-yocto-rt.yml b/meta-arm/ci/linux-yocto-rt.yml
index 65a276c..9430cce 100644
--- a/meta-arm/ci/linux-yocto-rt.yml
+++ b/meta-arm/ci/linux-yocto-rt.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/linux-yocto.yml b/meta-arm/ci/linux-yocto.yml
index e9ccdcb..22d57f2 100644
--- a/meta-arm/ci/linux-yocto.yml
+++ b/meta-arm/ci/linux-yocto.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/meta-openembedded.yml b/meta-arm/ci/meta-openembedded.yml
index 743fdde..499216b 100644
--- a/meta-arm/ci/meta-openembedded.yml
+++ b/meta-arm/ci/meta-openembedded.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/meta-secure-core.yml b/meta-arm/ci/meta-secure-core.yml
index 2d9fc2c..b34562b 100644
--- a/meta-arm/ci/meta-secure-core.yml
+++ b/meta-arm/ci/meta-secure-core.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/meta-virtualization.yml b/meta-arm/ci/meta-virtualization.yml
index f0f6280..c0ba70b 100644
--- a/meta-arm/ci/meta-virtualization.yml
+++ b/meta-arm/ci/meta-virtualization.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
diff --git a/meta-arm/ci/musca-b1.yml b/meta-arm/ci/musca-b1.yml
index db2adc9..1437b8a 100644
--- a/meta-arm/ci/musca-b1.yml
+++ b/meta-arm/ci/musca-b1.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
diff --git a/meta-arm/ci/musca-s1.yml b/meta-arm/ci/musca-s1.yml
index 974badf..a7fa680 100644
--- a/meta-arm/ci/musca-s1.yml
+++ b/meta-arm/ci/musca-s1.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
diff --git a/meta-arm/ci/musl.yml b/meta-arm/ci/musl.yml
index 641c470..e20a4af 100644
--- a/meta-arm/ci/musl.yml
+++ b/meta-arm/ci/musl.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/n1sdp-optee.yml b/meta-arm/ci/n1sdp-optee.yml
deleted file mode 100644
index f2b50ab..0000000
--- a/meta-arm/ci/n1sdp-optee.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-header:
- version: 14
-
-# Config specific for the optee-xtests
-local_conf_header:
- optee-test: |
- # Include ARM FFA
- MACHINE_FEATURES:append = " arm-ffa"
- # Include trusted services
- TEST_SUITES:append = " trusted_services"
- # Include Optee xtests
- IMAGE_INSTALL:append = " optee-test"
diff --git a/meta-arm/ci/n1sdp-ts.yml b/meta-arm/ci/n1sdp-ts.yml
deleted file mode 100644
index 641d376..0000000
--- a/meta-arm/ci/n1sdp-ts.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-header:
- version: 14
- includes:
- - ci/meta-openembedded.yml
-
-local_conf_header:
- trusted_services: |
- TEST_SUITES:append = " trusted_services"
- # Include TS Crypto, TS Protected Storage, TS Internal and Trusted Storage SPs into optee-os image
- MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
- # Include TS demo/test tools into image
- IMAGE_INSTALL:append = " packagegroup-ts-tests"
- # Include TS PSA Arch tests into image
- IMAGE_INSTALL:append = " packagegroup-ts-tests-psa"
diff --git a/meta-arm/ci/n1sdp.yml b/meta-arm/ci/n1sdp.yml
deleted file mode 100644
index c1b654d..0000000
--- a/meta-arm/ci/n1sdp.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-header:
- version: 14
- includes:
- - ci/base.yml
-
-machine: n1sdp
-
-local_conf_header:
- unsupported_trusted_services: |
- MACHINE_FEATURES:remove = "ts-smm-gateway"
diff --git a/meta-arm/ci/poky-tiny.yml b/meta-arm/ci/poky-tiny.yml
index f176301..41f9a39 100644
--- a/meta-arm/ci/poky-tiny.yml
+++ b/meta-arm/ci/poky-tiny.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/poky.yml b/meta-arm/ci/poky.yml
index d6887a9..db139df 100644
--- a/meta-arm/ci/poky.yml
+++ b/meta-arm/ci/poky.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/qemu-generic-arm64.yml b/meta-arm/ci/qemu-generic-arm64.yml
deleted file mode 100644
index 43ae256..0000000
--- a/meta-arm/ci/qemu-generic-arm64.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-header:
- version: 14
- includes:
- - ci/generic-arm64.yml
-
-local_conf_header:
- failing_tests: |
- DEFAULT_TEST_SUITES:remove = "parselogs"
-
-machine: qemu-generic-arm64
-
-target:
- - core-image-sato
- - sbsa-acs
diff --git a/meta-arm/ci/qemuarm-secureboot.yml b/meta-arm/ci/qemuarm-secureboot.yml
index 97e9903..6d9f4ee 100644
--- a/meta-arm/ci/qemuarm-secureboot.yml
+++ b/meta-arm/ci/qemuarm-secureboot.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
@@ -7,6 +9,8 @@
target:
- core-image-base
- - optee-examples
- - optee-test
- - optee-os-tadevkit
+
+local_conf_header:
+ optee: |
+ IMAGE_INSTALL:append = " optee-test optee-client optee-os-ta"
+ TEST_SUITES:append = " optee ftpm"
diff --git a/meta-arm/ci/qemuarm.yml b/meta-arm/ci/qemuarm.yml
index 18fef52..31192ae 100644
--- a/meta-arm/ci/qemuarm.yml
+++ b/meta-arm/ci/qemuarm.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
diff --git a/meta-arm/ci/qemuarm64-secureboot-ts.yml b/meta-arm/ci/qemuarm64-secureboot-ts.yml
index e18ce1a..adf1f2f 100644
--- a/meta-arm/ci/qemuarm64-secureboot-ts.yml
+++ b/meta-arm/ci/qemuarm64-secureboot-ts.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
diff --git a/meta-arm/ci/qemuarm64-secureboot.yml b/meta-arm/ci/qemuarm64-secureboot.yml
index c4943cb..b26941e 100644
--- a/meta-arm/ci/qemuarm64-secureboot.yml
+++ b/meta-arm/ci/qemuarm64-secureboot.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
@@ -7,6 +9,8 @@
target:
- core-image-base
- - optee-examples
- - optee-test
- - optee-os-tadevkit
+
+local_conf_header:
+ optee: |
+ IMAGE_INSTALL:append = " optee-test optee-client optee-os-ta"
+ TEST_SUITES:append = " optee ftpm"
diff --git a/meta-arm/ci/qemuarm64.yml b/meta-arm/ci/qemuarm64.yml
index cd03e94..9c69636 100644
--- a/meta-arm/ci/qemuarm64.yml
+++ b/meta-arm/ci/qemuarm64.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
diff --git a/meta-arm/ci/qemuarmv5.yml b/meta-arm/ci/qemuarmv5.yml
index c2ff6c8..b0a8bbd 100644
--- a/meta-arm/ci/qemuarmv5.yml
+++ b/meta-arm/ci/qemuarmv5.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
diff --git a/meta-arm/ci/sbsa-ref.yml b/meta-arm/ci/sbsa-ref.yml
new file mode 100644
index 0000000..99e4ed7
--- /dev/null
+++ b/meta-arm/ci/sbsa-ref.yml
@@ -0,0 +1,12 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
+header:
+ version: 14
+ includes:
+ - ci/base.yml
+
+machine: sbsa-ref
+
+target:
+ - core-image-sato
+ - sbsa-acs
diff --git a/meta-arm/ci/selftest.yml b/meta-arm/ci/selftest.yml
index e519851..e36d62c 100644
--- a/meta-arm/ci/selftest.yml
+++ b/meta-arm/ci/selftest.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/sgi575.yml b/meta-arm/ci/sgi575.yml
index faab716..e431382 100644
--- a/meta-arm/ci/sgi575.yml
+++ b/meta-arm/ci/sgi575.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
diff --git a/meta-arm/ci/sstate-mirror.yml b/meta-arm/ci/sstate-mirror.yml
new file mode 100644
index 0000000..4bcbd76
--- /dev/null
+++ b/meta-arm/ci/sstate-mirror.yml
@@ -0,0 +1,11 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
+header:
+ version: 14
+
+local_conf_header:
+ sstate_mirror: |
+ BB_HASHSERVE_UPSTREAM = "wss://hashserv.yoctoproject.org/ws"
+ SSTATE_MIRRORS = "file://.* http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH"
+ BB_HASHSERVE = "auto"
+ BB_SIGNATURE_HANDLER = "OEEquivHash"
diff --git a/meta-arm/ci/testimage.yml b/meta-arm/ci/testimage.yml
index a0e9025..a9b13d9 100644
--- a/meta-arm/ci/testimage.yml
+++ b/meta-arm/ci/testimage.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
@@ -12,7 +14,7 @@
slirp: |
TEST_RUNQEMUPARAMS = "slirp"
sshd: |
- IMAGE_FEATURES:append = " ssh-server-dropbear"
+ IMAGE_FEATURES += "ssh-server-dropbear"
sshkeys: |
CORE_IMAGE_EXTRA_INSTALL += "ssh-pregen-hostkeys"
universally_failing_tests: |
diff --git a/meta-arm/ci/tftf.yml b/meta-arm/ci/tftf.yml
index 33a8a4f..af1c486 100644
--- a/meta-arm/ci/tftf.yml
+++ b/meta-arm/ci/tftf.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/toolchains.yml b/meta-arm/ci/toolchains.yml
index 056269b..c323fbe 100644
--- a/meta-arm/ci/toolchains.yml
+++ b/meta-arm/ci/toolchains.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
diff --git a/meta-arm/ci/u-boot.yml b/meta-arm/ci/u-boot.yml
index c693b8b..be59543 100644
--- a/meta-arm/ci/u-boot.yml
+++ b/meta-arm/ci/u-boot.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
diff --git a/meta-arm/ci/xen.yml b/meta-arm/ci/xen.yml
index f4a8f9a..d855369 100644
--- a/meta-arm/ci/xen.yml
+++ b/meta-arm/ci/xen.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
header:
version: 14
includes:
diff --git a/meta-arm/documentation/continuous-integration-and-kas.md b/meta-arm/documentation/continuous-integration-and-kas.md
new file mode 100644
index 0000000..2eb54cf
--- /dev/null
+++ b/meta-arm/documentation/continuous-integration-and-kas.md
@@ -0,0 +1,67 @@
+# **CI for Yocto Project and meta-arm**
+# **CI for Yocto Project**
+The Yocto Project has an autobuilder that performs nightly builds and image tests on all of the defined QEMU machines, including qemuarm and qemuarm64 Also, it currently runs builds on the hardware reference platforms including genericarm64 and meta-arm mahines fvp-base and sbsa-ref. More information on the autobuilder can be found at <https://autobuilder.yoctoproject.org/>.
+
+More information on the image tests can be found at <https://wiki.yoctoproject.org/wiki/Image_tests>.
+
+The Yocto Project also has the ability to have individual package tests, ptests. For more information on those, go to <https://wiki.yoctoproject.org/wiki/Ptest>.
+# **CI for meta-arm**
+meta-arm is using the Gitlab CI infrastructure. This is currently being done internal to Arm, but an external version can be seen at <https://gitlab.com/jonmason00/meta-arm/-/pipelines>.
+
+This CI is constantly being expanded to provide increased coverage of the software and hardware supported in meta-arm. All platforms are required to add a kas file and `.gitlab-ci.yml` entry as part of the initial patch series. More information on kas can be found at <https://github.com/siemens/kas>.
+
+To this end, it would be wise to run kas locally to verify everything works prior to pushing to the CI build system.
+## **Running kas locally**
+### **Install kas**
+kas can be installed with pip, for example:
+```
+$ pip3 install --user kas
+```
+
+See <https://kas.readthedocs.io/en/latest/userguide/getting-started.html> for information on the dependencies and more.
+
+This assumes that the kas path ($HOME/.local/bin) is in $PATH. If not, the user will need to manually add this or the kas command will not be found.
+
+### **Run kas locally**
+```
+$ cd ~/meta-arm/
+$ kas build kas/juno.yml
+```
+
+By default kas will create a build directory under meta-arm to contain the checked out layers, build directory, and downloads. You can change this by setting environment variables. DL\_DIR and SSTATE\_DIR are respected so these can point at existing directories, and setting KAS\_WORK\_DIR to the directory where repositories are already cloned will save having to re-fetch. This can look something like:
+```
+$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/qemuarm64.yml:ci/testimage.yml
+```
+
+See the [quick start guide](/documentation/quick-start.md) for more information on how to set this up.
+
+## **Locked Revisions in CI with lockfiles**
+The CI in meta-arm will generate a kas "lock file" when it starts to ensure that all of the builds checkout the same revision of the various different layers that are used. If this isn't done then there's a chance that a layer will be modified upstream during the CI, which results in some builds failing and some builds passing.
+
+This lock file is saved as an artefact of the update-repos job by the CI, and only generated if it doesn't already exist in the repository. This can be used to force specific revisions of layers to be used instead of HEAD, which can be useful if upstream changes are causing problems in development.
+
+The lockfile.yml can be downloaded manually, but there's a script in meta-arm to fetch the lock file for the latest successful build of the specified branch:
+
+```
+$ ./ci/download-lockfile.py --help
+usage: download-lockfile.py [-h] server project refspec
+
+positional arguments:
+ server GitLab server name
+ project meta-arm project name
+ refspec Branch/commit
+
+$ ./ci/download-lockfile.py https://gitlab.com/jonmason00/meta-arm master
+Fetched lockfile.yml
+Commit this lockfile.yml to the top-level of the meta-arm repository and the CI will use it automatically.
+```
+# **Relevant Links for kas, CI, and testing**
+<https://github.com/siemens/kas.git>
+
+<https://wiki.yoctoproject.org/wiki/Oe-selftest>
+
+<https://wiki.yoctoproject.org/wiki/Image_tests>
+
+<https://wiki.yoctoproject.org/wiki/Ptest>
+
+<https://wiki.yoctoproject.org/wiki/BSP_Test_Plan>
diff --git a/meta-arm/documentation/quick-start.md b/meta-arm/documentation/quick-start.md
new file mode 100644
index 0000000..2ce5efc
--- /dev/null
+++ b/meta-arm/documentation/quick-start.md
@@ -0,0 +1,105 @@
+# **Yocto Project quick start for Arm system software developers**
+If you want to read the The Yocto Project official quick start documentation, go to <https://docs.yoctoproject.org/brief-yoctoprojectqs/index.html>
+
+If that looks like too much reading, then here is how to do it even faster!
+# **Step 0: Install build deps and kas**
+```
+$ sudo apt install gawk wget git diffstat unzip texinfo gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev python3-subunit mesa-common-dev zstd liblz4-tool file locales libacl1
+
+$ pip install kas
+```
+OR, if you prefer to use a docker will all that stuff already installed:
+
+```
+$ sudo docker run -it --name kas-test --volume /mnt/yocto/:/builds/persist ghcr.io/siemens/kas/kas /bin/bash
+```
+
+> **_NOTE:_**
+> the “--volume” is the directory where your persistent stuff (like downloads and build artifacts) will go to help speed up your builds and can be sharable amongst your builds/containers. If you want to go completely clean-room, feel free to remove it
+# **Step 1: clone meta-arm and build meta-arm**
+```
+$ git clone https://git.yoctoproject.org/meta-arm
+$ cd meta-arm/
+$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/fvp-base.yml:ci/testimage.yml
+```
+> **_NOTE:_**
+> “ci/testimage.yml” will cause the build to run some basic system tests. If you don’t care about verifying basic functionality, then remove it and it should be faster (a few less programs will be added to the system image and the 2-3mins that it takes to run the test will not happen).
+
+> **_NOTE:_**
+> You may wish to add the Yocto Project SSTATE Mirror (especially the first time) to speed up the build by downloading the build fragments (built by the Yocto Project autobuilder) from the internet. This can be done by adding "ci/sstate-mirror.yml" in kas or adding the relevant lines to your local.conf. Using the above example:
+
+```
+$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/fvp-base.yml:ci/sstate-mirror.yml
+```
+
+> **_NOTE:_**
+> This only fetches the parts necessary for your build and may take several minutes depending on your internet connection speed. Also, it only fetches what is available. There may still be a need to build things depending on your configuration.
+
+For more information on kas and various commands, please reference <https://kas.readthedocs.io/en/latest/>.
+
+Depending on what software you are building, fvp-base might not be the machine you want to build for.
+The following website provides an EXTREMELY rough way to tell what software is in what machines, and what versions are being run:
+<https://gitlab.com/jonmason00/meta-arm/-/jobs/artifacts/master/file/update-report/index.html?job=pending-updates>
+
+If, as an example, we’re wanting to develop trusted-firmware-a; then fvp-base will work for us.
+
+### **Okay, you are done! VICTORY!**
+### **Oh, you actually wanted to mess around with the system software source code?**
+# **Step 2: use devtool to get your source**
+Setup your environment via the (non-kas) Yocto Project tools
+
+```
+$ source poky/oe-init-build-env
+```
+
+Use devtool to checkout the version of software being used on the machine above (in the above example, this will be trusted-firmware-a for fvp-base).
+
+```
+$ devtool modify trusted-firmware-a
+```
+
+This will download the source, hopefully in git (depending on how the Yocto Project recipe was written), and should print a path at the end where the source code was checked out. In the trusted-firmware-a example, I got:
+
+> /builder/meta-arm/build/workspace/sources/trusted-firmware-a
+
+Inside of that directory, you should see the relevant source code. In this example, it is a standard git tree. So, you can add remotes, checkout different SHAs, etc
+
+Ok, so you are set with your changes and want to build them.
+
+```
+$ devtool build trusted-firmware-a
+```
+
+This should build the software in question, but it is not yet integrated into a system image. To do that, run:
+
+```
+$ devtool build-image core-image-sato
+```
+
+The image should match the image being used on your machine above. Most of them in meta-arm are set to core-image-sato.
+
+Also, if you used testimage above, it will run testimage now
+### **Okay, you are done! VICTORY!**
+# **Step 3. Testing your patches outside of devtool**
+At this point I will assume you have a patch and want to add it to the base recipe. Using the above example, in the devtool directory:
+```
+$ git format-patch -1
+0001-example.patch
+$ mv 0001-example.patch ~/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/files/
+$ cd ~/meta-arm
+$ devtool reset trusted-firmware-a
+$ echo ‘SRC_URI:append = " file://0001-example.patch" >> meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.3.bb
+```
+
+> **_NOTE:_**
+> there is a space before the “file” and yes it matters very much
+
+At this point, you can go back using kas and verify that the patch works in a clean-ish tree.
+
+```
+$ SSTATE_DIR=/builds/persist/sstate DL_DIR=/builds/persist/downloads kas build ci/fvp-base.yml:ci/testimage.yml
+```
+
+There is obviously much more that can be done and other ways to do similar things.
+
+## **If there are issues or questions then please ask them on the #meta-arm irc channel on libera.chat**
diff --git a/meta-arm/documentation/releases.md b/meta-arm/documentation/releases.md
new file mode 100644
index 0000000..d900c9b
--- /dev/null
+++ b/meta-arm/documentation/releases.md
@@ -0,0 +1,43 @@
+# **meta-arm Releases and Branching**
+## **Release and Branching background**
+The Yocto Project releases twice a year (April and October): "stable" releases are made every six months and have a lifetime of seven months to allow for migration, while "long term support" (LTS) releases are picked every two years starting from Dunfell in April 2020. The standard practice for all Yocto Compatible layers is to create a "named" branch consistent with the code name of that release. For example, the “dunfell” release of the Yocto Project will have a branch named “dunfell” in the official git repository, and layers compatible with dunfell will have a branch named “dunfell”. Thus, a customer can easily organize a collection of appropriate layers to make a product.
+
+In the Yocto Project, these named branches are “stable”, and only take bug fixes or security-critical upgrades. Active development occurs on the master branch. However, this methodology can be problematic if mimicked with the compatible layers. Companies, like Arm, may not wish to release a snapshot of the relevant “master” branches under active development, due to the amount of testing, fixing, and hardening necessary to make a product from a non-stable release. Also, changes to keep the master branch of a layer working with the upstream master branch of the Yocto Project may result in that branch no longer being compatible with named branches (e.g., it might not be possible to mix and match master and dunfell). So, a decision must be made on the branching policy of meta-arm.
+
+## **Adding new Hardware or Software features**
+There are many different ways to resolve this issue. After some discussion, the best solution for us is to allow new hardware enablement (and relevant software features) to be included in LTS named branches (not just bug fixes). This will allow for a more stable software platform for software to be developed, tested, and released. Also, the single branch allows for focused testing (limiting the amount of resources needed for CI/CD), lessens/eliminates code diverging on various branches, and lessens confusion on which branch to use. The risk of making this choice is a potentially non-stable branch which will require more frequent testing to lessen the risk, and not following the “stable” methodology of the core Yocto Project layers (though it is not uncommon for BSP layers to behave this way).
+
+## **Process**
+The process for patches intended on being integrated into only the master branch is the normal internal process of pushing for code review and CI, approval and integration into upstream meta-arm master branch.
+For patches intended on being included in an LTS named branch, the preferred process is to upstream via the master branch, rebase the patch (or series against the intended LTS branch) and send email with the release name in the subject line after the "PATCH" (e.g., "[PATCH dunfell] Add foo to bar").
+
+If there is a time crunch and the preferred way above cannot be completed in time, upstreaming via the LTS branch can occur. This follows the normal process above but without the master integration step. However, any patches upstreamed in this manner must be pushed to master in a timely fashion (after the time crunch). Nagging emails will be sent and managers will be involved as the time grows.
+
+## **Testing**
+See [continuous-integration-and-kas.md](/documentation/continuous-integration-and-kas.md) for information how the layer is tested and what tests are run. It is presumed that all code will be compiled as part of the CI process of the gerrit code review. Also, testing on virtual platforms and code conformity checks will be run when enabled in the process.
+
+## **Branching strategy and releases**
+Named branches for meta-arm will be released as close as possible to the release of the YP LTS release. Meta-arm named branches will be created from the meta-arm master branch.
+
+To minimize the additional work of maintaining multiple branches it is assumed that there will only be two active development branches at any given time: master and the most recent Long Term Stable (LTS) as the named branch. All previous named LTS branches will be EOLed when a new LTS has been released. Any branches that are EOLed will still exist in the meta-arm, but bug fix patches will be accepted. Limited to no testing will occur on EOL’ed branches. Exceptions to this can be made, but must be sized appropriately and agreed to by the relevant parties.
+
+Named branch release will coincide with Yocto Project releases. These non-LTS branches will be bug fix only and will be EOLed on the next release (similar to the YP branching behavior).
+
+### **Branch transitions**
+When YP is approaching release, meta-arm will attempt to stabilize master so that the releases can coincide.
+* T-6 weeks - Email is sent to meta-arm mailing list notifying of upcoming code freeze of features to meta-arm
+* T-4 weeks - Code freeze to meta-arm. Only bug fixes are taken at this point.
+* T-0 - Official upstream release occurs. With no outstanding critical bugs, a new named branch is created based on the current meta-arm master branch. Previous named branches are now frozen and will not accept new patches (but will continue to be present for reference and legacy usage).
+
+## **Tagging**
+### **Branch Tagging**
+When each branch is released, a git tag with the Yocto Project version number will be added. For example, `4.3`. Also, this tag version number will be prepended with "yocto" in a duplicate tag (e.g., "yocto-4.3").
+
+Conciding with the Yocto Project release schedule, every branch which has one or more changes added to it in the previous 6 months will get a minor versioned tag (e.g., "4.3.1" and "yocto-4.3.1").
+
+### **BSP Release Tagging**
+BSP releases for those boards supported in meta-arm-bsp maybe have an additional tag to denote their software releases. The tag will consist of the board name (in all capital letters), year, and month. For example, "CORSTONE1000-2023.11".
+The release schedule for this is outside the standard Yocto Project release candence, but is generally encouraged to be as close to these releases as possible. Similarily, it is recommended the BSP releases be based on the latest LTS branch.
+
+# **Relevant Links**
+<https://wiki.yoctoproject.org/wiki/Releases>
diff --git a/meta-arm/documentation/runfvp.md b/meta-arm/documentation/runfvp.md
index ed14d44..be2d861 100644
--- a/meta-arm/documentation/runfvp.md
+++ b/meta-arm/documentation/runfvp.md
@@ -4,10 +4,10 @@
## Running images with `runfvp`
-To build images with the FVP integration, the `fvpboot` class needs to be inherited. If the machine does not do this explicitly it can be done in `local.conf`:
+To build images with the FVP integration, the `fvpboot` image class needs to be inherited. If the machine does not do this explicitly it can be done in `local.conf`:
```
-INHERIT += "fvpboot"
+IMAGE_CLASSES += "fvpboot"
```
The class will download the correct FVP and write a `.fvpconf` configuration file when an image is built.
diff --git a/meta-arm/documentation/trusted-services.md b/meta-arm/documentation/trusted-services.md
index 70826f6..636ccbf 100644
--- a/meta-arm/documentation/trusted-services.md
+++ b/meta-arm/documentation/trusted-services.md
@@ -18,17 +18,18 @@
| ----------------- | --------------- |
| Attestation | ts-attesation |
| Crypto | ts-crypto |
+| Firmware Update | ts-fwu
| Internal Storage | ts-its |
| Protected Storage | ts-storage |
| se-proxy | ts-se-proxy |
| smm-gateway | ts-smm-gateway |
-| spm-test[1-3] | optee-spmc-test |
+| spm-test[1-4] | optee-spmc-test |
Other steps depend on your machine/platform definition:
1. For communications between Secure and Normal Words Linux kernel option `CONFIG_ARM_FFA_TRANSPORT=y`
is required. If your platform doesn't include it already you can add `arm-ffa` into MACHINE_FEATURES.
- (Please see ` meta-arm/recipes-kernel/arm-ffa-tee`.)
+ (Please see ` meta-arm/recipes-kernel/arm-tstee`.)
For running the `uefi-test` or the `xtest -t ffa_spmc` tests under Linux the `arm-ffa-user` drivel is required. This is
enabled if the `ts-smm-gateway` and/or the `optee-spmc-test` machine features are enabled.
@@ -36,17 +37,19 @@
2. optee-os might require platform specific OP-TEE build parameters (for example what SEL the SPM Core is implemented at).
You can find examples in `meta-arm/recipes-security/optee/optee-os_%.bbappend` for qemuarm64-secureboot machine
- and in `meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc` and `meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc`
- for N1SDP and Corstone1000 platforms accordingly.
+ and in `meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc` for the Corstone1000 platform.
3. trusted-firmware-a might require platform specific TF-A build parameters (SPD and SPMC details on the platform).
See `meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend` for qemuarm64-secureboot machine
- and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc` and
- `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for N1SDP and Corstone1000 platforms.
+ and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for theCorstone1000 platform.
+
+4. Trusted Services supports an SPMC agonistic binary format. To build SPs to this format the `TS_ENV` variable is to be
+ set to `sp`. The resulting SP binaries should be able to boot under any FF-A v1.1 compliant SPMC implementation.
+
## Normal World applications
-Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes
+Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes
[Trusted Services test and demo tools][^3] and [xtest][^4] configured to include the `ffa_spmc` tests.
## OEQA Trusted Services tests
@@ -62,4 +65,4 @@
[^3]: https://trusted-services.readthedocs.io/en/integration/deployments/test-executables.html
-[^4]: https://optee.readthedocs.io/en/latest/building/gits/optee_test.html
\ No newline at end of file
+[^4]: https://optee.readthedocs.io/en/latest/building/gits/optee_test.html
diff --git a/meta-arm/kas/arm-systemready-linux-distros-fedora.yml b/meta-arm/kas/arm-systemready-linux-distros-fedora.yml
new file mode 100644
index 0000000..b2b23d7
--- /dev/null
+++ b/meta-arm/kas/arm-systemready-linux-distros-fedora.yml
@@ -0,0 +1,7 @@
+header:
+ version: 16
+ includes:
+ - kas/arm-systemready-firmware.yml
+
+target:
+ - arm-systemready-linux-distros-fedora
diff --git a/meta-arm/kas/corstone1000-firmware-only.yml b/meta-arm/kas/corstone1000-firmware-only.yml
index f164036..6192a40 100644
--- a/meta-arm/kas/corstone1000-firmware-only.yml
+++ b/meta-arm/kas/corstone1000-firmware-only.yml
@@ -4,6 +4,8 @@
local_conf_header:
firmwarebuild: |
+ BBMULTICONFIG:remove = "firmware"
+
# Need to ensure the rescue linux options are selected
OVERRIDES .= ":firmware"
diff --git a/meta-arm/kas/corstone1000-fvp-multicore.yml b/meta-arm/kas/corstone1000-fvp-multicore.yml
new file mode 100644
index 0000000..d806bb1
--- /dev/null
+++ b/meta-arm/kas/corstone1000-fvp-multicore.yml
@@ -0,0 +1,8 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json
+
+header:
+ version: 14
+
+local_conf_header:
+ fvp-multicore: |
+ MACHINE_FEATURES += "corstone1000_fvp_smp"
diff --git a/meta-arm/kas/corstone1000-fvp.yml b/meta-arm/kas/corstone1000-fvp.yml
index 0d6d5fe..527fd1d 100644
--- a/meta-arm/kas/corstone1000-fvp.yml
+++ b/meta-arm/kas/corstone1000-fvp.yml
@@ -13,7 +13,6 @@
local_conf_header:
testimagefvp: |
- LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
IMAGE_CLASSES += "fvpboot"
mass-storage: |
diff --git a/meta-arm/kas/corstone1000-image-configuration.yml b/meta-arm/kas/corstone1000-image-configuration.yml
index 2b28522..4c3172a 100644
--- a/meta-arm/kas/corstone1000-image-configuration.yml
+++ b/meta-arm/kas/corstone1000-image-configuration.yml
@@ -15,8 +15,8 @@
initramfsetup: |
# Telling the build system which image is responsible of the generation of the initramfs rootfs
INITRAMFS_IMAGE_BUNDLE:firmware = "1"
- INITRAMFS_IMAGE:firmware ?= "core-image-minimal"
- IMAGE_FSTYPES:firmware:pn-core-image-minimal = "${INITRAMFS_FSTYPES}"
+ INITRAMFS_IMAGE:firmware ?= "corstone1000-recovery-image"
+ IMAGE_FSTYPES:firmware:pn-corstone1000-recovery-image = "${INITRAMFS_FSTYPES}"
IMAGE_NAME_SUFFIX:firmware = ""
# enable mdev/busybox for init
@@ -38,3 +38,12 @@
# TS PSA API tests commands for crypto, its, ps and iat
CORE_IMAGE_EXTRA_INSTALL += "packagegroup-ts-tests-psa"
+ CORE_IMAGE_EXTRA_INSTALL:firmware += "packagegroup-ts-tests-psa"
+
+ # external system firmware
+ CORE_IMAGE_EXTRA_INSTALL:firmware += "external-system-elf"
+
+ capsule: |
+ CAPSULE_EXTENSION = "uefi.capsule"
+ CAPSULE_FW_VERSION = "6"
+ CAPSULE_NAME = "${MACHINE}-v${CAPSULE_FW_VERSION}"
diff --git a/meta-arm/meta-arm-bsp/conf/layer.conf b/meta-arm/meta-arm-bsp/conf/layer.conf
index 9013d11..1a45840 100644
--- a/meta-arm/meta-arm-bsp/conf/layer.conf
+++ b/meta-arm/meta-arm-bsp/conf/layer.conf
@@ -26,3 +26,5 @@
"
WARN_QA:append:layer-meta-arm-bsp = " patch-status"
+
+addpylib ${LAYERDIR}/lib oeqa
diff --git a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
index b15c0fa..2c724bf 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
@@ -14,7 +14,10 @@
# FVP Config
FVP_PROVIDER ?= "fvp-corstone1000-native"
FVP_EXE ?= "FVP_Corstone-1000"
-FVP_CONSOLE ?= "host_terminal_0"
+FVP_CONSOLES[default] = "host_terminal_0"
+FVP_CONSOLES[tf-a] = "host_terminal_1"
+FVP_CONSOLES[se] = "secenc_terminal"
+FVP_CONSOLES[extsys] = "extsys_terminal"
#Disable Time Annotation
FASTSIM_DISABLE_TA = "0"
@@ -49,7 +52,7 @@
# MMC card configuration
FVP_CONFIG[board.msd_mmc.card_type] ?= "SDHC"
FVP_CONFIG[board.msd_mmc.p_fast_access] ?= "0"
-FVP_CONFIG[board.msd_mmc.diagnostics] ?= "2"
+FVP_CONFIG[board.msd_mmc.diagnostics] ?= "0"
FVP_CONFIG[board.msd_mmc.p_max_block_count] ?= "0xFFFF"
FVP_CONFIG[board.msd_config.pl180_fifo_depth] ?= "16"
FVP_CONFIG[board.msd_mmc.support_unpadded_images] ?= "true"
@@ -58,10 +61,11 @@
# MMC2 card configuration
FVP_CONFIG[board.msd_mmc_2.card_type] ?= "SDHC"
FVP_CONFIG[board.msd_mmc_2.p_fast_access] ?= "0"
-FVP_CONFIG[board.msd_mmc_2.diagnostics] ?= "2"
+FVP_CONFIG[board.msd_mmc_2.diagnostics] ?= "0"
FVP_CONFIG[board.msd_mmc_2.p_max_block_count] ?= "0xFFFF"
FVP_CONFIG[board.msd_config_2.pl180_fifo_depth] ?= "16"
FVP_CONFIG[board.msd_mmc_2.support_unpadded_images] ?= "true"
+FVP_CONFIG[board.msd_mmc_2.p_mmc_file] ?= "corstone1000-esp-image-${MACHINE}.wic"
# Virtio-Net configuration
FVP_CONFIG[board.virtio_net.enabled] ?= "1"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
index 39ef38b..24d03e7 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
@@ -9,6 +9,7 @@
ARM_SYSTEMREADY_FIRMWARE = "trusted-firmware-a:do_deploy"
ARM_SYSTEMREADY_ACS_CONSOLE = "default"
EXTRA_IMAGEDEPENDS = "${ARM_SYSTEMREADY_FIRMWARE}"
+PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%"
MACHINE_FEATURES = "efi"
@@ -47,6 +48,10 @@
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] = "2222=22"
FVP_CONFIG[bp.virtio_rng.enabled] ?= "1"
FVP_CONFIG[cache_state_modelled] ?= "0"
+FVP_CONFIG[cluster0.check_memory_attributes] ?= "0"
+FVP_CONFIG[cluster1.check_memory_attributes] ?= "0"
+FVP_CONFIG[cluster0.stage12_tlb_size] ?= "1024"
+FVP_CONFIG[cluster1.stage12_tlb_size] ?= "1024"
FVP_CONFIG[bp.secureflashloader.fname] ?= "bl1-fvp.bin"
FVP_CONFIG[bp.flashloader0.fname] ?= "fip-fvp.bin"
FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic"
@@ -58,3 +63,4 @@
FVP_TERMINALS[bp.terminal_1] ?= ""
FVP_TERMINALS[bp.terminal_2] ?= ""
FVP_TERMINALS[bp.terminal_3] ?= ""
+FVP_CONFIG[bp.secure_memory] ?= "1"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
index 7a8905d..c78cc06 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
@@ -55,6 +55,11 @@
WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}"
# If not building under the firmware multiconf we need to build the actual firmware
-FIRMWARE_DEPLOYEMENT ?= "firmware-deploy-image"
-FIRMWARE_DEPLOYEMENT:firmware ?= ""
-EXTRA_IMAGEDEPENDS += "${FIRMWARE_DEPLOYEMENT}"
+FIRMWARE_DEPLOYMENT ?= "firmware-deploy-image"
+FIRMWARE_DEPLOYMENT:firmware ?= ""
+EXTRA_IMAGEDEPENDS += "${FIRMWARE_DEPLOYMENT}"
+
+ARM_SYSTEMREADY_FIRMWARE = "${FIRMWARE_DEPLOYMENT}:do_deploy \
+ corstone1000-esp-image:do_image_complete \
+ "
+ARM_SYSTEMREADY_ACS_CONSOLE ?= "default"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf b/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf
deleted file mode 100644
index 662cf62..0000000
--- a/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf
+++ /dev/null
@@ -1,51 +0,0 @@
-# Configuration for Arm N1SDP development board
-
-#@TYPE: Machine
-#@NAME: N1SDP machine
-#@DESCRIPTION: Machine configuration for N1SDP
-
-require conf/machine/include/arm/armv8-2a/tune-neoversen1.inc
-
-KERNEL_IMAGETYPE = "Image"
-
-IMAGE_FSTYPES += "wic wic.gz wic.bmap tar.bz2 ext4"
-
-SERIAL_CONSOLES = "115200;ttyAMA0"
-
-# Set default WKS
-WKS_FILE ?= "n1sdp-efidisk.wks"
-IMAGE_EFI_BOOT_FILES ?= "n1sdp-multi-chip.dtb n1sdp-single-chip.dtb"
-WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}"
-
-# Use kernel provided by yocto
-PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
-PREFERRED_VERSION_linux-yocto ?= "6.6%"
-
-# RTL8168E Gigabit Ethernet Controller is attached to the PCIe interface
-MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "linux-firmware-rtl8168"
-
-# TF-A
-EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
-TFA_PLATFORM = "n1sdp"
-PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%"
-PREFERRED_VERSION_tf-a-tests ?= "2.10.%"
-
-# SCP
-EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware"
-
-#UEFI EDK2 firmware
-EXTRA_IMAGEDEPENDS += "edk2-firmware"
-PREFERRED_VERSION_edk2-firmware ?= "202311"
-
-#optee
-PREFERRED_VERSION_optee-os ?= "4.1.%"
-PREFERRED_VERSION_optee-os-tadevkit ?= "4.1.%"
-PREFERRED_VERSION_optee-test ?= "4.1.%"
-PREFERRED_VERSION_optee-client ?= "4.1.%"
-
-#grub-efi
-EFI_PROVIDER ?= "grub-efi"
-MACHINE_FEATURES += "efi"
-
-# SD-Card firmware
-EXTRA_IMAGEDEPENDS += "sdcard-image-n1sdp"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/sbsa-ref.conf b/meta-arm/meta-arm-bsp/conf/machine/sbsa-ref.conf
new file mode 100644
index 0000000..ccfc45a
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/conf/machine/sbsa-ref.conf
@@ -0,0 +1,43 @@
+#@TYPE: Machine
+#@NAME: sbsa-ref
+#@DESCRIPTION: Reference SBSA machine in qemu-system-aarch64 on Neoverse N2
+
+require conf/machine/include/arm/armv9a/tune-neoversen2.inc
+require conf/machine/include/qemu.inc
+
+PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
+KERNEL_IMAGETYPE = "Image"
+MACHINE_EXTRA_RRECOMMENDS += "kernel-modules"
+
+MACHINE_FEATURES = " alsa bluetooth efi qemu-usermode rtc screen usbhost vfat wifi"
+
+IMAGE_FSTYPES += "wic.qcow2"
+
+# This unique WIC file is necessary because kernel boot args cannot be passed
+# because there is no default kernel (see below). There is no default kernel
+# because QEMU will only allow firmware or kernel to be passed in as a
+# parameter, and we need the firmware. So, to allow for "ip=dhcp" as a kernel
+# boot arg (which we need for testimage), we have to have a WIC file unique to
+# this platform.
+WKS_FILE = "qemu-efi-disk.wks.in"
+
+EFI_PROVIDER ?= "${@bb.utils.contains("DISTRO_FEATURES", "systemd", "systemd-boot", "grub-efi", d)}"
+
+SERIAL_CONSOLES ?= "115200;ttyAMA0 115200;hvc0"
+
+EXTRA_IMAGEDEPENDS += "edk2-firmware"
+
+QB_SYSTEM_NAME = "qemu-system-aarch64"
+QB_MACHINE = "-machine sbsa-ref"
+QB_CPU = "-cpu neoverse-n2"
+QB_MEM = "-m 1024"
+QB_DEFAULT_FSTYPE = "wic.qcow2"
+QB_NETWORK_DEVICE = "-device virtio-net-pci,netdev=net0,mac=@MAC@"
+QB_DRIVE_TYPE = "/dev/hd"
+QB_ROOTFS_OPT = "-drive file=@ROOTFS@,if=ide,format=qcow2"
+QB_DEFAULT_KERNEL = "none"
+QB_OPT_APPEND = "-device usb-tablet -device usb-kbd -pflash @DEPLOY_DIR_IMAGE@/SBSA_FLASH0.fd -pflash @DEPLOY_DIR_IMAGE@/SBSA_FLASH1.fd"
+QB_SERIAL_OPT = "-device virtio-serial-pci -chardev null,id=virtcon -device virtconsole,chardev=virtcon"
+QB_TCPSERIAL_OPT = "-device virtio-serial-pci -chardev socket,id=virtcon,port=@PORT@,host=127.0.0.1 -device virtconsole,chardev=virtcon"
+# sbsa-ref is a true virtual machine so can't use KVM
+QEMU_USE_KVM = "0"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/sgi575.conf b/meta-arm/meta-arm-bsp/conf/machine/sgi575.conf
index 7f2a285..3c2c94b 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/sgi575.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/sgi575.conf
@@ -9,7 +9,6 @@
EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
-PREFERRED_VERSION_trusted-firmware-a ?= "2.9.%"
KERNEL_IMAGETYPE ?= "Image"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
index 173823b..f22a99c 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
@@ -1,5 +1,5 @@
..
- # Copyright (c) 2022-2023, Arm Limited.
+ # Copyright (c) 2022-2024, Arm Limited.
#
# SPDX-License-Identifier: MIT
@@ -10,6 +10,78 @@
This document contains a summary of the new features, changes and
fixes in each release of Corstone-1000 software stack.
+
+***************
+Version 2024.06
+***************
+
+Changes
+=======
+
+- Re-enabling support for the External System using linux remoteproc (only supporting switching on and off the External System)
+- UEFI Secure Boot and Authenticated Variable support
+- RSE Comms replaces OpenAMP
+- The EFI System partition image is now created by the meta-arm build system.
+ This image is mounted on the second MMC card by default in the FVP.
+- The capsule generation script is now part of the meta-arm build system.
+ Corstone1000-flash-firmware-image recipe generates a capsule binary using the U-Boot capsule generation tool that includes
+ all the firmware binaries and recovery kernel image.
+- SW components upgrades
+- Bug fixes
+
+
+Corstone-1000 components versions
+=================================
+
++-------------------------------------------+-----------------------------------------------------+
+| arm-tstee | 2.0.0 |
++-------------------------------------------+-----------------------------------------------------+
+| linux-yocto | 6.6.23 |
++-------------------------------------------+-----------------------------------------------------+
+| u-boot | 2023.07.02 |
++-------------------------------------------+-----------------------------------------------------+
+| external-system | 0.1.0 |
++-------------------------------------------+-----------------------------------------------------+
+| optee-client | 4.1.0 |
++-------------------------------------------+-----------------------------------------------------+
+| optee-os | 4.1.0 |
++-------------------------------------------+-----------------------------------------------------+
+| trusted-firmware-a | 2.10.4 |
++-------------------------------------------+-----------------------------------------------------+
+| trusted-firmware-m | 2.0.0 |
++-------------------------------------------+-----------------------------------------------------+
+| libts | 602be60719 |
++-------------------------------------------+-----------------------------------------------------+
+| ts-newlib | 4.1.0 |
++-------------------------------------------+-----------------------------------------------------+
+| ts-psa-{crypto, iat, its. ps}-api-test | 602be60719 |
++-------------------------------------------+-----------------------------------------------------+
+| ts-sp-{se-proxy, smm-gateway} | 602be60719 |
++-------------------------------------------+-----------------------------------------------------+
+
+Yocto distribution components versions
+======================================
+
++-------------------------------------------+------------------------------+
+| meta-arm | scarthgap |
++-------------------------------------------+------------------------------+
+| poky | scarthgap |
++-------------------------------------------+------------------------------+
+| meta-openembedded | scarthgap |
++-------------------------------------------+------------------------------+
+| meta-secure-core | scarthgap |
++-------------------------------------------+------------------------------+
+| busybox | 1.36.1 |
++-------------------------------------------+------------------------------+
+| musl | 1.2.4 |
++-------------------------------------------+------------------------------+
+| gcc-arm-none-eabi | 13.2.Rel1 |
++-------------------------------------------+------------------------------+
+| gcc-cross-aarch64 | 13.2.0 |
++-------------------------------------------+------------------------------+
+| openssl | 3.2.1 |
++-------------------------------------------+------------------------------+
+
***************
Version 2023.11
***************
@@ -298,4 +370,4 @@
--------------
-*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
+*Copyright (c) 2022-2024, Arm Limited. All rights reserved.*
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png
index 88bb125..5ed2a28 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png
Binary files differ
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png
index 1e37d80..ff7a270 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png
Binary files differ
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
index 501a153..0cad026 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
@@ -1,5 +1,5 @@
..
- # Copyright (c) 2022-2023, Arm Limited.
+ # Copyright (c) 2022-2024, Arm Limited.
#
# SPDX-License-Identifier: MIT
@@ -20,6 +20,25 @@
or correction.
***********************
+Release notes - 2024.06
+***********************
+
+Known Issues or Limitations
+---------------------------
+
+ - Use Ethernet over VirtIO due to lan91c111 Ethernet driver support dropped from U-Boot.
+ - Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
+ - Corstone-1000 SoC on FVP doesn't have a secure debug peripheral. It does on the MPS3.
+ - See previous release notes for the known limitations regarding ACS tests.
+
+Platform Support
+-----------------
+ - This software release is tested on Corstone-1000 FPGA version AN550_v2
+ https://developer.arm.com/downloads/-/download-fpga-images
+ - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.23_25
+ https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
+
+***********************
Release notes - 2023.11
***********************
@@ -213,7 +232,7 @@
-------
For technical support email: support-subsystem-iot@arm.com
-For all security issues, contact Arm by email at arm-security@arm.com.
+For all security issues, contact Arm by email at psirt@arm.com.
--------------
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst
index 6bc8ace..42278e3 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst
@@ -1,5 +1,5 @@
..
- # Copyright (c) 2022-2023, Arm Limited.
+ # Copyright (c) 2022-2024, Arm Limited.
#
# SPDX-License-Identifier: MIT
@@ -52,8 +52,8 @@
hardware for enhanced security. Communication with the Secure Encalve
is achieved using Message Handling Units (MHUs) and shared memory.
On system power on, the Secure Enclave boots first. Its software
-comprises of a ROM code (TF-M BL1), Mcuboot BL2, and
-TrustedFirmware-M(`TF-M`_) as runtime software. The software design on
+comprises of a ROM code (TF-M BL1), MCUboot BL2, and
+TrustedFirmware-M(`TF-M`_) as runtime software. The software design on
Secure Enclave follows Firmware Framework for M class
processor (`FF-M`_) specification.
@@ -61,7 +61,7 @@
peripherals to allow for the booting of a Linux OS. The Cortex-A35 has
the TrustZone technology that allows secure and non-secure security
states in the processor. The software design in the Host System follows
-Firmware Framework for A class procseeor (`FF-A`_) specification.
+Firmware Framework for A class processor (`FF-A`_) specification.
The boot process follows Trusted Boot Base Requirement (`TBBR`_).
The Host Subsystem is taken out of reset by the Secure Enclave system
during its final stages of the initialization. The Host subsystem runs
@@ -70,12 +70,12 @@
linux (`linux repo`_) in the non-secure world. The communication between
non-secure and the secure world is performed via FF-A messages.
-An external system is intended to implement use-case specific
-functionality. The system is based on Cortex-M3 and run RTX RTOS.
-Communication between the external system and Host (Cortex-A35) is performed
-using MHU as transport mechanism and rpmsg messaging system (the external system
-support in Linux is disabled in this release. More info about this change can be found in the
-release-notes).
+An external system is intended to implement use-case specific functionality.
+The system is based on Cortex-M3 and run RTX RTOS. Communication between the
+external system and Host (Cortex-A35) can be performed using MHU as transport
+mechanism. The current software release supports switching on and off the
+external system. Support for OpenAMP-based communication is under
+development.
Overall, the Corstone-1000 architecture is designed to cover a range
of Power, Performance, and Area (PPA) applications, and enable extension
@@ -93,30 +93,64 @@
process to work, the start of the chain should be trusted, forming the
Root of Trust (RoT) of the device. The RoT of the device is immutable in
nature and encoded into the device by the device owner before it
-is deployed into the field. In Corstone-1000, the BL1 image of the secure
-enclave and content of the CC312 OTP (One Time Programmable) memory
-forms the RoT. The BL1 image exists in ROM (Read Only Memory).
+is deployed into the field. In Corstone-1000, the content of the ROM
+and CC312 OTP (One Time Programmable) memory forms the RoT.
+
+Verification of an image can happen either by comparing the computed and
+stored hashes, or by checking the signature of the image if the image
+is signed.
.. image:: images/SecureBootChain.png
:width: 870
:alt: SecureBootChain
It is a lengthy chain to boot the software on Corstone-1000. On power on,
-the secure enclave starts executing BL1 code from the ROM which is the RoT
-of the device. Authentication of an image involves the steps listed below:
+the Secure Enclave starts executing BL1_1 code from the ROM which is the RoT
+of the device. The BL1_1 is the immutable bootloader of the system, it handles
+the provisioning on the first boot, hardware initialization and verification
+of the next stage.
-- Load image from flash to dynamic RAM.
+The BL1_2 code, hashes and keys are written into the OTP during the provisioning.
+The next bootstage is the BL1_2 which is copied from the OTP into the RAM. The
+BL1_1 also compares the BL1_2 hash with the hash saved to the OTP. The BL1_2
+verifies and transfers control to the next bootstage which is the BL2. During the
+verification, the BL1_2 compares the BL2 image's computed hash with the BL2 hash in
+the OTP. The BL2 is MCUBoot in the system. BL2 can provision additional keys on the
+first boot and it authenticates the initial bootloader of the host (Host TF-A BL2)
+and TF-M by checking the signatures of the images.
+The MCUBoot handles the image verification the following way:
+
+- Load image from a non-volatile memory to dynamic RAM.
- The public key present in the image header is validated by comparing with the hash.
Depending on the image, the hash of the public key is either stored in the OTP or part
of the software which is being already verified in the previous stages.
- The image is validated using the public key.
-In the secure enclave, BL1 authenticates the BL2 and passes the execution
-control. BL2 authenticates the initial boot loader of the host (Host TF-A BL2)
-and TF-M. The execution control is now passed to TF-M. TF-M being the run
-time executable of secure enclave which initializes itself and, at the end,
-brings the host CPU out of rest. The host follows the boot standard defined
-in the `TBBR`_ to authenticate the secure and non-secure software.
+
+The execution control is passed to TF-M after the verification. TF-M being
+the runtime executable of the Secure Enclave which initializes itself and, at the end,
+brings the host CPU out of rest.
+
+The TF-M BL1 design details and reasoning can be found in the `TF-M design documents
+<https://tf-m-user-guide.trustedfirmware.org/design_docs/booting/bl1.html>`_.
+
+The Corstone-1000 has some differences compared to this design due to memory (OTP/ROM)
+limitations:
+
+- The provisioning bundle that contains the BL1_2 code is located in the ROM.
+ This means the BL1_2 cannot be updated during provisioning time.
+- The BL1_1 handles most of the hardware initialization instead of the BL1_2. This
+ results in a bigger BL1_1 code size than needed.
+- The BL1_2 does not use the post-quantum LMS verification. The BL2 is verified by
+ comparing the computed hash to the hash which is stored in the OTP. This means the
+ BL2 is not updatable.
+
+The host follows the boot standard defined in the `TBBR`_ to authenticate the
+secure and non-secure software.
+
+For UEFI Secure Boot, authenticated variables can be accessed from the secure flash.
+The feature has been integrated in U-Boot, which authenticates the images as per the UEFI
+specification before executing them.
***************
Secure Services
@@ -124,11 +158,11 @@
Corstone-1000 is unique in providing a secure environment to run a secure
workload. The platform has TrustZone technology in the Host subsystem but
-it also has hardware isolated secure enclave environment to run such secure
+it also has hardware isolated Secure Enclave environment to run such secure
workloads. In Corstone-1000, known Secure Services such as Crypto, Protected
Storage, Internal Trusted Storage and Attestation are available via PSA
Functional APIs in TF-M. There is no difference for a user communicating to
-these services which are running on a secure enclave instead of the
+these services which are running on a Secure Enclave instead of the
secure world of the host subsystem. The below diagram presents the data
flow path for such calls.
@@ -139,15 +173,18 @@
The SE Proxy SP (Secure Enclave Proxy Secure Partition) is a proxy partition
-managed by OPTEE which forwards such calls to the secure enclave. The
-solution relies on OpenAMP which uses shared memory and MHU interrupts as
-a doorbell for communication between two cores. Corstone-1000 implements
-isolation level 2. Cortex-M0+ MPU (Memory Protection Unit) is used to implement
-isolation level 2.
+managed by OPTEE which forwards such calls to the Secure Enclave. The
+solution relies on the `RSE communication protocol
+<https://tf-m-user-guide.trustedfirmware.org/platform/arm/rse/rse_comms.html>`_
+which is a lightweight serialization of the psa_call() API. It can use shared
+memory and MHU interrupts as a doorbell for communication between two cores
+but currently the whole message is forwarded through the MHU channels in Corstone-1000.
+Corstone-1000 implements isolation level 2. Cortex-M0+ MPU (Memory Protection
+Unit) is used to implement isolation level 2.
For a user to define its own secure service, both the options of the host
secure world or secure encalve are available. It's a trade-off between
-lower latency vs higher security. Services running on a secure enclave are
+lower latency vs higher security. Services running on a Secure Enclave are
secure by real hardware isolation but have a higher latency path. In the
second scenario, the services running on the secure world of the host
subsystem have lower latency but virtual hardware isolation created by
@@ -174,7 +211,7 @@
:width: 690
:alt: ExternalFlash
-When Firmware update is triggered, u-boot verifies the capsule by checking the
+When Firmware update is triggered, U-Boot verifies the capsule by checking the
capsule signature, version number and size. Then it signals the Secure Enclave
that can start writing UEFI capsule into the flash. Once this operation finishes
,Secure Enclave resets the entire system.
@@ -210,7 +247,7 @@
The U-Boot implementation of the UEFI subsystem uses the U-Boot FF-A driver to
communicate with the SMM Service in the secure world. The backend of the
SMM service uses the proxy PS from the SE Proxy SP. From there on, the PS
-calls are forwarded to the secure enclave as explained above.
+calls are forwarded to the Secure Enclave as explained above.
.. image:: images/UEFISupport.png
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
index 06353b5..5dc9564 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
@@ -3,9 +3,9 @@
#
# SPDX-License-Identifier: MIT
-##########
-User Guide
-##########
+#####################################
+User Guide: Build & run the software
+#####################################
Notice
------
@@ -43,7 +43,7 @@
Yocto stable branch
-------------------
-Corstone-1000 software stack is built on top of Yocto mickledore.
+Corstone-1000 software stack is built on top of Yocto scarthgap.
Provided components
-------------------
@@ -71,7 +71,7 @@
+----------+-------------------------------------------------------------------------------------------------+
| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend |
+----------+-------------------------------------------------------------------------------------------------+
-| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb |
+| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.4.bb |
+----------+-------------------------------------------------------------------------------------------------+
OP-TEE
@@ -79,9 +79,9 @@
Based on `OP-TEE <https://git.trustedfirmware.org/OP-TEE/optee_os.git>`__
+----------+----------------------------------------------------------------------------------------+
-| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bbappend |
+| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend |
+----------+----------------------------------------------------------------------------------------+
-| Recipe | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bb |
+| Recipe |<_workspace>/meta-arm/meta-arm/recipes-security/optee/optee-os_4.1.0.bb |
+----------+----------------------------------------------------------------------------------------+
U-Boot
@@ -107,7 +107,7 @@
+-----------+----------------------------------------------------------------------------------------------+
| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend |
+-----------+----------------------------------------------------------------------------------------------+
-| Recipe | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_6.5.bb |
+| Recipe | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_6.6.bb |
+-----------+----------------------------------------------------------------------------------------------+
| defconfig | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig |
+-----------+----------------------------------------------------------------------------------------------+
@@ -120,7 +120,7 @@
+----------+-----------------------------------------------------------------------------------------------------+
| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend |
+----------+-----------------------------------------------------------------------------------------------------+
-| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.8.1.bb |
+| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.0.0.bb |
+----------+-----------------------------------------------------------------------------------------------------+
********************************
@@ -158,7 +158,7 @@
::
- git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2023.11
+ git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2024.06
To build a Corstone-1000 image for MPS3 FPGA, run:
@@ -364,6 +364,22 @@
Login using the username root.
+Using FVP on Windows or AArch64 Linux
+-------------------------------------
+
+The user should follow the build instructions in this document to build on a Linux host machine.
+Then, copy the output binaries to the Windows or Aarch64 Linux machine where the FVP is located.
+Then, launch the FVP binary.
+
+Security Issue Reporting
+------------------------
+
+To report any security issues identified with Corstone-1000, please send an email to psirt@arm.com.
+
+###########################
+User Guide: Provided tests
+###########################
+
SystemReady-IR tests
--------------------
@@ -395,77 +411,13 @@
**Common to FVP and FPGA:**
-#. Create an empty 100 MB partition:
- ::
+::
- dd if=/dev/zero of=corstone1000-efi-partition.img iflag=fullblock bs=512 count=204800 && sync
+ kas build meta-arm/kas/corstone1000-{mps3,fvp}.yml:meta-arm/ci/debug.yml --target corstone1000-esp-image
-#. Use OpenSuse Raw image to copy the contents of EFI partition.
-
- To download OpenSUSE Tumbleweed raw image:
- - Under `OpenSUSE Tumbleweed appliances <http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/>`__
- - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example,
- ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw.xz``
-
- Once the .raw.xz file is downloaded, the raw image file needs to be extracted:
-
- ::
-
- unxz <file-name.raw.xz>
-
-
- The above command will generate a file ending with extension .raw image. Use the
- following command to get address of the first partition
-
- ::
-
- fdisk -lu <path-to-img>/openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw
- -> Device Start End Sectors Size Type
- <path-to-img>/openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw1 8192 40959 32768 16M EFI System
- <path-to-img>/openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw2 40960 1064959 1024000 500M Linux swap
- <path-to-img>/openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw3 1064960 5369822 4304863 2.1G Linux filesystem
-
- -> <blockaddress_1st_partition> = 8192
- -> <sectorsize_1st_partition> = 32768
-
-#. Copy the ESP from opensuse image to empty image:
-
- ::
-
- dd conv=notrunc if=openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw skip=<blockaddress_1st_partition> of=corstone1000-efi-partition.img seek=<blockaddress_1st_partition> iflag=fullblock seek=<blockaddress_1st_partition> bs=512 count=<sectorsize_1s_partition> && sync
-
-
-#. Create the file efi_disk.layout locally. Copy the content of provided disk layout below to the efi_disk.layout to label the ESP correctly.
-
- efi_disk.layout
- ::
-
- label: gpt
- label-id: AC53D121-B818-4515-9031-BE02CCEB8701
- device: corstone1000-efi-partition.img
- unit: sectors
- first-lba: 34
- last-lba: 204766
-
- corstone1000-efi-partition.img : start=8192, size=32768, type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B, uuid=792D821F-98AE-46E3-BABD-948003A650F8, name="p.UEFI"
-
- And use the following command the label the newly created ESP.
-
- ::
-
- sfdisk corstone1000-efi-partition.img < efi_disk.layout
-
- To test the image, you can now mount the disk image
-
- ::
-
- fdisk -lu corstone1000-efi-partition.img
- -> Device Start End Sectors Size Type
- corstone1000-efi-partition.img1 8192 40959 32768 16M EFI System
-
- <offset_1st_partition> = 8192 * 512 (sector size) = 4194304
-
- sudo mount -o loop,offset=4194304 corstone1000-efi-partition.img /mount_point
+Once the build is successful ``corstone1000-esp-image-corstone1000-{mps3,fvp}.wic`` will be available in either:
+ - ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/`` folder for FVP build;
+ - ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build.
**Using ESP in FPGA:**
@@ -477,18 +429,14 @@
::
- sudo dd if=corstone1000-efi-partition.img of=/dev/sdb iflag=direct oflag=direct status=progress bs=512; sync;
+ sudo dd if=corstone1000-esp-image-corstone1000-mps3.wic of=/dev/sdb iflag=direct oflag=direct status=progress bs=512; sync;
Now you can plug this USB stick to the board together with ACS test USB stick.
**Using ESP in FVP:**
-The ESP disk image can directly be used in Corstone-1000 FVP by simply passing it as
-the 2nd MMC card image.
+The ESP disk image once created will be used automatically in the Corstone-1000 FVP as the 2nd MMC card image. It will be used when the SystemReady-IR tests will be performed on the FVP in the later section.
-::
-
- kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}" -C board.msd_mmc_2.p_mmc_file="${<path-to-img>/corstone1000-efi-partition.img}"
Clean Secure Flash Before Testing (applicable to FPGA only)
===========================================================
@@ -500,8 +448,8 @@
::
cd <_workspace>
- git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2023.11
- git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.11
+ git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2024.06
+ git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.06
cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-embedded-a-corstone1000-clean-secure-flash.patch meta-arm
cd meta-arm
git apply 0001-embedded-a-corstone1000-clean-secure-flash.patch
@@ -534,7 +482,7 @@
set of specifications for enterprise systems (For example: SBSA, SBBR, etc.),
so that implementers can verify if these behaviours have been interpreted correctly.
-ACS image contains two partitions. BOOT partition and RESULT partition.
+The ACS image contains a BOOT partition.
Following test suites and bootable applications are under BOOT partition:
* SCT
@@ -560,11 +508,14 @@
├── grub
├── grub.cfg
├── Image
- └── ramdisk-busybox.img
+ ├── ramdisk-busybox.img
+ └── acs_results
-RESULT partition is used to store the test results.
-**NOTE**: PLEASE MAKE SURE THAT "acs_results" FOLDER UNDER THE RESULT PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS
-WILL NOT BE CONSISTENT
+The BOOT partition is also used to store the test results. The
+results are stored in the `acs_results` folder.
+
+**NOTE**: PLEASE ENSURE THAT the `acs_results` FOLDER UNDER THE BOOT PARTITION IS
+EMPTY BEFORE YOU START TESTING. OTHERWISE THE TEST RESULTS WILL NOT BE CONSISTENT.
FPGA instructions for ACS image
===============================
@@ -583,7 +534,7 @@
git clone https://github.com/ARM-software/arm-systemready.git
Once the repository is successfully downloaded, the prebuilt ACS live image can be found in:
- - ``<_workspace>/arm-systemready/IR/prebuilt_images/v23.03_2.0.0/ir-acs-live-image-generic-arm64.wic.xz``
+ - ``<_workspace>/arm-systemready/IR/prebuilt_images/v23.09_2.1.0/ir-acs-live-image-generic-arm64.wic.xz``
**NOTE**: This prebuilt ACS image includes v5.13 kernel, which doesn't provide
USB driver support for Corstone-1000. The ACS image with newer kernel version
@@ -597,7 +548,7 @@
::
- cd <_workspace>/arm-systemready/IR/prebuilt_images/v23.03_2.0.0
+ cd <_workspace>/arm-systemready/IR/prebuilt_images/v23.09_2.1.0
unxz ir-acs-live-image-generic-arm64.wic.xz
sudo dd if=ir-acs-live-image-generic-arm64.wic of=/dev/sdb iflag=direct oflag=direct bs=1M status=progress; sync
@@ -616,49 +567,17 @@
FVP instructions for ACS image and run
======================================
-Download ACS image from:
- - ``https://gitlab.arm.com/systemready/acs/arm-systemready/-/tree/main/IR/prebuilt_images/v23.03_2.0.0``
-
-Use the below command to run the FVP with EFI and ACS image support in the
-SD cards.
+The FVP has been integrated in the meta-arm-systemready layer so the running of the ACS tests can be handled automatically as follows
::
- unxz ${<path-to-img>/ir-acs-live-image-generic-arm64.wic.xz}
+ kas build meta-arm/ci/corstone1000-fvp.yml:meta-arm/ci/debug.yml:kas/arm-systemready-ir-acs.yml
- kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic -C board.msd_mmc_2.p_mmc_file="${<path-to-img>/corstone1000-efi-partition.img}"
+The details of how this layer works can be found in : ``<_workspace>/meta-arm-systemready/README.md``
-The test results can be fetched using following commands:
+**NOTE:** You can't use the standard meta-arm/kas/corstone1000-fvp.yml kas file as it sets the build up for only building firmware
-::
-
- sudo mkdir /mnt/test
- sudo mount -o rw,offset=<offset_3rd_partition> <path-to-img>/ir-acs-live-image-generic-arm64.wic /mnt/test/
- fdisk -lu <path-to-img>/ir-acs-live-image-generic-arm64.wic
- -> Device Start End Sectors Size Type
- <path-to-img>/ir-acs-live-image-generic-arm64.wic1 2048 206847 204800 100M Microsoft basic data
- <path-to-img>/ir-acs-live-image-generic-arm64.wic2 206848 1024239 817392 399.1M Linux filesystem
- <path-to-img>/ir-acs-live-image-generic-arm64.wic3 1026048 1128447 102400 50M Microsoft basic data
-
- -> <offset_3rd_partition> = 1026048 * 512 (sector size) = 525336576
-
-The FVP will reset multiple times during the test, and it might take up to 1 day to finish
-the test. At the end of test, the FVP host terminal will halt showing a shell prompt.
-Once test is finished, the FVP can be stoped, and result can be copied following above
-instructions.
-
-**NOTE:** A rare issue has been noticed (5-6% occurence) during which the FVP hangs during booting the system while running ACS tests.
-If this happens, please apply the following patch, rebuild the software stack for FVP and re-run the ACS tests.
-
-::
-
- cd <_workspace>
- git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.11
- cp -f systemready-patch/embedded-a/corstone1000/sr_ir_workaround/0001-embedded-a-corstone1000-sr-ir-workaround.patch meta-arm
- cd meta-arm
- git am 0001-embedded-a-corstone1000-sr-ir-workaround.patch
- cd ..
- kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "bitbake u-boot -c cleanall; bitbake trusted-firmware-a -c cleanall; bitbake corstone1000-flash-firmware-image -c cleanall; bitbake corstone1000-flash-firmware-image"
+**NOTE:** These test might take up to 1 day to finish
Common to FVP and FPGA
@@ -672,106 +591,70 @@
- UEFI BSA
- FWTS
-The results can be fetched from the ``acs_results`` folder in the RESULT partition of the USB stick (FPGA) / SD Card (FVP).
+The results can be fetched from the `acs_results` folder in the BOOT partition of the USB stick (FPGA) / SD Card (FVP).
+
+**NOTE:** The FVP uses the ``<_workspace>/build/tmp-glibc/work/corstone1000_fvp-oe-linux/arm-systemready-ir-acs/2.0.0/deploy-arm-systemready-ir-acs/arm-systemready-ir-acs-corstone1000-fvp.wic`` image if the meta-arm-systemready layer is used.
+The result can be checked in this image.
#####################################################
Manual capsule update and ESRT checks
-------------------------------------
-The following section describes running manual capsule update.
+The following section describes running manual capsule updates by going through
+a negative and positive test. Two capsules are needed to perform the positive
+and negative updates. The steps also show how to use the EFI System Resource Table
+(ESRT) to retrieve the installed capsule details.
-The steps described in this section perform manual capsule update and show how to use the ESRT feature
-to retrieve the installed capsule details.
+In the positive test, a valid capsule is used and the platform boots correctly
+until the Linux prompt after the update. In the negative test, an outdated
+capsule is used that has a smaller version number. This capsule gets rejected
+because of being outdated and the previous firmware will be used instead.
-For the following tests two capsules are needed to perform 2 capsule updates. A positive update and a negative update.
-
-A positive test case capsule which boots the platform correctly until the Linux prompt, and a negative test case with an
-incorrect capsule (corrupted or outdated) which fails to boot to the host software.
-
-Check the "Run SystemReady-IR ACS tests" section above to download and unpack the ACS image file
- - ``ir-acs-live-image-generic-arm64.wic.xz``
-
-
-Download u-boot under <_workspace> and install tools:
-
-::
-
- git clone https://github.com/u-boot/u-boot.git
- cd u-boot
- git checkout 83aa0ed1e93e1ffac24888d98d37a5b04ed3fb07
- make tools-only_defconfig
- make tools-only
-
-**NOTE:** The following error could happen if the linux build system does not have "libgnutls28-dev".
- **error: "tools/mkeficapsule.c:21:10: fatal error: gnutls/gnutls.h: No such file or directory"**. If that's the case please install libgnutls28-dev and its dependencies by using the following command.
-
-::
-
- sudo apt-get install -y libgnutls28-dev
-
-Download systemready-patch repo under <_workspace>:
-::
-
- git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.11
*******************
Generating Capsules
*******************
-Generating FPGA Capsules
-========================
+A no-partition image is needed for the capsule generation. This image is
+created automatically during a clean Yocto build and it can be found in
+``build/tmp/deploy/images/corstone1000-<fvp/mps3>/corstone1000-<fvp/mps3>_image.nopt``.
+A capsule is also automatically generated with U-Boot's ``mkeficapsule`` tool
+during the Yocto build that uses this ``corstone1000-<fvp/mps3>_image.nopt``. The
+capsule's default metadata, that is passed to the ``mkeficapsule`` tool,
+can be found in the ``meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb``
+and ``meta-arm/kas/corstone1000-image-configuration.yml`` files. These
+data can be modified before the Yocto build if it is needed. It is
+assumed that the default values are used in the following steps.
-::
+The automatically generated capsule can be found in
+``build/tmp/deploy/images/corstone1000-<fvp/mps3>/corstone1000-<fvp/mps3>-v6.uefi.capsule``.
+This capsule will be used as the positive capsule during the test in the following
+steps.
- cd <_workspace>/build/tmp/deploy/images/corstone1000-mps3/
- sh <_workspace>/systemready-patch/embedded-a/corstone1000/capsule_gen/capsule_gen.sh -d mps3
+Generating Capsules Manually
+============================
-This will generate a file called "corstone1000_image.nopt" which will be used to
-generate a UEFI capsule.
+If a new capsule has to be generated with different metadata after the build
+process, then it can be done manually by using the ``u-boot-tools``'s
+``mkeficapsule`` and the previously created ``.nopt`` image. The
+``mkeficapsule`` tool is built automatically for the host machine
+during the Yocto build.
+
+The negative capsule needs a lower ``fw-version`` than the positive
+capsule. For example if the host's architecture is x86_64, this can
+be generated by using the following command:
::
cd <_workspace>
- ./u-boot/tools/mkeficapsule --monotonic-count 1 --private-key build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_key.key \
- --certificate build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_cert.crt --index 1 --guid df1865d1-90fb-4d59-9c38-c9f2c1bba8cc \
- --fw-version 6 build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt cs1k_cap_mps3_v6
+ ./build/tmp/sysroots-components/x86_64/u-boot-tools-native/usr/bin/mkeficapsule --monotonic-count 1 \
+ --private-key build/tmp/deploy/images/corstone1000-<fvp/mps3>/corstone1000_capsule_key.key \
+ --certificate build/tmp/deploy/images/corstone1000-<fvp/mps3>/corstone1000_capsule_cert.crt --index 1 --guid df1865d1-90fb-4d59-9c38-c9f2c1bba8cc \
+ --fw-version 5 build/tmp/deploy/images/corstone1000-<fvp/mps3>/corstone1000-<fvp/mps3>_image.nopt corstone1000-<fvp/mps3>-v5.uefi.capsule
- ./u-boot/tools/mkeficapsule --monotonic-count 1 --private-key build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_key.key \
- --certificate build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_cert.crt --index 1 --guid df1865d1-90fb-4d59-9c38-c9f2c1bba8cc \
- --fw-version 5 build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt cs1k_cap_mps3_v5
-
-Generating FVP Capsules
-=======================
-
-::
-
- cd <_workspace>/build/tmp/deploy/images/corstone1000-fvp/
- sh <_workspace>/systemready-patch/embedded-a/corstone1000/capsule_gen/capsule_gen.sh -d fvp
-
-This will generate a file called "corstone1000_image.nopt" which will be used to
-generate a UEFI capsule.
-
-::
-
- cd <_workspace>
- ./u-boot/tools/mkeficapsule --monotonic-count 1 --private-key build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_key.key \
- --certificate build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_cert.crt --index 1 --guid 989f3a4e-46e0-4cd0-9877-a25c70c01329 \
- --fw-version 6 build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt cs1k_cap_fvp_v6
-
- ./u-boot/tools/mkeficapsule --monotonic-count 1 --private-key build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_key.key \
- --certificate build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_cert.crt --index 1 --guid 989f3a4e-46e0-4cd0-9877-a25c70c01329 \
- --fw-version 5 build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt cs1k_cap_fvp_v5
-
-
-Common Notes for FVP and FPGA
-=============================
-
-The capsule binary size (wic file) should be less than 15 MB.
-
-Based on the user's requirement, the user can change the firmware version
-number given to ``--fw-version`` option (the version number needs to be >= 1).
+This command will put the negative capsule to the ``<_workspace>`` directory.
****************
@@ -782,33 +665,52 @@
=========================
The user should prepare a USB stick as explained in ACS image section `FPGA instructions for ACS image`_.
-Place the generated ``cs1k_cap`` files in the root directory of the boot partition
-in the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file
+Place the generated ``corstone1000-mps3-v<5/6>.uefi.capsule`` files in the root directory of the boot partition
+in the USB stick. Note: As we are running the direct method, the ``corstone1000-mps3-v<5/6>.uefi.capsule`` files
should not be under the EFI/UpdateCapsule directory as this may or may not trigger
the on disk method.
::
- sudo cp cs1k_cap_mps3_v6 <mounting path>/BOOT/
- sudo cp cs1k_cap_mps3_v5 <mounting path>/BOOT/
+ sudo cp <capsule path>/corstone1000-mps3-v6.uefi.capsule <mounting path>/BOOT/
+ sudo cp <capsule path>/corstone1000-mps3-v5.uefi.capsule <mounting path>/BOOT/
sync
Copying the FVP capsules
========================
-First, mount the IR image:
+The ACS image should be used for the FVP as well. Downloaded and extract the
+image the same way as for the FPGA `FPGA instructions for ACS image`_.
+Creating an USB stick with the image is not needed for the FVP.
+
+After getting the ACS image, find the 1st partition's offset of the
+``ir-acs-live-image-generic-arm64.wic`` image. The partition table can be
+listed using the ``fdisk`` tool.
+
+::
+
+ fdisk -lu <path-to-img>/ir-acs-live-image-generic-arm64.wic
+ Device Start End Sectors Size Type
+ <path-to-img>/ir-acs-live-image-generic-arm64.wic1 2048 309247 307200 150M Microsoft basic data
+ <path-to-img>/ir-acs-live-image-generic-arm64.wic2 309248 1343339 1034092 505M Linux filesystem
+
+
+The first partition starts at the 2048th sector. This has to be multiplied
+by the sector size which is 512 so the offset is 2048 * 512 = 1048576.
+
+Next, mount the IR image using the previously calculated offset:
::
sudo mkdir /mnt/test
- sudo mount -o rw,offset=1048576 <path-to-img>/ir-acs-live-image-generic-arm64.wic /mnt/test
+ sudo mount -o rw,offset=<first_partition_offset> <path-to-img>/ir-acs-live-image-generic-arm64.wic /mnt/test
Then, copy the capsules:
::
- sudo cp cs1k_cap_fvp_v6 /mnt/test/
- sudo cp cs1k_cap_fvp_v5 /mnt/test/
+ sudo cp <capsule path>/corstone1000-fvp-v6.uefi.capsule /mnt/test/
+ sudo cp <capsule path>/corstone1000-fvp-v5.uefi.capsule /mnt/test/
sync
Then, unmount the IR image:
@@ -817,14 +719,21 @@
sudo umount /mnt/test
-**NOTE:** Please refer to `FVP instructions for ACS image and run`_ section to find the first partition offset.
-
******************************
Performing the capsule update
******************************
-During this section we will be using the capsule with the higher version (cs1k_cap_<fvp/mps3>_v6) for the positive scenario
-and the capsule with the lower version (cs1k_cap_<fvp/mps3>_v5) for the negative scenario.
+During this section we will be using the capsule with the higher version
+(``corstone1000-<fvp/mps3>-v6.uefi.capsule``) for the positive scenario
+and then the capsule with the lower version (``corstone1000-<fvp/mps3>-v5.uefi.capsule``)
+for the negative scenario. The two tests have to be done after each other
+in the correct order to make sure that the negative capsule will get rejected.
+
+Running the FPGA with the IR prebuilt image
+===========================================
+
+Insert the prepared USB stick which has the IR prebuilt image and two capsules,
+then Power cycle the MPS3 board.
Running the FVP with the IR prebuilt image
==========================================
@@ -836,16 +745,14 @@
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic"
**NOTE:** <path-to-img> must start from the root directory. make sure there are no spaces before or after of "=". board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic.
-
-Running the FPGA with the IR prebuilt image
-===========================================
-
-Insert the prepared USB stick then Power cycle the MPS3 board.
+**NOTE:** Do not restart the FVP between the positive and negative test because it will start from a clean state.
Executing capsule update for FVP and FPGA
=========================================
-Reach u-boot then interrupt the boot to reach the EFI shell.
+Wait until U-boot loads EFI from the ACS image stick and interrupt the EFI
+shell by pressing ESC when the following prompt is displayed in the Host
+terminal (ttyUSB2).
::
@@ -857,19 +764,30 @@
FS0:
-In case of the positive scenario run the update with the higher version capsule as shown below:
+Then start the CapsuleApp application. Use the positive capsule
+(corstone1000-<fvp/mps3>-v6.uefi.capsule) first.
::
- EFI/BOOT/app/CapsuleApp.efi cs1k_cap_<fvp/mps3>_v6
+ EFI/BOOT/app/CapsuleApp.efi corstone1000-<fvp/mps3>-v6.uefi.capsule
-After successfully updating the capsule the system will reset.
+The capsule update will be started.
-In case of the negative scenario run the update with the lower version capsule as shown below:
+**NOTE:** On the FVP it takes around 15-30 minutes, on the FPGA it takes less time.
+
+After successfully updating the capsule the system will reset. Make sure the
+Corstone-1000's Poky Distro is booted after the reset so the ESRT can be checked.
+It is described in the `Select Corstone-1000 Linux kernel boot`_ section how to
+boot the Poky distro after the capsule update.
+The `Positive scenario`_ sections describes how the result should be inspected.
+After the result is checked, the system can be rebooted with the ``reboot`` command in the Host
+terminal (ttyUSB2).
+
+Interrupt the EFI shell again and now start the capsule update with the negative capsule:
::
- EFI/BOOT/app/CapsuleApp.efi cs1k_cap_<fvp/mps3>_v5
+ EFI/BOOT/app/CapsuleApp.efi corstone1000-<fvp/mps3>-v5.uefi.capsule
The command above should fail and in the TF-M logs the following message should appear:
@@ -883,17 +801,14 @@
Shell> reset
-FPGA: Select Corstone-1000 Linux kernel boot
-============================================
+Make sure the Corstone-1000's Poky Distro is booted again
+(`Select Corstone-1000 Linux kernel boot`_) in order to check the results
+`Negative scenario`_.
-Remove the USB stick before u-boot is reached so the Corstone-1000 kernel will be detected and used for booting.
+Select Corstone-1000 Linux kernel boot
+======================================
-**NOTE:** Otherwise, the execution ends up in the ACS live image.
-
-FVP: Select Corstone-1000 Linux kernel boot
-===========================================
-
-Interrupt the u-boot shell.
+Interrupt the U-Boot shell.
::
@@ -917,9 +832,12 @@
Positive scenario
=================
-In the positive case scenario, the user should see following log in TF-M log,
-indicating the new capsule image is successfully applied, and the board boots
-correctly.
+In the positive case scenario, the software stack copies the capsule to the
+External Flash, which is shared between the Secure Enclave and Host,
+then a reboot is triggered. The TF-M accepts the capsule.
+The user should see following TF-M log in the Secure Enclave terminal (ttyUSB1)
+before the system reboots automatically, indicating the new capsule
+image is successfully applied, and the board boots correctly.
::
@@ -933,6 +851,18 @@
corstone1000_fwu_flash_image: exit: ret = 0
...
+And after the reboot:
+
+::
+
+ ...
+ fmp_set_image_info:133 Enter
+ FMP image update: image id = 0
+ FMP image update: status = 0version=6 last_attempt_version=6.
+ fmp_set_image_info:157 Exit.
+ corstone1000_fwu_host_ack: exit: ret = 0
+ ...
+
It's possible to check the content of the ESRT table after the system fully boots.
@@ -961,11 +891,14 @@
lowest_supported_fw_ver: 0
-Negative scenario (Applicable to FPGA only)
-===========================================
+Negative scenario
+=================
-In the negative case scenario (rollback the capsule version), the user should
-see appropriate logs in the secure enclave terminal.
+In the negative case scenario (rollback the capsule version),
+the TF-M detects that the new capsule's version number is
+smaller then the current version. The capsule is rejected because
+of this.
+The user should see appropriate logs in the Secure Enclave terminal (ttyUSB1) before the system reboots itself.
::
@@ -989,7 +922,7 @@
If capsule pass initial verification, but fails verifications performed during
-boot time, secure enclave will try new images predetermined number of times
+boot time, Secure Enclave will try new images predetermined number of times
(defined in the code), before reverting back to the previous good bank.
::
@@ -1025,11 +958,6 @@
last_attempt_version: 5
lowest_supported_fw_ver: 0
-**Note**: This test is currently not working properly in Corstone-1000 FVP.
-However, it is not part of the System-Ready IR tests, and it won't affect the
-SR-IR certification. All the compulsory `capsule update tests for SR-IR
-<https://developer.arm.com/documentation/DUI1101/2-1/Test-SystemReady-IR/Test-UpdateCapsule>`__
-works on both Corstone-1000 FVP and FPGA.
Linux distros tests
-------------------
@@ -1043,7 +971,7 @@
error when attempting to boot media installer for Debian, and it resets the platform before installation starts.
A patch to be applied to the Corstone-1000 stack (only applicable when
installing Debian) is provided to
-`Skip the Shim <https://gitlab.arm.com/arm-reference-solutions/systemready-patch/-/blob/CORSTONE1000-2023.11/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch>`__.
+`Skip the Shim <https://gitlab.arm.com/arm-reference-solutions/systemready-patch/-/blob/CORSTONE1000-2024.06/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch>`__.
This patch makes U-Boot automatically bypass the Shim and run grub and allows
the user to proceed with a normal installation. If at the moment of reading this
document the problem is solved in the Shim, the user is encouraged to try the
@@ -1055,18 +983,20 @@
::
cd <_workspace>
- git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.11
+ git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.06
cp -f systemready-patch/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch meta-arm
cd meta-arm
git am 0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch
cd ..
**On FPGA**
+
::
kas shell meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml -c="bitbake u-boot trusted-firmware-a corstone1000-flash-firmware-image -c cleansstate; bitbake corstone1000-flash-firmware-image"
**On FVP**
+
::
kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot trusted-firmware-a corstone1000-flash-firmware-image -c cleansstate; bitbake corstone1000-flash-firmware-image"
@@ -1087,8 +1017,8 @@
*************************************************
Download one of following Linux distro images:
- - `Debian installer image <https://cdimage.debian.org/debian-cd/current/arm64/iso-dvd/>`__ (Tested on: debian-12.2.0-arm64-DVD-1.iso)
- - `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__ (Tested on: openSUSE-Tumbleweed-DVD-aarch64-Snapshot20231120-Media.iso)
+ - `Debian installer image <https://cdimage.debian.org/mirror/cdimage/archive/12.4.0/arm64/iso-dvd/>`__
+ - `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__ (Tested on: openSUSE-Tumbleweed-DVD-aarch64-Snapshot20240516-Media.iso)
**NOTE:** For OpenSUSE Tumbleweed, the user should look for a DVD Snapshot like
openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso
@@ -1123,9 +1053,9 @@
::
- #Generating mmc2
- dd if=/dev/zero of=<_workspace>/mmc2_file.img bs=1 count=0 seek=8G; sync;
- parted -s mmc2_file.img mklabel gpt
+ #Generating os_file
+ dd if=/dev/zero of=<_workspace>/os_file.img bs=1 count=0 seek=10G; sync;
+ parted -s os_file.img mklabel gpt
*************************************************
@@ -1157,10 +1087,10 @@
::
- kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file="<path-to-iso_file>" -C board.msd_mmc_2.p_mmc_file="<_workspace>/mmc2_file.img"
+ kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file=<_workspace>/os_file.img -C board.msd_mmc_2.p_mmc_file=<path-to-iso_file>"
The installer should now start.
-The os will be installed on the second mmc 'mmc2_file.img'.
+The OS will be installed on 'os_file.img'.
*******************************************************
Debian install clarifications
@@ -1213,17 +1143,22 @@
FVP
==============
-Once the installation is complete, you will need to exit the shell instance
-and run this command to boot into the installed OS:
+The platform should automatically boot into the installed OS image.
-::
+To cold boot:
- kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file="<path-to-iso_file>" -C board.msd_mmc.p_mmc_file="<_workspace>/mmc2_file.img"
+ ::
-Once the FVP begins booting, you will need to quickly change the boot option in grub,
-to boot into recovery mode.
+ kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file=<_workspace>/os_file.img"
-**NOTE:** This option will disappear quickly, so it's best to preempt it.
+
+The board will then enter recovery mode, from which the user can access a shell
+after entering the password for the root user.
+
+
+**NOTE:** To manually enter recovery mode, once the FVP begins booting, you can quickly
+change the boot option in grub, to boot into recovery mode. This option will disappear
+quickly, so it's best to preempt it.
Select 'Advanced Options for '<OS>' and then '<OS> (recovery mode)'.
@@ -1295,19 +1230,19 @@
::
- insmod /lib/modules/*-yocto-standard/updates/arm-ffa-tee.ko
+ insmod /lib/modules/*-yocto-standard/updates/arm-tstee.ko
Then, check whether the FF-A TEE driver is loaded correctly by using the following command:
::
- cat /proc/modules | grep arm_ffa_tee
+ cat /proc/modules | grep arm_tstee
-The output should be:
+The output should be similar to:
::
- arm_ffa_tee <ID> - - Live <address> (O)
+ arm_tstee 16384 - - Live 0xffffffc000510000 (O)
Now, run the PSA API tests in the following order:
@@ -1318,22 +1253,216 @@
psa-its-api-test
psa-ps-api-test
-**NOTE:** The psa-crypto-api-test takes between 30 minutes to 1 hour to run.
+
+UEFI Secureboot (SB) test
+-------------------------
+
+Before running the SB test, the user should make sure that the `FVP and FPGA software has been compiled and the ESP image for both the FVP and FPGA has been created` as mentioned in the previous sections and user should use the same workspace directory under which sources have been compiled.
+The SB test is applicable on both the FVP and the FPGA and this involves testing both the signed and unsigned kernel images. Successful test results in executing the signed image correctly and not allowing the unsigned image to run at all.
+
+***********************************************************
+Below steps are applicable to FVP as well as FPGA
+***********************************************************
+Firstly, the flash firmware image has to be built for both the FVP and FPGA as follows:
+
+For FVP,
+
+::
+
+ kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c bitbake -c build corstone1000-flash-firmware-image"
+
+
+For FPGA,
+
+::
+
+ kas shell meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml -c bitbake -c build corstone1000-flash-firmware-image"
+
+In order to test SB for FVP and FPGA, a bash script is available in the systemready-patch repo which is responsible in creating the relevant keys, sign the respective kernel images, and copy the same in their corresponding ESP images.
+
+Clone the systemready-patch repo under <_workspace. Then, change directory to where the script `create_keys_and_sign.sh` is and execute the script as follows:
+
+::
+
+ git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2024.06
+ cd systemready-patch/embedded-a/corstone1000/secureboot/
+
+**NOTE:** The efitools package is required to execute the script. Install the efitools package on your system, if it doesn't exist.
+
+The script is responsible to create the required UEFI secureboot keys, sign the kernel images and copy the public keys and the kernel images (both signed and unsigned) to the ESP image for both the FVP and FPGA.
+
+::
+
+ ./create_keys_and_sign.sh -w <Absolute path to <workdir> directory under which sources have been compiled> -v <certification validity in days>
+ For ex: ./create_keys_and_sign.sh -w "/home/xyz/workspace/meta-arm" -v 365
+ For help: ./create_keys_and_sign.sh -h
+
+**NOTE:** The above script is interactive and contains some commands that would require sudo password/permissions.
+
+After executing the above script, the relevant keys and the signed/unsigned kernel images will be copied to the ESP images for both the FVP and FGPA. The modified ESP images can be found at the same location i.e.
+
+::
+
+ For MPS3 FPGA : _workspace/meta-arm/build/tmp/deploy/images/corstone1000-mps3/corstone1000-esp-image-corstone1000-mps3.wic
+ For FVP : _workspace/meta-arm/build/tmp/deploy/images/corstone1000-fvp/corstone1000-esp-image-corstone1000-fvp.wic
+
+Now, it is time to test the SB for the Corstone-1000
+
+
+***********************************************************
+Steps to test SB on FVP
+***********************************************************
+Now, as mentioned in the previous section **Prepare EFI System Partition**, the ESP image will be used automatically in the Corstone-1000 FVP as the 2nd MMC card image. Change directory to your workspace and run the FVP as follows:
+
+::
+
+ kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm"
+
+When the script is executed, three terminal instances will be launched, one for the boot processor (aka Secure Enclave) processing element and two for the Host processing element. On the host side, stop the execution at the U-Boot prompt which looks like `corstone1000#`. There is a timeout of 3 seconds to stop the execution at the U-Boot prompt. At the U-Boot prompt, run the following commands:
+
+Set the current mmc device
+
+::
+
+ corstone1000# mmc dev 1
+
+Enroll the four UEFI Secureboot authenticated variables
+
+::
+
+ corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_keys/PK.auth && setenv -e -nv -bs -rt -at -i ${loadaddr}:$filesize PK
+ corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_keys/KEK.auth && setenv -e -nv -bs -rt -at -i ${loadaddr}:$filesize KEK
+ corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_keys/db.auth && setenv -e -nv -bs -rt -at -i ${loadaddr}:$filesize db
+ corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_keys/dbx.auth && setenv -e -nv -bs -rt -at -i ${loadaddr}:$filesize dbx
+
+Now, load the unsigned FVP kernel image and execute it. This unsigned kernel image should not boot and result as follows
+
+::
+
+ corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_fvp_images/Image_fvp
+ corstone1000# loadm $loadaddr $kernel_addr_r $filesize
+ corstone1000# bootefi $kernel_addr_r $fdtcontroladdr
+
+ Booting /MemoryMapped(0x0,0x88200000,0x236aa00)
+ Image not authenticated
+ Loading image failed
+
+The next step is to verify the signed linux kernel image. Load the signed kernel image and execute it as follows:
+
+::
+
+ corstone1000# load mmc 1:1 ${loadaddr} corstone1000_secureboot_fvp_images/Image_fvp.signed
+ corstone1000# loadm $loadaddr $kernel_addr_r $filesize
+ corstone1000# bootefi $kernel_addr_r $fdtcontroladdr
+
+The above set of commands should result in booting of signed linux kernel image successfully.
+
+
+***********************************************************
+Steps to test SB on MPS3 FPGA
+***********************************************************
+Now, as mentioned in the previous section **Prepare EFI System Partition**, the ESP image for MPS3 FPGA needs to be copied to the USB drive.
+Follow the steps mentioned in the same section for MPS3 FPGA to prepare the USB drive with the ESP image. The modified ESP image corresponds to MPS3 FPGA can be found at the location as mentioned before i.e. `_workspace/meta-arm/build/tmp/deploy/images/corstone1000-mps3/corstone1000-esp-image-corstone1000-mps3.wic`.
+Insert this USB drive to the MPS3 FPGA and boot, and stop the execution at the U-Boot prompt similar to the FVP. At the U-Boot prompt, run the following commands:
+
+Reset the USB
+
+::
+
+ corstone1000# usb reset
+ resetting USB...
+ Bus usb@40200000: isp1763 bus width: 16, oc: not available
+ USB ISP 1763 HW rev. 32 started
+ scanning bus usb@40200000 for devices... port 1 high speed
+ 3 USB Device(s) found
+ scanning usb for storage devices... 1 Storage Device(s) found
+
+**NOTE:** Sometimes, the usb reset doesn't recognize the USB device. It is recomended to rerun the usb reset command.
+
+Set the current USB device
+
+::
+
+ corstone1000# usb dev 0
+
+Enroll the four UEFI Secureboot authenticated variables
+
+::
+
+ corstone1000# load usb 0 $loadaddr corstone1000_secureboot_keys/PK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK
+ corstone1000# load usb 0 $loadaddr corstone1000_secureboot_keys/KEK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize KEK
+ corstone1000# load usb 0 $loadaddr corstone1000_secureboot_keys/db.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize db
+ corstone1000# load usb 0 $loadaddr corstone1000_secureboot_keys/dbx.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize dbx
+
+
+Now, load the unsigned MPS3 FPGA linux kernel image and execute it. This unsigned kernel image should not boot and result as follows
+
+::
+
+ corstone1000# load usb 0 $loadaddr corstone1000_secureboot_mps3_images/Image_mps3
+ corstone1000# loadm $loadaddr $kernel_addr_r $filesize
+ corstone1000# bootefi $kernel_addr_r $fdtcontroladdr
+
+ Booting /MemoryMapped(0x0,0x88200000,0x236aa00)
+ Image not authenticated
+ Loading image failed
+
+The next step is to verify the signed linux kernel image. Load the signed kernel image and execute it as follows:
+
+::
+
+ corstone1000# load usb 0 $loadaddr corstone1000_secureboot_mps3_images/Image_mps3.signed
+ corstone1000# loadm $loadaddr $kernel_addr_r $filesize
+ corstone1000# bootefi $kernel_addr_r $fdtcontroladdr
+
+The above set of commands should result in booting of signed linux kernel image successfully.
+
+***********************************************************
+Steps to disable Secureboot on both FVP and MPS3 FPGA
+***********************************************************
+Now, after testing the SB, UEFI authenticated variables get stored in the secure flash. When you try to reboot, the U-Boot will automatically read the UEFI authenticated variables and authenticates the images before executing them. In normal booting scenario, the linux kernel images will not be signed and hence this will not allow the system to boot, as image authentication will fail. We need to delete the Platform Key (one of the UEFI authenticated variable for SB) in order to disable the SB. At the U-Boot prompt, run the following commands.
+
+On the FVP
+
+::
+
+ corstone1000# mmc dev 1
+ corstone1000# load mmc 1:1 $loadaddr corstone1000_secureboot_keys/PK_delete.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK
+ corstone1000# boot
+
+On the MPS3 FPGA
+
+::
+
+ corstone1000# usb reset
+ corstone1000# usb dev 0
+ corstone1000# load usb 0 $loadaddr corstone1000_secureboot_keys/PK_delete.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize PK
+ corstone1000# boot
+
+The above commands will delete the Platform key (PK) and allow the normal system boot flow without SB.
+
+
+Testing the External System
+---------------------------
+
+During Linux boot the remoteproc subsystem automatically starts
+the external system.
+
+The external system can be switched on/off on demand with the following commands:
+
+::
+
+ echo stop > /sys/class/remoteproc/remoteproc0/state
+
+::
+
+ echo start > /sys/class/remoteproc/remoteproc0/state
Tests results
-------------
-As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2023.11) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2023.11>`__
-can be found `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__.
-
-Running the software on FVP on Windows or AArch64 Linux
-------------------------------------------------------------
-
-The user should follow the build instructions in this document to build on a Linux host machine. Then, copy the output binaries to the Windows or Aarch64 Linux machine where the FVP is located. Then, launch the FVP binary.
-
-Security Issue Reporting
-------------------------
-To report any security issues identified with Corstone-1000, please send an email to arm-security@arm.com.
+As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2024.06) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2024.06>`__
+can be found `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/CORSTONE1000-2024.06/embedded-a/corstone1000/CORSTONE1000-2024.06?ref_type=tags>`__.
--------------
diff --git a/meta-arm/meta-arm-bsp/documentation/n1sdp.md b/meta-arm/meta-arm-bsp/documentation/n1sdp.md
deleted file mode 100644
index d8661a5..0000000
--- a/meta-arm/meta-arm-bsp/documentation/n1sdp.md
+++ /dev/null
@@ -1,78 +0,0 @@
-# N1SDP Development Platform Support in meta-arm-bsp
-
-## Overview
-The N1SDP provides access to the Arm Neoverse N1 SoC. The N1SDP enables software development for key enterprise technology
-and general Arm software development. The N1SDP consists of the N1 board containing the N1 SoC.
-The N1 SoC contains two dual-core Arm Neoverse N1 processor clusters.
-
-The system demonstrates Arm technology in the context of Cache-Coherent Interconnect for Accelerators (CCIX) protocol by:
-
-- Running coherent traffic between the N1 SoC and an accelerator card.
-- Coherent communication between two N1 SoCs.
-- Enabling development of CCIX-enabled FPGA accelerators.
-
-Further information on N1SDP can be found at
-https://community.arm.com/developer/tools-software/oss-platforms/w/docs/458/neoverse-n1-sdp
-
-## Configuration:
-In the local.conf file, MACHINE should be set as follow:
-MACHINE ?= "n1sdp"
-
-## Building
-```bash$ bitbake core-image-minimal```
-
-## Running
-
-# Update Firmware on SD card:
-
-(*) To use n1sdp board in single chip mode, flash:
- n1sdp-board-firmware_primary.tar.gz firmware.
-
-(*) To use n1sdp board in multi chip mode, flash:
- n1sdp-board-firmware_primary.tar.gz firmware to primary board,
- n1sdp-board-firmware_secondary.tar.gz firmware to secondary board.
-
-The SD card content is generated during the build here:
- tmp/deploy/images/n1sdp/n1sdp-board-firmware_primary.tar.gz
- tmp/deploy/images/n1sdp/n1sdp-board-firmware_secondary.tar.gz
-
-
-Its content must be written on the N1SDP firmware SD card.
-To do this:
-- insert the sdcard of the N1SDP in an SD card reader and mount it:
-```bash$ sudo mount /dev/sdx1 /mnt```
-(replace sdx by the device of the SD card)
-
-- erase its content and put the new one:
-```bash$ sudo rm -rf /mnt/*```
-```bash$ sudo tar --no-same-owner -xzf tmp/deploy/images/n1sdp/n1sdp-board-firmware_primary.tar.gz -C /mnt/```
-```bash$ sudo umount /mnt```
-
-- reinsert the SD card in the N1SDP board
-
-Firmware tarball contains iofpga configuration files, scp and uefi binaries.
-
-**NOTE**:
-If the N1SDP board was manufactured after November 2019 (Serial Number greater
-than 36253xxx), a different PMIC firmware image must be used to prevent
-potential damage to the board. More details can be found in [1].
-The `MB/HBI0316A/io_v123f.txt` file located in the microSD needs to be updated.
-To update it, set the PMIC image (300k_8c2.bin) to be used in the newer models
-by running the following commands on your host PC:
-
- $ sudo umount /dev/sdx1
- $ sudo mount /dev/sdx1 /mnt
- $ sudo sed -i '/^MBPMIC: pms_0V85.bin/s/^/;/g' /mnt/MB/HBI0316A/io_v123f.txt
- $ sudo sed -i '/^;MBPMIC: 300k_8c2.bin/s/^;//g' /mnt/MB/HBI0316A/io_v123f.txt
- $ sudo umount /mnt
-
-# Prepare an USB hard drive:
-
-Grub boot partition is placed on first partition of the *.wic image,
-Linux root file system is placed on the second partition of the *.wic image:
- tmp/deploy/images/n1sdp/core-image-minimal-n1sdp.wic
-
-This *.wic image should be copied to USB stick with simple dd call.
-
-
-[1]: https://community.arm.com/developer/tools-software/oss-platforms/w/docs/604/notice-potential-damage-to-n1sdp-boards-if-using-latest-firmware-release
diff --git a/meta-arm/meta-arm-bsp/documentation/template.md b/meta-arm/meta-arm-bsp/documentation/template.md
index 7beeb59..6f47908 100644
--- a/meta-arm/meta-arm-bsp/documentation/template.md
+++ b/meta-arm/meta-arm-bsp/documentation/template.md
@@ -16,4 +16,4 @@
*A summary of how to deploy or execute the image*
-*For example, an overview of the N1SDP SD structure, or FVP arguments*
+*For example, an overview of FVP arguments*
diff --git a/meta-arm/meta-arm-bsp/lib/oeqa/runtime/cases/parselogs-ignores-sbsa-ref.txt b/meta-arm/meta-arm-bsp/lib/oeqa/runtime/cases/parselogs-ignores-sbsa-ref.txt
new file mode 100644
index 0000000..dd47799
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/lib/oeqa/runtime/cases/parselogs-ignores-sbsa-ref.txt
@@ -0,0 +1,5 @@
+# The release of EDK2 after 202402 should fix this
+NUMA: Failed to initialise from firmware
+
+# TODO: we should be using bochsdrm over efifb?
+efifb: cannot reserve video memory at 0x80000000
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_%.bbappend
new file mode 100644
index 0000000..0e2812e
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_%.bbappend
@@ -0,0 +1 @@
+COMPATIBLE_MACHINE:fvp-base = "fvp-base"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb
index 18649ce..8bd1161 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb
@@ -38,15 +38,20 @@
do_compile[cleandirs] = "${B}"
do_install() {
- install -D -p -m 0644 ${B}/product/${PRODUCT}/firmware/release/bin/firmware.bin ${D}/firmware/es_flashfw.bin
+ install -D -p -m 0644 ${B}/product/${PRODUCT}/firmware/release/bin/firmware.bin ${D}${nonarch_base_libdir}/firmware/es_flashfw.bin
+ install -D -p -m 0644 ${B}/product/${PRODUCT}/firmware/release/bin/firmware.elf ${D}${nonarch_base_libdir}/firmware/es_flashfw.elf
}
-FILES:${PN} = "/firmware"
-SYSROOT_DIRS += "/firmware"
+FILES:${PN} = "${nonarch_base_libdir}/firmware/es_flashfw.bin"
+FILES:${PN}-elf = "${nonarch_base_libdir}/firmware/es_flashfw.elf"
+PACKAGES += "${PN}-elf"
+INSANE_SKIP:${PN}-elf += "arch"
+
+SYSROOT_DIRS += "${nonarch_base_libdir}/firmware"
inherit deploy
do_deploy() {
- cp -rf ${D}/firmware/* ${DEPLOYDIR}/
+ cp -rf ${D}${nonarch_base_libdir}/firmware/* ${DEPLOYDIR}/
}
addtask deploy after do_install
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-esp-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-esp-image.bb
new file mode 100644
index 0000000..bd1a206
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-esp-image.bb
@@ -0,0 +1,25 @@
+SUMMARY = "Corstone1000 platform esp Image"
+DESCRIPTION = "This builds a simple image file that only contains an esp \
+ partition for use when running the SystemReady IR ACS tests."
+LICENSE = "MIT"
+
+COMPATIBLE_MACHINE = "corstone1000"
+
+# IMAGE_FSTYPES must be set before 'inherit image'
+# https://docs.yoctoproject.org/ref-manual/variables.html#term-IMAGE_FSTYPES
+IMAGE_FSTYPES = "wic"
+
+inherit image
+
+IMAGE_FEATURES = ""
+IMAGE_LINGUAS = ""
+
+PACKAGE_INSTALL = ""
+
+# This builds a very specific image so we can ignore any customization
+WKS_FILE = "efi-disk-esp-only.wks.in"
+WKS_FILE:firmware = "efi-disk-esp-only.wks.in"
+
+EXTRA_IMAGEDEPENDS = ""
+# Don't write an fvp configuration file for this image as it can't run
+IMAGE_POSTPROCESS_COMMAND:remove = "do_write_fvpboot_conf;"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc
index 2d19274..f959573 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-firmware-deploy-image.inc
@@ -3,7 +3,7 @@
FIRMWARE_BINARIES = "corstone1000-flash-firmware-image-${MACHINE}.wic \
bl1.bin \
es_flashfw.bin \
- corstone1000-flash-firmware-image-${MACHINE}.wic.uefi.capsule \
+ ${CAPSULE_NAME}.${CAPSULE_EXTENSION} \
corstone1000_capsule_cert.crt \
corstone1000_capsule_key.key \
"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb
index 73fc176..4a32192 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb
@@ -1,4 +1,4 @@
-SUMARY = "Corstone1000 platform Image"
+SUMMARY = "Corstone1000 platform Image"
DESCRIPTION = "This is the main image which is the container of all the binaries \
generated for the Corstone1000 platform."
LICENSE = "MIT"
@@ -12,10 +12,12 @@
inherit image
inherit tfm_sign_image
inherit uefi_capsule
+inherit deploy
DEPENDS += "external-system \
trusted-firmware-a \
trusted-firmware-m \
+ u-boot \
"
IMAGE_FEATURES = ""
@@ -23,9 +25,21 @@
PACKAGE_INSTALL = ""
-UEFI_FIRMWARE_BINARY = "${IMAGE_LINK_NAME}.${CAPSULE_IMGTYPE}"
-UEFI_CAPSULE_CONFIG = "${THISDIR}/files/${PN}-capsule-update-image.json"
-CAPSULE_IMGTYPE = "wic"
+# The generated ${MACHINE}_image.nopt is used instead of the default wic image
+# for the capsule generation. The uefi.capsule image type doesn't have to
+# depend on the wic because of this.
+#
+# The corstone1000_capsule_cert.crt and corstone1000_capsule_key.key are installed
+# by the U-Boot recipe so this recipe has to depend on that.
+CAPSULE_IMGTYPE = ""
+CAPSULE_CERTIFICATE_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_cert.crt"
+CAPSULE_GUID:corstone1000-fvp ?= "989f3a4e-46e0-4cd0-9877-a25c70c01329"
+CAPSULE_GUID:corstone1000-mps3 ?= "df1865d1-90fb-4d59-9c38-c9f2c1bba8cc"
+CAPSULE_IMGLOCATION = "${DEPLOY_DIR_IMAGE}"
+CAPSULE_INDEX = "1"
+CAPSULE_MONOTONIC_COUNT = "1"
+CAPSULE_PRIVATE_KEY_PATH = "${DEPLOY_DIR_IMAGE}/corstone1000_capsule_key.key"
+UEFI_FIRMWARE_BINARY = "${B}/${MACHINE}_image.nopt"
# TF-A settings for signing host images
TFA_BL2_BINARY = "bl2-corstone1000.bin"
@@ -38,6 +52,11 @@
TFM_SIGN_PRIVATE_KEY = "${libdir}/tfm-scripts/root-RSA-3072_1.pem"
RE_IMAGE_OFFSET = "0x1000"
+# Offsets for the .nopt image generation
+TFM_OFFSET = "102400"
+FIP_OFFSET = "479232"
+KERNEL_OFFSET = "2576384"
+
do_sign_images() {
# Sign TF-A BL2
sign_host_image ${RECIPE_SYSROOT}/firmware/${TFA_BL2_BINARY} \
@@ -56,3 +75,22 @@
do_sign_images[depends] = "\
fiptool-native:do_populate_sysroot \
"
+
+# This .nopt image is not the same as the one which is generated by meta-arm/meta-arm/classes/wic_nopt.bbclass.
+# The meta-arm/meta-arm/classes/wic_nopt.bbclass removes the partition table from the wic image, but keeps the
+# second bank. This function creates a no-partition image with only the first bank.
+create_nopt_image() {
+ dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/bl2_signed.bin of=${B}/${MACHINE}_image.nopt
+ dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/tfm_s_signed.bin of=${B}/${MACHINE}_image.nopt seek=${TFM_OFFSET}
+ dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/signed_fip-corstone1000.bin of=${B}/${MACHINE}_image.nopt seek=${FIP_OFFSET}
+ dd conv=notrunc bs=1 if=${DEPLOY_DIR_IMAGE}/Image.gz-initramfs-${MACHINE}.bin of=${B}/${MACHINE}_image.nopt seek=${KERNEL_OFFSET}
+}
+do_image_uefi_capsule[depends] += " linux-yocto:do_deploy"
+do_image_uefi_capsule[mcdepends] += " ${@bb.utils.contains('BBMULTICONFIG', 'firmware', 'mc::firmware:linux-yocto:do_deploy', '', d)}"
+do_image_uefi_capsule[prefuncs] += "create_nopt_image"
+
+do_deploy() {
+ install -m 0755 ${B}/${MACHINE}_image.nopt ${DEPLOYDIR}
+}
+
+addtask deploy after do_image_uefi_capsule
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-recovery-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-recovery-image.bb
new file mode 100644
index 0000000..5ee9adf
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-recovery-image.bb
@@ -0,0 +1,7 @@
+require recipes-core/images/core-image-minimal.bb
+
+# The core-image-minimal is used for the initramfs bundle for the
+# Corstone1000 but the testimage task caused hanging errors. This is
+# why the core-image-minimal is forked here so the testimage task can
+# be disabled as it is not relevant for the Corstone1000.
+IMAGE_CLASSES:remove = "testimage"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-flash-firmware-image-capsule-update-image.json b/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-flash-firmware-image-capsule-update-image.json
deleted file mode 100644
index 0f011ff..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-flash-firmware-image-capsule-update-image.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- "Payloads": [
- {
- "FwVersion": "5",
- "Guid": "e2bb9c06-70e9-4b14-97a3-5a7913176e3f",
- "LowestSupportedVersion": "1",
- "Payload": "$UEFI_FIRMWARE_BINARY",
- "UpdateImageIndex": "0"
- }
- ]
-}
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb
index 45f2ec7..0b17b02 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb
@@ -14,7 +14,7 @@
LINARO_RELEASE = "19.06"
-SRC_URI = "http://releases.linaro.org/members/arm/platforms/${LINARO_RELEASE}/juno-latest-oe-uboot.zip;subdir=${UNPACK_DIR} \
+SRC_URI = "http://releases.linaro.org/members/arm/platforms/${LINARO_RELEASE}/juno-latest-oe-uboot.zip;subdir=${S} \
file://images-r0.txt \
file://images-r1.txt \
file://images-r2.txt \
@@ -23,7 +23,8 @@
SRC_URI[md5sum] = "01b662b81fa409d55ff298238ad24003"
SRC_URI[sha256sum] = "b8a3909bb3bc4350a8771b863193a3e33b358e2a727624a77c9ecf13516cec82"
-UNPACK_DIR = "juno-firmware-${LINARO_RELEASE}"
+FIRMWARE_DIR = "juno-firmware-${LINARO_RELEASE}"
+S = "${UNPACKDIR}/${FIRMWARE_DIR}"
inherit deploy nopackages
@@ -33,23 +34,23 @@
# The ${D} is used as a temporary directory and we don't generate any
# packages for this recipe.
do_install() {
- cp -a ${WORKDIR}/${UNPACK_DIR} ${D}
+ cp -a ${S} ${D}/
cp -f ${RECIPE_SYSROOT}/firmware/bl1-juno.bin \
- ${D}/${UNPACK_DIR}/SOFTWARE/bl1.bin
+ ${D}/${FIRMWARE_DIR}/SOFTWARE/bl1.bin
cp -f ${RECIPE_SYSROOT}/firmware/fip-juno.bin \
- ${D}/${UNPACK_DIR}/SOFTWARE/fip.bin
+ ${D}/${FIRMWARE_DIR}/SOFTWARE/fip.bin
cp -f ${RECIPE_SYSROOT}/firmware/scp_romfw_bypass.bin \
- ${D}/${UNPACK_DIR}/SOFTWARE/scp_bl1.bin
+ ${D}/${FIRMWARE_DIR}/SOFTWARE/scp_bl1.bin
# u-boot environment file
- cp -f ${WORKDIR}/uEnv.txt ${D}/${UNPACK_DIR}/SOFTWARE/
+ cp -f ${UNPACKDIR}/uEnv.txt ${D}/${FIRMWARE_DIR}/SOFTWARE/
# Juno images list file
- cp -f ${WORKDIR}/images-r0.txt ${D}/${UNPACK_DIR}/SITE1/HBI0262B/images.txt
- cp -f ${WORKDIR}/images-r1.txt ${D}/${UNPACK_DIR}/SITE1/HBI0262C/images.txt
- cp -f ${WORKDIR}/images-r2.txt ${D}/${UNPACK_DIR}/SITE1/HBI0262D/images.txt
+ cp -f ${UNPACKDIR}/images-r0.txt ${D}/${FIRMWARE_DIR}/SITE1/HBI0262B/images.txt
+ cp -f ${UNPACKDIR}/images-r1.txt ${D}/${FIRMWARE_DIR}/SITE1/HBI0262C/images.txt
+ cp -f ${UNPACKDIR}/images-r2.txt ${D}/${FIRMWARE_DIR}/SITE1/HBI0262D/images.txt
}
do_deploy() {
@@ -59,18 +60,18 @@
# task.
for f in ${KERNEL_DEVICETREE}; do
install -m 755 -c ${DEPLOY_DIR_IMAGE}/$(basename $f) \
- ${D}/${UNPACK_DIR}/SOFTWARE/.
+ ${D}/${FIRMWARE_DIR}/SOFTWARE/
done
if [ "${INITRAMFS_IMAGE_BUNDLE}" -eq 1 ]; then
cp -L -f ${DEPLOY_DIR_IMAGE}/Image.gz-initramfs-juno.bin \
- ${D}/${UNPACK_DIR}/SOFTWARE/Image
+ ${D}/${FIRMWARE_DIR}/SOFTWARE/Image
else
- cp -L -f ${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE} ${D}/${UNPACK_DIR}/SOFTWARE/
+ cp -L -f ${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE} ${D}/${FIRMWARE_DIR}/SOFTWARE/
fi
# Compress the files
- tar -C ${D}/${UNPACK_DIR} -zcvf ${WORKDIR}/${PN}.tar.gz ./
+ tar -C ${D}/${FIRMWARE_DIR} -zcvf ${WORKDIR}/${PN}.tar.gz ./
# Deploy the compressed archive to the deploy folder
install -D -p -m0644 ${WORKDIR}/${PN}.tar.gz ${DEPLOYDIR}/${PN}.tar.gz
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/n1sdp-board-firmware_2022.06.22.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/n1sdp-board-firmware_2022.06.22.bb
deleted file mode 100644
index 1b502e5..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/images/n1sdp-board-firmware_2022.06.22.bb
+++ /dev/null
@@ -1,37 +0,0 @@
-SUMMARY = "Board Firmware binaries for N1SDP"
-SECTION = "firmware"
-
-LICENSE = "STM-SLA0044-Rev5"
-LIC_FILES_CHKSUM = "file://LICENSES/MB/STM.TXT;md5=1b74d8c842307d03c116f2d71cbf868a"
-
-inherit deploy
-
-INHIBIT_DEFAULT_DEPS = "1"
-
-PACKAGE_ARCH = "${MACHINE_ARCH}"
-COMPATIBLE_MACHINE = "n1sdp"
-
-SRC_URI = "git://git.gitlab.arm.com/arm-reference-solutions/board-firmware.git;protocol=https;branch=n1sdp"
-
-SRCREV = "70ba494265eee76747faff38264860c19e214540"
-PV .= "+git"
-
-S = "${WORKDIR}/git"
-
-INSTALL_DIR = "/n1sdp-board-firmware_source"
-
-do_install() {
- rm -rf ${S}/SOFTWARE
- install -d ${D}${INSTALL_DIR}
- cp -Rp --no-preserve=ownership ${S}/* ${D}${INSTALL_DIR}
-}
-
-FILES:${PN}-staticdev += " ${INSTALL_DIR}/LIB/sensor.a"
-FILES:${PN} = "${INSTALL_DIR}"
-SYSROOT_DIRS += "${INSTALL_DIR}"
-
-do_deploy() {
- install -d ${DEPLOYDIR}${INSTALL_DIR}
- cp -Rp --no-preserve=ownership ${S}/* ${DEPLOYDIR}${INSTALL_DIR}
-}
-addtask deploy after do_install before do_build
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/sdcard-image-n1sdp_0.1.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/sdcard-image-n1sdp_0.1.bb
deleted file mode 100644
index 3ed71c5..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/images/sdcard-image-n1sdp_0.1.bb
+++ /dev/null
@@ -1,85 +0,0 @@
-SUMMARY = "Firmware image recipe for generating SD-Card artifacts."
-
-inherit deploy nopackages
-
-DEPENDS = "trusted-firmware-a \
- virtual/control-processor-firmware \
- n1sdp-board-firmware"
-
-LICENSE = "MIT"
-PACKAGE_ARCH = "${MACHINE_ARCH}"
-COMPATIBLE_MACHINE = "n1sdp"
-RM_WORK_EXCLUDE += "${PN}"
-do_configure[noexec] = "1"
-do_compile[noexec] = "1"
-do_install[noexec] = "1"
-
-FIRMWARE_DIR = "n1sdp-board-firmware_source"
-PRIMARY_DIR = "${WORKDIR}/n1sdp-board-firmware_primary"
-SECONDARY_DIR = "${WORKDIR}/n1sdp-board-firmware_secondary"
-
-SOC_BINARIES = "mcp_fw.bin scp_fw.bin mcp_rom.bin scp_rom.bin"
-
-prepare_package() {
- cd ${WORKDIR}
-
- # Master/Primary
- cp -av ${RECIPE_SYSROOT}/${FIRMWARE_DIR}/* ${PRIMARY_DIR}
- mkdir -p ${PRIMARY_DIR}/SOFTWARE/
-
- # Copy FIP binary
- cp -v ${RECIPE_SYSROOT}/firmware/fip.bin ${PRIMARY_DIR}/SOFTWARE/
-
- # Copy SOC binaries
- for f in ${SOC_BINARIES}; do
- cp -v ${RECIPE_SYSROOT}/firmware/${f} ${PRIMARY_DIR}/SOFTWARE/
- done
-
- sed -i -e 's|^C2C_ENABLE.*|C2C_ENABLE: TRUE ;C2C enable TRUE/FALSE|' \
- ${PRIMARY_DIR}/MB/HBI0316A/io_v123f.txt
- sed -i -e 's|^C2C_SIDE.*|C2C_SIDE: MASTER ;C2C side SLAVE/MASTER|' \
- ${PRIMARY_DIR}/MB/HBI0316A/io_v123f.txt
- sed -i -e 's|.*SOCCON: 0x1170.*PLATFORM_CTRL.*|SOCCON: 0x1170 0x00000100 ;SoC SCC PLATFORM_CTRL|' \
- ${PRIMARY_DIR}/MB/HBI0316A/io_v123f.txt
-
- # Update load address for trusted boot
- sed -i -e '/^IMAGE4ADDRESS:/ s|0x60200000|0x64200000|' ${PRIMARY_DIR}/MB/HBI0316A/images.txt
- sed -i -e '/^IMAGE4UPDATE:/ s|FORCE |SCP_AUTO|' ${PRIMARY_DIR}/MB/HBI0316A/images.txt
- sed -i -e '/^IMAGE4FILE: \\SOFTWARE\\/s|uefi.bin|fip.bin |' ${PRIMARY_DIR}/MB/HBI0316A/images.txt
-
- # Slave/Secondary
- cp -av ${RECIPE_SYSROOT}/${FIRMWARE_DIR}/* ${SECONDARY_DIR}
- mkdir -p ${SECONDARY_DIR}/SOFTWARE/
-
- # Copy SOC binaries
- for f in ${SOC_BINARIES}; do
- cp -v ${RECIPE_SYSROOT}/firmware/${f} ${SECONDARY_DIR}/SOFTWARE/
- done
-
- sed -i -e 's|^C2C_ENABLE.*|C2C_ENABLE: TRUE ;C2C enable TRUE/FALSE|' \
- ${SECONDARY_DIR}/MB/HBI0316A/io_v123f.txt
- sed -i -e 's|^C2C_SIDE.*|C2C_SIDE: SLAVE ;C2C side SLAVE/MASTER|' \
- ${SECONDARY_DIR}/MB/HBI0316A/io_v123f.txt
- sed -i -e 's|.*SOCCON: 0x1170.*PLATFORM_CTRL.*|SOCCON: 0x1170 0x00000101 ;SoC SCC PLATFORM_CTRL|' \
- ${SECONDARY_DIR}/MB/HBI0316A/io_v123f.txt
- sed -i -e '/^TOTALIMAGES:/ s|5|4|' ${SECONDARY_DIR}/MB/HBI0316A/images.txt
- sed -i -e 's|^IMAGE4|;&|' ${SECONDARY_DIR}/MB/HBI0316A/images.txt
-}
-
-do_deploy() {
- # prepare Master & Slave packages
- prepare_package
-
- for dir in ${PRIMARY_DIR} ${SECONDARY_DIR}; do
- dir_name=$(basename ${dir})
- mkdir -p ${D}/${dir_name}
- cp -av ${dir} ${D}
-
- # Compress the files
- tar -C ${D}/${dir_name} -zcvf ${DEPLOYDIR}/${dir_name}.tar.gz ./
- done
-}
-do_deploy[dirs] += "${PRIMARY_DIR} ${SECONDARY_DIR}"
-do_deploy[cleandirs] += "${PRIMARY_DIR} ${SECONDARY_DIR}"
-do_deploy[umask] = "022"
-addtask deploy after do_prepare_recipe_sysroot
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc
deleted file mode 100644
index c89b132..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc
+++ /dev/null
@@ -1,35 +0,0 @@
-# N1SDP specific SCP configurations and build instructions
-
-COMPATIBLE_MACHINE:n1sdp = "n1sdp"
-
-SCP_LOG_LEVEL = "INFO"
-
-DEPENDS += "fiptool-native"
-DEPENDS += "trusted-firmware-a"
-DEPENDS += "n1sdp-board-firmware"
-
-# The n1sdp sensor library is needed for building SCP N1SDP Platform
-# https://github.com/ARM-software/SCP-firmware/tree/master/product/n1sdp
-EXTRA_OECMAKE:append = " \
- -DSCP_N1SDP_SENSOR_LIB_PATH=${RECIPE_SYSROOT}/n1sdp-board-firmware_source/LIB/sensor.a \
-"
-
-do_install:append() {
- fiptool \
- create \
- --scp-fw "${D}/firmware/scp_ramfw.bin" \
- --blob uuid=cfacc2c4-15e8-4668-82be-430a38fad705,file="${RECIPE_SYSROOT}/firmware/bl1.bin" \
- "scp_fw.bin"
-
- # This UUID is FIP_UUID_MCP_BL2 in SCP-Firmware.
- fiptool \
- create \
- --blob uuid=54464222-a4cf-4bf8-b1b6-cee7dade539e,file="${D}/firmware/mcp_ramfw.bin" \
- "mcp_fw.bin"
-
- install "scp_fw.bin" "${D}/firmware/scp_fw.bin"
- install "mcp_fw.bin" "${D}/firmware/mcp_fw.bin"
-
- ln -sf "scp_romfw.bin" "${D}/firmware/scp_rom.bin"
- ln -sf "mcp_romfw.bin" "${D}/firmware/mcp_rom.bin"
-}
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware_%.bbappend
index bb1a48c..4421e79 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware_%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware_%.bbappend
@@ -3,7 +3,6 @@
MACHINE_SCP_REQUIRE ?= ""
MACHINE_SCP_REQUIRE:juno = "scp-firmware-juno.inc"
-MACHINE_SCP_REQUIRE:n1sdp = "scp-firmware-n1sdp.inc"
MACHINE_SCP_REQUIRE:sgi575 = "scp-firmware-sgi575.inc"
MACHINE_SCP_REQUIRE:tc = "scp-firmware-tc.inc"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch
new file mode 100644
index 0000000..6028204
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch
@@ -0,0 +1,92 @@
+From 19600e6718e1a5b2ac8ec27d471acdafce0e433e Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <Emekcan.Aras@arm.com>
+Date: Thu, 25 Apr 2024 11:30:58 +0100
+Subject: [PATCH] fix(corstone1000): remove unused NS_SHARED_RAM region
+
+After enabling additional features in Trusted Services, the size of BL32 image
+(OP-TEE + Trusted Services SPs) is larger now. To create more space in secure RAM
+for BL32 image, this patch removes NS_SHARED_RAM region which is not currently used by
+corstone1000 platform.
+
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+Upstream-Status: Pending
+---
+ .../corstone1000/common/corstone1000_plat.c | 1 -
+ .../common/include/platform_def.h | 19 +------------------
+ 2 files changed, 1 insertion(+), 19 deletions(-)
+
+diff --git a/plat/arm/board/corstone1000/common/corstone1000_plat.c b/plat/arm/board/corstone1000/common/corstone1000_plat.c
+index ed3801caa..a9475859a 100644
+--- a/plat/arm/board/corstone1000/common/corstone1000_plat.c
++++ b/plat/arm/board/corstone1000/common/corstone1000_plat.c
+@@ -23,7 +23,6 @@
+
+ const mmap_region_t plat_arm_mmap[] = {
+ ARM_MAP_SHARED_RAM,
+- ARM_MAP_NS_SHARED_RAM,
+ ARM_MAP_NS_DRAM1,
+ CORSTONE1000_MAP_DEVICE,
+ CORSTONE1000_EXTERNAL_FLASH,
+diff --git a/plat/arm/board/corstone1000/common/include/platform_def.h b/plat/arm/board/corstone1000/common/include/platform_def.h
+index 442d187f0..18fce4486 100644
+--- a/plat/arm/board/corstone1000/common/include/platform_def.h
++++ b/plat/arm/board/corstone1000/common/include/platform_def.h
+@@ -90,9 +90,6 @@
+ * partition size: 176 KB
+ * content: BL2
+ *
+- * <ARM_NS_SHARED_RAM_BASE> = <ARM_TRUSTED_SRAM_BASE> + 1 MB
+- * partition size: 512 KB
+- * content: BL33 (u-boot)
+ */
+
+ /* DDR memory */
+@@ -117,11 +114,7 @@
+ /* The remaining Trusted SRAM is used to load the BL images */
+ #define TOTAL_SRAM_SIZE (SZ_4M) /* 4 MB */
+
+-/* Last 512KB of CVM is allocated for shared RAM as an example openAMP */
+-#define ARM_NS_SHARED_RAM_SIZE (512 * SZ_1K)
+-
+ #define PLAT_ARM_TRUSTED_SRAM_SIZE (TOTAL_SRAM_SIZE - \
+- ARM_NS_SHARED_RAM_SIZE - \
+ ARM_SHARED_RAM_SIZE)
+
+ #define PLAT_ARM_MAX_BL2_SIZE (180 * SZ_1K) /* 180 KB */
+@@ -160,11 +153,6 @@
+
+ /* NS memory */
+
+-/* The last 512KB of the SRAM is allocated as shared memory */
+-#define ARM_NS_SHARED_RAM_BASE (ARM_TRUSTED_SRAM_BASE + TOTAL_SRAM_SIZE - \
+- (PLAT_ARM_MAX_BL31_SIZE + \
+- PLAT_ARM_MAX_BL32_SIZE))
+-
+ #define BL33_BASE ARM_DRAM1_BASE
+ #define PLAT_ARM_MAX_BL33_SIZE (12 * SZ_1M) /* 12 MB*/
+ #define BL33_LIMIT (ARM_DRAM1_BASE + PLAT_ARM_MAX_BL33_SIZE)
+@@ -266,7 +254,7 @@
+ #define PLAT_ARM_TRUSTED_MAILBOX_BASE ARM_TRUSTED_SRAM_BASE
+ #define PLAT_ARM_NSTIMER_FRAME_ID U(1)
+
+-#define PLAT_ARM_NS_IMAGE_BASE (ARM_NS_SHARED_RAM_BASE)
++#define PLAT_ARM_NS_IMAGE_BASE (BL33_BASE)
+
+ #define PLAT_PHY_ADDR_SPACE_SIZE (1ULL << 32)
+ #define PLAT_VIRT_ADDR_SPACE_SIZE (1ULL << 32)
+@@ -295,11 +283,6 @@
+ ARM_SHARED_RAM_SIZE, \
+ MT_MEMORY | MT_RW | MT_SECURE)
+
+-#define ARM_MAP_NS_SHARED_RAM MAP_REGION_FLAT( \
+- ARM_NS_SHARED_RAM_BASE, \
+- ARM_NS_SHARED_RAM_SIZE, \
+- MT_MEMORY | MT_RW | MT_NS)
+-
+ #define ARM_MAP_NS_DRAM1 MAP_REGION_FLAT( \
+ ARM_NS_DRAM1_BASE, \
+ ARM_NS_DRAM1_SIZE, \
+--
+2.25.1
+
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0005-fix-corstone1000-clean-the-cache-and-disable-interru.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0005-fix-corstone1000-clean-the-cache-and-disable-interru.patch
new file mode 100644
index 0000000..a45b657
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0005-fix-corstone1000-clean-the-cache-and-disable-interru.patch
@@ -0,0 +1,46 @@
+From 37f92eeb4361626072e690adb3b0bb20db7c2fca Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <Emekcan.Aras@arm.com>
+Date: Wed, 15 May 2024 13:54:51 +0100
+Subject: [PATCH] fix(corstone1000): clean the cache and disable interrupt
+ before system reset
+
+Corstone1000 does not properly clean the cache and disable gic interrupts
+before the reset. This causes a race condition especially in FVP after reset.
+This adds proper sequence before resetting the platform.
+
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+Upstream-Status: Pending
+---
+ plat/arm/board/corstone1000/common/corstone1000_pm.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/plat/arm/board/corstone1000/common/corstone1000_pm.c b/plat/arm/board/corstone1000/common/corstone1000_pm.c
+index 4b0a791e7..a52e945bf 100644
+--- a/plat/arm/board/corstone1000/common/corstone1000_pm.c
++++ b/plat/arm/board/corstone1000/common/corstone1000_pm.c
+@@ -7,6 +7,7 @@
+ #include <lib/psci/psci.h>
+ #include <plat/arm/common/plat_arm.h>
+ #include <platform_def.h>
++#include <drivers/arm/gicv2.h>
+ /*******************************************************************************
+ * Export the platform handlers via plat_arm_psci_pm_ops. The ARM Standard
+ * platform layer will take care of registering the handlers with PSCI.
+@@ -18,6 +19,14 @@ static void __dead2 corstone1000_system_reset(void)
+ uint32_t volatile * const watchdog_ctrl_reg = (uint32_t *) SECURE_WATCHDOG_ADDR_CTRL_REG;
+ uint32_t volatile * const watchdog_val_reg = (uint32_t *) SECURE_WATCHDOG_ADDR_VAL_REG;
+
++ /* Flush and invalidate data cache */
++ dcsw_op_all(DCCISW);
++ /*
++ * Disable GIC CPU interface to prevent pending interrupt
++ * from waking up the AP from WFI.
++ */
++ gicv2_cpuif_disable();
++
+ *(watchdog_val_reg) = SECURE_WATCHDOG_COUNTDOWN_VAL;
+ *watchdog_ctrl_reg = SECURE_WATCHDOG_MASK_ENABLE;
+ while (1) {
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0006-feat-corstone1000-Add-multicore-support-for-FVP-plat.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0006-feat-corstone1000-Add-multicore-support-for-FVP-plat.patch
new file mode 100644
index 0000000..34630442
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0006-feat-corstone1000-Add-multicore-support-for-FVP-plat.patch
@@ -0,0 +1,162 @@
+From bd975fbcff8886b3d3ed3268d7b6fa41bd7fba2d Mon Sep 17 00:00:00 2001
+From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
+Date: Thu, 9 May 2024 16:59:34 +0000
+Subject: [PATCH] feat(corstone1000): add multicore support for fvp
+
+This changeset adds the multicore support for the Corstone-1000 FVP.
+It adds the PSCI CPU_ON and CPU_ON_FINISH power domain functionalities
+for the secondary cores.
+
+Upstream-Status: Backport [https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/29176]
+Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
+---
+ .../common/corstone1000_helpers.S | 26 +++++++++++
+ .../corstone1000/common/corstone1000_pm.c | 43 ++++++++++++++++++-
+ .../common/include/platform_def.h | 15 ++++++-
+ plat/arm/board/corstone1000/platform.mk | 8 ++++
+ 4 files changed, 90 insertions(+), 2 deletions(-)
+
+diff --git a/plat/arm/board/corstone1000/common/corstone1000_helpers.S b/plat/arm/board/corstone1000/common/corstone1000_helpers.S
+index cbe27c3b5..90dc4fee6 100644
+--- a/plat/arm/board/corstone1000/common/corstone1000_helpers.S
++++ b/plat/arm/board/corstone1000/common/corstone1000_helpers.S
+@@ -21,8 +21,34 @@
+ * --------------------------------------------------------------------
+ */
+ func plat_secondary_cold_boot_setup
++#if defined(CORSTONE1000_FVP_MULTICORE)
++
++ /* Calculate the address of our hold entry */
++ bl plat_my_core_pos
++ lsl x0, x0, #CORSTONE1000_SECONDARY_CORE_HOLD_SHIFT
++ mov_imm x2, CORSTONE1000_SECONDARY_CORE_HOLD_BASE
++
++ /* Set the wait state for the secondary core */
++ mov_imm x3, CORSTONE1000_SECONDARY_CORE_STATE_WAIT
++ str x3, [x2, x0]
++ dmb ish
++
++ /* Poll until the primary core signals to go */
++poll_mailbox:
++ ldr x1, [x2, x0]
++ cmp x1, #CORSTONE1000_SECONDARY_CORE_STATE_WAIT
++ beq 1f
++ mov_imm x0, PLAT_ARM_TRUSTED_MAILBOX_BASE
++ ldr x1, [x0]
++ br x1
++1:
++ wfe
++ b poll_mailbox
++#else
+ cb_panic:
+ b cb_panic
++#endif
++
+ endfunc plat_secondary_cold_boot_setup
+
+ /* ---------------------------------------------------------------------
+diff --git a/plat/arm/board/corstone1000/common/corstone1000_pm.c b/plat/arm/board/corstone1000/common/corstone1000_pm.c
+index 4b0a791e7..9cd384e18 100644
+--- a/plat/arm/board/corstone1000/common/corstone1000_pm.c
++++ b/plat/arm/board/corstone1000/common/corstone1000_pm.c
+@@ -24,10 +24,51 @@ static void __dead2 corstone1000_system_reset(void)
+ wfi();
+ }
+ }
++#if defined(CORSTONE1000_FVP_MULTICORE)
++int corstone1000_validate_ns_entrypoint(uintptr_t entrypoint)
++{
++ /*
++ * Check if the non secure entrypoint lies within the non
++ * secure DRAM.
++ */
++ if ((entrypoint >= ARM_NS_DRAM1_BASE) && (entrypoint < (ARM_NS_DRAM1_BASE + ARM_NS_DRAM1_SIZE))) {
++ return PSCI_E_SUCCESS;
++ }
++ return PSCI_E_INVALID_ADDRESS;
++}
++
++int corstone1000_pwr_domain_on(u_register_t mpidr)
++{
++ int core_index = plat_core_pos_by_mpidr(mpidr);
++ uint64_t *secondary_core_hold_base = (uint64_t *)CORSTONE1000_SECONDARY_CORE_HOLD_BASE;
++
++ /* Validate the core index */
++ if ((core_index < 0) || (core_index > PLATFORM_CORE_COUNT)) {
++ return PSCI_E_INVALID_PARAMS;
++ }
++ secondary_core_hold_base[core_index] = CORSTONE1000_SECONDARY_CORE_STATE_GO;
++ dsbish();
++ sev();
++
++ return PSCI_E_SUCCESS;
++}
+
++void corstone1000_pwr_domain_on_finish(const psci_power_state_t *target_state)
++{
++ (void)target_state;
++ plat_arm_gic_init();
++}
++#endif
+ plat_psci_ops_t plat_arm_psci_pm_ops = {
++#if defined(CORSTONE1000_FVP_MULTICORE)
++ .pwr_domain_on = corstone1000_pwr_domain_on,
++ .pwr_domain_on_finish = corstone1000_pwr_domain_on_finish,
++ .validate_ns_entrypoint = corstone1000_validate_ns_entrypoint,
++ .system_reset = corstone1000_system_reset,
++#else
++ .validate_ns_entrypoint = NULL,
+ .system_reset = corstone1000_system_reset,
+- .validate_ns_entrypoint = NULL
++#endif
+ };
+
+ const plat_psci_ops_t *plat_arm_psci_override_pm_ops(plat_psci_ops_t *ops)
+diff --git a/plat/arm/board/corstone1000/common/include/platform_def.h b/plat/arm/board/corstone1000/common/include/platform_def.h
+index 35bb6ad5c..56e124f96 100644
+--- a/plat/arm/board/corstone1000/common/include/platform_def.h
++++ b/plat/arm/board/corstone1000/common/include/platform_def.h
+@@ -251,7 +251,20 @@
+ */
+ #define ARM_LOCAL_STATE_OFF U(2)
+
+-#define PLAT_ARM_TRUSTED_MAILBOX_BASE ARM_TRUSTED_SRAM_BASE
++#define PLAT_ARM_TRUSTED_MAILBOX_BASE ARM_TRUSTED_SRAM_BASE
++
++#if defined(CORSTONE1000_FVP_MULTICORE)
++/* The secondary core entrypoint address points to bl31_warm_entrypoint
++ * and the address size is 8 bytes */
++#define CORSTONE1000_SECONDARY_CORE_ENTRYPOINT_ADDRESS_SIZE UL(0x8)
++
++#define CORSTONE1000_SECONDARY_CORE_HOLD_BASE (PLAT_ARM_TRUSTED_MAILBOX_BASE + \
++ CORSTONE1000_SECONDARY_CORE_ENTRYPOINT_ADDRESS_SIZE)
++#define CORSTONE1000_SECONDARY_CORE_STATE_WAIT ULL(0)
++#define CORSTONE1000_SECONDARY_CORE_STATE_GO ULL(1)
++#define CORSTONE1000_SECONDARY_CORE_HOLD_SHIFT ULL(3)
++#endif
++
+ #define PLAT_ARM_NSTIMER_FRAME_ID U(1)
+
+ #define PLAT_ARM_NS_IMAGE_BASE (BL33_BASE)
+diff --git a/plat/arm/board/corstone1000/platform.mk b/plat/arm/board/corstone1000/platform.mk
+index dcd0df844..71b7f324c 100644
+--- a/plat/arm/board/corstone1000/platform.mk
++++ b/plat/arm/board/corstone1000/platform.mk
+@@ -31,6 +31,14 @@ override NEED_BL31 := yes
+ NEED_BL32 := yes
+ override NEED_BL33 := yes
+
++ENABLE_MULTICORE := 0
++ifneq ($(filter ${TARGET_PLATFORM}, fvp),)
++ifeq (${ENABLE_MULTICORE},1)
++$(eval $(call add_define,CORSTONE1000_FVP_MULTICORE))
++endif
++endif
++
++
+ # Include GICv2 driver files
+ include drivers/arm/gic/v2/gicv2.mk
+
+--
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/optee_spmc_maifest.dts b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/optee_spmc_maifest.dts
new file mode 100644
index 0000000..748da30
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/optee_spmc_maifest.dts
@@ -0,0 +1,116 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+/*
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+ */
+
+
+/*
+ * The content of the SPMC manifest may depend on integration settings like the
+ * set of deployed SP. This information lives in the integration system and
+ * hence this file should be store in meta-arm. This avoids indirect
+ * dependencies between integration systems using the same file which would
+ * enforce some from of cooperation.
+ */
+
+/dts-v1/;
+
+/ {
+ compatible = "arm,ffa-core-manifest-1.0";
+ #address-cells = <2>;
+ #size-cells = <1>;
+
+ attribute {
+ spmc_id = <0x8000>;
+ maj_ver = <0x1>;
+ min_ver = <0x0>;
+ exec_state = <0x0>;
+ load_address = <0x0 0x6000000>;
+ entrypoint = <0x0 0x6000000>;
+ binary_size = <0x80000>;
+ };
+
+/*
+ * This file will be preprocessed by TF-A's build system. If Measured Boot is
+ * enabled in TF-A's config, the build system will add the MEASURED_BOOT=1 macro
+ * to the preprocessor arguments.
+ */
+#if MEASURED_BOOT
+ tpm_event_log {
+ compatible = "arm,tpm_event_log";
+ tpm_event_log_addr = <0x0 0x0>;
+ tpm_event_log_size = <0x0>;
+ tpm_event_log_max_size = <0x0>;
+ };
+#endif
+
+/* If the ARM_BL2_SP_LIST_DTS is defined, SPs should be loaded from FIP */
+#ifdef ARM_BL2_SP_LIST_DTS
+ sp_packages {
+ compatible = "arm,sp_pkg";
+#if !SPMC_TESTS
+ block_storage {
+ uuid = <0x806e6463 0x2f4652eb 0xdf8c4fac 0x9c518739>;
+ load-address = <0x0 0x7a00000>;
+ };
+ internal_trusted_storage {
+ uuid = <0x48ef1edc 0xcf4c7ab1 0xcfdf8bac 0x141b71f7>;
+ load-address = <0x0 0x7a80000>;
+ };
+
+ protected_storage_sp {
+ uuid = <0x01f81b75 0x6847de3d 0x100f14a5 0x9017edae>;
+ load-address = <0x0 0x7b00000>;
+ };
+
+ crypto_sp {
+ uuid = <0xd552dfd9 0xb24ba216 0x6dd2a49a 0xc0e8843b>;
+ load-address = <0x0 0x7b80000>;
+ };
+
+#if MEASURED_BOOT
+ initial_attestation_sp {
+ uuid = <0x55f1baa1 0x95467688 0x95547c8f 0x74b98d5e>;
+ load-address = <0x0 0x7c80000>;
+ };
+#endif
+
+#if TS_SMM_GATEWAY
+ smm_gateway {
+ uuid = <0x33d532ed 0x0942e699 0x722dc09c 0xa798d9cd>;
+ load-address = <0x0 0x7d00000>;
+ };
+#endif /* TS_SMM_GATEWAY */
+
+#if TS_FW_UPDATE
+ fwu {
+ uuid = <0x38a82368 0x0e47061b 0xce0c7497 0xfd53fb8b>;
+ load-address = <0x0 0x7d80000>;
+ };
+#endif /* TS_FW_UPDATE */
+
+#else /* SPMC_TESTS */
+ test_sp1 {
+ uuid = <0xc3db9e5c 0x67433a7b 0x197c839f 0x376ae81a>;
+ load-address = <0x0 0x7a00000>;
+ };
+
+ test_sp2 {
+ uuid = <0x4c161778 0x1a4d0cc4 0xb29b7a86 0x1af48c27>;
+ load-address = <0x0 0x7a20000>;
+ };
+
+ test_sp3 {
+ uuid = <0x0001eb23 0x97442ae3 0x112f5290 0xa6af84e5>;
+ load-address = <0x0 0x7a40000>;
+ };
+
+ test_sp4 {
+ /* SP binary UUID */
+ uuid = <0xed623742 0x6f407277 0x270cd899 0xf8bb0ada>;
+ load-address = <0x0 0x7a80000>;
+ };
+#endif /* SPMC_TESTS */
+
+ };
+#endif /* ARM_BL2_SP_LIST_DTS */
+};
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch
deleted file mode 100644
index ce2d059..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 2d305094f8f500362079e9e7637d46129bf980e4 Mon Sep 17 00:00:00 2001
-From: Adam Johnston <adam.johnston@arm.com>
-Date: Tue, 25 Jul 2023 16:05:51 +0000
-Subject: [PATCH] n1sdp: Reserve OP-TEE memory from NWd
-
-The physical memory which is used to run OP-TEE on the N1SDP is known
-to the secure world via TOS_FW_CONFIG, but it may not be known to the
-normal world.
-
-As a precaution, explicitly reserve this memory via NT_FW_CONFIG to
-prevent the normal world from using it. This is not required on most
-platforms as the Trusted OS is run from secure RAM.
-
-Upstream-Status: Pending (not yet submitted to upstream)
-Signed-off-by: Adam Johnston <adam.johnston@arm.com>
-Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
----
- plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts b/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts
-index da5e04ddb6..b7e2d4e86f 100644
---- a/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts
-+++ b/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts
-@@ -20,4 +20,16 @@
- local-ddr-size = <0x0>;
- remote-ddr-size = <0x0>;
- };
-+
-+ reserved-memory {
-+ #address-cells = <2>;
-+ #size-cells = <2>;
-+ ranges;
-+
-+ optee@0xDE000000 {
-+ compatible = "removed-dma-pool";
-+ reg = <0x0 0xDE000000 0x0 0x02000000>;
-+ no-map;
-+ };
-+ };
- };
-\ No newline at end of file
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-n1sdp-tftf-tests-to-skip.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-n1sdp-tftf-tests-to-skip.patch
deleted file mode 100644
index b31567c..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-n1sdp-tftf-tests-to-skip.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From cc0153b56d634aa80b740be5afed15bedb94a2c9 Mon Sep 17 00:00:00 2001
-From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
-Date: Tue, 23 Jan 2024 14:19:39 +0000
-Subject: [PATCH] n1sdp patch tests to skip
-
-Upstream-Status: Pending
-Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
----
- plat/arm/n1sdp/tests_to_skip.txt | 15 ++++++++++-----
- 1 file changed, 10 insertions(+), 5 deletions(-)
-
-diff --git a/plat/arm/n1sdp/tests_to_skip.txt b/plat/arm/n1sdp/tests_to_skip.txt
-index b6e87bf..1848408 100644
---- a/plat/arm/n1sdp/tests_to_skip.txt
-+++ b/plat/arm/n1sdp/tests_to_skip.txt
-@@ -11,7 +11,7 @@ SMMUv3 tests
- PSCI CPU Suspend in OSI mode
-
- # PSCI is enabled but not tested
--PSCI STAT/Stats test cases after system suspend
-+PSCI STAT
- PSCI System Suspend Validation
-
- # Disable FF-A Interrupt tests as TWDOG is not supported by TC platform
-@@ -25,9 +25,14 @@ FF-A Interrupt
- # files in TFTF, since the port was done purely to test the spectre workaround
- # performance impact. Once that was done no further work was done on the port.
-
--Timer framework Validation/Target timer to a power down cpu
--Timer framework Validation/Test scenario where multiple CPUs call same timeout
--Timer framework Validation/Stress test the timer framework
-+Timer framework Validation
- PSCI Affinity Info/Affinity info level0 powerdown
- PSCI CPU Suspend
--PSCI STAT/for valid composite state CPU suspend
-+Framework Validation/NVM serialisation
-+Framework Validation/Events API
-+Boot requirement tests
-+CPU Hotplug
-+ARM_ARCH_SVC/SMCCC_ARCH_WORKAROUND_1 test
-+ARM_ARCH_SVC/SMCCC_ARCH_WORKAROUND_2 test
-+ARM_ARCH_SVC/SMCCC_ARCH_WORKAROUND_3 test
-+FF-A Power management
---
-2.34.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0002-Modify-BL32-Location-to-DDR4.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0002-Modify-BL32-Location-to-DDR4.patch
deleted file mode 100644
index 8b2be19..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0002-Modify-BL32-Location-to-DDR4.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 15dab90c3cb8e7677c4f953c2269e8ee1afa01b0 Mon Oct 2 13:45:43 2023
-From: Mariam Elshakfy <mariam.elshakfy@arm.com>
-Date: Mon, 2 Oct 2023 13:45:43 +0000
-Subject: [PATCH] Modify BL32 Location to DDR4
-
-Since OP-TEE start address is changed to run
-from DDR4, this patch changes BL32 entrypoint
-to the correct one.
-
-Upstream-Status: Pending (not yet submitted to upstream)
-Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
----
- plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts b/plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts
-index ed870803c..797dfe3a4 100644
---- a/plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts
-+++ b/plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts
-@@ -22,8 +22,8 @@
- maj_ver = <0x1>;
- min_ver = <0x0>;
- exec_state = <0x0>;
-- load_address = <0x0 0x08000000>;
-- entrypoint = <0x0 0x08000000>;
-+ load_address = <0x0 0xDE000000>;
-+ entrypoint = <0x0 0xDE000000>;
- binary_size = <0x2000000>;
- };
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0003-Modify-SPMC-Base-to-DDR4.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0003-Modify-SPMC-Base-to-DDR4.patch
deleted file mode 100644
index 9e32717..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0003-Modify-SPMC-Base-to-DDR4.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 9a1d11b9fbadf740c73aee6dca4fd0370b38e4a8 Tue Oct 3 13:49:13 2023
-From: Mariam Elshakfy <mariam.elshakfy@arm.com>
-Date: Tue, 3 Oct 2023 13:49:13 +0000
-Subject: [PATCH] Modify SPMC Base to DDR4
-
-Since OP-TEE start address is changed to run
-from DDR4, this patch changes SPMC base to
-the correct one.
-
-Upstream-Status: Pending (not yet submitted to upstream)
-Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
----
- plat/arm/board/n1sdp/include/platform_def.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/plat/arm/board/n1sdp/include/platform_def.h b/plat/arm/board/n1sdp/include/platform_def.h
-index b3799a7b2..b12c61b61 100644
---- a/plat/arm/board/n1sdp/include/platform_def.h
-+++ b/plat/arm/board/n1sdp/include/platform_def.h
-@@ -118,7 +118,7 @@
-
- #define PLAT_ARM_MAX_BL31_SIZE UL(0x40000)
-
--#define PLAT_ARM_SPMC_BASE U(0x08000000)
-+#define PLAT_ARM_SPMC_BASE U(0xDE000000)
- #define PLAT_ARM_SPMC_SIZE UL(0x02000000) /* 32 MB */
-
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.8.6.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.8.6.bb
deleted file mode 100644
index 02f3387..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.8.6.bb
+++ /dev/null
@@ -1,33 +0,0 @@
-# Firmware Image Package (FIP)
-# It is a packaging format used by TF-A to package the
-# firmware images in a single binary.
-
-DESCRIPTION = "fiptool - Trusted Firmware tool for packaging"
-LICENSE = "BSD-3-Clause"
-
-SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https"
-SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}"
-LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
-
-# Use fiptool from TF-A v2.8.6
-SRCREV = "ff0bd5f9bb2ba2f31fb9cec96df917747af9e92d"
-SRCBRANCH = "lts-v2.8"
-
-DEPENDS += "openssl-native"
-
-inherit native
-
-EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}"
-
-do_compile () {
- # This is still needed to have the native fiptool executing properly by
- # setting the RPATH
- sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile
- sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile
-
- oe_runmake fiptool
-}
-
-do_install () {
- install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool
-}
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.9.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.9.0.bb
deleted file mode 100644
index 58ee1dc..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.9.0.bb
+++ /dev/null
@@ -1,33 +0,0 @@
-# Firmware Image Package (FIP)
-# It is a packaging format used by TF-A to package the
-# firmware images in a single binary.
-
-DESCRIPTION = "fiptool - Trusted Firmware tool for packaging"
-LICENSE = "BSD-3-Clause"
-
-SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https"
-SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}"
-LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
-
-# Use fiptool from TF-A v2.9.0
-SRCREV = "d3e71ead6ea5bc3555ac90a446efec84ef6c6122"
-SRCBRANCH = "master"
-
-DEPENDS += "openssl-native"
-
-inherit native
-
-EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}"
-
-do_compile () {
- # This is still needed to have the native fiptool executing properly by
- # setting the RPATH
- sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile
- sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile
-
- oe_runmake fiptool
-}
-
-do_install () {
- install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool
-}
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend
index ec1158c..8cb5a4c 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend
@@ -1,16 +1,6 @@
# Machine specific TFAs
-FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
-
COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
EXTRA_OEMAKE:append:corstone1000 = " DEBUG=0"
EXTRA_OEMAKE:append:corstone1000 = " LOG_LEVEL=30"
TFTF_MODE:corstone1000 = "release"
-
-COMPATIBLE_MACHINE:n1sdp = "n1sdp"
-EXTRA_OEMAKE:append:n1sdp = " DEBUG=1"
-EXTRA_OEMAKE:append:n1sdp = " LOG_LEVEL=50"
-TFTF_MODE:n1sdp = "debug"
-SRC_URI:append:n1sdp = " \
- file://0001-n1sdp-tftf-tests-to-skip.patch \
- "
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bb
deleted file mode 100644
index 160ada6..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bb
+++ /dev/null
@@ -1,57 +0,0 @@
-DESCRIPTION = "Trusted Firmware-A tests(aka TFTF)"
-LICENSE = "BSD-3-Clause & NCSA"
-
-LIC_FILES_CHKSUM += "file://docs/license.rst;md5=6175cc0aa2e63b6d21a32aa0ee7d1b4a"
-
-inherit deploy
-
-COMPATIBLE_MACHINE ?= "invalid"
-
-SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https"
-SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \
- file://tf-a-tests-no-warn-rwx-segments.patch"
-SRCBRANCH = "lts-v2.8"
-SRCREV = "85442d2943440718c2c2c9c5c690202b4b4f5725"
-
-DEPENDS += "optee-os"
-
-EXTRA_OEMAKE += "USE_NVM=0"
-EXTRA_OEMAKE += "SHELL_COLOR=1"
-EXTRA_OEMAKE += "DEBUG=1"
-
-# Modify mode based on debug or release mode
-TFTF_MODE ?= "debug"
-
-# Platform must be set for each machine
-TFA_PLATFORM ?= "invalid"
-
-EXTRA_OEMAKE += "ARCH=aarch64"
-EXTRA_OEMAKE += "LOG_LEVEL=50"
-
-S = "${WORKDIR}/git"
-B = "${WORKDIR}/build"
-
-# Add platform parameter
-EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}"
-
-# Requires CROSS_COMPILE set by hand as there is no configure script
-export CROSS_COMPILE="${TARGET_PREFIX}"
-
-do_compile() {
- oe_runmake -C ${S} tftf
-}
-
-do_compile[cleandirs] = "${B}"
-
-FILES:${PN} = "/firmware/tftf.bin"
-SYSROOT_DIRS += "/firmware"
-
-do_install() {
- install -d -m 755 ${D}/firmware
- install -m 0644 ${B}/${TFA_PLATFORM}/${TFTF_MODE}/tftf.bin ${D}/firmware/tftf.bin
-}
-
-do_deploy() {
- cp -rf ${D}/firmware/* ${DEPLOYDIR}/
-}
-addtask deploy after do_install
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
index e061b94..c53bc6c 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
@@ -7,6 +7,9 @@
file://0001-Fix-FF-A-version-in-SPMC-manifest.patch \
file://0002-fix-corstone1000-pass-spsr-value-explicitly.patch \
file://0003-fix-spmd-remove-EL3-interrupt-registration.patch \
+ file://0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch \
+ file://0005-fix-corstone1000-clean-the-cache-and-disable-interru.patch \
+ file://0006-feat-corstone1000-Add-multicore-support-for-FVP-plat.patch \
"
TFA_DEBUG = "1"
@@ -52,3 +55,4 @@
BL32=${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-pager_v2.bin \
FVP_USE_GIC_DRIVER=FVP_GICV2 \
"
+EXTRA_OEMAKE:append:corstone1000-fvp = "${@bb.utils.contains('MACHINE_FEATURES', 'corstone1000_fvp_smp', ' ENABLE_MULTICORE=1', '', d)}"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc
index 5fafe29..4c37f7c 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc
@@ -4,17 +4,62 @@
# Armv8-A Base Platform FVP
#
-FILESEXTRAPATHS:prepend := "${THISDIR}/files/:"
-SRC_URI:append = " file://0001-fdts-fvp-base-Add-stdout-path-and-virtio-net-and-rng.patch"
+FILESEXTRAPATHS:prepend := "${THISDIR}/files/:${THISDIR}/files/fvp-base"
+SRC_URI:append = " \
+ file://0001-fdts-fvp-base-Add-stdout-path-and-virtio-net-and-rng.patch \
+ file://optee_spmc_maifest.dts;subdir=git/plat/arm/board/fvp/fdts \
+"
+
+# OP-TEE SPMC related configuration
+SPMC_IS_OPTEE = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', '0' \
+ if d.getVar('SEL2_SPMC') == '1' else '1', '0', d)}"
+# Configure the SPMC manifest file.
+TFA_ARM_SPMC_MANIFEST_DTS = "${@oe.utils.conditional('SPMC_IS_OPTEE', '1', \
+ '${S}/plat/arm/board/fvp/fdts/optee_spmc_maifest.dts', '', d)}"
+EXTRA_OEMAKE += "${@bb.utils.contains('MACHINE_FEATURES','arm-ffa', \
+ 'ARM_SPMC_MANIFEST_DTS=${TFA_ARM_SPMC_MANIFEST_DTS}' \
+ if d.getVar('TFA_ARM_SPMC_MANIFEST_DTS') else '', '', d)}"
+
+# Set OP-TEE SPMC specific TF-A config settings
+TFA_SPMD_SPM_AT_SEL2 := '0'
+TFA_SPD := "${@oe.utils.conditional('SPMC_IS_OPTEE', '1', 'spmd', \
+ d.getVar('TFA_SPD'), d)}"
+DEPENDS += " ${@oe.utils.conditional('SPMC_IS_OPTEE', '1', 'optee-os', '', d)}"
+
+# Configure measured boot if the attestation SP is deployed.
+TFA_MB_FLAGS += " \
+ ARM_ROTPK_LOCATION=devel_rsa \
+ EVENT_LOG_LEVEL=20 \
+ GENERATE_COT=1 \
+ MBOOT_EL_HASH_ALG=sha256 \
+ MEASURED_BOOT=1 \
+ ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
+ TRUSTED_BOARD_BOOT=1 \
+"
+EXTRA_OEMAKE += "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation',\
+ '${TFA_MB_FLAGS}','', d)}"
+
+# Add OP-TEE as BL32.
+BL32 = "${@oe.utils.conditional('SPMC_IS_OPTEE', '1',\
+ '${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-pager_v2.bin',\
+ '', d)}"
+EXTRA_OEMAKE += "${@oe.utils.conditional('SPMC_IS_OPTEE', '1', \
+ ' BL32=${BL32}', '', d)}"
+
+# Generic configuration
COMPATIBLE_MACHINE = "fvp-base"
TFA_PLATFORM = "fvp"
-TFA_DEBUG = "1"
-TFA_MBEDTLS = "1"
+# Disable debug build if measured boot is enabled.
+TFA_DEBUG := "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', '0',\
+ d.getVar('TFA_DEBUG'), d)}"
+# Add mbedtls if measured boot is enabled
+TFA_MBEDTLS := "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation',\
+ '1', d.getVar('TFA_MBEDTLS'), d)}"
TFA_UBOOT ?= "1"
TFA_BUILD_TARGET = "bl1 bl2 bl31 dtbs fip"
-EXTRA_OEMAKE += "FVP_DT_PREFIX=fvp-base-gicv3-psci-1t"
+EXTRA_OEMAKE += "FVP_DT_PREFIX=fvp-base-gicv3-psci-1t FVP_USE_GIC_DRIVER=FVP_GICV3"
# Our fvp-base machine explicitly has v8.4 cores
EXTRA_OEMAKE += "ARM_ARCH_MAJOR=8 ARM_ARCH_MINOR=4"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc
deleted file mode 100644
index 79dc9b2..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc
+++ /dev/null
@@ -1,41 +0,0 @@
-# N1SDP specific TFA support
-
-# Align with N1SDP-2023.06.22 Manifest
-SRCREV_tfa = "31f60a968347497562b0129134928d7ac4767710"
-PV .= "+git"
-
-COMPATIBLE_MACHINE = "n1sdp"
-TFA_BUILD_TARGET = "all fip"
-TFA_INSTALL_TARGET = "bl1 bl2 bl31 n1sdp-multi-chip n1sdp-single-chip n1sdp_fw_config n1sdp_tb_fw_config fip"
-TFA_DEBUG = "1"
-TFA_MBEDTLS = "1"
-TFA_UBOOT = "0"
-TFA_UEFI ?= "1"
-
-FILESEXTRAPATHS:prepend := "${THISDIR}/files/n1sdp:"
-
-SRC_URI:append = " \
- file://0001-Reserve-OP-TEE-memory-from-nwd.patch \
- file://0002-Modify-BL32-Location-to-DDR4.patch \
- file://0003-Modify-SPMC-Base-to-DDR4.patch \
- "
-
-TFA_ROT_KEY= "plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem"
-
-# Enabling Secure-EL1 Payload Dispatcher (SPD)
-TFA_SPD = "spmd"
-# Cortex-A35 supports Armv8.0-A (no S-EL2 execution state).
-# So, the SPD SPMC component should run at the S-EL1 execution state
-TFA_SPMD_SPM_AT_SEL2 = "0"
-
-# BL2 loads BL32 (optee). So, optee needs to be built first:
-DEPENDS += "optee-os"
-
-EXTRA_OEMAKE:append = "\
- TRUSTED_BOARD_BOOT=1 \
- GENERATE_COT=1 \
- CREATE_KEYS=1 \
- ARM_ROTPK_LOCATION="devel_rsa" \
- ROT_KEY="${TFA_ROT_KEY}" \
- BL32=${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-pager_v2.bin \
- "
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-sbsa-ref.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-sbsa-ref.inc
new file mode 100644
index 0000000..1506139
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-sbsa-ref.inc
@@ -0,0 +1,6 @@
+# sbsa-ref specific TF-A support
+
+COMPATIBLE_MACHINE = "sbsa-ref"
+
+TFA_PLATFORM = "qemu_sbsa"
+TFA_INSTALL_TARGET = "bl1 fip"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
index cb482a6..444d66c 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
@@ -6,7 +6,7 @@
MACHINE_TFA_REQUIRE:corstone1000 = "trusted-firmware-a-corstone1000.inc"
MACHINE_TFA_REQUIRE:fvp-base = "trusted-firmware-a-fvp-base.inc"
MACHINE_TFA_REQUIRE:juno = "trusted-firmware-a-juno.inc"
-MACHINE_TFA_REQUIRE:n1sdp = "trusted-firmware-a-n1sdp.inc"
+MACHINE_TFA_REQUIRE:sbsa-ref = "trusted-firmware-a-sbsa-ref.inc"
MACHINE_TFA_REQUIRE:sgi575 = "trusted-firmware-a-sgi575.inc"
MACHINE_TFA_REQUIRE:tc = "trusted-firmware-a-tc.inc"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb
deleted file mode 100644
index d9fdf32..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb
+++ /dev/null
@@ -1,16 +0,0 @@
-require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
-
-# TF-A v2.9.0
-SRCREV_tfa = "d3e71ead6ea5bc3555ac90a446efec84ef6c6122"
-
-LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
-
-# mbedtls-3.4.0
-SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master"
-SRCREV_mbedtls = "1873d3bfc2da771672bd8e7e8f41f57e0af77f33"
-
-LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
-
-do_compile:prepend() {
- sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile
-}
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0002-arm-trusted-firmware-m-disable-address-warnings-into.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0001-arm-trusted-firmware-m-disable-address-warnings-into.patch
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0002-arm-trusted-firmware-m-disable-address-warnings-into.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0001-arm-trusted-firmware-m-disable-address-warnings-into.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0001-cmake-modify-path-to-libmetal-version-file.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0001-cmake-modify-path-to-libmetal-version-file.patch
deleted file mode 100644
index d53524a..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0001-cmake-modify-path-to-libmetal-version-file.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 6b38b9990c4dab0cb8524506ef129d4f326f3800 Mon Sep 17 00:00:00 2001
-From: Jon Mason <jon.mason@arm.com>
-Date: Thu, 14 Dec 2023 09:23:09 -0500
-Subject: [PATCH] cmake: modify path to libmetal version file
-
-Commit ad87802d6e01e97946de20b6c2fa28aed184ed20 changed how the
-versioning is done and created a version file. Due to this change,
-the VERSION file is not being found when building because the source dir
-is pointing to tf-m. Modify to point where we want it.
-
-Upstream-Status: Inappropriate [Build workaround]
-
-Signed-off-by: Jon Mason <jon.mason@arm.com>
----
- cmake/options.cmake | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/cmake/options.cmake b/cmake/options.cmake
-index a7b4ef8bdf03..a06009b6acc4 100644
---- a/cmake/options.cmake
-+++ b/cmake/options.cmake
-@@ -1,4 +1,4 @@
--file(READ ${LIBMETAL_ROOT_DIR}/VERSION ver)
-+file(READ ${LIBMETAL_ROOT_DIR}/../libmetal/VERSION ver)
-
- string(REGEX MATCH "VERSION_MAJOR = ([0-9]*)" _ ${ver})
- set(PROJECT_VERSION_MAJOR ${CMAKE_MATCH_1})
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch
deleted file mode 100644
index 2360992..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From f7b58b5ba5b48e071eb360c1bcfc4d31290a77c1 Mon Sep 17 00:00:00 2001
-From: Ali Can Ozaslan <ali.oezaslan@arm.com>
-Date: Tue, 5 Mar 2024 21:01:59 +0000
-Subject: [PATCH] Platform:corstone1000:Fix issues due to adjustment Mailbox
- Agent params
-
-Adjust Mailbox Agent API parameters patch changed memory check and
-related parameters. As a result, platform-specific issues occurred.
-Secure side client IDs are converted to negative values. Control
-parameter is created.
-
-Signed-off-by: Bence Balogh <bence.balogh@arm.com>
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
-Upstream-Status: Pending
-
----
- .../tfm_spe_dual_core_psa_client_secure_lib.c | 23 +++++++++++++++----
- 1 file changed, 18 insertions(+), 5 deletions(-)
-
-diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
-index d2eabe144..39e11b8cd 100644
---- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
-+++ b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
-@@ -18,6 +18,9 @@
- #include "utilities.h"
- #include "thread.h"
-
-+#define SE_PROXY_SP_UID 0
-+#define SMM_GW_SP_UID 0x8003
-+
- /**
- * In linux environment and for psa_call type client api,
- * the layout of the reply from tf-m to linux is as following.
-@@ -174,7 +177,14 @@ static psa_status_t prepare_params_for_psa_call(struct client_params_t *params,
- {
- psa_status_t ret = PSA_SUCCESS;
-
-- params->ns_client_id_stateless = s_map_entry->msg.client_id;
-+ if (s_map_entry->msg.client_id == SE_PROXY_SP_UID) {
-+ params->ns_client_id_stateless = -1;
-+ }
-+ else if (s_map_entry->msg.client_id == SMM_GW_SP_UID) {
-+ params->ns_client_id_stateless = -1 * s_map_entry->msg.client_id;
-+ } else {
-+ params->ns_client_id_stateless = s_map_entry->msg.client_id;
-+ }
-
- params->p_outvecs = NULL;
- ret = alloc_and_prepare_out_vecs(¶ms->p_outvecs, s_map_entry);
-@@ -250,6 +260,9 @@ void deliver_msg_to_tfm_spe(void *private)
- struct client_params_t params = {0};
- psa_status_t psa_ret = PSA_ERROR_GENERIC_ERROR;
- unordered_map_entry_t* s_map_entry = (unordered_map_entry_t*)private;
-+ uint32_t control = PARAM_PACK(s_map_entry->msg.params.psa_call_params.type,
-+ s_map_entry->msg.params.psa_call_params.in_len,
-+ s_map_entry->msg.params.psa_call_params.out_len);
-
- switch(s_map_entry->msg.call_type) {
- case OPENAMP_PSA_FRAMEWORK_VERSION:
-@@ -266,11 +279,11 @@ void deliver_msg_to_tfm_spe(void *private)
- send_service_reply_to_non_secure(psa_ret, s_map_entry);
- break;
- }
-+ control = PARAM_SET_NS_INVEC(control);
-+ control = PARAM_SET_NS_OUTVEC(control);
-+ control = PARAM_SET_NS_VEC(control);
- psa_ret = tfm_rpc_psa_call(s_map_entry->msg.params.psa_call_params.handle,
-- PARAM_PACK(s_map_entry->msg.params.psa_call_params.type,
-- s_map_entry->msg.params.psa_call_params.in_len,
-- s_map_entry->msg.params.psa_call_params.out_len),
-- ¶ms, NULL);
-+ control, ¶ms, NULL);
- if (psa_ret != PSA_SUCCESS) {
- send_service_reply_to_non_secure(psa_ret, s_map_entry);
- break;
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-platform-corstone1000-align-capsule-update-structs.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-platform-corstone1000-align-capsule-update-structs.patch
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-platform-corstone1000-align-capsule-update-structs.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-platform-corstone1000-align-capsule-update-structs.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-skip-the-first-nv-counter.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-Platform-Corstone1000-skip-the-first-nv-counter.patch
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-skip-the-first-nv-counter.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-Platform-Corstone1000-skip-the-first-nv-counter.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-add-unique-guid-for-mps3.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-add-unique-guid-for-mps3.patch
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-add-unique-guid-for-mps3.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-add-unique-guid-for-mps3.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-fix-synchronization-issue-on-o.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-fix-synchronization-issue-on-o.patch
deleted file mode 100644
index be6bde6..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-fix-synchronization-issue-on-o.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From b70dd14eed59d7c5833ded8469cf99e631951e14 Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Wed, 15 Nov 2023 09:52:19 +0000
-Subject: [PATCH] platform: corstone1000: fix synchronization issue on openamp
- notification
-
-This fixes a race that is observed rarely in the FVP. It occurs in FVP
-when tfm sends the notication ack in openamp, and then reset the access
-request which resets the mhu registers before received by the host
-processor. This solution introduces polling on the status register of
-mhu until the notificaiton is read by the host processor. (Inspired by
-signal_and_wait_for_signal function in mhu_wrapper_v2_x.c in trusted-firmware-m
-https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/ext/target/arm/rss/common/native_drivers/mhu_wrapper_v2_x.c#n61)
-
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
----
- .../corstone1000/openamp/platform_spe_dual_core_hal.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c b/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c
-index 7613345ffc..b58088032f 100644
---- a/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c
-+++ b/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c
-@@ -83,7 +83,7 @@ enum tfm_plat_err_t tfm_dual_core_hal_init(void)
-
- enum tfm_plat_err_t tfm_hal_notify_peer(void)
- {
-- uint32_t access_ready;
-+ uint32_t access_ready,val;
- enum mhu_v2_x_error_t status;
- struct mhu_v2_x_dev_t* dev = &MHU1_SE_TO_HOST_DEV;
-
-@@ -108,6 +108,13 @@ enum tfm_plat_err_t tfm_hal_notify_peer(void)
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
-+ do {
-+ status = mhu_v2_x_channel_poll(dev, MHU1_SEH_NOTIFY_CH, &val);
-+ if (status != MHU_V_2_X_ERR_NONE) {
-+ break;
-+ }
-+ } while(val != 0);
-+
- status = mhu_v2_x_reset_access_request(dev);
- if (status != MHU_V_2_X_ERR_NONE) {
- SPMLOG_ERRMSGVAL("mhu_v2_x_reset_access_request : ", status);
---
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch
new file mode 100644
index 0000000..4f15da2
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch
@@ -0,0 +1,177 @@
+From 1410dc5504d60219279581b1cf6442f81551cfe7 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <Emekcan.Aras@arm.com>
+Date: Wed, 3 Apr 2024 13:37:40 +0100
+Subject: [PATCH] Platform: Corstone1000: Enable host firewall in FVP
+
+Enables host firewall and mpu setup for FVP. It also fixes secure-ram
+configuration and disable access rights to secure ram from both normal world
+for both mps3 and fvp.
+
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ .../Device/Include/platform_base_address.h | 2 +-
+ .../arm/corstone1000/bl1/boot_hal_bl1_1.c | 42 ++++---------------
+ .../arm/corstone1000/bl2/flash_map_bl2.c | 2 +-
+ 3 files changed, 11 insertions(+), 35 deletions(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h b/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h
+index 416f0ebcd..101cad9e7 100644
+--- a/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h
++++ b/platform/ext/target/arm/corstone1000/Device/Include/platform_base_address.h
+@@ -67,7 +67,7 @@
+ * required by the SE are defined here */
+ #define CORSTONE1000_HOST_ADDRESS_SPACE_BASE (0x60000000U) /* Host Address Space */
+ #define CORSTONE1000_HOST_BIR_BASE (0x60000000U) /* Boot Instruction Register */
+-#define CORSTONE1000_HOST_SHARED_RAM_BASE (0x62000000U) /* Shared RAM */
++#define CORSTONE1000_HOST_TRUSTED_RAM_BASE (0x62000000U) /* Secure RAM */
+ #define CORSTONE1000_HOST_XNVM_BASE (0x68000000U) /* XNVM */
+ #define CORSTONE1000_HOST_BASE_SYSTEM_CONTROL_BASE (0x7A010000U) /* Host SCB */
+ #define CORSTONE1000_EXT_SYS_RESET_REG (0x7A010310U) /* external system (cortex-M3) */
+diff --git a/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c b/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c
+index a5fee66af..7988c2392 100644
+--- a/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c
++++ b/platform/ext/target/arm/corstone1000/bl1/boot_hal_bl1_1.c
+@@ -35,7 +35,7 @@ REGION_DECLARE(Image$$, ER_DATA, $$Base)[];
+ REGION_DECLARE(Image$$, ARM_LIB_HEAP, $$ZI$$Limit)[];
+
+ #define HOST_ADDRESS_SPACE_BASE 0x00000000
+-#define HOST_SHARED_RAM_BASE 0x02000000
++#define HOST_TRUSTED_RAM_BASE 0x02000000
+ #define HOST_XNVM_BASE 0x08000000
+ #define HOST_BASE_SYSTEM_CONTROL_BASE 0x1A010000
+ #define HOST_FIREWALL_BASE 0x1A800000
+@@ -347,7 +347,7 @@ static void setup_host_firewall(void)
+
+ fc_pe_enable();
+
+- /* CVM - Shared RAM */
++ /* CVM - Secure RAM */
+ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_CVM);
+ fc_disable_bypass();
+ fc_pe_disable();
+@@ -355,15 +355,12 @@ static void setup_host_firewall(void)
+ fc_select_region(1);
+ fc_disable_regions();
+ fc_disable_mpe(RGN_MPE0);
+- fc_prog_rgn(RGN_SIZE_4MB, HOST_SHARED_RAM_BASE);
++ fc_prog_rgn(RGN_SIZE_4MB, HOST_TRUSTED_RAM_BASE);
+ fc_init_mpl(RGN_MPE0);
+
+ mpl_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK |
+ RGN_MPL_SECURE_WRITE_MASK |
+- RGN_MPL_SECURE_EXECUTE_MASK |
+- RGN_MPL_NONSECURE_READ_MASK |
+- RGN_MPL_NONSECURE_WRITE_MASK |
+- RGN_MPL_NONSECURE_EXECUTE_MASK);
++ RGN_MPL_SECURE_EXECUTE_MASK);
+
+ fc_enable_mpl(RGN_MPE0, mpl_rights);
+ fc_disable_mpl(RGN_MPE0, ~mpl_rights);
+@@ -398,7 +395,9 @@ static void setup_host_firewall(void)
+
+ fc_pe_enable();
+
+- /* Host Expansion Master 0 */
++#if !(PLATFORM_IS_FVP)
++ /* Host Expansion Master 0 (Due to the difference in the models only
++ * programming this for MPS3) */
+ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST0);
+ fc_disable_bypass();
+ fc_pe_disable();
+@@ -433,7 +432,6 @@ static void setup_host_firewall(void)
+ fc_enable_regions();
+ fc_rgn_lock();
+
+-#if !(PLATFORM_IS_FVP)
+ fc_select_region(3);
+ fc_disable_regions();
+ fc_disable_mpe(RGN_MPE0);
+@@ -461,16 +459,14 @@ static void setup_host_firewall(void)
+ fc_enable_mpe(RGN_MPE0);
+ fc_enable_regions();
+ fc_rgn_lock();
+-#endif
+
+ fc_pe_enable();
+
+- /* Host Expansion Master 0 */
++ /* Host Expansion Master 1*/
+ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST1);
+ fc_disable_bypass();
+ fc_pe_disable();
+
+-#if !(PLATFORM_IS_FVP)
+ fc_select_region(1);
+ fc_disable_regions();
+ fc_disable_mpe(RGN_MPE0);
+@@ -484,22 +480,6 @@ static void setup_host_firewall(void)
+ fc_enable_mpe(RGN_MPE0);
+ fc_enable_regions();
+ fc_rgn_lock();
+-#else
+- fc_select_region(1);
+- fc_disable_regions();
+- fc_disable_mpe(RGN_MPE0);
+- fc_prog_rgn(RGN_SIZE_8MB, HOST_SE_SECURE_FLASH_BASE_FVP);
+- fc_init_mpl(RGN_MPE0);
+-
+- mpl_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK |
+- RGN_MPL_SECURE_WRITE_MASK);
+-
+- fc_enable_mpl(RGN_MPE0, mpl_rights);
+- fc_enable_mpe(RGN_MPE0);
+- fc_enable_regions();
+- fc_rgn_lock();
+-#endif
+-
+ fc_pe_enable();
+
+ /* Always ON Host Peripherals */
+@@ -527,7 +507,6 @@ static void setup_host_firewall(void)
+ }
+
+ fc_pe_enable();
+-
+ /* Host System Peripherals */
+ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_SYSPERIPH);
+ fc_disable_bypass();
+@@ -553,6 +532,7 @@ static void setup_host_firewall(void)
+ }
+
+ fc_pe_enable();
++#endif
+
+ /* Host System Peripherals */
+ fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_DBGPERIPH);
+@@ -592,13 +572,9 @@ int32_t boot_platform_init(void)
+ if (result != ARM_DRIVER_OK) {
+ return 1;
+ }
+-#if !(PLATFORM_IS_FVP)
+ setup_mpu();
+-#endif
+ setup_se_firewall();
+-#if !(PLATFORM_IS_FVP)
+ setup_host_firewall();
+-#endif
+
+ #if defined(TFM_BL1_LOGGING) || defined(TEST_BL1_1) || defined(TEST_BL1_2)
+ stdio_init();
+diff --git a/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c b/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c
+index 2b1cdfa19..06cc3f0f5 100644
+--- a/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c
++++ b/platform/ext/target/arm/corstone1000/bl2/flash_map_bl2.c
+@@ -70,7 +70,7 @@ int boot_get_image_exec_ram_info(uint32_t image_id,
+ rc = 0;
+ }
+ else if (image_id == 1 || image_id == 2) {
+- (*exec_ram_start) = CORSTONE1000_HOST_SHARED_RAM_BASE;
++ (*exec_ram_start) = CORSTONE1000_HOST_TRUSTED_RAM_BASE;
+ (*exec_ram_size) = 0x20000000U;
+ rc = 0;
+ }
+--
+2.25.1
+
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-Increase-ITS-max-asset-size.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-Increase-ITS-max-asset-size.patch
new file mode 100644
index 0000000..e831f03
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-Increase-ITS-max-asset-size.patch
@@ -0,0 +1,27 @@
+From 2edf197735bd0efb1428c1710443dddcb376d930 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Wed, 17 Apr 2024 11:34:45 +0000
+Subject: [PATCH] platform: corstone1000: Increase ITS max asset size
+
+Increases the max asset size for ITS to enable parsec services & tests
+
+Upstream-Status: Pending
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>
+---
+ platform/ext/target/arm/corstone1000/config_tfm_target.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h
+index 2c7341afd4..2eb0924770 100644
+--- a/platform/ext/target/arm/corstone1000/config_tfm_target.h
++++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h
+@@ -20,4 +20,8 @@
+ /* The maximum number of assets to be stored in the Protected Storage area. */
+ #define PS_NUM_ASSETS 20
+
++/* The maximum size of asset to be stored in the Internal Trusted Storage area. */
++#undef ITS_MAX_ASSET_SIZE
++#define ITS_MAX_ASSET_SIZE 2048
++
+ #endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-CS1000-Replace-OpenAMP-with-RSE_COMMS.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-CS1000-Replace-OpenAMP-with-RSE_COMMS.patch
new file mode 100644
index 0000000..3e0acbe
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-CS1000-Replace-OpenAMP-with-RSE_COMMS.patch
@@ -0,0 +1,3620 @@
+From 5e0e5207fe7edf7f9b47f0800388c7b3c9d69a1c Mon Sep 17 00:00:00 2001
+From: Bence Balogh <bence.balogh@arm.com>
+Date: Mon, 26 Feb 2024 10:20:54 +0100
+Subject: [PATCH] Platform: CS1000: Replace OpenAMP with RSE_COMMS
+
+The RSE_COMMS files were copied from the arm/rse platform (e7fcf4e0)
+Did not copy the ATU and pointer access protocol related files as
+they are not supported yet in Corstone-1000.
+
+There were some modifications in the files:
+- Remove ATU support because Corstone-1000 doesn't have ATU
+- Update and extend platform specific memory and permission checks
+- Remove Armv8.1-M specific calls
+
+The OpenAMP related files were removed from Corstone-1000.
+
+Signed-off-by: Bence Balogh <bence.balogh@arm.com>
+Upstream-Status: Backport [75a980b37fb726dff8720b50de121c8196b70e4e]
+---
+ docs/platform/arm/corstone1000/readme.rst | 5 +-
+ .../target/arm/corstone1000/CMakeLists.txt | 5 +-
+ .../arm/corstone1000/Native_Driver/mhu.h | 140 +++++++
+ .../Native_Driver/mhu_wrapper_v2_x.c | 353 ++++++++++++++++++
+ .../ext/target/arm/corstone1000/config.cmake | 8 -
+ .../arm/corstone1000/openamp/CMakeLists.txt | 57 ---
+ ...ogger-when-the-build-type-is-release.patch | 27 --
+ .../openamp/ext/libmetal/CMakeLists.txt | 23 --
+ .../openamp/ext/libopenamp/CMakeLists.txt | 21 --
+ .../openamp/platform_spe_dual_core_hal.c | 152 --------
+ .../corstone1000/openamp/tfm_openamp_lib.h | 128 -------
+ .../tfm_spe_dual_core_psa_client_secure_lib.c | 304 ---------------
+ .../tfm_spe_dual_core_psa_client_secure_lib.h | 39 --
+ .../openamp/tfm_spe_openamp_interface.h | 39 --
+ .../openamp/tfm_spe_openamp_interface_impl.c | 248 ------------
+ .../tfm_spe_openamp_platform_interconnect.c | 114 ------
+ .../tfm_spe_openamp_platform_interface.h | 31 --
+ .../tfm_spe_psa_client_lib_unordered_map.c | 151 --------
+ .../tfm_spe_psa_client_lib_unordered_map.h | 50 ---
+ .../openamp/tfm_spe_shm_openamp.h | 39 --
+ .../arm/corstone1000/partition/region_defs.h | 12 +-
+ .../arm/corstone1000/rse_comms/CMakeLists.txt | 34 ++
+ .../arm/corstone1000/rse_comms/rse_comms.c | 176 +++++++++
+ .../arm/corstone1000/rse_comms/rse_comms.h | 48 +++
+ .../corstone1000/rse_comms/rse_comms_hal.c | 232 ++++++++++++
+ .../corstone1000/rse_comms/rse_comms_hal.h | 56 +++
+ .../rse_comms/rse_comms_permissions_hal.h | 58 +++
+ .../rse_comms/rse_comms_protocol.c | 120 ++++++
+ .../rse_comms/rse_comms_protocol.h | 129 +++++++
+ .../rse_comms/rse_comms_protocol_embed.c | 105 ++++++
+ .../rse_comms/rse_comms_protocol_embed.h | 50 +++
+ .../corstone1000/rse_comms/rse_comms_queue.c | 64 ++++
+ .../corstone1000/rse_comms/rse_comms_queue.h | 25 ++
+ .../corstone1000/rse_comms_permissions_hal.c | 177 +++++++++
+ .../target/arm/corstone1000/tfm_interrupts.c | 51 +++
+ 35 files changed, 1831 insertions(+), 1440 deletions(-)
+ create mode 100644 platform/ext/target/arm/corstone1000/Native_Driver/mhu.h
+ create mode 100644 platform/ext/target/arm/corstone1000/Native_Driver/mhu_wrapper_v2_x.c
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/CMakeLists.txt
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/ext/libmetal/0001-Disable-logger-when-the-build-type-is-release.patch
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/ext/libmetal/CMakeLists.txt
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/ext/libopenamp/CMakeLists.txt
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_openamp_lib.h
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.h
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface.h
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface_impl.c
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interconnect.c
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interface.h
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.c
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.h
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_shm_openamp.h
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/CMakeLists.txt
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms.c
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.c
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.h
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_permissions_hal.h
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.c
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.h
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.c
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.h
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.c
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.h
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms_permissions_hal.c
+ create mode 100644 platform/ext/target/arm/corstone1000/tfm_interrupts.c
+
+diff --git a/docs/platform/arm/corstone1000/readme.rst b/docs/platform/arm/corstone1000/readme.rst
+index 59b167d8f..d46a6460e 100644
+--- a/docs/platform/arm/corstone1000/readme.rst
++++ b/docs/platform/arm/corstone1000/readme.rst
+@@ -19,7 +19,8 @@ and boots the software ecosystem based on linux, u-boot, UEFI run time
+ services, TF-A, Secure Partitions and Optee.
+
+ The communication between NSPE and SPE is based on PSA IPC protocol running on
+-top of FF-A/OpenAMP.
++top of the RSE communication protocol. The Corstone-1000 supports only the
++`Embed protocol`, and the ATU support is removed.
+
+ .. toctree::
+ :maxdepth: 1
+@@ -116,7 +117,7 @@ Other test configurations are:
+ - -DTEST_S_PS=ON/OFF
+ - -DTEST_S_PLATFORM=ON/OFF
+
+-*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*
++*Copyright (c) 2021-2024, Arm Limited. All rights reserved.*
+
+ .. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
+ .. _Arm Corstone-1000 User Guide: https://corstone1000.docs.arm.com/en/corstone1000-2022.11.23/user-guide.html
+diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+index 541504368..e2a7ac302 100644
+--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+@@ -87,7 +87,7 @@ target_add_scatter_file(bl1_2
+
+ #========================= Platform Secure ====================================#
+
+-add_subdirectory(openamp)
++add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/rse_comms rse_comms)
+
+ add_subdirectory(${PLATFORM_DIR}/ext/accelerator/cc312/cc312-rom cc312-rom)
+
+@@ -124,6 +124,7 @@ target_sources(platform_s
+ Device/Source/system_core_init.c
+ ${PLATFORM_DIR}/ext/target/arm/drivers/usart/pl011/uart_pl011_drv.c
+ Native_Driver/mhu_v2_x.c
++ Native_Driver/mhu_wrapper_v2_x.c
+ Native_Driver/watchdog.c
+ Native_Driver/arm_watchdog_drv.c
+ $<$<BOOL:TFM_PARTITION_PLATFORM>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
+@@ -137,6 +138,7 @@ target_sources(platform_s
+ partition/partition.c
+ partition/gpt.c
+ $<$<NOT:$<BOOL:${PLATFORM_DEFAULT_OTP}>>:${PLATFORM_DIR}/ext/accelerator/cc312/otp_cc312.c>
++ rse_comms_permissions_hal.c
+ )
+
+ if (PLATFORM_IS_FVP)
+@@ -376,6 +378,7 @@ target_sources(tfm_psa_rot_partition_ns_agent_mailbox
+
+ target_sources(tfm_spm
+ PRIVATE
++ tfm_interrupts.c
+ tfm_hal_isolation.c
+ tfm_hal_platform.c
+ $<$<BOOL:${TFM_S_REG_TEST}>:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c>
+diff --git a/platform/ext/target/arm/corstone1000/Native_Driver/mhu.h b/platform/ext/target/arm/corstone1000/Native_Driver/mhu.h
+new file mode 100644
+index 000000000..a02fdd883
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/Native_Driver/mhu.h
+@@ -0,0 +1,140 @@
++/*
++ * Copyright (c) 2022-2023 Arm Limited. All rights reserved.
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#ifndef __MHU_H__
++#define __MHU_H__
++
++#include <stddef.h>
++#include <stdint.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * Generic MHU error enumeration types.
++ */
++enum mhu_error_t {
++ MHU_ERR_NONE = 0,
++ MHU_ERR_NOT_INIT = -1,
++ MHU_ERR_ALREADY_INIT = -2,
++ MHU_ERR_UNSUPPORTED_VERSION = -3,
++ MHU_ERR_UNSUPPORTED = -4,
++ MHU_ERR_INVALID_ARG = -5,
++ MHU_ERR_BUFFER_TOO_SMALL = -6,
++ MHU_ERR_GENERAL = -7,
++};
++
++/**
++ * \brief Initializes sender MHU.
++ *
++ * \param[in] mhu_sender_dev Pointer to the sender MHU.
++ *
++ * \return Returns mhu_error_t error code.
++ *
++ * \note This function must be called before mhu_send_data().
++ */
++enum mhu_error_t mhu_init_sender(void *mhu_sender_dev);
++
++/**
++ * \brief Initializes receiver MHU.
++ *
++ * \param[in] mhu_receiver_dev Pointer to the receiver MHU.
++ *
++ * \return Returns mhu_error_t error code.
++ *
++ * \note This function must be called before mhu_receive_data().
++ */
++enum mhu_error_t mhu_init_receiver(void *mhu_receiver_dev);
++
++/**
++ * \brief Sends data over MHU.
++ *
++ * \param[in] mhu_sender_dev Pointer to the sender MHU.
++ * \param[in] send_buffer Pointer to buffer containing the data to be
++ * transmitted.
++ * \param[in] size Size of the data to be transmitted in bytes.
++ *
++ * \return Returns mhu_error_t error code.
++ *
++ * \note The send_buffer must be 4-byte aligned and its length must be at least
++ * (4 - (size % 4)) bytes bigger than the data size to prevent buffer
++ * over-reading.
++ */
++enum mhu_error_t mhu_send_data(void *mhu_sender_dev,
++ const uint8_t *send_buffer,
++ size_t size);
++
++/**
++ * \brief Wait for data from MHU.
++ *
++ * \param[in] mhu_receiver_dev Pointer to the receiver MHU.
++ *
++ * \return Returns mhu_error_t error code.
++ *
++ * \note This function must be called before mhu_receive_data() if the MHU
++ * receiver interrupt is not used.
++ */
++enum mhu_error_t mhu_wait_data(void *mhu_receiver_dev);
++
++/**
++ * \brief Receives data from MHU.
++ *
++ * \param[in] mhu_receiver_dev Pointer to the receiver MHU.
++ * \param[out] receive_buffer Pointer the buffer where to store the
++ * received data.
++ * \param[in,out] size As input the size of the receive_buffer,
++ * as output the number of bytes received.
++ * As a limitation, the size of the buffer
++ * must be a multiple of 4.
++ *
++ * \return Returns mhu_error_t error code.
++ *
++ * \note The receive_buffer must be 4-byte aligned and its length must be a
++ * multiple of 4.
++ */
++enum mhu_error_t mhu_receive_data(void *mhu_receiver_dev,
++ uint8_t *receive_buffer,
++ size_t *size);
++
++/**
++ * \brief Signals an interrupt over the last available channel and wait for the
++ * values to be cleared by the receiver.
++ *
++ * \param[in] mhu_sender_dev Pointer to the sender MHU.
++ * \param[in] value Value that will be used while signaling.
++ *
++ * \return Returns mhu_error_t error code.
++ */
++enum mhu_error_t signal_and_wait_for_clear(void *mhu_sender_dev,
++ uint32_t value);
++
++/**
++ * \brief Wait for signal on the last available channel in a loop and
++ * acknowledge the transfer by clearing the status on that channel.
++ *
++ * \param[in] mhu_receiver_dev Pointer to the receiver MHU.
++ * \param[in] value Value that will be used while waiting.
++ *
++ * \return Returns mhu_error_t error code.
++ */
++enum mhu_error_t wait_for_signal_and_clear(void *mhu_receiver_dev,
++ uint32_t value);
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __MHU_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/Native_Driver/mhu_wrapper_v2_x.c b/platform/ext/target/arm/corstone1000/Native_Driver/mhu_wrapper_v2_x.c
+new file mode 100644
+index 000000000..f749f7661
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/Native_Driver/mhu_wrapper_v2_x.c
+@@ -0,0 +1,353 @@
++/*
++ * Copyright (c) 2022-2023 Arm Limited. All rights reserved.
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#include "mhu.h"
++
++#include <stddef.h>
++#include <stdint.h>
++
++#include "mhu_v2_x.h"
++
++#define MHU_NOTIFY_VALUE (1234u)
++
++static enum mhu_error_t
++error_mapping_to_mhu_error_t(enum mhu_v2_x_error_t err)
++{
++ switch (err) {
++ case MHU_V_2_X_ERR_NONE:
++ return MHU_ERR_NONE;
++ case MHU_V_2_X_ERR_NOT_INIT:
++ return MHU_ERR_NOT_INIT;
++ case MHU_V_2_X_ERR_ALREADY_INIT:
++ return MHU_ERR_ALREADY_INIT;
++ case MHU_V_2_X_ERR_UNSUPPORTED_VERSION:
++ return MHU_ERR_UNSUPPORTED_VERSION;
++ case MHU_V_2_X_ERR_INVALID_ARG:
++ return MHU_ERR_INVALID_ARG;
++ case MHU_V_2_X_ERR_GENERAL:
++ return MHU_ERR_GENERAL;
++ default:
++ return MHU_ERR_GENERAL;
++ }
++}
++
++enum mhu_error_t
++signal_and_wait_for_clear(void *mhu_sender_dev, uint32_t value)
++{
++ enum mhu_v2_x_error_t err;
++ struct mhu_v2_x_dev_t *dev;
++ uint32_t channel_notify;
++ uint32_t wait_val;
++
++ if (mhu_sender_dev == NULL) {
++ return MHU_ERR_INVALID_ARG;
++ }
++
++ dev = (struct mhu_v2_x_dev_t *)mhu_sender_dev;
++
++ /* Use the last channel for notifications */
++ channel_notify = mhu_v2_x_get_num_channel_implemented(dev) - 1;
++
++ /* FIXME: Avoid wasting a whole channel for notifying */
++ err = mhu_v2_x_channel_send(dev, channel_notify, value);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++
++ do {
++ err = mhu_v2_x_channel_poll(dev, channel_notify, &wait_val);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ break;
++ }
++ } while (wait_val != 0);
++
++ return error_mapping_to_mhu_error_t(err);
++}
++
++enum mhu_error_t
++wait_for_signal_and_clear(void *mhu_receiver_dev, uint32_t value)
++{
++ enum mhu_v2_x_error_t err;
++ struct mhu_v2_x_dev_t *dev;
++ uint32_t channel_notify;
++ uint32_t wait_val;
++
++ if (mhu_receiver_dev == NULL) {
++ return MHU_ERR_INVALID_ARG;
++ }
++
++ dev = (struct mhu_v2_x_dev_t *)mhu_receiver_dev;
++
++ /* Use the last channel for notifications */
++ channel_notify = mhu_v2_x_get_num_channel_implemented(dev) - 1;
++
++ do {
++ /* Using the last channel for notifications */
++ err = mhu_v2_x_channel_receive(dev, channel_notify, &wait_val);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++ } while (wait_val != value);
++
++ /* Clear the last channel */
++ err = mhu_v2_x_channel_clear(dev, channel_notify);
++
++ return error_mapping_to_mhu_error_t(err);
++}
++
++static enum mhu_v2_x_error_t
++clear_and_wait_for_signal(struct mhu_v2_x_dev_t *dev)
++{
++ enum mhu_v2_x_error_t err;
++ uint32_t num_channels = mhu_v2_x_get_num_channel_implemented(dev);
++ uint32_t val, i;
++
++ /* Clear all channels */
++ for (i = 0; i < num_channels; ++i) {
++ err = mhu_v2_x_channel_clear(dev, i);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return err;
++ }
++ }
++
++ do {
++ /* Using the last channel for notifications */
++ err = mhu_v2_x_channel_receive(dev, num_channels - 1, &val);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ break;
++ }
++ } while (val != MHU_NOTIFY_VALUE);
++
++ return err;
++}
++
++enum mhu_error_t mhu_init_sender(void *mhu_sender_dev)
++{
++ enum mhu_v2_x_error_t err;
++ struct mhu_v2_x_dev_t *dev = mhu_sender_dev;
++
++ if (dev == NULL) {
++ return MHU_ERR_INVALID_ARG;
++ }
++
++ err = mhu_v2_x_driver_init(dev, MHU_REV_READ_FROM_HW);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++
++ /* This wrapper requires at least two channels to be implemented */
++ if (mhu_v2_x_get_num_channel_implemented(dev) < 2) {
++ return MHU_ERR_UNSUPPORTED;
++ }
++
++ return MHU_ERR_NONE;
++}
++
++enum mhu_error_t mhu_init_receiver(void *mhu_receiver_dev)
++{
++ enum mhu_v2_x_error_t err;
++ struct mhu_v2_x_dev_t *dev = mhu_receiver_dev;
++ uint32_t num_channels, i;
++
++ if (dev == NULL) {
++ return MHU_ERR_INVALID_ARG;
++ }
++
++ err = mhu_v2_x_driver_init(dev, MHU_REV_READ_FROM_HW);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++
++ num_channels = mhu_v2_x_get_num_channel_implemented(dev);
++
++ /* This wrapper requires at least two channels to be implemented */
++ if (num_channels < 2) {
++ return MHU_ERR_UNSUPPORTED;
++ }
++
++ /* Mask all channels except the notifying channel */
++ for (i = 0; i < (num_channels - 1); ++i) {
++ err = mhu_v2_x_channel_mask_set(dev, i, UINT32_MAX);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++ }
++
++ /* The last channel is used for notifications */
++ err = mhu_v2_x_channel_mask_clear(dev, (num_channels - 1), UINT32_MAX);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++
++ err = mhu_v2_x_interrupt_enable(dev, MHU_2_1_INTR_CHCOMB_MASK);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++
++ return MHU_ERR_NONE;
++}
++
++enum mhu_error_t mhu_send_data(void *mhu_sender_dev,
++ const uint8_t *send_buffer,
++ size_t size)
++{
++ enum mhu_v2_x_error_t err;
++ enum mhu_error_t mhu_err;
++ struct mhu_v2_x_dev_t *dev = mhu_sender_dev;
++ uint32_t num_channels = mhu_v2_x_get_num_channel_implemented(dev);
++ uint32_t chan = 0;
++ uint32_t i;
++ uint32_t *p;
++
++ if (dev == NULL || send_buffer == NULL) {
++ return MHU_ERR_INVALID_ARG;
++ } else if (size == 0) {
++ return MHU_ERR_NONE;
++ }
++
++ /* For simplicity, require the send_buffer to be 4-byte aligned. */
++ if ((uintptr_t)send_buffer & 0x3u) {
++ return MHU_ERR_INVALID_ARG;
++ }
++
++ err = mhu_v2_x_initiate_transfer(dev);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++
++ /* First send over the size of the actual message. */
++ err = mhu_v2_x_channel_send(dev, chan, (uint32_t)size);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++ chan++;
++
++ p = (uint32_t *)send_buffer;
++ for (i = 0; i < size; i += 4) {
++ err = mhu_v2_x_channel_send(dev, chan, *p++);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++ if (++chan == (num_channels - 1)) {
++ mhu_err = signal_and_wait_for_clear(dev, MHU_NOTIFY_VALUE);
++ if (mhu_err != MHU_ERR_NONE) {
++ return mhu_err;
++ }
++ chan = 0;
++ }
++ }
++
++ /* Signal the end of transfer.
++ * It's not required to send a signal when the message was
++ * perfectly-aligned ((num_channels - 1) channels were used in the last
++ * round) preventing it from signaling twice at the end of transfer.
++ */
++ if (chan != 0) {
++ mhu_err = signal_and_wait_for_clear(dev, MHU_NOTIFY_VALUE);
++ if (mhu_err != MHU_ERR_NONE) {
++ return mhu_err;
++ }
++ }
++
++ err = mhu_v2_x_close_transfer(dev);
++ return error_mapping_to_mhu_error_t(err);
++}
++
++enum mhu_error_t mhu_wait_data(void *mhu_receiver_dev)
++{
++ enum mhu_v2_x_error_t err;
++ struct mhu_v2_x_dev_t *dev = mhu_receiver_dev;
++ uint32_t num_channels = mhu_v2_x_get_num_channel_implemented(dev);
++ uint32_t val;
++
++ do {
++ /* Using the last channel for notifications */
++ err = mhu_v2_x_channel_receive(dev, num_channels - 1, &val);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ break;
++ }
++ } while (val != MHU_NOTIFY_VALUE);
++
++ return error_mapping_to_mhu_error_t(err);
++}
++
++enum mhu_error_t mhu_receive_data(void *mhu_receiver_dev,
++ uint8_t *receive_buffer,
++ size_t *size)
++{
++ enum mhu_v2_x_error_t err;
++ struct mhu_v2_x_dev_t *dev = mhu_receiver_dev;
++ uint32_t num_channels = mhu_v2_x_get_num_channel_implemented(dev);
++ uint32_t chan = 0;
++ uint32_t message_len;
++ uint32_t i;
++ uint32_t *p;
++
++ if (dev == NULL || receive_buffer == NULL) {
++ return MHU_ERR_INVALID_ARG;
++ }
++
++ /* For simplicity, require:
++ * - the receive_buffer to be 4-byte aligned,
++ * - the buffer size to be a multiple of 4.
++ */
++ if (((uintptr_t)receive_buffer & 0x3u) || (*size & 0x3u)) {
++ return MHU_ERR_INVALID_ARG;
++ }
++
++ /* The first word is the length of the actual message. */
++ err = mhu_v2_x_channel_receive(dev, chan, &message_len);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++ chan++;
++
++ if (message_len > *size) {
++ /* Message buffer too small */
++ *size = message_len;
++ return MHU_ERR_BUFFER_TOO_SMALL;
++ }
++
++ p = (uint32_t *)receive_buffer;
++ for (i = 0; i < message_len; i += 4) {
++ err = mhu_v2_x_channel_receive(dev, chan, p++);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++
++ /* Only wait for next transfer if there is still missing data. */
++ if (++chan == (num_channels - 1) && (message_len - i) > 4) {
++ /* Busy wait for next transfer */
++ err = clear_and_wait_for_signal(dev);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++ chan = 0;
++ }
++ }
++
++ /* Clear all channels */
++ for (i = 0; i < num_channels; ++i) {
++ err = mhu_v2_x_channel_clear(dev, i);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++ }
++
++ *size = message_len;
++
++ return MHU_ERR_NONE;
++}
+diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake
+index 70bbcdafd..6a805a122 100644
+--- a/platform/ext/target/arm/corstone1000/config.cmake
++++ b/platform/ext/target/arm/corstone1000/config.cmake
+@@ -37,14 +37,6 @@ set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryp
+ set(NS FALSE CACHE BOOL "Whether to build NS app")
+ set(EXTERNAL_SYSTEM_SUPPORT OFF CACHE BOOL "Whether to include external system support.")
+
+-# External dependency on OpenAMP and Libmetal
+-set(LIBMETAL_SRC_PATH "DOWNLOAD" CACHE PATH "Path to Libmetal (or DOWNLOAD to fetch automatically")
+-set(LIBMETAL_VERSION "f252f0e007fbfb8b3a52b1d5901250ddac96baad" CACHE STRING "The version of libmetal to use")
+-set(LIBMETAL_FORCE_PATCH OFF CACHE BOOL "Always apply Libmetal patches")
+-
+-set(LIBOPENAMP_SRC_PATH "DOWNLOAD" CACHE PATH "Path to Libopenamp (or DOWNLOAD to fetch automatically")
+-set(OPENAMP_VERSION "347397decaa43372fc4d00f965640ebde042966d" CACHE STRING "The version of openamp to use")
+-
+ if (${PLATFORM_IS_FVP})
+ set(PLATFORM_PSA_ADAC_SECURE_DEBUG FALSE CACHE BOOL "Whether to use psa-adac secure debug.")
+ else()
+diff --git a/platform/ext/target/arm/corstone1000/openamp/CMakeLists.txt b/platform/ext/target/arm/corstone1000/openamp/CMakeLists.txt
+deleted file mode 100644
+index 32c0def25..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/CMakeLists.txt
++++ /dev/null
+@@ -1,57 +0,0 @@
+-#-------------------------------------------------------------------------------
+-# Copyright (c) 2021, Arm Limited. All rights reserved.
+-#
+-# SPDX-License-Identifier: BSD-3-Clause
+-#
+-#-------------------------------------------------------------------------------
+-
+-add_subdirectory(ext/libmetal)
+-add_subdirectory(ext/libopenamp)
+-
+-set(CMAKE_SYSTEM_PROCESSOR "arm")
+-set(MACHINE "template")
+-set(LIBMETAL_INCLUDE_DIR "${LIBMETAL_BIN_PATH}/lib/include")
+-set(LIBMETAL_LIB "${LIBMETAL_BIN_PATH}/lib")
+-
+-add_subdirectory(${LIBMETAL_SRC_PATH} ${LIBMETAL_BIN_PATH})
+-add_subdirectory(${LIBOPENAMP_SRC_PATH} ${LIBOPENAMP_BIN_PATH})
+-
+-target_include_directories(platform_s
+- PRIVATE
+- ${LIBMETAL_BIN_PATH}/lib/include
+- ${LIBOPENAMP_SRC_PATH}/lib/include
+-)
+-
+-target_include_directories(platform_s
+- PUBLIC
+- .
+-)
+-
+-target_sources(platform_s
+- PRIVATE
+- tfm_spe_openamp_platform_interconnect.c
+- tfm_spe_dual_core_psa_client_secure_lib.c
+- tfm_spe_openamp_interface_impl.c
+- platform_spe_dual_core_hal.c
+- tfm_spe_psa_client_lib_unordered_map.c
+-)
+-
+-target_link_libraries(open_amp-static
+- PRIVATE
+- metal-static
+-)
+-
+-target_compile_definitions(open_amp-static
+- PRIVATE
+- RPMSG_BUFFER_SIZE=8192
+-)
+-
+-target_link_libraries(platform_s
+- PRIVATE
+- open_amp-static
+-)
+-
+-# Export header file shared with non-secure side
+-install(FILES tfm_openamp_lib.h
+- DESTINATION ${INSTALL_INTERFACE_INC_DIR}
+-)
+diff --git a/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/0001-Disable-logger-when-the-build-type-is-release.patch b/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/0001-Disable-logger-when-the-build-type-is-release.patch
+deleted file mode 100644
+index 7c5eacc9f..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/0001-Disable-logger-when-the-build-type-is-release.patch
++++ /dev/null
+@@ -1,27 +0,0 @@
+-From d9d92c8848e4567f208f1900aff57e6a234c8130 Mon Sep 17 00:00:00 2001
+-From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+-Date: Wed, 7 Dec 2022 12:37:22 +0000
+-Subject: [PATCH] Disable logger when the build type is release
+-
+-Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+----
+- cmake/options.cmake | 3 ++-
+- 1 file changed, 2 insertions(+), 1 deletion(-)
+-
+-diff --git a/cmake/options.cmake b/cmake/options.cmake
+-index 25c7c96..7a2b116 100644
+---- a/cmake/options.cmake
+-+++ b/cmake/options.cmake
+-@@ -55,7 +55,8 @@ if (WITH_ZEPHYR)
+- option (WITH_ZEPHYR_LIB "Build libmetal as a zephyr library" OFF)
+- endif (WITH_ZEPHYR)
+-
+--option (WITH_DEFAULT_LOGGER "Build with default logger" ON)
+-+include(CMakeDependentOption)
+-+cmake_dependent_option(WITH_DEFAULT_LOGGER "Build with default logger" ON "${CMAKE_BUILD_TYPE} STREQUAL Debug" OFF)
+-
+- option (WITH_DOC "Build with documentation" ON)
+-
+---
+-2.25.1
+-
+diff --git a/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/CMakeLists.txt b/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/CMakeLists.txt
+deleted file mode 100644
+index fa37fd6be..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/CMakeLists.txt
++++ /dev/null
+@@ -1,23 +0,0 @@
+-#-------------------------------------------------------------------------------
+-# Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+-# Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon company)
+-# or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
+-#
+-# SPDX-License-Identifier: BSD-3-Clause
+-#
+-#-------------------------------------------------------------------------------
+-
+-fetch_remote_library(
+- LIB_NAME libmetal
+- LIB_SOURCE_PATH_VAR LIBMETAL_SRC_PATH
+- LIB_BINARY_PATH_VAR LIBMETAL_BIN_PATH
+- LIB_PATCH_DIR ${CMAKE_CURRENT_LIST_DIR}
+- LIB_FORCE_PATCH LIBMETAL_FORCE_PATCH
+- FETCH_CONTENT_ARGS
+- GIT_TAG ${LIBMETAL_VERSION}
+- GIT_REPOSITORY https://github.com/OpenAMP/libmetal.git
+-)
+-
+-if (NOT LIB_BINARY_PATH_VAR)
+-set(LIBMETAL_BIN_PATH "${CMAKE_SOURCE_DIR}/build/lib/ext/libmetal-subbuild" CACHE PATH "Path to build directory of libmetal.")
+-endif()
+diff --git a/platform/ext/target/arm/corstone1000/openamp/ext/libopenamp/CMakeLists.txt b/platform/ext/target/arm/corstone1000/openamp/ext/libopenamp/CMakeLists.txt
+deleted file mode 100644
+index 28c5fa284..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/ext/libopenamp/CMakeLists.txt
++++ /dev/null
+@@ -1,21 +0,0 @@
+-#-------------------------------------------------------------------------------
+-# Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+-# Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon company)
+-# or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
+-#
+-# SPDX-License-Identifier: BSD-3-Clause
+-#
+-#-------------------------------------------------------------------------------
+-
+-fetch_remote_library(
+- LIB_NAME libopenamp
+- LIB_SOURCE_PATH_VAR LIBOPENAMP_SRC_PATH
+- LIB_BINARY_PATH_VAR LIBOPENAMP_BIN_PATH
+- FETCH_CONTENT_ARGS
+- GIT_TAG ${OPENAMP_VERSION}
+- GIT_REPOSITORY https://github.com/OpenAMP/open-amp.git
+-)
+-
+-if (NOT LIB_BINARY_PATH_VAR)
+-set(LIBOPENAMP_BIN_PATH "${CMAKE_SOURCE_DIR}/build/lib/ext/libopenamp-subbuild" CACHE PATH "Path to build directory of open-amp.")
+-endif()
+diff --git a/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c b/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c
+deleted file mode 100644
+index 7613345ff..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c
++++ /dev/null
+@@ -1,152 +0,0 @@
+-/*
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- * Copyright (c) 2021-2022 Cypress Semiconductor Corporation (an Infineon
+- * company) or an affiliate of Cypress Semiconductor Corporation. All rights
+- * reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- */
+-
+-#include "tfm_spe_openamp_platform_interface.h"
+-#include "device_cfg.h"
+-#include "device_definition.h"
+-#include "load/interrupt_defs.h"
+-#include "mhu_v2_x.h"
+-#include "tfm_plat_defs.h"
+-#include "tfm_spm_log.h"
+-#include "cmsis.h"
+-
+-#define MHU1_SEH_NOTIFY_CH 0
+-#define MHU1_SEH_NOTIFY_VAL 1234
+-
+-static enum tfm_plat_err_t initialize_secure_enclave_to_host_mhu(void)
+-{
+- enum mhu_v2_x_error_t status;
+-
+- status = mhu_v2_x_driver_init(&MHU1_SE_TO_HOST_DEV, MHU_REV_READ_FROM_HW);
+- if (status != MHU_V_2_X_ERR_NONE) {
+- SPMLOG_ERRMSGVAL("Secure-enclave to Host MHU driver initialization failed: ", status);
+- return TFM_PLAT_ERR_SYSTEM_ERR;
+- }
+- SPMLOG_INFMSG("Secure-enclave to Host MHU Driver initialized successfully.\r\n");
+-
+- return TFM_PLAT_ERR_SUCCESS;
+-}
+-
+-static enum tfm_plat_err_t initialize_host_to_secure_enclave_mhu(void)
+-{
+- enum mhu_v2_x_error_t status;
+-
+- status = mhu_v2_x_driver_init(&MHU1_HOST_TO_SE_DEV, MHU_REV_READ_FROM_HW);
+- if (status != MHU_V_2_X_ERR_NONE) {
+- SPMLOG_ERRMSGVAL("Host to secure-enclave MHU driver initialization failed: ", status);
+- return TFM_PLAT_ERR_SYSTEM_ERR;
+- }
+- SPMLOG_INFMSG("Host to secure-enclave MHU Driver initialized successfully.\r\n");
+-
+- NVIC_EnableIRQ(HSE1_RECEIVER_COMBINED_IRQn);
+-
+- return TFM_PLAT_ERR_SUCCESS;
+-}
+-
+-static struct irq_t mbox_irq_info = {0};
+-
+-void HSE1_RECEIVER_COMBINED_IRQHandler(void)
+-{
+- spm_handle_interrupt(mbox_irq_info.p_pt, mbox_irq_info.p_ildi);
+-
+- mhu_v2_x_channel_clear(&MHU1_HOST_TO_SE_DEV, 0);
+- NVIC_ClearPendingIRQ(HSE1_RECEIVER_COMBINED_IRQn);
+-}
+-
+-enum tfm_hal_status_t mailbox_irq_init(void *p_pt,
+- const struct irq_load_info_t *p_ildi)
+-{
+- mbox_irq_info.p_pt = p_pt;
+- mbox_irq_info.p_ildi = p_ildi;
+-
+- return TFM_HAL_SUCCESS;
+-}
+-
+-enum tfm_plat_err_t tfm_dual_core_hal_init(void)
+-{
+- enum tfm_plat_err_t status;
+-
+- status = initialize_host_to_secure_enclave_mhu();
+- if (status) {
+- return status;
+- }
+- status = initialize_secure_enclave_to_host_mhu();
+-
+- return status;
+-}
+-
+-enum tfm_plat_err_t tfm_hal_notify_peer(void)
+-{
+- uint32_t access_ready;
+- enum mhu_v2_x_error_t status;
+- struct mhu_v2_x_dev_t* dev = &MHU1_SE_TO_HOST_DEV;
+-
+- status = mhu_v2_x_set_access_request(dev);
+- if (status != MHU_V_2_X_ERR_NONE) {
+- SPMLOG_ERRMSGVAL("mhu_v2_x_set_access_request failed : ", status);
+- return TFM_PLAT_ERR_SYSTEM_ERR;
+- }
+-
+- do {
+- status = mhu_v2_x_get_access_ready(dev, &access_ready);
+- if (status != MHU_V_2_X_ERR_NONE) {
+- SPMLOG_ERRMSGVAL("mhu_v2_x_get_access_ready failed : ", status);
+- return TFM_PLAT_ERR_SYSTEM_ERR;
+- }
+- } while(!access_ready);
+-
+- status = mhu_v2_x_channel_send(dev, MHU1_SEH_NOTIFY_CH, MHU1_SEH_NOTIFY_VAL);
+-
+- if (status != MHU_V_2_X_ERR_NONE) {
+- SPMLOG_ERRMSGVAL("mhu_v2_x_channel_send : ", status);
+- return TFM_PLAT_ERR_SYSTEM_ERR;
+- }
+-
+- status = mhu_v2_x_reset_access_request(dev);
+- if (status != MHU_V_2_X_ERR_NONE) {
+- SPMLOG_ERRMSGVAL("mhu_v2_x_reset_access_request : ", status);
+- return TFM_PLAT_ERR_SYSTEM_ERR;
+- }
+- return TFM_PLAT_ERR_SUCCESS;
+-}
+-
+-/*
+- * The function is implemented to support libmetal's mutex and spinlock
+- * implementation. The GCC does not support a respective builtin
+- * functions for Cortex M0+. So below function provides the
+- * missing link for libmetal compilation.
+- * This function will prevent race condition between PendSV context (where
+- * entries are inserted into unordered map) and service threads (where
+- * entries are removed from the unordered map).
+- */
+-bool __atomic_compare_exchange_4(volatile void *mem, void *expected,
+- uint32_t desired, bool var, int success, int failure)
+-{
+- bool ret = false;
+- volatile uint32_t *location = mem;
+- volatile uint32_t *old_val = expected;
+- /* unused variables */
+- (void)var;
+- (void)success;
+- (void)failure;
+-
+- NVIC_DisableIRQ(PendSV_IRQn);
+-
+- do {
+- if (*location != *old_val) {
+- break;
+- }
+- *location = desired;
+- ret = true;
+- } while (0);
+-
+- NVIC_EnableIRQ(PendSV_IRQn);
+-
+- return ret;
+-}
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_openamp_lib.h b/platform/ext/target/arm/corstone1000/openamp/tfm_openamp_lib.h
+deleted file mode 100644
+index 2996ba9a8..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_openamp_lib.h
++++ /dev/null
+@@ -1,128 +0,0 @@
+-/*
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-/*
+- * This header file is common to NSPE and SPE PSA client libraries.
+- */
+-
+-#ifndef __TFM_OPENAMP_LIB_H__
+-#define __TFM_OPENAMP_LIB_H__
+-
+-#include <stdint.h>
+-#include "psa/client.h"
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/* PSA client call type value */
+-#define OPENAMP_PSA_FRAMEWORK_VERSION (0x1)
+-#define OPENAMP_PSA_VERSION (0x2)
+-#define OPENAMP_PSA_CONNECT (0x3)
+-#define OPENAMP_PSA_CALL (0x4)
+-#define OPENAMP_PSA_CLOSE (0x5)
+-
+-/* Return code of openamp APIs */
+-#define OPENAMP_SUCCESS (0)
+-#define OPENAMP_MAP_FULL (INT32_MIN + 1)
+-#define OPENAMP_MAP_ERROR (INT32_MIN + 2)
+-#define OPENAMP_INVAL_PARAMS (INT32_MIN + 3)
+-#define OPENAMP_NO_PERMS (INT32_MIN + 4)
+-#define OPENAMP_NO_PEND_EVENT (INT32_MIN + 5)
+-#define OPENAMP_CHAN_BUSY (INT32_MIN + 6)
+-#define OPENAMP_CALLBACK_REG_ERROR (INT32_MIN + 7)
+-#define OPENAMP_INIT_ERROR (INT32_MIN + 8)
+-
+-#define HOLD_INPUT_BUFFER (1) /* IF true, TF-M Library will hold the openamp
+- * buffer so that openamp shared memory buffer
+- * does not get freed.
+- */
+-
+-/*
+- * This structure holds the parameters used in a PSA client call.
+- */
+-typedef struct __attribute__((packed)) psa_client_in_params {
+- union {
+- struct __attribute__((packed)) {
+- uint32_t sid;
+- } psa_version_params;
+-
+- struct __attribute__((packed)) {
+- uint32_t sid;
+- uint32_t version;
+- } psa_connect_params;
+-
+- struct __attribute__((packed)) {
+- psa_handle_t handle;
+- int32_t type;
+- uint32_t in_vec;
+- uint32_t in_len;
+- uint32_t out_vec;
+- uint32_t out_len;
+- } psa_call_params;
+-
+- struct __attribute__((packed)) {
+- psa_handle_t handle;
+- } psa_close_params;
+- };
+-} psa_client_in_params_t;
+-
+-/* Openamp message passed from NSPE to SPE to deliver a PSA client call */
+-typedef struct __attribute__((packed)) ns_openamp_msg {
+- uint32_t call_type; /* PSA client call type */
+- psa_client_in_params_t params; /* Contain parameters used in PSA
+- * client call
+- */
+-
+- int32_t client_id; /* Optional client ID of the
+- * non-secure caller.
+- * It is required to identify the
+- * non-secure task when NSPE OS
+- * enforces non-secure task
+- * isolation
+- */
+- int32_t request_id; /* This is the unique ID for a
+- * request send to TF-M by the
+- * non-secure core. TF-M forward
+- * the ID back to non-secure on the
+- * reply to a given request. Using
+- * this id, the non-secure library
+- * can identify the request for
+- * which the reply has received.
+- */
+-} ns_openamp_msg_t;
+-
+-/*
+- * This structure holds the location of the out data of the PSA client call.
+- */
+-typedef struct __attribute__((packed)) psa_client_out_params {
+- uint32_t out_vec;
+- uint32_t out_len;
+-} psa_client_out_params_t;
+-
+-
+-/* Openamp message from SPE to NSPE delivering the reply back for a PSA client
+- * call.
+- */
+-typedef struct __attribute__((packed)) s_openamp_msg {
+- int32_t request_id; /* Using this id, the non-secure
+- * library identifies the request.
+- * TF-M forwards the same
+- * request-id received on the
+- * initial request.
+- */
+- int32_t reply; /* Reply of the PSA client call */
+- psa_client_out_params_t params; /* Contain out data result of the
+- * PSA client call.
+- */
+-} s_openamp_msg_t;
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* __TFM_OPENAMP_LIB_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
+deleted file mode 100644
+index d2eabe144..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
++++ /dev/null
+@@ -1,304 +0,0 @@
+-/*
+- * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+- * Copyright (c) 2021-2023 Cypress Semiconductor Corporation (an Infineon company)
+- * or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#include "config_impl.h"
+-#include "tfm_psa_call_pack.h"
+-#include "tfm_spe_dual_core_psa_client_secure_lib.h"
+-#include "tfm_rpc.h"
+-#include "tfm_spe_openamp_interface.h"
+-#include "tfm_spm_log.h"
+-#include "tfm_spe_psa_client_lib_unordered_map.h"
+-#include "psa/error.h"
+-#include "utilities.h"
+-#include "thread.h"
+-
+-/**
+- * In linux environment and for psa_call type client api,
+- * the layout of the reply from tf-m to linux is as following.
+- */
+-typedef struct output_buffer_with_payload {
+- s_openamp_msg_t header;
+- psa_outvec outvec[PSA_MAX_IOVEC];
+- uint8_t payload[]; /* outdata follows */
+-} output_buffer_with_payload_t;
+-
+-static void prepare_and_send_output_msg(int32_t reply, int32_t request_id)
+-{
+- s_openamp_msg_t msg;
+-
+- msg.request_id = request_id;
+- msg.reply = reply;
+-
+- msg.params.out_vec = 0;
+- msg.params.out_len = 0;
+-
+- tfm_to_openamp_reply_back(&msg, sizeof(msg));
+-}
+-
+-static void prepare_and_send_preallocated_output_msg(int32_t reply,
+- const unordered_map_entry_t* s_map_entry)
+-{
+- uint32_t out_len = s_map_entry->msg.params.psa_call_params.out_len;
+- output_buffer_with_payload_t *output_msg = (output_buffer_with_payload_t*)s_map_entry->output_buffer;
+-
+- output_msg->header.request_id = s_map_entry->msg.request_id;
+- output_msg->header.reply = reply;
+-
+- output_msg->header.params.out_vec =
+- (uint32_t)tfm_to_openamp_translate_secure_to_non_secure_ptr(
+- output_msg->outvec);
+- output_msg->header.params.out_len = out_len;
+-
+- for (int i = 0; i < out_len; i++) {
+- output_msg->outvec[i].base = tfm_to_openamp_translate_secure_to_non_secure_ptr(
+- output_msg->outvec[i].base);
+- }
+-
+- /* send msg to non-secure side */
+- tfm_to_openamp_reply_back_no_copy(output_msg, s_map_entry->output_buffer_len);
+-}
+-
+-void send_service_reply_to_non_secure(int32_t reply, void *private)
+-{
+- unordered_map_handle_t handle;
+- const unordered_map_entry_t* s_map_entry = (const unordered_map_entry_t*)private;
+-
+- if (s_map_entry->is_input_buffer_hold) {
+- tfm_to_openamp_release_buffer(s_map_entry->input_buffer);
+- }
+-
+- if (s_map_entry->is_output_buffer) {
+- prepare_and_send_preallocated_output_msg(reply, s_map_entry);
+- } else {
+- prepare_and_send_output_msg(reply, s_map_entry->msg.request_id);
+- }
+-
+- handle = unordered_map_get_entry_handle(s_map_entry);
+- if (handle == INVALID_MAP_HANDLE) {
+- SPMLOG_ERRMSG("FATAL_ERROR: Map handle not valid\r\n");
+- SPM_ASSERT(0);
+- }
+- unordered_map_free(handle);
+-}
+-
+-static psa_invec * prepare_in_vecs(unordered_map_entry_t* s_map_entry)
+-{
+- uint32_t in_len = s_map_entry->msg.params.psa_call_params.in_len;
+- SPM_ASSERT(in_len <= PSA_MAX_IOVEC);
+-
+- psa_invec *input_buffer_in_vec = (psa_invec*)tfm_to_openamp_translate_non_secure_to_secure_ptr(
+- (void*)s_map_entry->msg.params.psa_call_params.in_vec);
+- for (int i = 0; i < in_len; i++) {
+- input_buffer_in_vec[i].base = tfm_to_openamp_translate_non_secure_to_secure_ptr(
+- input_buffer_in_vec[i].base);
+- }
+-
+- return input_buffer_in_vec;
+-}
+-
+-static void * alloc_output_buffer_in_shared_mem(size_t length,
+- unordered_map_entry_t* s_map_entry)
+-{
+- uint32_t buffer_sz = 0;
+-
+- /* pre allocate output_buffer space from openamp shared memory */
+- s_map_entry->output_buffer = tfm_to_openamp_get_buffer(&buffer_sz);
+- SPM_ASSERT((s_map_entry->output_buffer != NULL) && (buffer_sz >= length));
+- s_map_entry->is_output_buffer = true;
+- s_map_entry->output_buffer_len = length;
+- spm_memset(s_map_entry->output_buffer, 0x0, length);
+-
+- return s_map_entry->output_buffer;
+-}
+-
+-static psa_status_t alloc_and_prepare_out_vecs(psa_outvec **out_vec_start_ptr,
+- unordered_map_entry_t* s_map_entry)
+-{
+- psa_outvec *input_buffer_outvec = NULL;
+- size_t output_buffer_len = 0;
+- size_t current_outdata_len = 0;
+- output_buffer_with_payload_t *out_buffer = NULL;
+- int max_shared_mem_buffer_size = 0;
+- uint32_t out_len = s_map_entry->msg.params.psa_call_params.out_len;
+-
+- SPM_ASSERT(out_len <= PSA_MAX_IOVEC);
+- *out_vec_start_ptr = NULL;
+-
+- if (out_len == 0) {
+- return PSA_SUCCESS;
+- }
+-
+- input_buffer_outvec = (psa_outvec*)tfm_to_openamp_translate_non_secure_to_secure_ptr(
+- (void*)s_map_entry->msg.params.psa_call_params.out_vec);
+-
+- /* calculate and validate out data len */
+- output_buffer_len = sizeof(output_buffer_with_payload_t);
+- for (int i = 0; i < out_len; i++) {
+- output_buffer_len += input_buffer_outvec[i].len;
+- }
+- max_shared_mem_buffer_size = tfm_to_openamp_get_buffer_size();
+- if (output_buffer_len > max_shared_mem_buffer_size) {
+- SPMLOG_ERRMSGVAL("required buffer size : ", output_buffer_len);
+- SPMLOG_ERRMSGVAL(" is more than maximum available : ", max_shared_mem_buffer_size);
+- return PSA_ERROR_INVALID_ARGUMENT;
+- }
+-
+- /* prepare output buffer layout */
+- out_buffer = (output_buffer_with_payload_t*)alloc_output_buffer_in_shared_mem(
+- output_buffer_len, s_map_entry);
+-
+- for (int i = 0; i < PSA_MAX_IOVEC; i++) {
+- if (i < out_len) {
+- out_buffer->outvec[i].base = &out_buffer->payload[current_outdata_len];
+- out_buffer->outvec[i].len = input_buffer_outvec[i].len;
+- current_outdata_len += input_buffer_outvec[i].len;
+- } else {
+- out_buffer->outvec[i].base = NULL;
+- out_buffer->outvec[i].len = 0;
+- }
+- }
+-
+- *out_vec_start_ptr = out_buffer->outvec;
+-
+- return PSA_SUCCESS;
+-}
+-
+-static psa_status_t prepare_params_for_psa_call(struct client_params_t *params,
+- unordered_map_entry_t* s_map_entry)
+-{
+- psa_status_t ret = PSA_SUCCESS;
+-
+- params->ns_client_id_stateless = s_map_entry->msg.client_id;
+-
+- params->p_outvecs = NULL;
+- ret = alloc_and_prepare_out_vecs(¶ms->p_outvecs, s_map_entry);
+- if (ret != PSA_SUCCESS) {
+- return ret;
+- }
+-
+- params->p_invecs = prepare_in_vecs(s_map_entry);
+-
+- /* hold the input shared memory */
+- tfm_to_openamp_hold_buffer(s_map_entry->input_buffer);
+- s_map_entry->is_input_buffer_hold = true;
+-
+- return ret;
+-}
+-
+-__STATIC_INLINE int32_t check_msg(const ns_openamp_msg_t *msg)
+-{
+- /*
+- * TODO
+- * Comprehensive check of openamp msessage content can be implemented here.
+- */
+- (void)msg;
+- return OPENAMP_SUCCESS;
+-}
+-
+-static void send_error_to_non_secure(int32_t reply, int32_t request_id)
+-{
+- prepare_and_send_output_msg(reply, request_id);
+-}
+-
+-int32_t register_msg_to_spe_and_verify(void **private, const void *data, size_t len)
+-{
+- unordered_map_entry_t *s_map_entry;
+- ns_openamp_msg_t *ns_msg;
+- unordered_map_handle_t map_handle;
+- int32_t ret = OPENAMP_SUCCESS;
+-
+- *private = NULL;
+-
+- if (len < sizeof(ns_openamp_msg_t)) {
+- SPMLOG_ERRMSG("Invalid parameters.\r\n");
+- send_error_to_non_secure(OPENAMP_INVAL_PARAMS, 0);
+- return OPENAMP_INVAL_PARAMS;
+- }
+-
+- /* start of the data is with "ns_openamp_msg_t" */
+- ns_msg = (ns_openamp_msg_t*)data;
+- ret = unordered_map_insert(ns_msg, data, &map_handle);
+- if (ret) {
+- SPMLOG_ERRMSG("Map insert failed\r\n");
+- send_error_to_non_secure(OPENAMP_MAP_FULL, ns_msg->request_id);
+- return OPENAMP_MAP_FULL;
+- }
+-
+- s_map_entry = unordered_map_get_entry_ptr(map_handle);
+-
+- /* verify msg after copy to the secure memory */
+- if (check_msg(&s_map_entry->msg)) {
+- SPMLOG_ERRMSG("Message is invalid\r\n");
+- send_error_to_non_secure(OPENAMP_INVAL_PARAMS, ns_msg->request_id);
+- unordered_map_free(map_handle);
+- return OPENAMP_INVAL_PARAMS;
+- }
+-
+- *private = s_map_entry;
+-
+- return ret;
+-}
+-
+-void deliver_msg_to_tfm_spe(void *private)
+-{
+- struct client_params_t params = {0};
+- psa_status_t psa_ret = PSA_ERROR_GENERIC_ERROR;
+- unordered_map_entry_t* s_map_entry = (unordered_map_entry_t*)private;
+-
+- switch(s_map_entry->msg.call_type) {
+- case OPENAMP_PSA_FRAMEWORK_VERSION:
+- psa_ret = tfm_rpc_psa_framework_version();
+- send_service_reply_to_non_secure(psa_ret, s_map_entry);
+- break;
+- case OPENAMP_PSA_VERSION:
+- psa_ret = tfm_rpc_psa_version(s_map_entry->msg.params.psa_version_params.sid);
+- send_service_reply_to_non_secure(psa_ret, s_map_entry);
+- break;
+- case OPENAMP_PSA_CALL:
+- psa_ret = prepare_params_for_psa_call(¶ms, s_map_entry);
+- if (psa_ret != PSA_SUCCESS) {
+- send_service_reply_to_non_secure(psa_ret, s_map_entry);
+- break;
+- }
+- psa_ret = tfm_rpc_psa_call(s_map_entry->msg.params.psa_call_params.handle,
+- PARAM_PACK(s_map_entry->msg.params.psa_call_params.type,
+- s_map_entry->msg.params.psa_call_params.in_len,
+- s_map_entry->msg.params.psa_call_params.out_len),
+- ¶ms, NULL);
+- if (psa_ret != PSA_SUCCESS) {
+- send_service_reply_to_non_secure(psa_ret, s_map_entry);
+- break;
+- }
+- break;
+-#if CONFIG_TFM_CONNECTION_BASED_SERVICE_API == 1
+- case OPENAMP_PSA_CONNECT:
+- psa_ret = tfm_rpc_psa_connect(s_map_entry->msg.params.psa_connect_params.sid,
+- s_map_entry->msg.params.psa_connect_params.version,
+- s_map_entry->msg.client_id,
+- NULL);
+- if (psa_ret != PSA_SUCCESS) {
+- send_service_reply_to_non_secure(psa_ret, s_map_entry);
+- }
+- break;
+- case OPENAMP_PSA_CLOSE:
+- tfm_rpc_psa_close(s_map_entry->msg.params.psa_close_params.handle);
+- break;
+-#endif /* CONFIG_TFM_CONNECTION_BASED_SERVICE_API == 1 */
+- default:
+- SPMLOG_ERRMSG("msg type did not recognized\r\n");
+- send_error_to_non_secure(OPENAMP_INVAL_PARAMS, s_map_entry->msg.request_id);
+- unordered_map_free(unordered_map_get_entry_handle(s_map_entry));
+- break;
+- }
+-}
+-
+-void init_dual_core_psa_client_secure_lib(void)
+-{
+- unordered_map_init();
+-}
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.h b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.h
+deleted file mode 100644
+index de7891b83..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.h
++++ /dev/null
+@@ -1,39 +0,0 @@
+-/*
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#ifndef __TFM_SPE_DUAL_CORE_PSA_CLIENT_SECURE_LIB_H__
+-#define __TFM_SPE_DUAL_CORE_PSA_CLIENT_SECURE_LIB_H__
+-
+-#include "tfm_openamp_lib.h"
+-
+-/**
+- * \brief Initializes the library.
+- */
+-void init_dual_core_psa_client_secure_lib(void);
+-
+-/**
+- * \brief Decodes the messages received from the NSPE before sending
+- * to SPE.
+- */
+-void deliver_msg_to_tfm_spe(void *private);
+-
+-/**
+- * \brief Encodes the reply of service before sending it to NSPE.
+- */
+-void send_service_reply_to_non_secure(int32_t reply, void *private);
+-
+-/**
+- * \brief Validate and register the message. The message details are
+- * copied inside the unordered_map.
+- *
+- * \retval OPENAMP_SUCCESS Successfully registered the message.
+- * \retval Other return code Operation failed with an error code.
+- */
+-int32_t register_msg_to_spe_and_verify(void **private,
+- const void *data, size_t len);
+-
+-#endif /* __TFM_SPE_DUAL_CORE_PSA_CLIENT_SECURE_LIB_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface.h b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface.h
+deleted file mode 100644
+index 25afd5017..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface.h
++++ /dev/null
+@@ -1,39 +0,0 @@
+-/*
+- * Copyright (c) 2020 Linaro Limited
+- *
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#ifndef TFM_SPE_OPENAMP_INTERFACE_H_
+-#define TFM_SPE_OPENAMP_INTERFACE_H_
+-
+-#define SUCCESS (0)
+-#define ERROR (INT32_MIN + 1)
+-
+-
+-typedef void (*openamp_to_tfm_callback)(const void *data,
+- size_t len);
+-typedef void (*openamp_to_tfm_notify)(void);
+-
+-/*
+- * These functions are the logical interface from TF-M to
+- * OpenAMP.
+- */
+-int32_t tfm_to_openamp_init(openamp_to_tfm_callback cb,
+- openamp_to_tfm_notify notify);
+-void tfm_to_openamp_notify(void);
+-void tfm_to_openamp_spe_map_spinlock_acquire(void);
+-void tfm_to_openamp_spe_map_spinlock_release(void);
+-void tfm_to_openamp_reply_back(const void* data, size_t len);
+-void tfm_to_openamp_reply_back_no_copy(const void* data, size_t len);
+-void tfm_to_openamp_hold_buffer(const void *buffer);
+-void tfm_to_openamp_release_buffer(const void *buffer);
+-void *tfm_to_openamp_get_buffer(uint32_t *len);
+-int tfm_to_openamp_get_buffer_size(void);
+-void *tfm_to_openamp_translate_non_secure_to_secure_ptr(const void *ptr);
+-void *tfm_to_openamp_translate_secure_to_non_secure_ptr(const void *ptr);
+-
+-#endif /* TFM_SPE_OPENAMP_INTERFACE_H_ */
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface_impl.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface_impl.c
+deleted file mode 100644
+index aa16e9929..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface_impl.c
++++ /dev/null
+@@ -1,248 +0,0 @@
+-/*
+- * Copyright (c) 2020 Linaro Limited
+- *
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#include <metal/device.h>
+-#include <metal/spinlock.h>
+-#include <openamp/open_amp.h>
+-
+-#include "tfm_spe_openamp_interface.h"
+-#include "tfm_spm_log.h"
+-#include "tfm_spe_shm_openamp.h"
+-
+-static metal_phys_addr_t shm_physmap[] = { SHM_START_PHY_ADDR };
+-static struct metal_device shm_device = {
+- .name = SHM_DEVICE_NAME,
+- .bus = NULL,
+- .num_regions = 1,
+- {
+- {
+- .virt = (void *) SHM_START_VIRT_ADDR,
+- .physmap = shm_physmap,
+- .size = SHM_SIZE,
+- .page_shift = 0xffffffff,
+- .page_mask = 0xffffffff,
+- .mem_flags = 0,
+- .ops = { NULL },
+- },
+- },
+- .node = { NULL },
+- .irq_num = 0,
+- .irq_info = NULL
+-};
+-
+-/* Space to be used by virtqueues */
+-#define VQ_STATIC_SIZE (sizeof(struct virtqueue) + (VRING_SIZE * sizeof(struct vq_desc_extra)))
+-uint8_t vq1_static_space[VQ_STATIC_SIZE];
+-uint8_t vq2_static_space[VQ_STATIC_SIZE];
+-
+-static struct virtio_vring_info rvrings[2];
+-
+-static struct virtio_device vdev;
+-static struct rpmsg_virtio_device rvdev;
+-static struct metal_io_region *io;
+-static struct virtqueue *vq[2];
+-static struct rpmsg_virtio_shm_pool shpool;
+-static struct rpmsg_endpoint tfm_ept;
+-static struct rpmsg_endpoint *ep = &tfm_ept;
+-static struct metal_spinlock spe_map_slock;
+-static openamp_to_tfm_callback tfm_callback = NULL;
+-static openamp_to_tfm_notify tfm_notify = NULL;
+-
+-static unsigned char virtio_get_status(struct virtio_device *vdev)
+-{
+- (void)vdev;
+- uint32_t status = *(uint32_t *)VDEV_STATUS_ADDR;
+- return status;
+-}
+-
+-static void virtio_set_status(struct virtio_device *vdev, unsigned char status)
+-{
+- (void)vdev;
+- *(uint32_t *)VDEV_STATUS_ADDR = status;
+-}
+-
+-static uint32_t virtio_get_features(struct virtio_device *vdev)
+-{
+- (void)vdev;
+- return 1 << VIRTIO_RPMSG_F_NS;
+-}
+-
+-static void virtio_notify(struct virtqueue *vq)
+-{
+- (void)vq;
+- tfm_notify();
+-}
+-
+-static struct virtio_dispatch dispatch = {
+- .get_status = virtio_get_status,
+- .set_status = virtio_set_status,
+- .get_features = virtio_get_features,
+- .notify = virtio_notify,
+-};
+-
+-int endpoint_cb(struct rpmsg_endpoint *ept, void *data,
+- size_t len, uint32_t src, void *priv)
+-{
+- (void)ept;
+- (void)src;
+- (void)priv;
+- tfm_callback(data, len);
+- return 0;
+-}
+-
+-static void rpmsg_service_unbind(struct rpmsg_endpoint *ept)
+-{
+- (void)ept;
+- rpmsg_destroy_ept(ep);
+-}
+-
+-void ns_bind_cb(struct rpmsg_device *rdev, const char *name, uint32_t dest)
+-{
+- (void)rpmsg_create_ept(ep, rdev, name,
+- RPMSG_ADDR_ANY, dest,
+- endpoint_cb,
+- rpmsg_service_unbind);
+-}
+-
+-void tfm_to_openamp_notify(void)
+-{
+- virtqueue_notification(vq[0]);
+-}
+-
+-void tfm_to_openamp_spe_map_spinlock_acquire(void)
+-{
+- metal_spinlock_acquire(&spe_map_slock);
+-}
+-
+-void tfm_to_openamp_spe_map_spinlock_release(void)
+-{
+- metal_spinlock_release(&spe_map_slock);
+-}
+-
+-void tfm_to_openamp_reply_back(const void* data, size_t len)
+-{
+- rpmsg_send(ep, data, len);
+-}
+-
+-void tfm_to_openamp_reply_back_no_copy(const void* data, size_t len)
+-{
+- rpmsg_send_nocopy(ep, data, len);
+-}
+-
+-void tfm_to_openamp_hold_buffer(const void *buffer)
+-{
+- rpmsg_hold_rx_buffer(ep, (void*)buffer);
+-}
+-
+-void tfm_to_openamp_release_buffer(const void *buffer)
+-{
+- rpmsg_release_rx_buffer(ep, (void*)buffer);
+-}
+-
+-void *tfm_to_openamp_get_buffer(uint32_t *len)
+-{
+- return rpmsg_get_tx_payload_buffer(ep, len, 1);
+-}
+-
+-int tfm_to_openamp_get_buffer_size(void)
+-{
+- return rpmsg_virtio_get_buffer_size(&rvdev.rdev);
+-}
+-
+-void *tfm_to_openamp_translate_non_secure_to_secure_ptr(const void *ptr)
+-{
+- metal_phys_addr_t phys = 0;
+- phys = (metal_phys_addr_t)ptr;
+- return metal_io_phys_to_virt(io, phys);
+-}
+-
+-void *tfm_to_openamp_translate_secure_to_non_secure_ptr(const void *ptr)
+-{
+- metal_phys_addr_t phys = metal_io_virt_to_phys(io, (void*)ptr);
+- return (void*)phys;
+-}
+-
+-int32_t tfm_to_openamp_init(openamp_to_tfm_callback cb,
+- openamp_to_tfm_notify notify)
+-{
+- int status = 0;
+- struct metal_device *device;
+- struct metal_init_params metal_params = METAL_INIT_DEFAULTS;
+-
+- SPMLOG_INFMSG("TF-M OpenAMP[master] starting initialization...\r\n");
+-
+- if (cb == NULL || notify == NULL) {
+- SPMLOG_ERRMSG("invalid parameters\r\n");
+- return ERROR;
+- }
+- tfm_callback = cb;
+- tfm_notify = notify;
+-
+- metal_spinlock_init(&spe_map_slock);
+-
+- status = metal_init(&metal_params);
+- if (status != 0) {
+- SPMLOG_ERRMSG("metal_init: failed - error code\r\n");
+- return ERROR;
+- }
+-
+- status = metal_register_generic_device(&shm_device);
+- if (status != 0) {
+- SPMLOG_ERRMSG("Couldn't register shared memory device\r\n");
+- return ERROR;
+- }
+-
+- status = metal_device_open("generic", SHM_DEVICE_NAME, &device);
+- if (status != 0) {
+- SPMLOG_ERRMSG("metal_device_open failed\r\n");
+- return ERROR;
+- }
+-
+- io = metal_device_io_region(device, 0);
+- if (io == NULL) {
+- SPMLOG_ERRMSG("metal_device_io_region failed to get region\r\n");
+- return ERROR;
+- }
+-
+- /* setup vdev */
+-
+- memset(vq1_static_space, 0x0, VQ_STATIC_SIZE);
+- vq[0] = (struct virtqueue *)vq1_static_space;
+-
+- memset(vq2_static_space, 0x0, VQ_STATIC_SIZE);
+- vq[1] = (struct virtqueue *)vq2_static_space;
+-
+- vdev.role = RPMSG_MASTER;
+- vdev.vrings_num = VRING_COUNT;
+- vdev.func = &dispatch;
+- rvrings[0].io = io;
+- rvrings[0].info.vaddr = (void *)VRING_TX_ADDRESS;
+- rvrings[0].info.num_descs = VRING_SIZE;
+- rvrings[0].info.align = VRING_ALIGNMENT;
+- rvrings[0].vq = vq[0];
+-
+- rvrings[1].io = io;
+- rvrings[1].info.vaddr = (void *)VRING_RX_ADDRESS;
+- rvrings[1].info.num_descs = VRING_SIZE;
+- rvrings[1].info.align = VRING_ALIGNMENT;
+- rvrings[1].vq = vq[1];
+-
+- vdev.vrings_info = &rvrings[0];
+-
+- /* setup rvdev */
+- rpmsg_virtio_init_shm_pool(&shpool, (void *)SHM_START_VIRT_ADDR, SHM_SIZE);
+- status = rpmsg_init_vdev(&rvdev, &vdev, ns_bind_cb, io, &shpool);
+- if (status != 0) {
+- SPMLOG_ERRMSGVAL("rpmsg_init_vdev failed : ", status);
+- return ERROR;
+- }
+- SPMLOG_INFMSG("rpmsg_init_vdev Done!\r\n");
+-
+- return SUCCESS;
+-}
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interconnect.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interconnect.c
+deleted file mode 100644
+index db8e8ac8b..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interconnect.c
++++ /dev/null
+@@ -1,114 +0,0 @@
+-/*
+- * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#include "tfm_spe_openamp_platform_interface.h"
+-#include "tfm_spe_dual_core_psa_client_secure_lib.h"
+-#include "tfm_rpc.h"
+-#include "tfm_spe_openamp_interface.h"
+-#include "tfm_multi_core.h"
+-#include "tfm_spm_log.h"
+-#include "utilities.h"
+-
+-static void *registered_msg = NULL;
+-
+-/* Process call from the other core. */
+-void callback_from_openamp(const void *ns_msg, size_t len)
+-{
+- int32_t ret = OPENAMP_SUCCESS;
+- void *priv = NULL;
+-
+- ret = register_msg_to_spe_and_verify(&priv, ns_msg, len);
+- if (ret != OPENAMP_SUCCESS) {
+- return;
+- }
+-
+- /*
+- * registered_msg will be used inside get_caller_private_data.
+- * get_caller_private_data will be called in the same context:
+- * deliver_msg* => tfm_rpc_xxx => tfm_spm_xxx => spm_init_connection
+- * => tfm_rpc_set_caller_data => get_caller_private_data
+- */
+- registered_msg = priv;
+-
+- deliver_msg_to_tfm_spe(priv);
+-}
+-
+-/* RPC reply() callback */
+-static void service_reply(const void *priv, int32_t ret)
+-{
+- send_service_reply_to_non_secure(ret, (void*)priv);
+-}
+-
+-/* RPC get_caller_data() callback */
+-static const void *get_caller_private_data(int32_t client_id)
+-{
+- if (!registered_msg) {
+- SPMLOG_ERRMSG("FATAL_ERROR: Map pointer cannot be NULL.\r\n");
+- SPM_ASSERT(0);
+- }
+-
+- return registered_msg;
+-}
+-
+-/* Openamp specific operations callback for TF-M RPC */
+-static const struct tfm_rpc_ops_t openamp_rpc_ops = {
+- .handle_req = tfm_to_openamp_notify, /* notify openamp for pendsv/irq
+- * received from the non-secure */
+- .reply = service_reply,
+- .get_caller_data = get_caller_private_data,
+-};
+-
+-void notify_request_from_openamp(void)
+-{
+- int32_t ret;
+-
+- ret = tfm_hal_notify_peer();
+- if (ret) {
+- SPMLOG_ERRMSGVAL("tfm_hal_notify_peer failed ", ret);
+- }
+- return;
+-}
+-
+-/* Openmap initialization */
+-static int32_t tfm_spe_openamp_lib_init(void)
+-{
+- int32_t ret;
+-
+- ret = tfm_dual_core_hal_init();
+- if (ret) {
+- SPMLOG_ERRMSGVAL("tfm_dual_core_hal_init failed ", ret);
+- return OPENAMP_INIT_ERROR;
+- }
+-
+- ret = tfm_to_openamp_init(callback_from_openamp,
+- notify_request_from_openamp);
+- if (ret) {
+- SPMLOG_ERRMSGVAL("tfm_to_openamp_init failed ", ret);
+- return OPENAMP_INIT_ERROR;
+- }
+-
+- init_dual_core_psa_client_secure_lib();
+-
+- /* Register RPC callbacks */
+- ret = tfm_rpc_register_ops(&openamp_rpc_ops);
+- if (ret) {
+- SPMLOG_ERRMSGVAL("tfm_rpc_register_ops failed ", ret);
+- return OPENAMP_CALLBACK_REG_ERROR;
+- }
+-
+- SPMLOG_INFMSG("tfm_spe_openamp_lib_init initialized success.\r\n");
+- return OPENAMP_SUCCESS;
+-}
+-
+-int32_t tfm_inter_core_comm_init(void)
+-{
+- if (tfm_spe_openamp_lib_init()) {
+- return TFM_PLAT_ERR_SYSTEM_ERR;
+- }
+-
+- return TFM_PLAT_ERR_SUCCESS;
+-}
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interface.h b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interface.h
+deleted file mode 100644
+index 4c720b731..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interface.h
++++ /dev/null
+@@ -1,31 +0,0 @@
+-/*
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#ifndef __TFM_SPE_OPENAMP_PLATFORM_INTERFACE_H__
+-#define __TFM_SPE_OPENAMP_PLATFORM_INTERFACE_H__
+-
+-#include "tfm_openamp_lib.h"
+-#include "tfm_plat_defs.h"
+-
+-/**
+- * \brief Platform specific initialization of SPE openamp.
+- *
+- * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded.
+- * \retval Other return code Operation failed with an error code.
+- */
+-enum tfm_plat_err_t tfm_dual_core_hal_init(void);
+-
+-/**
+- * \brief Notify NSPE that a PSA client call return result is replied.
+- * Implemented by platform specific inter-processor communication driver.
+- *
+- * \retval TFM_PLAT_ERR_SUCCESS The notification is successfully sent out.
+- * \retval Other return code Operation failed with an error code.
+- */
+-enum tfm_plat_err_t tfm_hal_notify_peer(void);
+-
+-#endif /* __TFM_SPE_OPENAMP_PLATFORM_INTERFACE_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.c
+deleted file mode 100644
+index 007a675bd..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.c
++++ /dev/null
+@@ -1,151 +0,0 @@
+-/*
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#include "tfm_spe_psa_client_lib_unordered_map.h"
+-#include "utilities.h"
+-#include "tfm_spe_openamp_interface.h"
+-#include "tfm_spe_shm_openamp.h"
+-#include <stdbool.h>
+-#include <stddef.h>
+-#include <string.h>
+-
+-/*
+- * SPE map where tf-m copies the psa_client parameters
+- * from non-secure memory to its local secure memory.
+- */
+-typedef struct unordered_map {
+- /*
+- * Aligned with TFM_MAX_MESSAGES. A more sophisticated approach is
+- * required if the intent is to increase TFM_MAX_MESSAGES beyond
+- * 32 bits.
+- */
+- uint32_t busy_slots; /* protected by a spinlock */
+- unordered_map_entry_t map[TFM_MAX_MESSAGES];
+-} unordered_map_t;
+-
+-
+-/*
+- * TF-M secure memory map: the parameters are copied to secure memory
+- * from openamp non-secure memory. This is to avoid TOCTOU attack.
+- */
+-static unordered_map_t psa_client_lib_map_;
+-
+-static inline int find_first_unset_bit(uint32_t n)
+-{
+- int index = -1;
+- n = ~n & (n+1);
+- while(n>0) {
+- n >>= 1;
+- index++;
+- }
+- return index;
+-}
+-
+-static inline bool is_map_full(unordered_map_t *m)
+-{
+- return (~(m->busy_slots) == 0);
+-}
+-
+-static inline void set_bit(uint32_t *n, int index)
+-{
+- *n = (*n | (1 << index));
+-}
+-
+-static inline bool is_bit_set(uint32_t n, int index)
+-{
+- return ((n & (1 << index)) != 0);
+-}
+-
+-static inline void unset_bit(uint32_t *n, int index)
+-{
+- uint32_t mask = 0;
+- mask |= (1 << index);
+- *n = (*n & ~mask);
+-}
+-
+-void unordered_map_init(void)
+-{
+- tfm_to_openamp_spe_map_spinlock_acquire();
+- psa_client_lib_map_.busy_slots = 0;
+- tfm_to_openamp_spe_map_spinlock_release();
+-}
+-
+-static int32_t alloc_map_entry(unordered_map_handle_t *handle)
+-{
+- int32_t ret;
+- tfm_to_openamp_spe_map_spinlock_acquire();
+- do {
+- if (is_map_full(&psa_client_lib_map_)) {
+- ret = OPENAMP_MAP_FULL;
+- break;
+- }
+- *handle = find_first_unset_bit(psa_client_lib_map_.busy_slots);
+- set_bit(&psa_client_lib_map_.busy_slots, *handle);
+- ret = OPENAMP_SUCCESS;
+- } while (0);
+- tfm_to_openamp_spe_map_spinlock_release();
+- return ret;
+-}
+-
+-int32_t unordered_map_insert(const ns_openamp_msg_t *ns_msg, const void *in,
+- unordered_map_handle_t *handle)
+-{
+- int32_t ret;
+-
+- ret = alloc_map_entry(handle);
+- if (ret) {
+- return ret;
+- }
+-
+- memcpy(&psa_client_lib_map_.map[*handle].msg, ns_msg,
+- sizeof(ns_openamp_msg_t));
+-
+- psa_client_lib_map_.map[*handle].input_buffer = in;
+- psa_client_lib_map_.map[*handle].output_buffer = NULL;
+- psa_client_lib_map_.map[*handle].output_buffer_len = 0;
+- psa_client_lib_map_.map[*handle].is_input_buffer_hold = false;
+- psa_client_lib_map_.map[*handle].is_output_buffer = false;
+-
+- psa_client_lib_map_.map[*handle].handle = *handle;
+-
+- return OPENAMP_SUCCESS;
+-}
+-
+-void unordered_map_free(unordered_map_handle_t handle)
+-{
+- if (handle >= TFM_MAX_MESSAGES || handle < 0) {
+- return;
+- }
+- spm_memset(&psa_client_lib_map_.map[handle], 0,
+- sizeof(unordered_map_entry_t));
+-
+- tfm_to_openamp_spe_map_spinlock_acquire();
+- unset_bit(&psa_client_lib_map_.busy_slots, handle);
+- tfm_to_openamp_spe_map_spinlock_release();
+-}
+-
+-unordered_map_entry_t* unordered_map_get_entry_ptr(unordered_map_handle_t handle)
+-{
+- if (handle >= TFM_MAX_MESSAGES || handle < 0) {
+- return NULL;
+- }
+- if (!is_bit_set(psa_client_lib_map_.busy_slots, handle)) {
+- return NULL;
+- }
+- return &psa_client_lib_map_.map[handle];
+-}
+-
+-unordered_map_handle_t unordered_map_get_entry_handle(
+- const unordered_map_entry_t *ptr)
+-{
+- if (!ptr) {
+- return INVALID_MAP_HANDLE;
+- }
+-
+- return ptr->handle;
+-}
+-
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.h b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.h
+deleted file mode 100644
+index 1d094133b..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.h
++++ /dev/null
+@@ -1,50 +0,0 @@
+-/*
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#ifndef __TFM_SPE_PSA_CLIENT_LIB_UNORDERED_MAP_H__
+-#define __TFM_SPE_PSA_CLIENT_LIB_UNORDERED_MAP_H__
+-
+-#include <stdbool.h>
+-#include "tfm_openamp_lib.h"
+-
+-/* 16 bits are sufficient to store the handle. Also
+- * choosing 16bits allow for better packing inside
+- * the struct unordered_map_entry_t.
+- */
+-typedef int16_t unordered_map_handle_t;
+-#define INVALID_MAP_HANDLE -1
+-
+-/* An entry structure of map data structure */
+-typedef struct unordered_map_entry {
+- ns_openamp_msg_t msg;
+- const void *input_buffer;
+- void *output_buffer;
+- size_t output_buffer_len;
+- unordered_map_handle_t handle; /* entry handle */
+- bool is_input_buffer_hold; /* true when input buffer is held */
+- bool is_output_buffer; /* true when output buffer is preallocated */
+-} unordered_map_entry_t;
+-
+-/* Initialize the map data structure */
+-void unordered_map_init(void);
+-
+-/* Insert entry into the map and return a handle to the entry */
+-int32_t unordered_map_insert(const ns_openamp_msg_t *msg, const void *in,
+- unordered_map_handle_t *handle);
+-
+-/* Free respective entry into the map represented by the handle */
+-void unordered_map_free(unordered_map_handle_t handle);
+-
+-/* Using a handle return the memory pointer of the entry */
+-unordered_map_entry_t* unordered_map_get_entry_ptr(
+- unordered_map_handle_t handle);
+-
+-/* Using a entry memory location, return respective handle */
+-unordered_map_handle_t unordered_map_get_entry_handle(
+- const unordered_map_entry_t *ptr);
+-
+-#endif /* __TFM_SPE_PSA_CLIENT_LIB_UNORDERED_MAP_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_shm_openamp.h b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_shm_openamp.h
+deleted file mode 100644
+index 6e8cde8f4..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_shm_openamp.h
++++ /dev/null
+@@ -1,39 +0,0 @@
+-/*
+- * Copyright (c) 2020 Linaro Limited
+- *
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#ifndef TFM_SPE_SHM_OPEN_AMP_H_
+-#define TFM_SPE_SHM_OPEN_AMP_H_
+-
+-#include "region_defs.h"
+-
+-#define VDEV_STATUS_ADDR (OPENAMP_SE_SHARED_MEMORY_START_ADDR)
+-#define VDEV_STATUS_SIZE (0x1000) // 4 KB
+-#define SHM_START_VIRT_ADDR (OPENAMP_SE_SHARED_MEMORY_START_ADDR + VDEV_STATUS_SIZE)
+-#define SHM_START_PHY_ADDR (OPENAMP_HOST_SHARED_MEMORY_START_ADDR + VDEV_STATUS_SIZE)
+-#define SHM_SIZE OPENAMP_SHARED_MEMORY_SIZE - VDEV_STATUS_SIZE
+-#define SHM_DEVICE_NAME "cvm.shm"
+-
+-#define VRING_COUNT 2
+-#define VRING_MEM_SIZE (0x1000) // 4 KB
+-#define VRING_TX_ADDRESS (SHM_START_VIRT_ADDR + SHM_SIZE - VRING_MEM_SIZE)
+-#define VRING_RX_ADDRESS (SHM_START_VIRT_ADDR + SHM_SIZE - (2 * VRING_MEM_SIZE))
+-#define VRING_ALIGNMENT 4
+-#define VRING_SIZE 16
+-
+-/*
+- * The tf-m can only accept MAX_MESSAGES at a given time.
+- * The Host should set RPMSG_BUFFER_SIZE accrodingly
+- * such that tf-m does not recieve more than
+- * TFM_MAX_MESSAGES messages.
+- * Changing this macro DOES NOT increase TF-M capabilities
+- * to handle more messages.
+- */
+-#define TFM_MAX_MESSAGES (32)
+-
+-#endif /* TFM_SPE_SHM_OPEN_AMP_H_ */
+diff --git a/platform/ext/target/arm/corstone1000/partition/region_defs.h b/platform/ext/target/arm/corstone1000/partition/region_defs.h
+index 64ab786e5..a80b07737 100644
+--- a/platform/ext/target/arm/corstone1000/partition/region_defs.h
++++ b/platform/ext/target/arm/corstone1000/partition/region_defs.h
+@@ -59,13 +59,13 @@
+ #define S_DATA_LIMIT (S_DATA_START + S_DATA_SIZE - 1)
+ #define S_DATA_PRIV_START (S_DATA_START + S_UNPRIV_DATA_SIZE)
+
+-/* OpenAMP shared memory region */
+-#define OPENAMP_SE_SHARED_MEMORY_START_ADDR 0xA8000000
+-#define OPENAMP_HOST_SHARED_MEMORY_START_ADDR 0x88000000
+-#define OPENAMP_SHARED_MEMORY_SIZE (1024 * 1024) /* 1MB */
++/* Shared memory region */
++#define INTER_PROCESSOR_SE_SHARED_MEMORY_START_ADDR 0xA8000000
++#define INTER_PROCESSOR_HOST_SHARED_MEMORY_START_ADDR 0x88000000
++#define INTER_PROCESSOR_SHARED_MEMORY_SIZE (1024 * 1024) /* 1MB */
+
+-#define NS_DATA_START OPENAMP_SE_SHARED_MEMORY_START_ADDR
+-#define NS_DATA_SIZE OPENAMP_SHARED_MEMORY_SIZE
++#define NS_DATA_START INTER_PROCESSOR_SE_SHARED_MEMORY_START_ADDR
++#define NS_DATA_SIZE INTER_PROCESSOR_SHARED_MEMORY_SIZE
+
+ #define S_CODE_VECTOR_TABLE_SIZE (0xc0)
+
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/CMakeLists.txt b/platform/ext/target/arm/corstone1000/rse_comms/CMakeLists.txt
+new file mode 100644
+index 000000000..7c4bc0fef
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/CMakeLists.txt
+@@ -0,0 +1,34 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++
++target_include_directories(platform_s
++ PUBLIC
++ .
++)
++
++target_sources(platform_s
++ PRIVATE
++ rse_comms.c
++ rse_comms_hal.c
++ rse_comms_queue.c
++ rse_comms_protocol.c
++ rse_comms_protocol_embed.c
++)
++
++target_compile_definitions(platform_s
++ PRIVATE
++ RSE_COMMS_MAX_CONCURRENT_REQ=1
++ RSE_COMMS_PROTOCOL_EMBED_ENABLED
++ $<$<BOOL:${CONFIG_TFM_HALT_ON_CORE_PANIC}>:CONFIG_TFM_HALT_ON_CORE_PANIC>
++)
++
++# For spm_log_msgval
++target_link_libraries(platform_s
++ PRIVATE
++ tfm_spm
++ tfm_sprt
++)
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.c b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.c
+new file mode 100644
+index 000000000..df2b6bffa
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.c
+@@ -0,0 +1,176 @@
++/*
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++ * Copyright (c) 2023 Cypress Semiconductor Corporation (an Infineon company)
++ * or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "rse_comms.h"
++
++#include <stddef.h>
++#include <stdint.h>
++
++#include "rse_comms_hal.h"
++#include "rse_comms_queue.h"
++#include "tfm_rpc.h"
++#include "tfm_multi_core.h"
++#include "tfm_hal_multi_core.h"
++#include "tfm_psa_call_pack.h"
++#include "tfm_spm_log.h"
++#include "rse_comms_permissions_hal.h"
++
++static struct client_request_t *req_to_process;
++
++static psa_status_t message_dispatch(struct client_request_t *req)
++{
++ int32_t client_id;
++ enum tfm_plat_err_t plat_err;
++
++ /* Create the call parameters */
++ struct client_params_t params = {
++ .p_invecs = req->in_vec,
++ .p_outvecs = req->out_vec,
++ };
++
++ SPMLOG_DBGMSG("[RSE-COMMS] Dispatching message\r\n");
++ SPMLOG_DBGMSGVAL("handle=", req->handle);
++ SPMLOG_DBGMSGVAL("type=", req->type);
++ SPMLOG_DBGMSGVAL("in_len=", req->in_len);
++ SPMLOG_DBGMSGVAL("out_len=", req->out_len);
++ if (req->in_len > 0) {
++ SPMLOG_DBGMSGVAL("in_vec[0].len=", req->in_vec[0].len);
++ }
++ if (req->in_len > 1) {
++ SPMLOG_DBGMSGVAL("in_vec[1].len=", req->in_vec[1].len);
++ }
++ if (req->in_len > 2) {
++ SPMLOG_DBGMSGVAL("in_vec[2].len=", req->in_vec[2].len);
++ }
++ if (req->in_len > 3) {
++ SPMLOG_DBGMSGVAL("in_vec[3].len=", req->in_vec[3].len);
++ }
++ if (req->out_len > 0) {
++ SPMLOG_DBGMSGVAL("out_vec[0].len=", req->out_vec[0].len);
++ }
++ if (req->out_len > 1) {
++ SPMLOG_DBGMSGVAL("out_vec[1].len=", req->out_vec[1].len);
++ }
++ if (req->out_len > 2) {
++ SPMLOG_DBGMSGVAL("out_vec[2].len=", req->out_vec[2].len);
++ }
++ if (req->out_len > 3) {
++ SPMLOG_DBGMSGVAL("out_vec[3].len=", req->out_vec[3].len);
++ }
++
++ plat_err = comms_permissions_service_check(req->handle,
++ req->in_vec,
++ req->in_len,
++ req->type);
++ if (plat_err != TFM_PLAT_ERR_SUCCESS) {
++ SPMLOG_ERRMSG("[RSE-COMMS] Call not permitted\r\n");
++ return PSA_ERROR_NOT_PERMITTED;
++ }
++
++ client_id = tfm_hal_client_id_translate(req->mhu_sender_dev,
++ (int32_t)(req->client_id));
++ if (client_id >= 0) {
++ SPMLOG_ERRMSGVAL("[RSE-COMMS] Invalid client_id: ",
++ (uint32_t)(req->client_id));
++ return PSA_ERROR_INVALID_ARGUMENT;
++ }
++ params.ns_client_id_stateless = client_id;
++
++ return tfm_rpc_psa_call(req->handle,
++ PARAM_PACK(req->type,
++ req->in_len,
++ req->out_len),
++ ¶ms,
++ NULL);
++}
++
++static void rse_comms_reply(const void *owner, int32_t ret)
++{
++ struct client_request_t *req = (struct client_request_t *)owner;
++
++ req->return_val = ret;
++
++ SPMLOG_DBGMSG("[RSE-COMMS] Sending reply\r\n");
++ SPMLOG_DBGMSGVAL("protocol_ver=", req->protocol_ver);
++ SPMLOG_DBGMSGVAL("seq_num=", req->seq_num);
++ SPMLOG_DBGMSGVAL("client_id=", req->client_id);
++ SPMLOG_DBGMSGVAL("return_val=", req->return_val);
++ SPMLOG_DBGMSGVAL("out_vec[0].len=", req->out_vec[0].len);
++ SPMLOG_DBGMSGVAL("out_vec[1].len=", req->out_vec[1].len);
++ SPMLOG_DBGMSGVAL("out_vec[2].len=", req->out_vec[2].len);
++ SPMLOG_DBGMSGVAL("out_vec[3].len=", req->out_vec[3].len);
++
++ if (tfm_multi_core_hal_reply(req) != TFM_PLAT_ERR_SUCCESS) {
++ SPMLOG_DBGMSG("[RSE-COMMS] Sending reply failed!\r\n");
++ }
++}
++
++static void rse_comms_handle_req(void)
++{
++ psa_status_t status;
++ void *queue_entry;
++
++ /* FIXME: consider memory limitations that may prevent dispatching all
++ * messages in one go.
++ */
++ while (queue_dequeue(&queue_entry) == 0) {
++ /* Deliver PSA Client call request to handler in SPM. */
++ req_to_process = queue_entry;
++ status = message_dispatch(req_to_process);
++#if CONFIG_TFM_SPM_BACKEND_IPC == 1
++ /*
++ * If status == PSA_SUCCESS, peer will be replied when mailbox agent
++ * partition receives a 'ASYNC_MSG_REPLY' signal from the requested
++ * service partition.
++ * If status != PSA_SUCCESS, the service call has been finished.
++ * Reply to the peer directly.
++ */
++ if (status != PSA_SUCCESS) {
++ SPMLOG_DBGMSGVAL("[RSE-COMMS] Message dispatch failed: ", status);
++ rse_comms_reply(req_to_process, status);
++ }
++#else
++ /* In SFN model, the service call has been finished. Reply to the peer directly. */
++ rse_comms_reply(req_to_process, status);
++#endif
++ }
++}
++
++static const void *rss_comms_get_caller_data(int32_t client_id)
++{
++ (void)client_id;
++
++ return req_to_process;
++}
++
++static struct tfm_rpc_ops_t rpc_ops = {
++ .handle_req = rse_comms_handle_req,
++ .reply = rse_comms_reply,
++ .get_caller_data = rss_comms_get_caller_data,
++};
++
++int32_t tfm_inter_core_comm_init(void)
++{
++ int32_t ret;
++
++ /* Register RPC callbacks */
++ ret = tfm_rpc_register_ops(&rpc_ops);
++ if (ret != TFM_RPC_SUCCESS) {
++ return ret;
++ }
++
++ /* Platform specific initialization */
++ ret = tfm_multi_core_hal_init();
++ if (ret != TFM_PLAT_ERR_SUCCESS) {
++ tfm_rpc_unregister_ops();
++ return ret;
++ }
++
++ return TFM_RPC_SUCCESS;
++}
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
+new file mode 100644
+index 000000000..6d79dd3bf
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
+@@ -0,0 +1,48 @@
++/*
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __RSE_COMMS_H__
++#define __RSE_COMMS_H__
++
++#include "psa/client.h"
++#include "cmsis_compiler.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++ /* size suits to fit the largest message too (EFI variables) */
++#define RSE_COMMS_PAYLOAD_MAX_SIZE (0x2100)
++
++/*
++ * Allocated for each client request.
++ *
++ * TODO: Sizing of payload_buf, this should be platform dependent:
++ * - sum in_vec size
++ * - sum out_vec size
++ */
++struct client_request_t {
++ void *mhu_sender_dev; /* Pointer to MHU sender device to reply on */
++ uint8_t protocol_ver;
++ uint8_t seq_num;
++ uint16_t client_id;
++ psa_handle_t handle;
++ int32_t type;
++ uint32_t in_len;
++ uint32_t out_len;
++ psa_invec in_vec[PSA_MAX_IOVEC];
++ psa_outvec out_vec[PSA_MAX_IOVEC];
++ int32_t return_val;
++ uint64_t out_vec_host_addr[PSA_MAX_IOVEC];
++ uint8_t param_copy_buf[RSE_COMMS_PAYLOAD_MAX_SIZE];
++};
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __RSE_COMMS_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.c b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.c
+new file mode 100644
+index 000000000..ef6fb9e02
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.c
+@@ -0,0 +1,232 @@
++/*
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "rse_comms_hal.h"
++
++#include "rse_comms.h"
++#include "rse_comms_queue.h"
++#include "mhu.h"
++#include "cmsis.h"
++#include "device_definition.h"
++#include "tfm_peripherals_def.h"
++#include "tfm_spm_log.h"
++#include "tfm_pools.h"
++#include "rse_comms_protocol.h"
++#include <string.h>
++
++/* Declared statically to avoid using huge amounts of stack space. Maybe revisit
++ * if functions not being reentrant becomes a problem.
++ */
++static __ALIGNED(4) struct serialized_psa_msg_t msg;
++static __ALIGNED(4) struct serialized_psa_reply_t reply;
++
++/* The 32bit client ID is constructed as following:
++ * bit31: always 1
++ * bit30~bit16: client source identifier.
++ 0x0000 First mailbox agent client(MHU) (by default)
++ 0x1000 Second mailbox agent client(MHU)
++ ...
++ * bit15~bit0: client input client ID
++ */
++#define CLIENT_ID_USER_INPUT_OFFSET (0)
++#define CLIENT_ID_USER_INPUT_MASK (0xFFFFUL << CLIENT_ID_USER_INPUT_OFFSET)
++
++#define CLIENT_ID_MHU_BASE_OFFSET (16)
++#define CLIENT_ID_MHU_BASE_MASK (0x7FFFUL << CLIENT_ID_MHU_BASE_OFFSET)
++
++#define NS_CLIENT_ID_FLAG_OFFSET (31)
++#define NS_CLIENT_ID_FLAG_MASK (0x1UL << NS_CLIENT_ID_FLAG_OFFSET)
++
++/* MHU for RSE <> AP_MONITOR communication */
++#ifndef MHU0_CLIENT_ID_BASE
++#define MHU0_CLIENT_ID_BASE (0x0000UL << CLIENT_ID_MHU_BASE_OFFSET)
++#endif
++
++#ifdef MHU_RSE_TO_AP_NS
++/* MHU for RSE <> AP_NS communication */
++#ifndef MHU1_CLIENT_ID_BASE
++#define MHU1_CLIENT_ID_BASE (0x1000UL << CLIENT_ID_MHU_BASE_OFFSET)
++#endif
++#endif /* MHU_RSE_TO_AP_NS */
++
++TFM_POOL_DECLARE(req_pool, sizeof(struct client_request_t),
++ RSE_COMMS_MAX_CONCURRENT_REQ);
++
++static enum tfm_plat_err_t initialize_mhu(void)
++{
++ enum mhu_error_t err;
++
++ err = mhu_init_sender(&MHU1_SE_TO_HOST_DEV);
++ if (err != MHU_ERR_NONE) {
++ SPMLOG_ERRMSGVAL("[COMMS] RSE to AP_MONITOR MHU driver init failed: ",
++ err);
++ return TFM_PLAT_ERR_SYSTEM_ERR;
++ }
++
++ err = mhu_init_receiver(&MHU1_HOST_TO_SE_DEV);
++ if (err != MHU_ERR_NONE) {
++ SPMLOG_ERRMSGVAL("[COMMS] AP_MONITOR to RSE MHU driver init failed: ",
++ err);
++ return TFM_PLAT_ERR_SYSTEM_ERR;
++ }
++
++#ifdef MHU_RSE_TO_AP_NS
++ err = mhu_init_sender(&MHU_RSE_TO_AP_NS_DEV);
++ if (err != MHU_ERR_NONE) {
++ SPMLOG_ERRMSGVAL("[COMMS] RSE to AP_NS MHU driver init failed: ", err);
++ return TFM_PLAT_ERR_SYSTEM_ERR;
++ }
++
++ err = mhu_init_receiver(&MHU_AP_NS_TO_RSE_DEV);
++ if (err != MHU_ERR_NONE) {
++ SPMLOG_ERRMSGVAL("[COMMS] AP_NS to RSE MHU driver init failed: ", err);
++ return TFM_PLAT_ERR_SYSTEM_ERR;
++ }
++#endif /* MHU_RSE_TO_AP_NS */
++
++ SPMLOG_DBGMSG("[COMMS] MHU driver initialized successfully.\r\n");
++ return TFM_PLAT_ERR_SUCCESS;
++}
++
++enum tfm_plat_err_t tfm_multi_core_hal_receive(void *mhu_receiver_dev,
++ void *mhu_sender_dev,
++ uint32_t source)
++{
++ enum mhu_error_t mhu_err;
++ enum tfm_plat_err_t err;
++ size_t msg_len = sizeof(msg);
++ size_t reply_size;
++
++ memset(&msg, 0, sizeof(msg));
++ memset(&reply, 0, sizeof(reply));
++
++ /* Receive complete message */
++ mhu_err = mhu_receive_data(mhu_receiver_dev, (uint8_t *)&msg, &msg_len);
++
++ /* Clear the pending interrupt for this MHU. This prevents the mailbox
++ * interrupt handler from being called without the next request arriving
++ * through the mailbox
++ */
++ NVIC_ClearPendingIRQ(source);
++
++ if (mhu_err != MHU_ERR_NONE) {
++ SPMLOG_DBGMSGVAL("[COMMS] MHU receive failed: ", mhu_err);
++ /* Can't respond, since we don't know anything about the message */
++ return TFM_PLAT_ERR_SYSTEM_ERR;
++ }
++
++ SPMLOG_DBGMSG("[COMMS] Received message\r\n");
++ SPMLOG_DBGMSGVAL("[COMMS] size=", msg_len);
++ SPMLOG_DBGMSGVAL("[COMMS] seq_num=", msg.header.seq_num);
++
++ struct client_request_t *req = tfm_pool_alloc(req_pool);
++ if (!req) {
++ /* No free capacity, drop message */
++ err = TFM_PLAT_ERR_SYSTEM_ERR;
++ goto out_return_err;
++ }
++ memset(req, 0, sizeof(struct client_request_t));
++
++ /* Record the MHU sender device to be used for the reply */
++ req->mhu_sender_dev = mhu_sender_dev;
++
++ err = rse_protocol_deserialize_msg(req, &msg, msg_len);
++ if (err != TFM_PLAT_ERR_SUCCESS) {
++ /* Deserialisation failed, drop message */
++ SPMLOG_DBGMSGVAL("[COMMS] Deserialize message failed: ", err);
++ goto out_return_err;
++ }
++
++ if (queue_enqueue(req) != 0) {
++ /* No queue capacity, drop message */
++ err = TFM_PLAT_ERR_SYSTEM_ERR;
++ goto out_return_err;
++ }
++
++ /* Message successfully received */
++ return TFM_PLAT_ERR_SUCCESS;
++
++out_return_err:
++ /* Attempt to respond with a failure message */
++ if (rse_protocol_serialize_error(req, &msg.header,
++ PSA_ERROR_CONNECTION_BUSY,
++ &reply, &reply_size)
++ == TFM_PLAT_ERR_SUCCESS) {
++ mhu_send_data(mhu_sender_dev, (uint8_t *)&reply, reply_size);
++ }
++
++ if (req) {
++ tfm_pool_free(req_pool, req);
++ }
++
++ return err;
++}
++
++enum tfm_plat_err_t tfm_multi_core_hal_reply(struct client_request_t *req)
++{
++ enum tfm_plat_err_t err;
++ enum mhu_error_t mhu_err;
++ size_t reply_size;
++
++ /* This function is called by the mailbox partition with Thread priority, so
++ * MHU interrupts must be disabled to prevent concurrent accesses by
++ * tfm_multi_core_hal_receive().
++ */
++ NVIC_DisableIRQ(MAILBOX_IRQ);
++
++ if (!is_valid_chunk_data_in_pool(req_pool, (uint8_t *)req)) {
++ err = TFM_PLAT_ERR_SYSTEM_ERR;
++ goto out;
++ }
++
++ err = rse_protocol_serialize_reply(req, &reply, &reply_size);
++ if (err != TFM_PLAT_ERR_SUCCESS) {
++ SPMLOG_DBGMSGVAL("[COMMS] Serialize reply failed: ", err);
++ goto out_free_req;
++ }
++
++ mhu_err = mhu_send_data(req->mhu_sender_dev, (uint8_t *)&reply, reply_size);
++ if (mhu_err != MHU_ERR_NONE) {
++ SPMLOG_DBGMSGVAL("[COMMS] MHU send failed: ", mhu_err);
++ err = TFM_PLAT_ERR_SYSTEM_ERR;
++ goto out_free_req;
++ }
++
++ SPMLOG_DBGMSG("[COMMS] Sent reply\r\n");
++
++out_free_req:
++ tfm_pool_free(req_pool, req);
++out:
++ NVIC_EnableIRQ(MAILBOX_IRQ);
++ return err;
++}
++
++enum tfm_plat_err_t tfm_multi_core_hal_init(void)
++{
++ int32_t spm_err;
++
++ spm_err = tfm_pool_init(req_pool, POOL_BUFFER_SIZE(req_pool),
++ sizeof(struct client_request_t),
++ RSE_COMMS_MAX_CONCURRENT_REQ);
++ if (spm_err) {
++ return TFM_PLAT_ERR_SYSTEM_ERR;
++ }
++
++ return initialize_mhu();
++}
++
++int32_t tfm_hal_client_id_translate(void *owner, int32_t client_id_in)
++{
++ if ((uintptr_t)owner == (uintptr_t)&MHU1_SE_TO_HOST_DEV) {
++ return ((client_id_in & CLIENT_ID_USER_INPUT_MASK) |
++ (MHU0_CLIENT_ID_BASE & CLIENT_ID_MHU_BASE_MASK) |
++ (NS_CLIENT_ID_FLAG_MASK));
++ } else {
++ SPMLOG_DBGMSG("[COMMS] client_id translation failed: invalid owner\r\n");
++ return 0;
++ }
++}
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.h
+new file mode 100644
+index 000000000..c4676cb2e
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.h
+@@ -0,0 +1,56 @@
++/*
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __RSE_COMMS_HAL_H__
++#define __RSE_COMMS_HAL_H__
++
++#include "rse_comms.h"
++#include "tfm_plat_defs.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * \brief Platform specific initialization of SPE multi-core.
++ *
++ * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded.
++ * \retval Other return code Operation failed with an error code.
++ */
++enum tfm_plat_err_t tfm_multi_core_hal_init(void);
++
++/**
++ * \brief Receive PSA client call request from NSPE.
++ * Implemented by platform specific inter-processor communication driver.
++ *
++ * \param[in] mhu_receiver_dev Pointer to MHU receiver device on which to read
++ * the message.
++ * \param[in] mhu_sender_dev Pointer to MHU sender device on which to write
++ * the reply.
++ * \param[in] source The number of the IRQ source for this MHU.
++ *
++ * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded.
++ * \retval Other return code Operation failed with an error code.
++ */
++enum tfm_plat_err_t tfm_multi_core_hal_receive(void *mhu_receiver_dev,
++ void *mhu_sender_dev,
++ uint32_t source);
++
++/**
++ * \brief Notify NSPE that a PSA client call return result is replied.
++ * Implemented by platform specific inter-processor communication driver.
++ *
++ * \retval TFM_PLAT_ERR_SUCCESS The notification is successfully sent out.
++ * \retval Other return code Operation failed with an error code.
++ */
++enum tfm_plat_err_t tfm_multi_core_hal_reply(struct client_request_t *req);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __RSE_COMMS_HAL_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_permissions_hal.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_permissions_hal.h
+new file mode 100644
+index 000000000..5bd0124a6
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_permissions_hal.h
+@@ -0,0 +1,58 @@
++/*
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __RSE_COMMS_PERMISSIONS_HAL_H__
++#define __RSE_COMMS_PERMISSIONS_HAL_H__
++
++#include "psa/client.h"
++#include "tfm_plat_defs.h"
++#include "stdbool.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * \brief Check that RSE comms callers have permission to access a memory
++ * buffer.
++ *
++ * \param[in] owner The owner of host memory against which the
++ * memory access is checked (e.g. MHU device).
++ * \param[in] host_ptr Address of the memory region to be accessed.
++ * \param[in] size Size of the memory region to be accessed.
++ * \param[in] is_write True, if the memory access is a write
++ * operation, False otherwise.
++ *
++ * \retval TFM_PLAT_ERR_SUCCESS Caller has permission to access buffer.
++ * \retval Other return code Caller does not have permission, or an error
++ * occurred.
++ */
++enum tfm_plat_err_t comms_permissions_memory_check(void *owner,
++ uint64_t host_ptr,
++ uint32_t size,
++ bool is_write);
++
++/**
++ * \brief Check that RSE comms callers have permission to access a service.
++ *
++ * \note in_vec and in_len are passed in as the Crypto partition encodes which
++ * function is requested in the first in_vec.
++ *
++ * \retval TFM_PLAT_ERR_SUCCESS Caller has permission to access service.
++ * \retval Other return code Caller does not have permission, or an error
++ * occurred.
++ */
++enum tfm_plat_err_t comms_permissions_service_check(psa_handle_t handle,
++ const psa_invec *in_vec,
++ size_t in_len,
++ int32_t type);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __RSE_COMMS_PERMISSIONS_HAL_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.c b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.c
+new file mode 100644
+index 000000000..94b7995b9
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.c
+@@ -0,0 +1,120 @@
++/*
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "rse_comms_protocol.h"
++
++#include "tfm_spm_log.h"
++#include <string.h>
++
++enum tfm_plat_err_t rse_protocol_deserialize_msg(
++ struct client_request_t *req, struct serialized_psa_msg_t *msg,
++ size_t msg_len)
++{
++ if (msg_len < sizeof(msg->header)) {
++ return TFM_PLAT_ERR_INVALID_INPUT;
++ }
++
++ req->protocol_ver = msg->header.protocol_ver;
++ req->seq_num = msg->header.seq_num;
++ req->client_id = msg->header.client_id;
++
++ switch (msg->header.protocol_ver) {
++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED
++ case RSE_COMMS_PROTOCOL_EMBED:
++ SPMLOG_DBGMSG("[COMMS] Deserializing as embed message\r\n");
++ return rse_protocol_embed_deserialize_msg(req, &msg->msg.embed,
++ msg_len - sizeof(struct serialized_rse_comms_header_t));
++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */
++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED
++ case RSE_COMMS_PROTOCOL_POINTER_ACCESS:
++ SPMLOG_DBGMSG("[COMMS] Deserializing as pointer_access message\r\n");
++ return rse_protocol_pointer_access_deserialize_msg(req, &msg->msg.pointer_access,
++ msg_len - sizeof(struct serialized_rse_comms_header_t));
++#endif
++ default:
++ return TFM_PLAT_ERR_UNSUPPORTED;
++ }
++}
++
++enum tfm_plat_err_t rse_protocol_serialize_reply(struct client_request_t *req,
++ struct serialized_psa_reply_t *reply, size_t *reply_size)
++{
++ enum tfm_plat_err_t err;
++
++ memset(reply, 0, sizeof(struct serialized_psa_reply_t));
++
++ reply->header.protocol_ver = req->protocol_ver;
++ reply->header.seq_num = req->seq_num;
++ reply->header.client_id = req->client_id;
++
++ switch (reply->header.protocol_ver) {
++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED
++ case RSE_COMMS_PROTOCOL_EMBED:
++ err = rse_protocol_embed_serialize_reply(req, &reply->reply.embed,
++ reply_size);
++ if (err != TFM_PLAT_ERR_SUCCESS) {
++ return err;
++ }
++ break;
++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */
++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED
++ case RSE_COMMS_PROTOCOL_POINTER_ACCESS:
++ err = rse_protocol_pointer_access_serialize_reply(req,
++ &reply->reply.pointer_access, reply_size);
++ if (err != TFM_PLAT_ERR_SUCCESS) {
++ return err;
++ }
++ break;
++#endif
++ default:
++ return TFM_PLAT_ERR_UNSUPPORTED;
++ }
++
++ *reply_size += sizeof(struct serialized_rse_comms_header_t);
++
++ return TFM_PLAT_ERR_SUCCESS;
++}
++
++enum tfm_plat_err_t rse_protocol_serialize_error(
++ struct client_request_t *req,
++ struct serialized_rse_comms_header_t *header, psa_status_t error,
++ struct serialized_psa_reply_t *reply, size_t *reply_size)
++{
++ enum tfm_plat_err_t err;
++
++ memset(reply, 0, sizeof(struct serialized_psa_reply_t));
++ memcpy(&reply->header, header,
++ sizeof(struct serialized_rse_comms_header_t));
++
++ switch (reply->header.protocol_ver) {
++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED
++ case RSE_COMMS_PROTOCOL_EMBED:
++ err = rse_protocol_embed_serialize_error(req, error,
++ &reply->reply.embed,
++ reply_size);
++ if (err != TFM_PLAT_ERR_SUCCESS) {
++ return err;
++ }
++ break;
++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */
++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED
++ case RSE_COMMS_PROTOCOL_POINTER_ACCESS:
++ err = rse_protocol_pointer_access_serialize_error(req, error,
++ &reply->reply.pointer_access, reply_size);
++ if (err != TFM_PLAT_ERR_SUCCESS) {
++ return err;
++ }
++ break;
++#endif
++ default:
++ return TFM_PLAT_ERR_UNSUPPORTED;
++ }
++
++ *reply_size += sizeof(struct serialized_rse_comms_header_t);
++
++ return TFM_PLAT_ERR_SUCCESS;
++}
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.h
+new file mode 100644
+index 000000000..c30825f4c
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.h
+@@ -0,0 +1,129 @@
++/*
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __RSE_COMMS_PROTOCOL_H__
++#define __RSE_COMMS_PROTOCOL_H__
++
++#include "psa/client.h"
++#include "cmsis_compiler.h"
++#include "rse_comms.h"
++#include "tfm_platform_system.h"
++
++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED
++#include "rse_comms_protocol_embed.h"
++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */
++
++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED
++#include "rse_comms_protocol_pointer_access.h"
++#endif /* RSE_MHU_PROTOCOL_V0_ENABLED */
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++enum rse_comms_protocol_version_t {
++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED
++ RSE_COMMS_PROTOCOL_EMBED = 0,
++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */
++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED
++ RSE_COMMS_PROTOCOL_POINTER_ACCESS = 1,
++#endif /* RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED */
++};
++
++
++__PACKED_STRUCT serialized_rse_comms_header_t {
++ uint8_t protocol_ver;
++ uint8_t seq_num;
++ uint16_t client_id;
++};
++
++/* MHU message passed from NSPE to SPE to deliver a PSA client call */
++__PACKED_STRUCT serialized_psa_msg_t {
++ struct serialized_rse_comms_header_t header;
++ __PACKED_UNION {
++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED
++ struct rse_embed_msg_t embed;
++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */
++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED
++ struct rse_pointer_access_msg_t pointer_access;
++#endif /* RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED */
++ } msg;
++};
++
++/* MHU reply message to hold the PSA client call return result from SPE */
++__PACKED_STRUCT serialized_psa_reply_t {
++ struct serialized_rse_comms_header_t header;
++ __PACKED_UNION {
++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED
++ struct rse_embed_reply_t embed;
++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */
++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED
++ struct rse_pointer_access_reply_t pointer_access;
++#endif /* RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED */
++ } reply;
++};
++
++/**
++ * \brief Convert a serialized message to a client_request_t.
++ *
++ * \param[out] req The client_request_t to fill.
++ * \param[in] msg The serialized message to extract data from.
++ * \param[in] msg_len The size of the message.
++ *
++ * \note The sanitization of the client request structure is the
++ * responsibility of the caller.
++ *
++ * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded.
++ * \retval Other return code Operation failed with an error code.
++ */
++enum tfm_plat_err_t rse_protocol_deserialize_msg(struct client_request_t *req,
++ struct serialized_psa_msg_t *msg, size_t msg_len);
++
++/**
++ * \brief Convert a a client_request_t to a serialized reply.
++ *
++ * \param[in] req The client_request_t to serialize data from.
++ * \param[out] reply The reply to fill.
++ * \param[out] reply_size The size of the reply that was filled.
++ *
++ * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded.
++ * \retval Other return code Operation failed with an error code.
++ */
++enum tfm_plat_err_t rse_protocol_serialize_reply(struct client_request_t *req,
++ struct serialized_psa_reply_t *reply, size_t *reply_size);
++
++/**
++ * \brief Create a serialised error reply from a header and an error code.
++ * Intended to for the RSE to notify the AP of errors during the message
++ * deserialization phase.
++ *
++ * \param[in] req The client_request_t to serialize data from. If
++ * the error occured in allocation this pointer
++ * may be NULL. This may not contain message
++ * header information if the message
++ * deserialize failed.
++ * \param[in] header The header of the received
++ * serialized_psa_msg_t whose deserialization
++ * caused the error.
++ * \param[in] error The error code to be transmitted to the AP.
++ * \param[out] reply The reply to fill.
++ * \param[out] reply_size The size of the reply that was filled.
++ *
++ * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded.
++ * \retval Other return code Operation failed with an error code.
++ */
++enum tfm_plat_err_t rse_protocol_serialize_error(
++ struct client_request_t *req,
++ struct serialized_rse_comms_header_t *header, psa_status_t error,
++ struct serialized_psa_reply_t *reply, size_t *reply_size);
++
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __RSE_COMMS_PROTOCOL_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.c b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.c
+new file mode 100644
+index 000000000..5544f9fb8
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.c
+@@ -0,0 +1,105 @@
++/*
++ * Copyright (c) 2022, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "rse_comms_protocol_embed.h"
++
++#include <string.h>
++
++#include "tfm_psa_call_pack.h"
++
++enum tfm_plat_err_t rse_protocol_embed_deserialize_msg(
++ struct client_request_t *req, struct rse_embed_msg_t *msg,
++ size_t msg_len)
++{
++ uint32_t payload_size = 0;
++ uint32_t i;
++
++ if (msg_len < (sizeof(*msg) - sizeof(msg->payload))) {
++ return TFM_PLAT_ERR_INVALID_INPUT;
++ }
++
++ req->in_len = PARAM_UNPACK_IN_LEN(msg->ctrl_param);
++ req->out_len = PARAM_UNPACK_OUT_LEN(msg->ctrl_param);
++ req->type = PARAM_UNPACK_TYPE(msg->ctrl_param);
++ req->handle = msg->handle;
++
++ /* Only support 4 iovecs */
++ if (req->in_len + req->out_len > 4) {
++ return TFM_PLAT_ERR_UNSUPPORTED;
++ }
++
++ /* Invecs */
++ for (i = 0; i < req->in_len; ++i) {
++ req->in_vec[i].base = req->param_copy_buf + payload_size;
++ req->in_vec[i].len = msg->io_size[i];
++ payload_size += msg->io_size[i];
++ }
++
++ /* Check payload is not too big */
++ if (payload_size > sizeof(req->param_copy_buf)
++ || payload_size > sizeof(msg->payload)
++ || sizeof(*msg) - sizeof(msg->payload) + payload_size > msg_len ) {
++ return TFM_PLAT_ERR_INVALID_INPUT;
++ }
++
++ /* Copy payload into the buffer */
++ memcpy(req->param_copy_buf, msg->payload, payload_size);
++
++ /* Outvecs */
++ for (i = 0; i < req->out_len; ++i) {
++ req->out_vec[i].base = req->param_copy_buf + payload_size;
++ req->out_vec[i].len = msg->io_size[req->in_len + i];
++ payload_size += msg->io_size[req->in_len + i];
++ }
++
++ /* Check payload is not too big */
++ if (payload_size > sizeof(req->param_copy_buf)) {
++ return TFM_PLAT_ERR_INVALID_INPUT;
++ }
++
++ return TFM_PLAT_ERR_SUCCESS;
++}
++
++enum tfm_plat_err_t rse_protocol_embed_serialize_reply(
++ struct client_request_t *req, struct rse_embed_reply_t *reply,
++ size_t *reply_size)
++{
++ size_t payload_size = 0;
++ size_t len;
++ uint32_t i;
++
++ reply->return_val = req->return_val;
++
++ /* Outvecs */
++ for (i = 0; i < req->out_len; ++i) {
++ len = req->out_vec[i].len;
++
++ if (payload_size + len > sizeof(reply->payload)) {
++ return TFM_PLAT_ERR_UNSUPPORTED;
++ }
++
++ memcpy(reply->payload + payload_size, req->out_vec[i].base, len);
++ reply->out_size[i] = len;
++ payload_size += len;
++ }
++
++ *reply_size = sizeof(*reply) - sizeof(reply->payload) + payload_size;
++
++ return TFM_PLAT_ERR_SUCCESS;
++}
++
++enum tfm_plat_err_t rse_protocol_embed_serialize_error(
++ struct client_request_t *req, psa_status_t err,
++ struct rse_embed_reply_t *reply, size_t *reply_size)
++{
++ reply->return_val = err;
++
++ /* Return the minimum reply size, as the out_sizes are all zeroed */
++ *reply_size = sizeof(*reply) - sizeof(reply->payload);
++
++ return TFM_PLAT_ERR_SUCCESS;
++}
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.h
+new file mode 100644
+index 000000000..e1ca1d0c9
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.h
+@@ -0,0 +1,50 @@
++/*
++ * Copyright (c) 2022, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __RSE_COMMS_PROTOCOL_EMBED_H__
++#define __RSE_COMMS_PROTOCOL_EMBED_H__
++
++#include "psa/client.h"
++#include "cmsis_compiler.h"
++#include "rse_comms.h"
++#include "tfm_platform_system.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++__PACKED_STRUCT rse_embed_msg_t {
++ psa_handle_t handle;
++ uint32_t ctrl_param; /* type, in_len, out_len */
++ uint16_t io_size[PSA_MAX_IOVEC];
++ uint8_t payload[RSE_COMMS_PAYLOAD_MAX_SIZE];
++};
++
++__PACKED_STRUCT rse_embed_reply_t {
++ int32_t return_val;
++ uint16_t out_size[PSA_MAX_IOVEC];
++ uint8_t payload[RSE_COMMS_PAYLOAD_MAX_SIZE];
++};
++
++enum tfm_plat_err_t rse_protocol_embed_deserialize_msg(
++ struct client_request_t *req, struct rse_embed_msg_t *msg,
++ size_t msg_len);
++
++enum tfm_plat_err_t rse_protocol_embed_serialize_reply(
++ struct client_request_t *req, struct rse_embed_reply_t *reply,
++ size_t *reply_size);
++
++enum tfm_plat_err_t rse_protocol_embed_serialize_error(
++ struct client_request_t *req, psa_status_t err,
++ struct rse_embed_reply_t *reply, size_t *reply_size);
++
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __RSE_COMMS_PROTOCOL_EMBED_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.c b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.c
+new file mode 100644
+index 000000000..d7f244db6
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.c
+@@ -0,0 +1,64 @@
++/*
++ * Copyright (c) 2022, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "rse_comms_queue.h"
++
++#include <stdbool.h>
++#include <stddef.h>
++
++#define QUEUE_SIZE (RSE_COMMS_MAX_CONCURRENT_REQ + 1)
++
++struct queue_t {
++ void *buf[QUEUE_SIZE];
++ size_t head;
++ size_t tail;
++};
++
++static struct queue_t queue;
++
++/* Advance head or tail */
++static size_t advance(size_t index)
++{
++ if (++index == QUEUE_SIZE) {
++ index = 0;
++ }
++ return index;
++}
++
++static inline bool is_empty(void)
++{
++ return queue.head == queue.tail;
++}
++
++static inline bool is_full(void)
++{
++ return advance(queue.head) == queue.tail;
++}
++
++int32_t queue_enqueue(void *entry)
++{
++ if (is_full()) {
++ return -1;
++ }
++
++ queue.buf[queue.head] = entry;
++ queue.head = advance(queue.head);
++
++ return 0;
++}
++
++int32_t queue_dequeue(void **entry)
++{
++ if (is_empty()) {
++ return -1;
++ }
++
++ *entry = queue.buf[queue.tail];
++ queue.tail = advance(queue.tail);
++
++ return 0;
++}
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.h
+new file mode 100644
+index 000000000..d3db1dd2e
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.h
+@@ -0,0 +1,25 @@
++/*
++ * Copyright (c) 2022, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __RSE_COMMS_QUEUE_H__
++#define __RSE_COMMS_QUEUE_H__
++
++#include <stdint.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++int32_t queue_enqueue(void *entry);
++
++int32_t queue_dequeue(void **entry);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __RSE_COMMS_QUEUE_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms_permissions_hal.c b/platform/ext/target/arm/corstone1000/rse_comms_permissions_hal.c
+new file mode 100644
+index 000000000..59724bc94
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms_permissions_hal.c
+@@ -0,0 +1,177 @@
++/*
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "rse_comms_permissions_hal.h"
++
++#include "device_definition.h"
++#include "psa_manifest/sid.h"
++#include "region_defs.h"
++#include "tfm_hal_platform.h"
++
++#ifdef TFM_PARTITION_INITIAL_ATTESTATION
++#include "tfm_attest_defs.h"
++#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
++#ifdef TFM_PARTITION_MEASURED_BOOT
++#include "measured_boot_defs.h"
++#endif /* TFM_PARTITION_MEASURED_BOOT */
++#ifdef TFM_PARTITION_DELEGATED_ATTESTATION
++#include "tfm_delegated_attest_defs.h"
++#endif /* TFM_PARTITION_DELEGATED_ATTESTATION */
++#ifdef TFM_PARTITION_CRYPTO
++#include "tfm_crypto_defs.h"
++#endif /*TFM_PARTITION_CRYPTO */
++#ifdef TFM_PARTITION_PLATFORM
++#include "tfm_platform_api.h"
++#endif /* TFM_PARTITION_PLATFORM */
++#ifdef TFM_PARTITION_PROTECTED_STORAGE
++#include "tfm_ps_defs.h"
++#endif /* TFM_PARTITION_PROTECTED_STORAGE */
++#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
++#include "tfm_its_defs.h"
++#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
++
++#define INVALID_REGION_COUNTER_MAX 128
++#define INVALID_SERVICE_COUNTER_MAX 64
++
++static uint32_t invalid_region_counter = 0;
++static uint32_t invalid_service_counter = 0;
++
++/* Check if the interface is getting a lot of invalid requests, and shutdown
++ * the system if it exceeds the threshold. This is intended to make fuzzing the
++ * interface difficult.
++ */
++static void counter_check(void) {
++ if (invalid_region_counter > INVALID_REGION_COUNTER_MAX) {
++#ifdef CONFIG_TFM_HALT_ON_CORE_PANIC
++ tfm_hal_system_halt();
++#else
++ tfm_hal_system_reset();
++#endif /* CONFIG_TFM_HALT_ON_CORE_PANIC */
++ }
++
++ if (invalid_service_counter > INVALID_SERVICE_COUNTER_MAX) {
++#ifdef CONFIG_TFM_HALT_ON_CORE_PANIC
++ tfm_hal_system_halt();
++#else
++ tfm_hal_system_reset();
++#endif /* CONFIG_TFM_HALT_ON_CORE_PANIC */
++ }
++
++ return;
++}
++
++enum tfm_plat_err_t comms_permissions_memory_check(void *owner,
++ uint64_t host_ptr,
++ uint32_t size,
++ bool is_write)
++{
++ /* Is fully within the shared memory */
++ if ((host_ptr >= INTER_PROCESSOR_HOST_SHARED_MEMORY_START_ADDR) &&
++ ((host_ptr + size) < (INTER_PROCESSOR_HOST_SHARED_MEMORY_START_ADDR +
++ INTER_PROCESSOR_SHARED_MEMORY_SIZE))) {
++ return TFM_PLAT_ERR_SUCCESS;
++ }
++
++ invalid_region_counter++;
++ counter_check();
++
++ return TFM_PLAT_ERR_UNSUPPORTED;
++}
++
++enum tfm_plat_err_t comms_permissions_service_check(psa_handle_t handle,
++ const psa_invec *in_vec,
++ size_t in_len,
++ int32_t type)
++{
++ switch(handle) {
++#ifdef TFM_PARTITION_PROTECTED_STORAGE
++ case TFM_PROTECTED_STORAGE_SERVICE_HANDLE:
++ switch(type) {
++ case TFM_PS_SET:
++ case TFM_PS_GET:
++ case TFM_PS_GET_INFO:
++ case TFM_PS_REMOVE:
++ case TFM_PS_GET_SUPPORT:
++ return TFM_PLAT_ERR_SUCCESS;
++ default:
++ goto out_err;
++ }
++#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
++
++#ifdef TFM_PARTITION_INITIAL_ATTESTATION
++ case TFM_ATTESTATION_SERVICE_HANDLE:
++ switch(type) {
++ case TFM_ATTEST_GET_TOKEN:
++ case TFM_ATTEST_GET_TOKEN_SIZE:
++ return TFM_PLAT_ERR_SUCCESS;
++ default:
++ goto out_err;
++ }
++#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
++#ifdef TFM_PARTITION_DELEGATED_ATTESTATION
++ case TFM_DELEGATED_ATTESTATION_HANDLE:
++ switch(type) {
++ case DELEGATED_ATTEST_GET_DELEGATED_KEY:
++ case DELEGATED_ATTEST_GET_PLATFORM_TOKEN:
++ return TFM_PLAT_ERR_SUCCESS;
++ default:
++ goto out_err;
++ }
++#endif /* TFM_PARTITION_DELEGATED_ATTESTATION */
++#ifdef TFM_PARTITION_MEASURED_BOOT
++ case TFM_MEASURED_BOOT_HANDLE:
++ switch(type) {
++ case TFM_MEASURED_BOOT_EXTEND:
++ case TFM_MEASURED_BOOT_READ:
++ return TFM_PLAT_ERR_SUCCESS;
++ default:
++ goto out_err;
++ }
++#endif /* TFM_PARTITION_MEASURED_BOOT */
++#ifdef TFM_PARTITION_CRYPTO
++ case TFM_CRYPTO_HANDLE:
++ /* Every crypto operation is done by the SE */
++ return TFM_PLAT_ERR_SUCCESS;
++#endif /* TFM_PARTITION_CRYPTO */
++#ifdef TFM_PARTITION_PLATFORM
++ case TFM_PLATFORM_SERVICE_HANDLE:
++ switch(type) {
++ case TFM_PLATFORM_API_ID_NV_READ:
++ case TFM_PLATFORM_API_ID_NV_INCREMENT:
++ case TFM_PLATFORM_API_ID_SYSTEM_RESET:
++ case TFM_PLATFORM_API_ID_IOCTL:
++ return TFM_PLAT_ERR_SUCCESS;
++ default:
++ goto out_err;
++ }
++#endif /* TFM_PARTITION_PLATFORM */
++#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
++ case TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE:
++ switch(type) {
++ case TFM_ITS_SET:
++ case TFM_ITS_GET:
++ case TFM_ITS_GET_INFO:
++ case TFM_ITS_REMOVE:
++ return TFM_PLAT_ERR_SUCCESS;
++ default:
++ goto out_err;
++ }
++#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
++#ifdef TFM_PARTITION_DPE
++ case TFM_DPE_SERVICE_HANDLE:
++ return TFM_PLAT_ERR_SUCCESS;
++#endif /* TFM_PARTITION_DPE */
++ default:
++ goto out_err;
++ }
++
++out_err:
++ invalid_service_counter++;
++ counter_check();
++
++ return TFM_PLAT_ERR_UNSUPPORTED;
++}
+diff --git a/platform/ext/target/arm/corstone1000/tfm_interrupts.c b/platform/ext/target/arm/corstone1000/tfm_interrupts.c
+new file mode 100644
+index 000000000..47a6c9d7b
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/tfm_interrupts.c
+@@ -0,0 +1,51 @@
++/*
++ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
++ * Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon
++ * company) or an affiliate of Cypress Semiconductor Corporation. All rights
++ * reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "cmsis.h"
++#include "device_definition.h"
++#include "spm.h"
++#include "tfm_hal_interrupt.h"
++#include "tfm_peripherals_def.h"
++#include "interrupt.h"
++#include "load/interrupt_defs.h"
++#include "platform_irq.h"
++#include "rse_comms_hal.h"
++
++static struct irq_t mbox_irq_info = {0};
++
++/* Platform specific inter-processor communication interrupt handler. */
++void HSE1_RECEIVER_COMBINED_IRQHandler(void)
++{
++ (void)tfm_multi_core_hal_receive(&MHU1_HOST_TO_SE_DEV,
++ &MHU1_SE_TO_HOST_DEV,
++ mbox_irq_info.p_ildi->source);
++
++ /*
++ * SPM will send a MAILBOX_SIGNAL to the corresponding partition
++ * indicating that a message has arrived and can be processed.
++ */
++ spm_handle_interrupt(mbox_irq_info.p_pt, mbox_irq_info.p_ildi);
++}
++
++enum tfm_hal_status_t mailbox_irq_init(void *p_pt,
++ const struct irq_load_info_t *p_ildi)
++{
++ mbox_irq_info.p_pt = p_pt;
++ mbox_irq_info.p_ildi = p_ildi;
++
++ /* Set MHU interrupt priority to the same as PendSV (the lowest)
++ * TODO: Consider advantages/disadvantages of setting it one higher
++ */
++ NVIC_SetPriority(HSE1_RECEIVER_COMBINED_IRQn, NVIC_GetPriority(PendSV_IRQn));
++
++ NVIC_DisableIRQ(HSE1_RECEIVER_COMBINED_IRQn);
++
++ return TFM_HAL_SUCCESS;
++}
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-Increase-RSE_COMMS-buffer-size.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-Increase-RSE_COMMS-buffer-size.patch
new file mode 100644
index 0000000..3269c0e
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-Increase-RSE_COMMS-buffer-size.patch
@@ -0,0 +1,28 @@
+From 21b0c9f028b6b04fa2f027510ec90969735f4dd1 Mon Sep 17 00:00:00 2001
+From: Bence Balogh <bence.balogh@arm.com>
+Date: Wed, 17 Apr 2024 19:31:03 +0200
+Subject: [PATCH] platform: corstone1000: Increase RSE_COMMS buffer size
+
+Signed-off-by: Bence Balogh <bence.balogh@arm.com>
+Upstream-Status: Pending
+---
+ platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
+index 6d79dd3bf..f079f6504 100644
+--- a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
+@@ -16,7 +16,7 @@ extern "C" {
+ #endif
+
+ /* size suits to fit the largest message too (EFI variables) */
+-#define RSE_COMMS_PAYLOAD_MAX_SIZE (0x2100)
++#define RSE_COMMS_PAYLOAD_MAX_SIZE (0x43C0)
+
+ /*
+ * Allocated for each client request.
+--
+2.25.1
+
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0010-CC312-alignment-of-cc312-differences-between-fvp-and.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0010-CC312-alignment-of-cc312-differences-between-fvp-and.patch
new file mode 100644
index 0000000..3d1b35e
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0010-CC312-alignment-of-cc312-differences-between-fvp-and.patch
@@ -0,0 +1,31 @@
+From a8aeaafd6c26d6bc3066164d12aabc5cb754fe1c Mon Sep 17 00:00:00 2001
+From: Ali Can Ozaslan <ali.oezaslan@arm.com>
+Date: Wed, 15 May 2024 12:12:15 +0000
+Subject: [PATCH] CC312: alignment of cc312 differences between fvp and mps3
+ corstone1000 platforms
+
+Configures CC312 mps3 model same as predefined cc312 FVP
+configuration while keeping debug ports closed.
+
+Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
+
+Upstream-Status: Inappropriate [Requires an aligment cc3xx with mps3 hw and fvp sw models]
+
+---
+ lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c b/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c
+index 31e4332be..4d7e6fa61 100644
+--- a/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c
++++ b/lib/ext/cryptocell-312-runtime/host/src/cc3x_lib/cc_lib.c
+@@ -207,6 +207,9 @@ CClibRetCode_t CC_LibInit(CCRndContext_t *rndContext_ptr, CCRndWorkBuff_t *rndW
+ goto InitErr2;
+ }
+
++ /* configuring secure debug to align cc312 with corstone 1000 */
++ CC_HAL_WRITE_REGISTER(CC_REG_OFFSET(HOST_RGF,HOST_DCU_EN0), 0xffffe7fc);
++
+ /* turn off the DFA since Cerberus doen't support it */
+ reg = CC_HAL_READ_REGISTER(CC_REG_OFFSET(HOST_RGF, HOST_AO_LOCK_BITS));
+ CC_REG_FLD_SET(0, HOST_AO_LOCK_BITS, HOST_FORCE_DFA_ENABLE, reg, 0x0);
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0011-Platform-corstone1000-Increase-buffers-for-EFI-vars.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0011-Platform-corstone1000-Increase-buffers-for-EFI-vars.patch
new file mode 100644
index 0000000..abf7038
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0011-Platform-corstone1000-Increase-buffers-for-EFI-vars.patch
@@ -0,0 +1,45 @@
+From d7725e629c9ba93523589cc9d8af3186db19d4e8 Mon Sep 17 00:00:00 2001
+From: Bence Balogh <bence.balogh@arm.com>
+Date: Wed, 15 May 2024 22:37:51 +0200
+Subject: [PATCH] Platform: corstone1000: Increase buffers for EFI vars
+
+The UEFI variables are stored in the Protected Storage. The size of
+the variables metadata have been increased so the related buffer sizes
+have to be increased.
+
+Signed-off-by: Bence Balogh <bence.balogh@arm.com>
+Upstream-Status: Pending
+---
+ .../ext/target/arm/corstone1000/config_tfm_target.h | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h
+index 2eb0924770..6ee823a7dc 100644
+--- a/platform/ext/target/arm/corstone1000/config_tfm_target.h
++++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2022, Arm Limited. All rights reserved.
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+@@ -24,4 +24,15 @@
+ #undef ITS_MAX_ASSET_SIZE
+ #define ITS_MAX_ASSET_SIZE 2048
+
++/* The maximum asset size to be stored in the Protected Storage */
++#undef PS_MAX_ASSET_SIZE
++#define PS_MAX_ASSET_SIZE 2592
++
++/* This is needed to be able to process the EFI variables during PS writes. */
++#undef CRYPTO_ENGINE_BUF_SIZE
++#define CRYPTO_ENGINE_BUF_SIZE 0x5000
++
++/* This is also has to be increased to fit the EFI variables into the iovecs. */
++#undef CRYPTO_IOVEC_BUFFER_SIZE
++#define CRYPTO_IOVEC_BUFFER_SIZE 6000
+ #endif /* __CONFIG_TFM_TARGET_H__ */
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0012-corstone1000-Remove-reset-after-capsule-update.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0012-corstone1000-Remove-reset-after-capsule-update.patch
new file mode 100644
index 0000000..8ffd567
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0012-corstone1000-Remove-reset-after-capsule-update.patch
@@ -0,0 +1,28 @@
+From 78db43f80676f8038b35edd6674d22fb5ff85c12 Mon Sep 17 00:00:00 2001
+From: Bence Balogh <bence.balogh@arm.com>
+Date: Mon, 27 May 2024 17:11:31 +0200
+Subject: [PATCH] corstone1000: Remove reset after capsule update
+
+Signed-off-by: Bence Balogh <bence.balogh@arm.com>
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/29065]
+---
+ .../target/arm/corstone1000/services/src/tfm_platform_system.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c b/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c
+index 41305ed966..1e837ce3b5 100644
+--- a/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c
++++ b/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c
+@@ -28,9 +28,6 @@ enum tfm_platform_err_t tfm_platform_hal_ioctl(tfm_platform_ioctl_req_t request,
+
+ case IOCTL_CORSTONE1000_FWU_FLASH_IMAGES:
+ result = corstone1000_fwu_flash_image();
+- if (!result) {
+- NVIC_SystemReset();
+- }
+ break;
+
+ case IOCTL_CORSTONE1000_FWU_HOST_ACK:
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0013-platform-CS1000-Add-multicore-support-for-FVP.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0013-platform-CS1000-Add-multicore-support-for-FVP.patch
new file mode 100644
index 0000000..9ede534
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0013-platform-CS1000-Add-multicore-support-for-FVP.patch
@@ -0,0 +1,119 @@
+From 1120957e74a1a0727a215188813cab3e47602e71 Mon Sep 17 00:00:00 2001
+From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
+Date: Thu, 9 May 2024 13:20:57 +0000
+Subject: [PATCH] platform: CS1000: Add multicore support for FVP
+
+This changeset adds the support to enable the secondary cores for
+the Corstone-1000 FVP
+
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/29242]
+Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
+---
+ .../target/arm/corstone1000/CMakeLists.txt | 6 +++
+ .../corstone1000/Device/Config/device_cfg.h | 6 +++
+ .../arm/corstone1000/tfm_hal_multi_core.c | 38 ++++++++++++++++++-
+ 3 files changed, 48 insertions(+), 2 deletions(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+index e2a7ac302..a269251aa 100644
+--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+@@ -374,6 +374,12 @@ target_sources(tfm_psa_rot_partition_ns_agent_mailbox
+ tfm_hal_multi_core.c
+ )
+
++if (PLATFORM_IS_FVP)
++target_compile_definitions(tfm_psa_rot_partition_ns_agent_mailbox
++ PUBLIC
++ $<$<BOOL:${ENABLE_MULTICORE}>:CORSTONE1000_FVP_MULTICORE>
++)
++endif()
+ #========================= tfm_spm ============================================#
+
+ target_sources(tfm_spm
+diff --git a/platform/ext/target/arm/corstone1000/Device/Config/device_cfg.h b/platform/ext/target/arm/corstone1000/Device/Config/device_cfg.h
+index 222905d3d..9d48f119e 100644
+--- a/platform/ext/target/arm/corstone1000/Device/Config/device_cfg.h
++++ b/platform/ext/target/arm/corstone1000/Device/Config/device_cfg.h
+@@ -45,5 +45,11 @@
+ /* CFI Controller */
+ #define CFI_S
+
++/* Total number of host cores */
++#if CORSTONE1000_FVP_MULTICORE
++#define PLATFORM_HOST_MAX_CORE_COUNT 4
++#else
++#define PLATFORM_HOST_MAX_CORE_COUNT 1
++#endif
+
+ #endif /* __DEVICE_CFG_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
+index f0e2bc333..ce72e50c9 100644
+--- a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
++++ b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
+@@ -11,9 +11,14 @@
+ #include "tfm_hal_multi_core.h"
+ #include "fwu_agent.h"
+
+-#define HOST_SYS_RST_CTRL_OFFSET 0x0
++#define HOST_SYS_RST_CTRL_OFFSET 0x000
++#define HOST_CPU_PE0_CONFIG_OFFSET 0x010
++#define HOST_CPU_PE1_CONFIG_OFFSET 0x020
++#define HOST_CPU_PE2_CONFIG_OFFSET 0x030
++#define HOST_CPU_PE3_CONFIG_OFFSET 0x040
++#define HOST_CPU_BOOT_MASK_OFFSET 0x300
+ #define HOST_CPU_CORE0_WAKEUP_OFFSET 0x308
+-#define HOST_CPU_PE0_CONFIG_OFFSET 0x010
++
+ #define AA64nAA32_MASK (1 << 3)
+
+ #ifdef EXTERNAL_SYSTEM_SUPPORT
+@@ -53,9 +58,29 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr)
+ volatile uint32_t *PE0_CONFIG =
+ (uint32_t *)(CORSTONE1000_HOST_BASE_SYSTEM_CONTROL_BASE
+ + HOST_CPU_PE0_CONFIG_OFFSET);
++#if CORSTONE1000_FVP_MULTICORE
++ volatile uint32_t *PE1_CONFIG =
++ (uint32_t *)(CORSTONE1000_HOST_BASE_SYSTEM_CONTROL_BASE
++ + HOST_CPU_PE1_CONFIG_OFFSET);
++ volatile uint32_t *PE2_CONFIG =
++ (uint32_t *)(CORSTONE1000_HOST_BASE_SYSTEM_CONTROL_BASE
++ + HOST_CPU_PE2_CONFIG_OFFSET);
++ volatile uint32_t *PE3_CONFIG =
++ (uint32_t *)(CORSTONE1000_HOST_BASE_SYSTEM_CONTROL_BASE
++ + HOST_CPU_PE3_CONFIG_OFFSET);
++ volatile uint32_t *CPU_BOOT_MASK =
++ (uint32_t *)(CORSTONE1000_HOST_BASE_SYSTEM_CONTROL_BASE
++ + HOST_CPU_BOOT_MASK_OFFSET);
+
++ *CPU_BOOT_MASK = 0xf;
++#endif
+ /* Select host CPU architecture as AArch64 */
+ *PE0_CONFIG |= AA64nAA32_MASK; /* 0b1 – AArch64 */
++#if CORSTONE1000_FVP_MULTICORE
++ *PE1_CONFIG |= AA64nAA32_MASK; /* 0b1 – AArch64 */
++ *PE2_CONFIG |= AA64nAA32_MASK; /* 0b1 – AArch64 */
++ *PE3_CONFIG |= AA64nAA32_MASK; /* 0b1 – AArch64 */
++#endif
+
+ /* wakeup CORE0 before bringing it out of reset */
+ *reset_ctl_wakeup_reg = 0x1;
+@@ -63,6 +88,15 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr)
+ /* Clear HOST_SYS_RST_CTRL register to bring host out of RESET */
+ *reset_ctl_reg = 0;
+
++#if CORSTONE1000_FVP_MULTICORE
++ /* Wake up secondary cores.
++ * This should be done after bringing the primary core out of reset. */
++ for(int core_index=1; core_index < PLATFORM_HOST_MAX_CORE_COUNT; core_index++)
++ {
++ *reset_ctl_wakeup_reg = (0x1 << core_index);
++ }
++#endif
++
+ (void) start_addr;
+
+ #ifdef EXTERNAL_SYSTEM_SUPPORT
+--
+2.34.1
+
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.0.0-src.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.0.0-src.inc
similarity index 100%
rename from meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.0.0-src.inc
rename to meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-2.0.0-src.inc
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
index e098da7..4777251d 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
@@ -10,36 +10,27 @@
TFM_PLATFORM_IS_FVP ?= "FALSE"
EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}"
EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=OFF"
+EXTRA_OECMAKE:append:corstone1000-fvp = " -DENABLE_MULTICORE=${@bb.utils.contains('MACHINE_FEATURES', 'corstone1000_fvp_smp', 'TRUE', 'FALSE', d)}"
-# libmetal v2023.04.0
-LICENSE += "& BSD-3-Clause"
-LIC_FILES_CHKSUM += "file://../libmetal/LICENSE.md;md5=f4d5df0f12dcea1b1a0124219c0dbab4"
-SRC_URI += "git://github.com/OpenAMP/libmetal.git;protocol=https;branch=main;name=libmetal;destsuffix=git/libmetal \
- file://0001-cmake-modify-path-to-libmetal-version-file.patch;patchdir=../libmetal \
- file://0002-arm-trusted-firmware-m-disable-address-warnings-into.patch \
+SRC_URI += " \
+ file://0001-arm-trusted-firmware-m-disable-address-warnings-into.patch \
"
-SRCREV_libmetal = "28fa2351d6a8121ce6c1c2ac5ee43ce08d38dbae"
-EXTRA_OECMAKE += "-DLIBMETAL_SRC_PATH=${S}/../libmetal -DLIBMETAL_BIN_PATH=${B}/libmetal-build"
-# The configuration can fail if libmetal tries to generate the docs and the doxygen bin is found
-EXTRA_OECMAKE += "-DWITH_DOC=False"
-
-# OpenAMP v2023.04.0
-LICENSE += "& BSD-2-Clause & BSD-3-Clause"
-LIC_FILES_CHKSUM += "file://../openamp/LICENSE.md;md5=ab88daf995c0bd0071c2e1e55f3d3505"
-SRC_URI += "git://github.com/OpenAMP/open-amp.git;protocol=https;branch=main;name=openamp;destsuffix=git/openamp"
-SRCREV_openamp = "accac4d3610cbb268f3c3fe3c31dc45dd4c4dd17"
-EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${S}/../openamp -DLIBOPENAMP_BIN_PATH=${B}/libopenamp-build"
-
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
SRC_URI:append:corstone1000 = " \
file://0001-platform-corstone1000-Update-MPU-configuration.patch \
file://0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch \
- file://0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch \
- file://0004-platform-corstone1000-align-capsule-update-structs.patch \
- file://0005-platform-corstone1000-fix-synchronization-issue-on-o.patch \
- file://0006-Platform-Corstone1000-skip-the-first-nv-counter.patch \
- file://0007-platform-corstone1000-add-unique-guid-for-mps3.patch \
+ file://0003-platform-corstone1000-align-capsule-update-structs.patch \
+ file://0004-Platform-Corstone1000-skip-the-first-nv-counter.patch \
+ file://0005-platform-corstone1000-add-unique-guid-for-mps3.patch \
+ file://0006-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch \
+ file://0007-platform-corstone1000-Increase-ITS-max-asset-size.patch \
+ file://0008-Platform-CS1000-Replace-OpenAMP-with-RSE_COMMS.patch \
+ file://0009-platform-corstone1000-Increase-RSE_COMMS-buffer-size.patch \
+ file://0010-CC312-alignment-of-cc312-differences-between-fvp-and.patch \
+ file://0011-Platform-corstone1000-Increase-buffers-for-EFI-vars.patch \
+ file://0012-corstone1000-Remove-reset-after-capsule-update.patch \
+ file://0013-platform-CS1000-Add-multicore-support-for-FVP.patch \
"
# TF-M ships patches for external dependencies that needs to be applied
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.0.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.0.0.bb
similarity index 100%
rename from meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.0.0.bb
rename to meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_2.0.0.bb
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.0.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.0.0.bb
similarity index 100%
rename from meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.0.0.bb
rename to meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.0.0.bb
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc
index c0a029e..7d8155d 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc
@@ -60,6 +60,11 @@
file://0042-corstone1000-enable-virtio-net-support.patch \
file://0043-firmware-psci-Fix-bind_smccc_features-psci-check.patch \
file://0044-corstone1000-set-unique-GUID-for-fvp-and-mps3.patch \
+ file://0045-efi-corstone1000-fwu-update-RPC-ABI.patch \
+ file://0046-Corstone1000-Change-MMCOMM-buffer-location.patch \
+ file://0047-corstone1000-dts-add-external-system-node.patch \
+ file://0048-corstone1000-Enable-UEFI-Secure-boot.patch \
+ file://0049-corstone1000-Add-secondary-cores-cpu-nodes-for-FVP.patch \
"
do_configure:append() {
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-fvp-base.inc b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-fvp-base.inc
index 9aca993..9f8c178 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-fvp-base.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-fvp-base.inc
@@ -4,4 +4,5 @@
file://0001-vexpress64-Set-the-DM_RNG-property.patch \
file://0002-vexpress64-Select-PSCI-RESET-by-default.patch \
file://0003-vexpress64-Imply-CONFIG_ARM64_CRC32-by-default.patch \
+ file://tick.patch \
"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0045-efi-corstone1000-fwu-update-RPC-ABI.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0045-efi-corstone1000-fwu-update-RPC-ABI.patch
new file mode 100644
index 0000000..00fc1f0
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0045-efi-corstone1000-fwu-update-RPC-ABI.patch
@@ -0,0 +1,75 @@
+From 7c25404d64ef8efec63c154ce38b0bb38845680f Mon Sep 17 00:00:00 2001
+From: Bence Balogh <bence.balogh@arm.com>
+Date: Tue, 5 Dec 2023 20:23:55 +0100
+Subject: [PATCH] efi: corstone1000: fwu: update RPC ABI
+
+The Trusted Services RPC protocol format changed: the
+data has to be placed in w3 and the memory handle has
+to be placed in w4-w5.
+
+Signed-off-by: Bence Balogh <bence.balogh@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ lib/efi_loader/efi_capsule.c | 14 +++++++++++---
+ lib/efi_loader/efi_setup.c | 14 +++++++++++---
+ 2 files changed, 22 insertions(+), 6 deletions(-)
+
+diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
+index f3326b1f67..1d966e3f26 100644
+--- a/lib/efi_loader/efi_capsule.c
++++ b/lib/efi_loader/efi_capsule.c
+@@ -790,12 +790,20 @@ static int __efi_runtime efi_corstone1000_buffer_ready_event(u32 capsule_image_s
+ }
+
+ /*
+- * setting the buffer ready event arguments in register w4:
++ * setting the buffer ready event arguments in register w3:
+ * - capsule update interface ID (31:16)
+ * - the buffer ready event ID (15:0)
+ */
+- msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) |
+- PREP_SEPROXY_EVT(CORSTONE1000_BUFFER_READY_EVT); /* w4 */
++ msg.data0 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) |
++ PREP_SEPROXY_EVT(CORSTONE1000_BUFFER_READY_EVT); /* w3 */
++
++ /*
++ * setting the memory handle fields to
++ * FFA_MEM_HANDLE_INVALID (0xFFFF_FFFF_FFFF_FFFF)
++ * to signal that there is no shared memory used
++ */
++ msg.data1 = 0xFFFFFFFF; /* w4 */
++ msg.data2 = 0xFFFFFFFF; /* w5 */
+
+ return ffa_sync_send_receive(dev, CORSTONE1000_SEPROXY_PART_ID, &msg, 0);
+ }
+diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
+index d20568c1c8..c31e74532f 100644
+--- a/lib/efi_loader/efi_setup.c
++++ b/lib/efi_loader/efi_setup.c
+@@ -157,12 +157,20 @@ static int efi_corstone1000_uboot_efi_started_event(void)
+ }
+
+ /*
+- * setting the kernel started event arguments:
++ * setting the kernel started event arguments in register w3::
+ * setting capsule update interface ID(31:16)
+ * the kernel started event ID(15:0)
+ */
+- msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) |
+- PREP_SEPROXY_EVT(CORSTONE1000_UBOOT_EFI_STARTED_EVT); /* w4 */
++ msg.data0 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) |
++ PREP_SEPROXY_EVT(CORSTONE1000_UBOOT_EFI_STARTED_EVT); /* w3 */
++
++ /*
++ * setting the memory handle fields to
++ * FFA_MEM_HANDLE_INVALID (0xFFFF_FFFF_FFFF_FFFF)
++ * to signal that there is no shared memory used
++ */
++ msg.data1 = 0xFFFFFFFF; /* w4 */
++ msg.data2 = 0xFFFFFFFF; /* w5 */
+
+ return ffa_sync_send_receive(dev, CORSTONE1000_SEPROXY_PART_ID, &msg, 0);
+ }
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0046-Corstone1000-Change-MMCOMM-buffer-location.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0046-Corstone1000-Change-MMCOMM-buffer-location.patch
new file mode 100644
index 0000000..500db81
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0046-Corstone1000-Change-MMCOMM-buffer-location.patch
@@ -0,0 +1,47 @@
+From 7721d33dfc87b40db72cefa399c46b25b1255247 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Wed, 3 Apr 2024 14:02:42 +0100
+Subject: [PATCH] Corstone1000: Change MMCOMM buffer location
+
+MM Communicate buffer is accessed by normal world but at the moment
+it's allocated in the secure ram. This moves mm communicate buffer
+to the DDR and also fixes the capsule buffer size since it cannot be
+more than the bank size.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ configs/corstone1000_defconfig | 2 +-
+ include/configs/corstone1000.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index 8770b474e2..ae164be030 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -62,7 +62,7 @@ CONFIG_NVMXIP_QSPI=y
+ CONFIG_EFI_MM_COMM_TEE=y
+ CONFIG_FFA_SHARED_MM_BUF_SIZE=4096
+ CONFIG_FFA_SHARED_MM_BUF_OFFSET=0
+-CONFIG_FFA_SHARED_MM_BUF_ADDR=0x02000000
++CONFIG_FFA_SHARED_MM_BUF_ADDR=0x81FFF000
+ CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
+ CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
+ CONFIG_FWU_NUM_IMAGES_PER_BANK=4
+diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h
+index 8622565a87..fe5b064c85 100644
+--- a/include/configs/corstone1000.h
++++ b/include/configs/corstone1000.h
+@@ -31,7 +31,7 @@
+ #define PREP_SEPROXY_EVT(x) (FIELD_PREP(PREP_SEPROXY_EVT_MASK, (x)))
+
+ /* Size in 4KB pages of the EFI capsule buffer */
+-#define CORSTONE1000_CAPSULE_BUFFER_SIZE (8192) /* 32 MB */
++#define CORSTONE1000_CAPSULE_BUFFER_SIZE (4096) /* 16 MB */
+
+ /* Capsule GUID */
+ #define EFI_CORSTONE1000_CAPSULE_ID_GUID \
+--
+2.25.1
+
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0047-corstone1000-dts-add-external-system-node.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0047-corstone1000-dts-add-external-system-node.patch
new file mode 100644
index 0000000..1c87300
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0047-corstone1000-dts-add-external-system-node.patch
@@ -0,0 +1,34 @@
+From 03df80671f1f2102b04baa810b59ffb6edaece0b Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Mon, 18 Mar 2024 17:00:56 +0000
+Subject: [PATCH] corstone1000: dts: add external system node
+
+add the external system node
+
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ arch/arm/dts/corstone1000.dtsi | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi
+index 077673dd44..5cc4c26bac 100644
+--- a/arch/arm/dts/corstone1000.dtsi
++++ b/arch/arm/dts/corstone1000.dtsi
+@@ -122,6 +122,13 @@
+ interrupt-parent = <&gic>;
+ ranges;
+
++ extsys0: remoteproc@1a010310 {
++ compatible = "arm,corstone1000-extsys";
++ reg = <0x1a010310 0x4>, <0x1a010314 0x4>;
++ reg-names = "reset-control", "reset-status";
++ firmware-name = "es_flashfw.elf";
++ };
++
+ timer@1a220000 {
+ compatible = "arm,armv7-timer-mem";
+ reg = <0x1a220000 0x1000>;
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0048-corstone1000-Enable-UEFI-Secure-boot.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0048-corstone1000-Enable-UEFI-Secure-boot.patch
new file mode 100644
index 0000000..1e91249
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0048-corstone1000-Enable-UEFI-Secure-boot.patch
@@ -0,0 +1,28 @@
+From b2ef7318686d13cfa2ac76d6f2d69c17135328df Mon Sep 17 00:00:00 2001
+From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
+Date: Thu, 11 Apr 2024 13:35:54 +0000
+Subject: [PATCH] corstone1000: Enable UEFI Secure boot
+
+Enable secure boot and related configurations for corstone1000
+
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
+---
+ configs/corstone1000_defconfig | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index 8770b474e2..0ecba096d5 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -80,3 +80,7 @@ CONFIG_EFI_SET_TIME=y
+ CONFIG_EFI_GET_TIME=y
+ CONFIG_VIRTIO_NET=y
+ CONFIG_VIRTIO_MMIO=y
++CONFIG_EFI_SECURE_BOOT=y
++CONFIG_FIT_SIGNATURE=y
++CONFIG_EFI_LOADER=y
++CONFIG_CMD_NVEDIT_EFI=y
+--
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0049-corstone1000-Add-secondary-cores-cpu-nodes-for-FVP.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0049-corstone1000-Add-secondary-cores-cpu-nodes-for-FVP.patch
new file mode 100644
index 0000000..0e90f57
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0049-corstone1000-Add-secondary-cores-cpu-nodes-for-FVP.patch
@@ -0,0 +1,63 @@
+From 68708d6b4953f58a0484b9a83efa8318747cea80 Mon Sep 17 00:00:00 2001
+From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
+Date: Thu, 9 May 2024 14:16:55 +0000
+Subject: [PATCH] arm: dts: corstone1000: enable secondary cores for FVP
+
+Add the secondary cores nodes in the dts file
+
+Upstream-Status: Submitted [https://lore.kernel.org/all/20240612100421.47938-1-harsimransingh.tungal@arm.com/]
+Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
+---
+ arch/arm/dts/corstone1000-fvp.dts | 25 +++++++++++++++++++++++++
+ arch/arm/dts/corstone1000.dtsi | 2 +-
+ 2 files changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/arch/arm/dts/corstone1000-fvp.dts b/arch/arm/dts/corstone1000-fvp.dts
+index 26b0f1b3ce..3076fb9f34 100644
+--- a/arch/arm/dts/corstone1000-fvp.dts
++++ b/arch/arm/dts/corstone1000-fvp.dts
+@@ -49,3 +49,28 @@
+ clock-names = "smclk", "apb_pclk";
+ };
+ };
++
++&cpus {
++ cpu1: cpu@1 {
++ device_type = "cpu";
++ compatible = "arm,cortex-a35";
++ reg = <0x1>;
++ enable-method = "psci";
++ next-level-cache = <&L2_0>;
++ };
++ cpu2: cpu@2 {
++ device_type = "cpu";
++ compatible = "arm,cortex-a35";
++ reg = <0x2>;
++ enable-method = "psci";
++ next-level-cache = <&L2_0>;
++ };
++ cpu3: cpu@3 {
++ device_type = "cpu";
++ compatible = "arm,cortex-a35";
++ reg = <0x3>;
++ enable-method = "psci";
++ next-level-cache = <&L2_0>;
++ };
++};
++
+diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi
+index 1e0ec075e4..5d9d95b21c 100644
+--- a/arch/arm/dts/corstone1000.dtsi
++++ b/arch/arm/dts/corstone1000.dtsi
+@@ -21,7 +21,7 @@
+ stdout-path = "serial0:115200n8";
+ };
+
+- cpus {
++ cpus: cpus {
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tick.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tick.patch
new file mode 100644
index 0000000..370bc27
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tick.patch
@@ -0,0 +1,187 @@
+From b18a3c183d20812933d192d4b0d622b11ef2bf29 Mon Sep 17 00:00:00 2001
+From: Peter Hoyes <Peter.Hoyes@arm.com>
+Date: Wed, 1 May 2024 09:16:32 +0100
+Subject: [PATCH 1/2] arm: Move sev() and wfe() definitions to common Arm
+ header file
+
+The sev() and wfe() asm macros are currently defined only for
+mach-exynos. As these are common Arm instructions, move them to the
+common asm/system.h header file, for both Armv7 and Armv8, so they
+can be used by other machines.
+
+wfe may theoretically trigger a context switch if an interrupt occurs
+so add a memory barrier to this call.
+
+Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
+Reviewed-by: Andre Przywara<andre.przywara@arm.com>
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ arch/arm/include/asm/system.h | 9 +++++++++
+ arch/arm/mach-exynos/include/mach/system.h | 19 -------------------
+ 2 files changed, 9 insertions(+), 19 deletions(-)
+
+diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h
+index 43f7503571..51123c2968 100644
+--- a/arch/arm/include/asm/system.h
++++ b/arch/arm/include/asm/system.h
+@@ -154,6 +154,13 @@ enum dcache_option {
+ "wfi" : : : "memory"); \
+ })
+
++#define wfe() \
++ ({asm volatile( \
++ "wfe" : : : "memory"); \
++ })
++
++#define sev() asm volatile("sev")
++
+ static inline unsigned int current_el(void)
+ {
+ unsigned long el;
+@@ -369,6 +376,8 @@ void switch_to_hypervisor_ret(void);
+
+ #ifdef __ARM_ARCH_7A__
+ #define wfi() __asm__ __volatile__ ("wfi" : : : "memory")
++#define wfe() __asm__ __volatile__ ("wfe" : : : "memory")
++#define sev() __asm__ __volatile__ ("sev")
+ #else
+ #define wfi()
+ #endif
+diff --git a/arch/arm/mach-exynos/include/mach/system.h b/arch/arm/mach-exynos/include/mach/system.h
+index 5d0bebac57..0aed4c3e2b 100644
+--- a/arch/arm/mach-exynos/include/mach/system.h
++++ b/arch/arm/mach-exynos/include/mach/system.h
+@@ -36,25 +36,6 @@ struct exynos5_sysreg {
+
+ #define USB20_PHY_CFG_HOST_LINK_EN (1 << 0)
+
+-/*
+- * This instruction causes an event to be signaled to all cores
+- * within a multiprocessor system. If SEV is implemented,
+- * WFE must also be implemented.
+- */
+-#define sev() __asm__ __volatile__ ("sev\n\t" : : );
+-/*
+- * If the Event Register is not set, WFE suspends execution until
+- * one of the following events occurs:
+- * - an IRQ interrupt, unless masked by the CPSR I-bit
+- * - an FIQ interrupt, unless masked by the CPSR F-bit
+- * - an Imprecise Data abort, unless masked by the CPSR A-bit
+- * - a Debug Entry request, if Debug is enabled
+- * - an Event signaled by another processor using the SEV instruction.
+- * If the Event Register is set, WFE clears it and returns immediately.
+- * If WFE is implemented, SEV must also be implemented.
+- */
+-#define wfe() __asm__ __volatile__ ("wfe\n\t" : : );
+-
+ /* Move 0xd3 value to CPSR register to enable SVC mode */
+ #define svc32_mode_en() __asm__ __volatile__ \
+ ("@ I&F disable, Mode: 0x13 - SVC\n\t" \
+--
+2.34.1
+
+
+From ebc84d7b60c1ed3398e9f600fe3dc8406500bd35 Mon Sep 17 00:00:00 2001
+From: Peter Hoyes <Peter.Hoyes@arm.com>
+Date: Wed, 1 May 2024 09:16:33 +0100
+Subject: [PATCH 2/2] armv8: generic_timer: Use event stream for udelay
+
+Polling cntpct_el0 in a tight loop for delays is inefficient.
+This is particularly apparent on Arm FVPs, which do not simulate
+real time, meaning that a 1s sleep can take a couple of orders
+of magnitude longer to execute in wall time.
+
+If running at EL2 or above (where CNTHCTL_EL2 is available), enable
+the cntpct_el0 event stream temporarily and use wfe to implement
+the delay more efficiently. The event period is chosen as a
+trade-off between efficiency and the fact that Arm FVPs do not
+typically simulate real time.
+
+This is only implemented for Armv8 boards, where an architectural
+timer exists, and only enabled by default for the ARCH_VEXPRESS64
+board family.
+
+Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
+Reviewed-by: Andre Przywara <andre.przywara@arm.com>
+---
+ arch/arm/cpu/armv8/Kconfig | 8 ++++++++
+ arch/arm/cpu/armv8/generic_timer.c | 27 +++++++++++++++++++++++++++
+ arch/arm/include/asm/system.h | 6 ++++--
+ 3 files changed, 39 insertions(+), 2 deletions(-)
+
+diff --git a/arch/arm/cpu/armv8/Kconfig b/arch/arm/cpu/armv8/Kconfig
+index 9f0fb369f7..199335cd60 100644
+--- a/arch/arm/cpu/armv8/Kconfig
++++ b/arch/arm/cpu/armv8/Kconfig
+@@ -191,6 +191,14 @@ config ARMV8_EA_EL3_FIRST
+ Exception handling at all exception levels for External Abort and
+ SError interrupt exception are taken in EL3.
+
++config ARMV8_UDELAY_EVENT_STREAM
++ bool "Use the event stream for udelay"
++ default y if ARCH_VEXPRESS64
++ help
++ Use the event stream provided by the AArch64 architectural timer for
++ delays. This is more efficient than the default polling
++ implementation.
++
+ menuconfig ARMV8_CRYPTO
+ bool "ARM64 Accelerated Cryptographic Algorithms"
+
+diff --git a/arch/arm/cpu/armv8/generic_timer.c b/arch/arm/cpu/armv8/generic_timer.c
+index e4aa5a4745..1de7ec596f 100644
+--- a/arch/arm/cpu/armv8/generic_timer.c
++++ b/arch/arm/cpu/armv8/generic_timer.c
+@@ -114,3 +114,30 @@ ulong timer_get_boot_us(void)
+
+ return val / get_tbclk();
+ }
++
++#if CONFIG_IS_ENABLED(ARMV8_UDELAY_EVENT_STREAM)
++void __udelay(unsigned long usec)
++{
++ u64 target = get_ticks() + usec_to_tick(usec);
++
++ /* At EL2 or above, use the event stream to avoid polling CNTPCT_EL0 so often */
++ if (current_el() >= 2) {
++ u32 cnthctl_val;
++ const u8 event_period = 0x7;
++
++ asm volatile("mrs %0, cnthctl_el2" : "=r" (cnthctl_val));
++ asm volatile("msr cnthctl_el2, %0" : : "r"
++ (cnthctl_val | CNTHCTL_EL2_EVNT_EN | CNTHCTL_EL2_EVNT_I(event_period)));
++
++ while (get_ticks() + (1ULL << event_period) <= target)
++ wfe();
++
++ /* Reset the event stream */
++ asm volatile("msr cnthctl_el2, %0" : : "r" (cnthctl_val));
++ }
++
++ /* Fall back to polling CNTPCT_EL0 */
++ while (get_ticks() <= target)
++ ;
++}
++#endif
+diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h
+index 51123c2968..7e30cac32a 100644
+--- a/arch/arm/include/asm/system.h
++++ b/arch/arm/include/asm/system.h
+@@ -69,8 +69,10 @@
+ /*
+ * CNTHCTL_EL2 bits definitions
+ */
+-#define CNTHCTL_EL2_EL1PCEN_EN (1 << 1) /* Physical timer regs accessible */
+-#define CNTHCTL_EL2_EL1PCTEN_EN (1 << 0) /* Physical counter accessible */
++#define CNTHCTL_EL2_EVNT_EN BIT(2) /* Enable the event stream */
++#define CNTHCTL_EL2_EVNT_I(val) ((val) << 4) /* Event stream trigger bits */
++#define CNTHCTL_EL2_EL1PCEN_EN (1 << 1) /* Physical timer regs accessible */
++#define CNTHCTL_EL2_EL1PCTEN_EN (1 << 0) /* Physical counter accessible */
+
+ /*
+ * HCR_EL2 bits definitions
+--
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-n1sdp.inc
deleted file mode 100644
index f03e4e5..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-n1sdp.inc
+++ /dev/null
@@ -1,30 +0,0 @@
-# N1SDP specific EDK2 configurations
-EDK2_BUILD_RELEASE = "0"
-EDK2_PLATFORM = "n1sdp"
-EDK2_PLATFORM_DSC = "Platform/ARM/N1Sdp/N1SdpPlatform.dsc"
-EDK2_BIN_NAME = "BL33_AP_UEFI.fd"
-
-COMPATIBLE_MACHINE = "n1sdp"
-
-# UEFI EDK2 on N1SDP is unable to detect FS2 during boot resulting in launching of
-# EDK2 shell instead of launching grub. The startup.nsh will force launching of grub
-EFIDIR = "/EFI/BOOT"
-EFI_BOOT_IMAGE = "bootaa64.efi"
-
-FILESEXTRAPATHS:prepend := "${THISDIR}/files/n1sdp:"
-SRC_URI:append = "\
- file://0001-Platform-ARM-N1sdp-Add-support-to-parse-NT_FW_CONFIG.patch;patchdir=edk2-platforms \
- file://0002-Platform-ARM-N1Sdp-Modify-the-IRQ-ID-of-Debug-UART-a.patch;patchdir=edk2-platforms \
- file://0003-Silicon-ARM-NeoverseN1Soc-Enable-SCP-QSPI-flash-regi.patch;patchdir=edk2-platforms \
- file://0004-Platform-ARM-N1Sdp-NOR-flash-library-for-N1Sdp.patch;patchdir=edk2-platforms \
- file://0005-Platform-ARM-N1Sdp-NOR-flash-Dxe-Driver-for-N1Sdp.patch;patchdir=edk2-platforms \
- file://0006-Platform-ARM-N1Sdp-Persistent-storage-for-N1Sdp.patch;patchdir=edk2-platforms \
- file://0007-Platform-ARM-N1Sdp-Enable-FaultTolerantWrite-Dxe-dri.patch;patchdir=edk2-platforms \
- file://0008-Platform-ARM-N1Sdp-manually-poll-QSPI-status-bit-aft.patch;patchdir=edk2-platforms \
- file://0009-Platform-ARM-N1Sdp-Reserve-OP-TEE-Region-from-UEFI.patch;patchdir=edk2-platforms \
-"
-
-do_deploy:append() {
- EFIPATH=$(echo "${EFIDIR}" | sed 's/\//\\/g')
- printf 'FS2:%s\%s\n' "$EFIPATH" "${EFI_BOOT_IMAGE}" > ${DEPLOYDIR}/startup.nsh
-}
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-sbsa-ref.inc b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-sbsa-ref.inc
new file mode 100644
index 0000000..f251aa4
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-sbsa-ref.inc
@@ -0,0 +1,26 @@
+COMPATIBLE_MACHINE:sbsa-ref = "sbsa-ref"
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+SRC_URI:append = " file://0001-BootLogoLib-align-logo-coords-to-be-even.patch"
+# Need to use git as the BootLogo fix includes a binary patch, which quilt cannot handle
+PATCHTOOL = "git"
+
+DEPENDS:append:sbsa-ref = " trusted-firmware-a coreutils-native"
+
+EDK2_PLATFORM:sbsa-ref = "SbsaQemu"
+EDK2_PLATFORM_DSC:sbsa-ref = "Platform/Qemu/SbsaQemu/SbsaQemu.dsc"
+EDK2_BIN_NAME:sbsa-ref = "SBSA_FLASH0.fd"
+
+do_compile:prepend:sbsa-ref() {
+ mkdir -p ${B}/Platform/Qemu/Sbsa/
+ cp ${RECIPE_SYSROOT}/firmware/bl1.bin ${B}/Platform/Qemu/Sbsa/
+ cp ${RECIPE_SYSROOT}/firmware/fip.bin ${B}/Platform/Qemu/Sbsa/
+}
+
+do_install:append:sbsa-ref() {
+ install ${B}/Build/${EDK2_PLATFORM}/${EDK2_BUILD_MODE}_${EDK_COMPILER}/FV/SBSA_FLASH*.fd ${D}/firmware/
+ # QEMU requires that the images be minimum of 256M in size
+ truncate -s 256M ${D}/firmware/SBSA_FLASH*.fd
+}
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_%.bbappend
index e5018bb..76ffa55 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_%.bbappend
@@ -4,7 +4,7 @@
MACHINE_EDK2_REQUIRE:fvp-base = "edk2-firmware-fvp-base.inc"
MACHINE_EDK2_REQUIRE:juno = "edk2-firmware-juno.inc"
+MACHINE_EDK2_REQUIRE:sbsa-ref = "edk2-firmware-sbsa-ref.inc"
MACHINE_EDK2_REQUIRE:sgi575 = "edk2-firmware-sgi575.inc"
-MACHINE_EDK2_REQUIRE:n1sdp = "edk2-firmware-n1sdp.inc"
require ${MACHINE_EDK2_REQUIRE}
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_202311.bb b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_202311.bb
deleted file mode 100644
index aa11cfd..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_202311.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-SRCREV_edk2 ?= "8736b8fdca85e02933cdb0a13309de14c9799ece"
-SRCREV_edk2-platforms ?= "d61836283a4c9198a02387fe7b31a8242e732f3f"
-
-# FIXME - clang is having issues with antlr
-TOOLCHAIN:aarch64 = "gcc"
-
-require recipes-bsp/uefi/edk2-firmware.inc
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/0001-BootLogoLib-align-logo-coords-to-be-even.patch b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/0001-BootLogoLib-align-logo-coords-to-be-even.patch
new file mode 100644
index 0000000..bb8abdd
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/0001-BootLogoLib-align-logo-coords-to-be-even.patch
@@ -0,0 +1,302 @@
+From 84195804a1631c88c1356438d22f4a51681d8c55 Mon Sep 17 00:00:00 2001
+From: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
+Date: Mon, 17 Jun 2024 10:30:07 +0200
+Subject: [PATCH] BootLogoLib: align logo coords to be even
+
+If we draw logo at odd coords then BootLogoLib goes into exception and
+boot process ends:
+
+Synchronous Exception at 0x00000101FB943E48
+PC 0x0101FB943E48 (0x0101FB93F000+0x00004E48) [ 0] QemuVideoDxe.dll
+PC 0x0101FB943314 (0x0101FB93F000+0x00004314) [ 0] QemuVideoDxe.dll
+PC 0x0101FB92F798 (0x0101FB92D000+0x00002798) [ 1] ConSplitterDxe.dll
+PC 0x0101FBA96BC4 (0x0101FBA8E000+0x00008BC4) [ 2] BdsDxe.dll
+PC 0x0101FF7FDF50 (0x0101FF7F3000+0x0000AF50) [ 3] DxeCore.dll
+
+This change resizes logo from 193x58 to 194x58px to make it's sizes
+even. And if coords are odd then they are bumped a bit to make things
+work.
+
+Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
+
+This is a temporary workaround for an alignment problem in EDK2/qemu, see the
+discussion at https://mail.gnu.org/archive/html/qemu-devel/2024-06/msg02964.html.
+
+Upstream-Status: Inappropriate [workaround]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ .../Library/BootLogoLib/BootLogoLib.c | 4 ++++
+ MdeModulePkg/Logo/Logo.bmp | Bin 12446 -> 34010 bytes
+ 2 files changed, 4 insertions(+)
+
+diff --git a/MdeModulePkg/Library/BootLogoLib/BootLogoLib.c b/MdeModulePkg/Library/BootLogoLib/BootLogoLib.c
+index 478ec2d40e..3b7b5f3146 100644
+--- a/MdeModulePkg/Library/BootLogoLib/BootLogoLib.c
++++ b/MdeModulePkg/Library/BootLogoLib/BootLogoLib.c
+@@ -205,6 +205,10 @@ BootLogoEnableLogo (
+ DestX += OffsetX;
+ DestY += OffsetY;
+
++ // align logo to even coords
++ if (DestX % 2 != 0) DestX++;
++ if (DestY % 2 != 0) DestY++;
++
+ if ((DestX >= 0) && (DestY >= 0)) {
+ if (GraphicsOutput != NULL) {
+ Status = GraphicsOutput->Blt (
+diff --git a/MdeModulePkg/Logo/Logo.bmp b/MdeModulePkg/Logo/Logo.bmp
+index 3e85229e17595ba1f9c59e13692a4f8362ebc850..136345a56ac44e3ea8d3c91114b5a2676dc90e2a 100644
+GIT binary patch
+literal 34010
+zcmeI52UHcu9>%fvuF?36C5h3PVqP?f#;6GPh6M#h1$)5)h=rnJ!G^tH7klr$_uhL~
+z#E!k8qQ-f@*|~RF?ghjbPsDTBGpuvxPTQGpzJHn7t6hx?{cN;rFn53ccJTKne@Sd|
+zaksIlW%^$Gpx=azjS4bF*j1|2dH9Zq!nN1s&5<|oUXo(Pie+ons?~S=rJOKfLYmTP
+z&n7F}X!x&saU#i$A7mwoSK<i#;}J;2(LWx-#0nSz1CAnJzI+++JkAjD?%lgLuOrDB
+zcOcu}Z{NOo{hG{LAfm@rioBCe=KT9Dnd1oL5n4vFlHGJCqF<!TuilxaRLd{prid)g
+z2UChEQ{q1#a|Fyddj0Cv_#R!lIF#>Py_|Q=3fu|Z>QwAp!%qL`=Tz<Sy}PTYPa5mv
+zG0xX>yq}jLbT-7j9^Jcp{^-Gt^JlJ`6|!!2$d*NO*3X$vL<TK|`<j_k$o3%o_LWm7
+zE*?K}NedT`9f^t`KXUQd;S0wOKY#KBbl<ym<Ic6K+{15NyL<Ec{o6Mw%Uz}14hwzp
+z?AhD5ZzEs6P)mWxs~0l<N{bK&`>$R^DExlRG5kF1V&SqVKUUw(IAWN)*R5)wDV2TZ
+zWVY#(l}(pSizFwa$7>bHcJJo(Y5jY4s8FI~rBWW1|5CxTs;y_Was-bmrHOM7zkY51
+zhBea%^qM}P=ZrxCQ~LU<h#sHX*KcC4uHo0iZd^KlV$b$tJGUO+CBuP@YmRK+WQuQE
+zyLbJn!&^5zeQ+Nr-3q;Y?c(|Cm(E|ic#ivx%NNOcVAI;mr;cC0d?D<@*=LU*y?yiM
+z#q(zoPoG3Qdm2-CM&j$pS2}ThtWo^z>WO^y^1{(WOw-5ec@&N!Afxh`lb6qugkaA-
+zt0_XfTt*x2RdS`ed*j-ypuV2f%6e5R+qs5qY=Lb1)~^Z)>@h9S9|T#4xx)uc?%h57
+zS{P6|xo_vOom)&{$L6T`&MilGY(Bbu(-RFxH$yK2rO>mdE}l3Fj_%*NHET$}(Oudf
+z-@P3&0$gO%m?(lfxQlrD6hJ+H@<@jjiC~Q(WbhDzh+1&R9m0aDG|9_{S8pOCNk>q^
+zTr4lr|CaIBO7bGDiI73viKwZNNv~h4IQhv&f+|Z+Ra|`}oj@WAf~@IvB>B1M7(Jm)
+zvJsTfravT-U)4+^rC?P$M#PjyrpSJhN7bX!Ng=0}?Qb5677420!@GCJcI&u#;T$R_
+zQFRr1QgzDA@)6$1%&%B>@8sjWeM6$kKv(Iu>XN!g;pl}=y(+fplPd(-Wwenv%9=!v
+z5U-q5;%Hi656`M)y{g9pNBuP%4V0{841j3n;NBtq{HP5fb#ku(M>?R)5gkW>X#Jd!
+z{w*7It5a#1M=Rhne^ijW{qJ4tRG2xq4`OuR`qkt7ye9YdIe+xfx;fJhZdnh_ZJamb
+z+J$qBRQR>4tEWvky?-~O!lOTb@_6&Y*#|eTL)4D!+-_8t_IuZ@+_QH1yb%LeP93*@
+z!|Ll7&##?1C8&L~txM)zJ$GvRvIUn;96ftz|IU?5&K)_hd-bvl#}1JV0;M+U1peEW
+z%m<Hrym9%$u9Zvpij=G8P9v$eE}2Vys=9XJEM*UG+jMf@uEoK_kL}vJVrp>MxznUi
+z=;1xWtIeFDfm@f%-?U&BJ!E`l4+$LU-HwL9H8rDGEEzvCutkI6o^2M59rpPCJ#+(7
+zhIVX05%PqdIW?h27sNfq*Up+cxSiYL@gvX&cqqDYY}dA+_RZ%E>wn|Yg&_B4-VXNT
+z{X3uDw;R&mx_BPi!jkbL9^DOJJ|#Hx>`6vrm`Cf`L;JI2dHfT5c0l@z#tuc1n9#Ee
+zPoblmjz!@}@{x`s$x0fIjCX~jSws3lM(@QDk4{eD18NXwMjTDokfr2W_>HhbTQ?rr
+zw$VsK#<;=}>*~n1O`R(L73}M^Yt>TU`qf5uZp+iOFJEG~XDjr$Nxi!DXy`zleVaPX
+z8#!oDTh}!+CU2NK9l|=je-96O@%Z6EZQZsnTd2+YyN7pfQ>2euz5Xp52K#hsSFYrw
+z-u}!aY`b90uql20A-f>=rlY*whjwhqSdtk8v4AJ{_T9E*-o&0=*3X$Xe`L_&;1N{L
+zl4df;bn6HS^6~iY9pig=Pahb-EFIsq4fqV})N;r2#iP92?_0leYCk{5BqXp`vl74X
+z6wOQi2w0X+9*aIesdje1(blj|t*)Luy((n9cTKzbBM0|y(eO@KC^cWdc#cOyVK}mV
+z^Wb)_qr0|eHFT<6YRQCA{hB$SJ+ycI?CFl*<=r@c#@WOBsS2zGwrI#u4C&Bf@wgGa
+z8r5d`0>klsoq4p*HOle4zV)h3?du!t;{nk8oT}fva;a<WiVR(ciX~~9%qypkAMVkb
+z1;@JVTB`z}Yg?{3*i<W$UU3<4)U|dcg(El!L1sjdiksxxkbd#O(b1h-!Hbk@ijS;V
+z$)q1$Jbz;MHY0E>;tEHvBVUFD`oj(^V;142g|mCQ)au!=)+q0GFcH($#lgN+>0bgG
+z*Xiz9W!}gj`Sc;<8P3sN+)wS@#e=d?`?%GIde+UFdhW<U=xLm<7evPRb*)|AwRoXv
+zOnVP+)-3}@A~Ojdp-U#Me=8T7U<GboG>4D7S1k?c-(%B)nQ+H~(L<=55nVAQn8lCM
+z@$B(KxDrURbeJxbIB*2f0DnNOEw4Zj7v%2N^!M*u{P~k>@$ZIvwAwU(W_QQR-VSzN
+z)omHEk=||39NY^NkzsIKS76BW(h%Z%gjZXzLyMr*w|;ey*zl)(gW5D1*rxHWRZE6;
+zXo0k#!u7L5oPYR=E)8hqqV=umyb*)2l<r&$rRP45mFW^sdMor2`3JUXGTz_&(urem
+zJ-p9~oH4j}^O8S+L6+Lm38Ud_?5m^OH~ZA9zI*jjp!YH&g8t~20Y~07?c?U7n)xzA
+zeJs=u!;vP`q%0fM+sI1bLdrD@{m3lNbTpZ9^lF@+C(93+0%;%ExVC3Q2mb~&!TyTL
+z!Tp*!4e8JfD9s+yuWvIa*0XQ@s_0)+`}q&|Y)ug!7rU=l<J#~)VCn7ZxM9xpNxizy
+z88%?yn4vRSlQO>#LkqIzj~X(<tKE?H&4YbCH_V&CWKz{gueQts?88LyEU*|*niSx(
+zWc+9<*KjnJIfp2x4G3U<ru6ZFkKhg_0V42st^qalYu;e#gi#uDEB0^cGO<^8m!jVw
+zJH~YDFk?{fDSiDITPR~vKzCRbWKHSg%UYQ|G?4B=7BmEopaw8P{PM|TJzX5ebZzfZ
+z<uBmhwRVLW0|O`sm2|ILdG7Fm9#zXMn>5DHsm9z913@Bc0QKxyvy8qCXx(^dr<OxH
+zG(Ws;qi5AJ!M+|0CP;5<TWsIDmGBf)*uMN9^t`v5BT5LsL}!44;YaHCs%HD_(L?&6
+zUq&1`*xP4LE}1Axlv-rek3NWxbh)OmGh<*c3n-azbmQ77qn;fLj!-05PoKzgLbxEV
+z(PEex%s>#)rtGhQ%^RSMu<95L))Mr)d~$G4m)e~wm!3arFu3D!p)FP{9*BqGcY@kC
+zMKH-VHe(Va4Ob6n)rhI^cXq(f0k=~pm9s>VHS`mi2n``VAjE-f+*oiBUoV$h{hB+Y
+z+)+6=LNGygcdmtDFf!*rX~&AiAhCPhO3Yyo*|D0v8r7m846<zE=rt_wom+tqi+s!C
+zx%87&0v*sCnn+-CXFuoafDY)vyo<+=M0C;+Y816?m^YnPP>6i$RYe&b+MzkXnK7sj
+z%L@_7^HST66^r0RrXAQ`IDTZXd(&-8=Wks+7mV<*j0S?32j^kw%%LqC7+XF<Kmkqa
+z4D)CSVW38#Kn-f!<aXGVl_3*+>(`)rjC@Ex|5^pUJidFI>XL$z0Y^r;7NdUjK{&!*
+z!$UBwe-DKt4MYLlO}f&+UXwJtAHfkH9ASc8JAVd-XTS!wab?*+9G6ZWLmfPQU=OB0
+z3srif?%+|n_2Su6?6SKzZ@_m?A3bEq(X*Lb;1=NO$Rb4DU_=pBXyFWov<IK!qKcR^
+zY~aTEv(TYX#1@VnN?F3o=g+ZIuw1lkkE!j+!v|=w$S;gR^H{!HHEn`i*ghVtm=%-9
+zZePCe@~LCkHBTQtRF)&fpFMs|g?z;7A<!$VA!#hVmUbfkugCZAq6tzbk3fDJ#l}RA
+zEA^cjL+AvxYl>I_vt4VIM@ExKmmb}}%Tl8rS_IUXpu~BiNB6=RI!K?T!&0MBG<60C
+zYmBT!7&O_FH*e_G;|KT1{N%wsMuSRd^x?g5tX*lkMn)1*8CW{d895b#tZ;;$t@Dvl
+zInpV~A%7P9NAZ+v;0PT~f+(7PWU}1=6kjQOEj~C>{-g6p4z8Io3AKf#b>;L4%p%}}
+z;y^_AAMt!Ri5OZHQC=h_1TzGcmz58(qpgyGwSE8A4dY-uefWUU;w!W;aA#rK8gp95
+z(Sy;UcduEFOY79WT|gV#I(jzEp&mWS@>4X=mN~y65$EdV(<f+R|Hd^m0TxU(81fkF
+z1P*)zT$qh4GWnH7&S)RC77Zz?xS>Ls0fgSUj*=bChZ!RuWr}93*=5um0GX0}D2@~#
+z897MfCe1miso)=kBm74|2971%x_TMkBOua)1&*wpkiZHwF%K+1_(cw=aVtd|D>-c1
+zD8dM=Si|_eKT2(^Y86y*t4Vl&CGp9jJUcX`o+3U)$V29j*dObvbR4~W(c87IL*A@4
+z^JS`6=u3zEnTZe_<i}imB(dR7`8C-a1g|3PrNv|w{G6+y{N2BG6W7dwQG*u+4@08P
+z85T$cM+TVEQsf=+izfm(eCFUDhz8FNj_s3sc31@Du%ZbKL7|}O#+8c@(Cskdl8IEn
+zGl{HWbYH%Rh<N@CPKhmmBlAL!=Nu$vd;bWSaRkDc2go0Zip-REQ(UFUM5H&cMt~z%
+z37U=|@5Z3g$)-7jrQ4PKT9CV4G9q`oOn13RWY#w-C?BxCs?8CTXIIh(na!6muF_14
+zgn#0^-ajUZIX-*@%s4{mVdGBh(FI!*Q$@2@I;%MPD3&5A$SELm=D;3uVvnF}U<htm
+zG#CE}YOA`d6vPV5b@}9Rv<$TYYubiAekAPt84Om$5Lz<Y<cIe-u|z@~0W*%U7lM5}
+z-R=LtRKeJl!773Y3oC6|Ja4MzU6h-yeS9%bW)2Eq-<1e=v}!(LYk-#%ySL-_SDUW-
+z9ov*$Gd|)WvhYD@<D+RP230SXL5nM!1sz4N0huPh=N^@=)S@^VRT-iRSjOUP(K563
+zXRS|CGt+~0o;XtUQZf=pKJA&~&R{HU*(>9BR&g_qB4524)4h{-O^%Diy8DW!3moCW
+z!LzR$^txHEJVdy{NWpeQok7#l-HA~V^G+;ivcM67?8(FXm^lQ9&umg#_8EH=Q&?p~
+zL~5Wg<v}uHzhd!YP}~l?dMosbas$A&WJ9o05W|-PCorZ`sWs#HE>0z|&tkG@jDlF|
+zsx68b+fq5DMi%k>LHHf^2?)2tLQ(o~3Fz9qMTN$XO#ACM;@L}a=dlRA8x^kI7Z09`
+zSFgp}XeN=dsEkuQ@{M@%Lfm*@Dtq;w2!AXqeEn8ETvQP<zlapKABnq9#l5HEP3%Sl
+z@S%7_q|8Z$s$)bbMPh7SGUJFLoZ#OX8j1r)Y~(TtINxz_D)>a*qZ#)KN1-S8#)KoY
+zr_mZmI7jdYyA;juQnUchI=miH<6wy4QRq<dPn`Zue*G4ys$1va3pXPkzec}&T`hN(
+z3fVGL{vv&YAM@d{#K(xo0?%8kzlys2oF6yiwxtUcG4WNi5<k>0oEvvITX=?cWRx8g
+zHU?;@QPHniBA`Rh0H#m|_pDukThFa{p&DOhtC%fAg>30-=FQG|h*?7d@eszg6chx)
+z?u&7oM5O_ukf%uBSY&9Tg~lRFQ&HSk_|6lXPRXewv-QPPUkVqa*Nch+MD8{sgH}AV
+zoA}OCIF1lAc8c4Nqs{q?*JA!Y@pVV>b64?$m$;z00IaK}tw+zr^c|x41X0{ieB~}O
+zYQ3W7-~ENl7_srB#H00P#*xNH9-h@=B_ocAbgLuzh@EWYngt(40ZQ8i(fBA-J6L2s
+z5MqXpPE1F4Y_i~^&@(68ivLtLoy}jVYyz6pzkT(Jb$?0Wc$`y_uS=!0DU;R)Z#2#k
+z5}9FkK^*euESE8veWs-4GUAv|WtT~Yav4%o%bk(!P~d5wC1uIvHa_)gTseK5QYh=w
+z2K20yBi*0LZ5sSoVCTxk7A>AVw9lhTIr{Tw3Y*bgJ&m})T4d9ua?W&YCY4Fcp{?ZQ
+zGNiQ4kg{BcWc0x<V+z;eg;#}4gwZVO<Rg<jYQ3D&R1HNkXOXnN49T6fxRXfPP-JQ<
+zQaFoTt%Q4sxOB%7O0d}GQxa<wm!+I!=9CRYiUzU<QZl)T8bieXOX6=c1|g}DYef<o
+zauRvkh=VZ=Et#Rh4%0-s##&XzYMo52WNRk;7f8ypxXd`x_(*O8{GWUj{bY!eYX>*4
+zXO~h3jzt7oL6jJ~gL|k&$)aq`XgI1D2acF?KxCgKDSIIbM+Y{oY5IH7vgvK`n%2sn
+z)xUwm^Z@~Ew~guA0R-7+PQmn+&yp1XDmZ0R1S+9vd_J>+`c%o4u|!gvhChA7POPy%
+z#KBRg%C>){mN**W)lug@gcsWw6|;jH8{70r>wcS?EtzqCojK0Yy3BtoWKC(CJ_%pd
+zFPsmgThz&1dC!(eN!>`Kca`(QwExgWG7F((Pm!~g1c*&NIql?uu#Owfn=#wl&WM5@
+z5)tG{(@1>ZSu`3ey37`h$BG}kC8kIRj8vuL<>^Z?Y_%+s!A;`mz-5b0$&W~`_8}s*
+z)-<@LS5*eeuC|;g%JmiL8p-}pb0$~eKi`s-j5zAy?NzN@Y)8{{KGO6fGap&);wxeT
+zN1Ulq%CrT1^pDnjbnD6`uwa|vJviblkMj@Tlupe)VA2&+$0;05AK1HE?yP0fa7-Z?
+zJBp|(5CQI9)(75BHmzzG$Yl%4GTBthkrMBfLWG8+zEyK&ESb#4xk!F%K4K5R-M$oU
+zfum7fJay;fs*nlQa%TpTz}DTq#NM?l(6i_X0f@1q>sT;1NGF54-Cyk7=(G0pg&4X@
+zq-!GQnJG=%SX3P($>r7~@!*-1Dd<WEFN+=vMV96=PkJ|zyn%2SBJMsh)q$$gV3gz?
+zif42cttJcPBeLe@YZ38EoVX@jgH00-tu&u#l5US8M9+mLY{rNq1nBrpBDIUm1KbLE
+ziG}+l?@%q3KYT8xY!i9hO*O+x$XuhY^dUGxKa%#^qB;6`BI&C(LdmQpNqg=6II`5U
+zk!#KV_%S|w)bOVQWz$B(5vF35T$z~g8hJ9}dr*qCt`@&|{+#n$Y#PE5m2#w7I&rj;
+zPzp!Y^JFZQ0zUdSMn39T$;3xGj&5GL7|_@W(gZ1ufBk;jGE}W-7t4tLRLF*av#FLl
+z1Dmn>*XS2eiH)NSxm$|?%f<6oazb<^2tfqnkT`#@$lpQEDmins5WUSJch3cpx4le6
+zenD0DpIO>yr*DX2zFNV0qF_gHI8-+NUOob+AX+g_)@EYj7V*k-2Gi7cY6w~-$p}?0
+zdvnokPP7csaTK>)Q~D8$7X4_>@ct4_(LtoaN^ZvDfxdP1O5AeITF<_D`C^Mdi?W8%
+zeFB=qD%WD<qh%Av)cNK=$Tg7Cp~9ayC*;oUUAapsH#y(ETRUrt)A#wAeE3M>NZT4w
+zI0AYSM?ZhNdyS=B!&HEe=nsT7qO(b^ahkD3sbUB_sFQ<E55r?nT5;#Q{Z<&TgEfwb
+zC@l%b@tG@Z>X=aAHclF4v0ZQh1OanNeW#hI*k4?KAn`S7oh(ks*G??hA46&KP*905
+zCVb>NnFkaMUlS`If#M6dL=kV11cBH<R2wV_NO9atjp>LJ!k>s)yTp#O;_OXnQG$2<
+z`Vbr`drk3?wDLzpBO?hSb?$LsFU3bVk8~+!9kIp{Td)5&A8{_NSK~T%nNpOKyMd@e
+zshx`C^Qc;yM7G9P&zQ_%@%n}HLs*EmMZv?3I5P23Y&fzr%QbJ4p1ouFLZ>46K~}}=
+zY2ck0HR;eZCw=SJER{-%Hoy8c@GCInJI;xsU4>0u8H#q1wolyGsp}Fx;3$oY__do9
+zC9p=P>5?_lxr#y_vO??Y&EI1EaVZetvMg>QKqE4RquBH#+yGloi|j3B5%R!yoo9)*
+zQ>4zN?rkQE){_NyubJ{IwEsm1qB#$u<EV>+T^#xm+iGl$pdX=bnE1%3UK_Yc=|^l!
+z$DwD(grno}!4bz=t@R^@6Ez(Js#gA-b{SLIrcY5eU2<$FBA8JXv!$t=Gj)aRQqWlQ
+zQPnS{ekA!QMm@Wdt<sM)JzMg}mc?`GeU}H4s**De@Z{Ks^<?5c>))~oGzVwlczAH<
+z7I~H)5;<CFY*I(m7$jXkabGAkvv<qMTy<2sa<KJr0CfnFFl4q-qtS+}FKA->84X8{
+z0((7Rk<6m=5lFGtj}WYTFGw3ricz3cU$PPbb)TT(#+0;;M6IEcq4Z0~QRFMmCvm!m
+zBXb;SiZO6#41jPRe*VZo?6R`^8e2fFq3Oo9^{RGa@pdbtN$*QM`6xCVq4GpLdBRcr
+zxx)r<Sh;<L5)FUOUo&r(Dml|t{vvIKtSO{^6a$X>RR52ZYfj(i+p%05bG<`Cpl5fi
+zSPJzWph^8mJ4|NeBMvdf!AEH4V2~4ukHYUj6TurrN)%Z~sa|`|z*;o46jKy&19s4K
+zDXSDH90u@_WHd*~N88TEPz-WeeMCd6qa`0nm^ext?Yk7MAUHa3$;3zG!Gy#*BjD1?
+z-Bv0@1hjTcIcdi=lM#5zD3r}OqMvM#%U#wu!js21TsYEX-gi~ouxck(-Ax;_98N*?
+zV1VNex*n_^DxUgLj5uPe4u$B<fxR4tym|Q&XTnIq6@Bm4O%icea<H(*SD9_Gu#jtG
+zO>#~8kNWqhm_2RjR5lLzvaFsqG1~A7!6E66mC73UNG?H0wxy;Yq5Jf0>dY$x7Nz(I
+z7o#6xA;L!-@0O1CNYQVJu&FOW^hFCXWR-QH_otvVjaqBM(U+~n*bOlhfyGeY!3!Zr
+zbE!{p8Tp9BX*;471f&;lOWy+$6IS}oU#vJH#pu3^V)JR~hXQ50𝔓x8y<2_E;dj
+z>H1~H5vTG{4UIdla_d#?zN&55#dEhWT>yeO>A`_;4uSC=4%@BQE}bXB$IB;<u`5do
+z+prw-(OZarB%XYPAJW=h!?tGIrp8wp>@%kv)6Em(TeS;RK{Tk|Fn3ymAHQYhtK>|@
+z2^RJ<$e`)jl8?X_ip<cC&2bVKJIuK>x8Hs&okptuqq}-3KElx+*rEw~HbtC^e2sZ1
+zizvd-3e!5ihl<&Gi`1rO-W&_Z4j~!M)o-3j$^N3H7`j@^`r)^o=S9Y*5+j)Y<pagd
+zhtc$1nCtKr@vDysM}<91u4{0l{6~~ULZM0HB!Gq>FU5D*eYl^bPTy2I)N!<<uaiLq
+zvY}+-Q6K|^h1!L$g0J+;j3fLhc+BKZe;*%oXf|Lcv&S#v0dhZ9OXoczjtgS-f;jYM
+z+(VqoBckqVCzd#h4|cZRLi{8D1V?O~^>(X=OAr}U<ExDGh7aVx0X`iSIOOl=Ttgb-
+z8Td96NL0O2_8R^pY3OBylCqBN-id<<?C!B*c=@AG)B5GJCI@A>967hIa70;-JJk6)
+z2enbEdC8yG%$&+e8;W2a@)W#YS2<@IzJ<uVs#m;v_7p{+k}(@Z_7;*&m?%6%26HF=
+zgCspo9jBQT8DveJ;gT<ybF>xg!DWZ!1_siH*~Yts^i-`tQo8?0ebsD&*l<!TJt#b8
+zNc{_P*?2;H*+$Y0$`{TFj6OV*)C>ku#Hb1yqAW11IYg!#FEfrHUe1ANheJ#!s*PJ6
+z*kYLYoE~Sdl5vW1Fse;g^VX|0%CtBl(%48m<4UeEGjaQ~b-Ul_&!!2;wDGS+FtwS$
+zN?)XEQR-*jYvW}ej!ifE<(o=5Qrl&gR=9ilQm6LqR$Wp!Qhda*PheO%XL^^SU-Md=
+zN0l<DR~53c+acl5yySoPZHS@}4&?HZM}=&uY%`#9C9VFSEUiob!Z~@))i?U(TT0ny
+zPC`$b{ZSON#MIV1F?E~tPeUb1okhdZ@7J@@m~r9|pab2=1{W|+=>Vz4Fsl#*#(nAD
+zqRudR&)Hg{fOPa@+dk4&pf1Trn%&P=AVtY9G$1tQ^i71*C<#OK{=j7>zcolC9RXLN
+zzhu2%x|{smG>7{f7nR;0RlgZWC^EcHqB#{UUw@T=(rmF=gZsco(Qst7Yo_e`{|`sX
+z4~Z;b270^3>ObN=2_#hM)Jaf1cuPb1vw0dGfphQ8e*eKPQ%bu`%s+cxDU{*HRNH4x
+z%AOa_M&3cwX$2hdR!{XjS<9wN;#e>jTewwnWx&u=p<D)4D!J451(r@6BmGc@3+aa4
+zTEFmDnn@`4)HL%@wrj^8UzU`-x5F;3p@iJe_^FGg-P9E&{9@jmFy_ZbL(}QAL@Ylf
+z&fSzcx4IB0M?!@|kepj~K>!rfi{`=|5OGHXYC2w;c)G9!M<dqCukexQY$JI`!BAl;
+zzq{N)A@k!1F=4Z``*CcmYAK=z)NY`Py8>KWTxJ}hFYsnA-Vn`~7!#BR^i(+F2O8wT
+zqF500PjF<~7fJsfK03N%3$K!*4Pja$MuCt1OgzQ)3+EP%8HS4jT50fOUZ)~?>K4pJ
+zggt)VN<4FLpHX*1d*Yo!UKwMvpW}Kc$Gm06VFImGPUj+dI3F;wvpX*Wag0-MMMWq}
+z;^_l>c@Mg+ZSlGVb2@&Pi@;ln-D+1{F=ZUD!sviiMQ%J4?o%Wg;az04vvn261r6c!
+zQ|b&3=9ZJ>B<mM+zz)jXJ#r7eXm`0W|5bY#3VO=DHhkWYiw+`6AywJMuRTmUt-H+?
+z>yC*sy`@)xf`z@LYk|Wj>Ox&Q9wr8_lw<^;RJ9xws2(Kd?UjxPYY<V;jH4L%$lwoB
+zGET|0(9<V*@#3H2h*^k!(U)lUTH|^g<|i?FE-CEU+DCuEwSYOs_F1&y(zfu)fU1JR
+z!qIJB?&s+Cy_+|9;{@h{fT+QE@!(3Y;am9%P-G-zilTh={23floQIO7G;`lrN{{mu
+z87RVAbr_5seUXY%M6AD#gZ_dg4Jo8;A_}<6#Sghy$Os;i#GU8FAO0qFnJrT$-{K-0
+z45ic}*owf(0Q4YIj2f^iMP@W0Y(~^;rC0;BE8)^i!vG+~2s-*hX0`%hv~#z_`CAe`
+zC`2@8%x3J58Apnb(2u6;Z=6MUR|6%s#*u3ug^vINaslHAH`Cpl^3FW4-{4xTkkpS-
+z+xR$EW3L_C@OD@zLFTz0cKd25z(H+YGHwJiWoA$x&Ih5{86PMrE)l5z=#~Uv{4cHO
+zhrM8-;awGpt1UEF<P_WdQctNTzHBW$#B4KQE-}f>C-aO6HgAt8*+XhEWJ8}S-BX??
+zi{oPE39(IbYz4_5cM-ld)f`(D=5#ZT418qq##z))g)A5yWT|JzBHiArAEC(b7PDi)
+zoTwy?|NBk-!vAskxd5-ERQe(%-a`8<Hr4ZFXz)|MM*sbWLup!&5yTCSL0(>SDO#v(
+zIvmwWcyAUuFh9)a@o$)RZUljq%0=$kt8+$W`$!4ZW{PMMEQ<L^#Yfj)iggp)WAZm9
+zsHZjKD2k8xg%B$yQgZDh;%L#Bp$_?S0tEG&U1icH<=48nqY&F=N<zSNDw|gRgqJbk
+zR6ek219q7@$Hp&x>E}ig)S$k%Gx|9;@PZbLatvxrXVJ8eP!%bd_4fTFh~j3A_cr%0
+zWH93hKH{hMG<!|sBP-=d$~DbiL$2{o*+0~e*3F*Euc|;XoN0xan*3UjNRwg(;U*QD
+zl_<i;W`7iME%u$vrbSSEQF-xR@shgRZ-sCe8_(7L3#0Y1ngAClAYu2UC!pR4c^Foi
+z;8@`*lCz~e6T&_U8?)BR&d2J;N316rj;7&$RQgejl*F-YW%ny*V;oR=uUzA8MYeo7
+zKQCXD)8Cc58?H{&o6^+_bXuay!>&0xG%6D32{;o%HdJI3laDwa|7KNm9L*I=3Of!v
+ze&rFdXuq_o(Xi2mu++iY=kjc39HFgZ0nZ)YpWpOh_jRt?hSlQwW-M>Uf}^WvPH`$n
+zd-s*sUt<oqb>BZB4CDV1O!b<}zQ38zAP2*MI?I*@CN=CsAm#JA%s8UgD6IUpMpWQ8
+zkog$>&f-Ut!Z?mQe7+p<dCgwJ>8%+@%siX@>`C3beUm!@QDSlDV;r88g!4>^J^A-X
+zAPPr+^DDTx?AX8O9!t0Y8U6cxOl&dXk3cjWh3P*7BVDssukd@-#uUJnh@*r*rJtmS
+zQ8;>sM3a1E_)#Hn1e)|j&WiFAVxOd&iH#=k5s1POat%I;h9d<c9ZHFOl)xwR6Lv2O
+zM{)6ylyREUlqlCe;anx;rlW8a10O}nIP?GNk%*&&Jei-cZ&5gkk&jG2z{nAfL_Ye2
+zvy||gj>3^8AL+`Gt~4d;M+tvEKUEK-a1_NyCdK+vG-C}Jmx!ZJHA@M<-6$Lx_((&L
+zPD8qulxX)S{Q3M;J&eN9JKi1UCx!W4>Zl(RHpFG(m5ZD_{Zu_oY&Ri~fEh>h5g+4Q
+w{%gB9LqdL(#J+vP5isEB6ZRsp>Cb%x5^?mo&tSsne<F?&#youPy|A(QAJ!2fAOHXW
+
+literal 12446
+zcmeHMTZkiB8UDNL(sk>qB-K?(I_Y$!(&<j8lk{|ICYjmv&Z?;R;QAo!gNTUWq9BWc
+zFusVQ4+<(i$Udzg?1O^rn;?Rqpn@O>3cf7*ATFZdips9zI<qqqzyF-7q>`T9o#~w!
+zZ0NsJw{!i!^Iy;DcRl%?3nXZy5_RzQGhC11S|LM}f3hbY^0p!>XgZw|JvF6wmsaTa
+zzxg$N|65<9=fC;|I$k4s;a5}o?Js^x&%Eaf{qjdYpqKyhXL@R{LLd0XlwSJ7i}dtl
+zK>pKH`rHTKOV?k0g?{qFcd2)6N*_6D(X-c{q0c_~4*JT|AExKNc#WR@@sz&)sgKb+
+z*NJ}j(v*Jw;*_p^Z%RLW{@Zl>)-C$y%YUPfKZkMuKBdop=t+9{l_}l4af4pF{%?By
+z=1uz2N1vkWH>ULJzy3jg{nH=m>X)Z<=gu9P;(FyjQ+j`Woxb^*PtbpFqTj74-M)RB
+zZoKvy-MY=~@Qv%!@4HI3UVj~Zxa>CFVeIF0z5?efaJ~ZPEASvzATiB}X_m!})Fhk{
+z8BrAZxR^$LWlp1Bzi;<#JGSk9zq#M(bjJJ}k2|9W!O{JXG12Qf|8NZ{^i0rXG65v=
+ztD1%%u4=WZ7$A!;%V@@~Aj`nxc&}HQ(L=(Z^xqtpSznceCsobzj06Ti0IAic%NSAu
+z2HSOQyQ{^0_qaJ?F?33$&bXIhIDGRt@3*!V-K9rvj<UYG3ibsO3h#<R)wE>{>cp(}
+zYe74*qpliP`@TQkQ?&7j`kGx!LR(WKrC&*GBO=wcEL*!k9W5sE4c{WIr}mAg6uPQG
+zS|zkpo1%8qL~Xkp#<;80sr1QeS39cWcEe6$Rupv5#;R*{s~z9yYn{ZO<1&FEqa`^&
+z08$Pb<iL8A$)V>DBg;{fKntS4_bkt?hR0X^2}V`ST3gj!r$4dUVI_&WG%>VLnOvnf
+zfJP*0qLO1z47FzHs?$}5{!ld)#j!kvs8(}pMZBAaqN^pxFZ$i6thK|cr<z*D_Bx&w
+z0Bt2wJjKC^WHixN>zO(&VzAg4B&GH+!_cnAv1(Sdj#&(96JXH7{Sn5GN{VTC?V%e`
+zF*5DGr`D*bsG4FPQqMDN3e`}hATAnFq6J>yDaE!Em0i^V?~IU26Kz;28ll-XhLtuj
+zcs-*GT{0_4?2U_R&}~Oaq)ZGm1Au2v4#T@(NF}kTOTDsc_kFK2F(3&eh#ad@Js$ai
+z+U{cX#2+eH>d3Ryc4YR=C~R90Q7<qjR;VTwduW)E)(xzBQc)AjR81dk0}B{5qN3&)
+zSa!pU0&AjHBG1seN!#_Rrs61`ANXyp7Fv+~{v3n}Da`C)(WZqAB#0#p)v_JeimDfc
+zZs=8dm5FEUjr=n8p$B%^4E=iOfPc?Wf^stPY612RJrBARSy50cmdkC^597qJ)T&wR
+zhfY*66Yx}1$#v||OOzUEmgcqNu5Wmzi;+~N>~+iSj_MVA(Zo|VUG6>v5Z0wPum{#9
+zRoKLmU+O7dvFliUSLwU^acNwNd*c%1kQ8f**KC$3o>14b_s2xX9oic=dGFH;Dxn68
+z-WyYA4>#dg4ykmEt<mwQ1e1nq4+DszboKC%E*w5y+NZWp9Ui6hIE^~!M_fo4PbtpD
+zKr9C)+?RC8PmO_rEXpBv6;(C*u8ZICKD;VCYiZoKe52D*1aC3LR(^km37Z^R6gM~Z
+ziPyeiDU4-Ku04NWe9Kp4a)3rHW2nyj(g_TR(%_%zcrS}^<Kt$|XD`n9aKFm+)gjAa
+zxH@DE#gxiL@)?54$|U3<BDL^Lh;a-+f|z3fmMq3ST$WEe`h^^wc8rJCFAA&GDlUF-
+zn&(G8Q{+>Y=DCWyq@@pynNtp&h%}E=J+n-aO!JWCX&Pn9!x0+J<NuhFS&~;SXK9{r
+zsFY9h1coM3yIEw}!-rJ=y|@?0aDcRjtglIjoQO-noR(*1zK>Qt_OW@oxXW~qFQO|)
+zC_1{FmR&wNILO|)=-^}r_~dz-$7VdIlNc1oap1lssY8boAR24l5Q%$GGnz%mF?&=h
+z4xL)s#t9th18vbtcM?S7j4n6UH&&Pmt+h*8;lbK^fr|#4yP~L3*jU-hDrv2?!L=Lf
+zjad=DB$K%yGC2q!Cove<V^p)wRb5|&voD!?op&F)K4dH$j{{v#1CWXiA~my6#Z=ep
+zl~hL57%=}#U~7=_xjQRd*${lLp*~~yU|Td7x9yA%e!htu=BcVBbV;eN<}lRjLts!5
+z=AA^<DyurjN+fPQPuJUW22|=S2V)4FUQ#WtqM$8pYpuY%7Y2g?uk1=eFnYv-DXed|
+z#FLBG&?>_qAPlx!0%smX_=a-GY?@<&!~hOva?o_fu#auvQ0Rw?jYyp}hcTpb(9i*L
+zXa=a#u>OaNhmwc^ZZU+y+U~){i#q~NVF#t#C>-$15%W91vFs+EDFzlv0SB%C#;`MF
+z_|9P{QUoo^_6#$>G{az=l*1UR6qI;eiif}ej(c7`F9($PU_23RNI@fy&79YAJu~JV
+zUiNjOOL!Kf9f$^CGbe|2G}@HIFtV0><$F$-*e|6B;F&1D?MZbhXAe>i)Ws54T$}4_
+z`Z5NzVO>hF&4Q8%Y9l=ZtOl4U9HnJaDupdknsSNv!V2_dZV#+ygS5w$wXNMtS7zOF
+z7=#=I2)^Bu9I&tep$Fw|)v7?P7UhuYQc>3fR0v}G0iN8NisF`7<4y1_lm%rw&=)NA
+zTn^B_mBMz5|5~l>?N-(hZNs@+f^W^_ATZ2rTH3>cE~RoHsJJAUbSj4>n{Jk&Zy5&Y
+z6=cFnv%-3xQKPlCbBUE-+BS-JGYpyL@1RSb22W(2^Sbm_@!_r*Xl#VV0FH<EQkgwu
+zHVt<K<`?Bqha7m3H|DC8F~e$}Eibby<S@g4K1}ja$lF8K|K#&<G$&E3fTbnBL_Jqg
+z#?;)4jmU$yWnBvNx+jA`>RVwCtUrR<5LZlF-~=|jOl&2Y&tyYL?LnFd+rvhqvDMhx
+z+G4O-Lkwbx6i?oe<{`o391p*%%QMh|9I7%tM8j1*jlH41Dt#*?A~%X)p5<WS(Uqea
+zXkL~keHRQ*V2y>3CA!Ft3xSXAVMAJP3$Llgv-#wFt6JrAJkIs1ns7yyJkB#t?gj3K
+z!5zXIDQMfY;5GyJC&UN5SS334p<%3DS3Rg%0tdCnB@B6seN5(Ab8E%xyU_s4Tf+CE
+zhD%n~8?YA+DJzA|i!gT)JaXOmL{bpD(|lMviD4m5XEt3$uCa=o%Nrtka1=m%0Hede
+z^l<1S<AMR_r8{Psu?THsgH0Da#|l=T{T0$75xYeLRw+RPVe+UP4A>zo^yaXZ(OY0J
+zz}(Cp(tL@=A(9}G3)OX#qaEZ>4@7<h2os0_WWagJGu>60G%~N5^>TyF?X@keFdeX#
+zND}dy<3mAOF$X;PhI*MyaZjcNcbZSP?;;1R<_trG0~V+UNC~~6GaNc*Bu)W3wQ@O9
+zy0S!uaGYF3#UTi1IiibH^T*^n?!r$AU;9`CsVQjCU`Swleb9np6$&k`-r1CuYl}WD
+zCx^GzrJP?9Gi0|O&Iq!6G%Xw1{l$Zgk!{Zl5Fm2iQK(QBgXzl74r0Xu?am8!cXk#5
+zprNpbG{aa(w{vp9`4Rp~7BoIA#WC-B$UtT#6=h+zd;MszS`4<1Ad8Dz!V2cQgnJ!h
+z*6v>9pg~g{=nEfzU?0Rpu!nl87_+hN=SAk;8|y8ZN-tQ){fxtHA%|27Z|s*sX|?b`
+za=QZ)W(>T4I6ckxK#+*csZTptP7a6<oM)$$(<RMuf&lwUka*yYR21=E^z?KY<||#$
+z#&();pK>rh%E$ykN-oXIVc`A$5)tqBb4^Y+`@v3Qt<jhp?CC}k+n#%j52u{r;ddJ~
+z=R^x14}b0lHABw^#o|wftOqslBOE6^z7}WLk8s)tI+ehX0(qbVKf=NApJpaT@%CKh
+zBjkB`Dk*}#0I^(mR=#I)0GPAF^D>{QDF}sHt~)E=sT_nwoE4sz`4n=H=5S_p3331o
+psZq=L&dN7)FA<zw-#W7gU^y%6zRc$tP4kvvoPVFMz}sJe{{eq`w(0-?
+
+--
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0001-Platform-ARM-N1sdp-Add-support-to-parse-NT_FW_CONFIG.patch b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0001-Platform-ARM-N1sdp-Add-support-to-parse-NT_FW_CONFIG.patch
deleted file mode 100644
index c7f163b..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0001-Platform-ARM-N1sdp-Add-support-to-parse-NT_FW_CONFIG.patch
+++ /dev/null
@@ -1,471 +0,0 @@
-From 928cb457b9ab2abefbacad655eefdde943b4ee9a Mon Sep 17 00:00:00 2001
-From: sahil <sahil@arm.com>
-Date: Thu, 17 Mar 2022 16:28:05 +0530
-Subject: [PATCH] Platform/ARM/N1sdp: Add support to parse NT_FW_CONFIG
-
-NT_FW_CONFIG DTB contains platform information passed by
-Tf-A boot stage.
-This information is used for Virtual memory map generation
-during PEI phase and passed on to DXE phase as a HOB, where
-it is used in ConfigurationManagerDxe.
-
-Upstream-Status: Pending
-Signed-off-by: Adam Johnston <adam.johnston@arm.com>
-Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
-Signed-off-by: sahil <sahil@arm.com>
-Change-Id: I54a86277719607eb00d4a472fae8f13c180eafca
----
- .../ConfigurationManager.c | 24 ++--
- .../ConfigurationManagerDxe.inf | 3 +-
- .../ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h | 16 +--
- .../Library/PlatformLib/AArch64/Helper.S | 4 +-
- .../Library/PlatformLib/PlatformLib.c | 12 +-
- .../Library/PlatformLib/PlatformLib.inf | 8 +-
- .../Library/PlatformLib/PlatformLibMem.c | 103 +++++++++++++++++-
- Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec | 7 +-
- 8 files changed, 152 insertions(+), 25 deletions(-)
-
-diff --git a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c
-index a6b4cb0e..c15020f5 100644
---- a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c
-+++ b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c
-@@ -1,7 +1,7 @@
- /** @file
- Configuration Manager Dxe
-
-- Copyright (c) 2021, ARM Limited. All rights reserved.<BR>
-+ Copyright (c) 2021 - 2023, ARM Limited. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-@@ -16,6 +16,7 @@
- #include <IndustryStandard/SerialPortConsoleRedirectionTable.h>
- #include <Library/ArmLib.h>
- #include <Library/DebugLib.h>
-+#include <Library/HobLib.h>
- #include <Library/IoLib.h>
- #include <Library/PcdLib.h>
- #include <Library/UefiBootServicesTableLib.h>
-@@ -28,6 +29,7 @@
- #include "Platform.h"
-
- extern struct EFI_ACPI_HETEROGENEOUS_MEMORY_ATTRIBUTE_TABLE Hmat;
-+static NEOVERSEN1SOC_PLAT_INFO *PlatInfo;
-
- /** The platform configuration repository information.
- */
-@@ -1242,13 +1244,11 @@ InitializePlatformRepository (
- IN EDKII_PLATFORM_REPOSITORY_INFO * CONST PlatRepoInfo
- )
- {
-- NEOVERSEN1SOC_PLAT_INFO *PlatInfo;
- UINT64 Dram2Size;
- UINT64 RemoteDdrSize;
-
- RemoteDdrSize = 0;
-
-- PlatInfo = (NEOVERSEN1SOC_PLAT_INFO *)NEOVERSEN1SOC_PLAT_INFO_STRUCT_BASE;
- Dram2Size = ((PlatInfo->LocalDdrSize - 2) * SIZE_1GB);
-
- PlatRepoInfo->MemAffInfo[LOCAL_DDR_REGION2].Length = Dram2Size;
-@@ -1512,7 +1512,6 @@ GetGicCInfo (
- )
- {
- EDKII_PLATFORM_REPOSITORY_INFO * PlatformRepo;
-- NEOVERSEN1SOC_PLAT_INFO *PlatInfo;
- UINT32 TotalObjCount;
- UINT32 ObjIndex;
-
-@@ -1523,7 +1522,6 @@ GetGicCInfo (
- }
-
- PlatformRepo = This->PlatRepoInfo;
-- PlatInfo = (NEOVERSEN1SOC_PLAT_INFO *)NEOVERSEN1SOC_PLAT_INFO_STRUCT_BASE;
-
- if (PlatInfo->MultichipMode == 1) {
- TotalObjCount = PLAT_CPU_COUNT * 2;
-@@ -1623,7 +1621,6 @@ GetStandardNameSpaceObject (
- {
- EFI_STATUS Status;
- EDKII_PLATFORM_REPOSITORY_INFO * PlatformRepo;
-- NEOVERSEN1SOC_PLAT_INFO *PlatInfo;
- UINT32 AcpiTableCount;
-
- if ((This == NULL) || (CmObject == NULL)) {
-@@ -1634,7 +1631,7 @@ GetStandardNameSpaceObject (
-
- Status = EFI_NOT_FOUND;
- PlatformRepo = This->PlatRepoInfo;
-- PlatInfo = (NEOVERSEN1SOC_PLAT_INFO *)NEOVERSEN1SOC_PLAT_INFO_STRUCT_BASE;
-+
- AcpiTableCount = ARRAY_SIZE (PlatformRepo->CmAcpiTableList);
- if (PlatInfo->MultichipMode == 0)
- AcpiTableCount -= 1;
-@@ -1697,7 +1694,6 @@ GetArmNameSpaceObject (
- {
- EFI_STATUS Status;
- EDKII_PLATFORM_REPOSITORY_INFO * PlatformRepo;
-- NEOVERSEN1SOC_PLAT_INFO *PlatInfo;
- UINT32 GicRedistCount;
- UINT32 GicCpuCount;
- UINT32 ProcHierarchyInfoCount;
-@@ -1718,8 +1714,6 @@ GetArmNameSpaceObject (
- Status = EFI_NOT_FOUND;
- PlatformRepo = This->PlatRepoInfo;
-
-- // Probe for multi chip information
-- PlatInfo = (NEOVERSEN1SOC_PLAT_INFO *)NEOVERSEN1SOC_PLAT_INFO_STRUCT_BASE;
- if (PlatInfo->MultichipMode == 1) {
- GicRedistCount = 2;
- GicCpuCount = PLAT_CPU_COUNT * 2;
-@@ -2162,8 +2156,18 @@ ConfigurationManagerDxeInitialize (
- IN EFI_SYSTEM_TABLE * SystemTable
- )
- {
-+ VOID *PlatInfoHob;
- EFI_STATUS Status;
-
-+ PlatInfoHob = GetFirstGuidHob (&gArmNeoverseN1SocPlatformInfoDescriptorGuid);
-+
-+ if (PlatInfoHob == NULL) {
-+ DEBUG ((DEBUG_ERROR, "Platform HOB is NULL\n"));
-+ return EFI_NOT_FOUND;
-+ }
-+
-+ PlatInfo = (NEOVERSEN1SOC_PLAT_INFO *)GET_GUID_HOB_DATA (PlatInfoHob);
-+
- // Initialize the Platform Configuration Repository before installing the
- // Configuration Manager Protocol
- Status = InitializePlatformRepository (
-diff --git a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManagerDxe.inf b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManagerDxe.inf
-index 4f8e7f13..a4e8b783 100644
---- a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManagerDxe.inf
-+++ b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManagerDxe.inf
-@@ -1,7 +1,7 @@
- ## @file
- # Configuration Manager Dxe
- #
--# Copyright (c) 2021, ARM Limited. All rights reserved.<BR>
-+# Copyright (c) 2021 - 2023, ARM Limited. All rights reserved.<BR>
- #
- # SPDX-License-Identifier: BSD-2-Clause-Patent
- #
-@@ -42,6 +42,7 @@
-
- [LibraryClasses]
- ArmPlatformLib
-+ HobLib
- PrintLib
- UefiBootServicesTableLib
- UefiDriverEntryPoint
-diff --git a/Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h b/Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h
-index 097160c7..4966011e 100644
---- a/Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h
-+++ b/Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h
-@@ -1,6 +1,6 @@
- /** @file
- *
--* Copyright (c) 2018 - 2020, ARM Limited. All rights reserved.
-+* Copyright (c) 2018 - 2023, ARM Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-2-Clause-Patent
- *
-@@ -41,11 +41,6 @@
- #define NEOVERSEN1SOC_EXP_PERIPH_BASE0 0x1C000000
- #define NEOVERSEN1SOC_EXP_PERIPH_BASE0_SZ 0x1300000
-
--// Base address to a structure of type NEOVERSEN1SOC_PLAT_INFO which is
--// pre-populated by a earlier boot stage
--#define NEOVERSEN1SOC_PLAT_INFO_STRUCT_BASE (NEOVERSEN1SOC_NON_SECURE_SRAM_BASE + \
-- 0x00008000)
--
- /*
- * Platform information structure stored in Non-secure SRAM. Platform
- * information are passed from the trusted firmware with the below structure
-@@ -55,12 +50,17 @@
- typedef struct {
- /*! 0 - Single Chip, 1 - Chip to Chip (C2C) */
- UINT8 MultichipMode;
-- /*! Slave count in C2C mode */
-- UINT8 SlaveCount;
-+ /*! Secondary chip count in C2C mode */
-+ UINT8 SecondaryChipCount;
- /*! Local DDR memory size in GigaBytes */
- UINT8 LocalDdrSize;
- /*! Remote DDR memory size in GigaBytes */
- UINT8 RemoteDdrSize;
- } NEOVERSEN1SOC_PLAT_INFO;
-
-+// NT_FW_CONFIG DT structure
-+typedef struct {
-+ UINT64 NtFwConfigDtAddr;
-+} NEOVERSEN1SOC_NT_FW_CONFIG_INFO_PPI;
-+
- #endif
-diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/AArch64/Helper.S b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/AArch64/Helper.S
-index 8d2069de..a0b89a7b 100644
---- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/AArch64/Helper.S
-+++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/AArch64/Helper.S
-@@ -1,6 +1,6 @@
- /** @file
- *
--* Copyright (c) 2019 - 2020, ARM Limited. All rights reserved.
-+* Copyright (c) 2019 - 2023, ARM Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-2-Clause-Patent
- *
-@@ -25,6 +25,8 @@ GCC_ASM_EXPORT(ArmPlatformIsPrimaryCore)
- // the UEFI firmware through the CPU registers.
- //
- ASM_PFX(ArmPlatformPeiBootAction):
-+ adr x10, NtFwConfigDtBlob
-+ str x0, [x10]
- ret
-
- //
-diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.c b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.c
-index c0effd37..2f753be7 100644
---- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.c
-+++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.c
-@@ -1,6 +1,6 @@
- /** @file
-
-- Copyright (c) 2018-2021, ARM Limited. All rights reserved.<BR>
-+ Copyright (c) 2018 - 2023, ARM Limited. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-@@ -8,8 +8,12 @@
-
- #include <Library/ArmPlatformLib.h>
- #include <Library/BaseLib.h>
-+#include <NeoverseN1Soc.h>
- #include <Ppi/ArmMpCoreInfo.h>
-
-+UINT64 NtFwConfigDtBlob;
-+STATIC NEOVERSEN1SOC_NT_FW_CONFIG_INFO_PPI mNtFwConfigDtInfoPpi;
-+
- STATIC ARM_CORE_INFO mCoreInfoTable[] = {
- { 0x0, 0x0 }, // Cluster 0, Core 0
- { 0x0, 0x1 }, // Cluster 0, Core 1
-@@ -46,6 +50,7 @@ ArmPlatformInitialize (
- IN UINTN MpId
- )
- {
-+ mNtFwConfigDtInfoPpi.NtFwConfigDtAddr = NtFwConfigDtBlob;
- return RETURN_SUCCESS;
- }
-
-@@ -80,6 +85,11 @@ EFI_PEI_PPI_DESCRIPTOR gPlatformPpiTable[] = {
- EFI_PEI_PPI_DESCRIPTOR_PPI,
- &gArmMpCoreInfoPpiGuid,
- &mMpCoreInfoPpi
-+ },
-+ {
-+ EFI_PEI_PPI_DESCRIPTOR_PPI,
-+ &gNtFwConfigDtInfoPpiGuid,
-+ &mNtFwConfigDtInfoPpi
- }
- };
-
-diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.inf b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.inf
-index 96e590cd..78f309c3 100644
---- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.inf
-+++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.inf
-@@ -1,7 +1,7 @@
- ## @file
- # Platform Library for N1Sdp.
- #
--# Copyright (c) 2018-2021, ARM Limited. All rights reserved.<BR>
-+# Copyright (c) 2018 - 2023, ARM Limited. All rights reserved.<BR>
- #
- # SPDX-License-Identifier: BSD-2-Clause-Patent
- #
-@@ -18,10 +18,14 @@
- [Packages]
- ArmPkg/ArmPkg.dec
- ArmPlatformPkg/ArmPlatformPkg.dec
-+ EmbeddedPkg/EmbeddedPkg.dec
- MdeModulePkg/MdeModulePkg.dec
- MdePkg/MdePkg.dec
- Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec
-
-+[LibraryClasses]
-+ FdtLib
-+
- [Sources.common]
- PlatformLibMem.c
- PlatformLib.c
-@@ -59,7 +63,9 @@
- gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
-
- [Guids]
-+ gArmNeoverseN1SocPlatformInfoDescriptorGuid
- gEfiHobListGuid ## CONSUMES ## SystemTable
-
- [Ppis]
- gArmMpCoreInfoPpiGuid
-+ gNtFwConfigDtInfoPpiGuid
-diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c
-index 339fa07b..1d53ec75 100644
---- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c
-+++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c
-@@ -1,6 +1,6 @@
- /** @file
-
-- Copyright (c) 2018 - 2021, ARM Limited. All rights reserved.<BR>
-+ Copyright (c) 2018 - 2023, ARM Limited. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-@@ -10,11 +10,95 @@
- #include <Library/DebugLib.h>
- #include <Library/HobLib.h>
- #include <Library/MemoryAllocationLib.h>
-+#include <Library/PeiServicesLib.h>
-+#include <libfdt.h>
- #include <NeoverseN1Soc.h>
-
- // The total number of descriptors, including the final "end-of-table" descriptor.
- #define MAX_VIRTUAL_MEMORY_MAP_DESCRIPTORS 19
-
-+/** A helper function to locate the NtFwConfig PPI and get the base address of
-+ NT_FW_CONFIG DT from which values are obtained using FDT helper functions.
-+
-+ @param [out] plat_info Pointer to the NeoverseN1Soc PLATFORM_INFO HOB
-+
-+ @retval EFI_SUCCESS Success.
-+ returns EFI_INVALID_PARAMETER A parameter is invalid.
-+**/
-+EFI_STATUS
-+GetNeoverseN1SocPlatInfo (
-+ OUT NEOVERSEN1SOC_PLAT_INFO *plat_info
-+ )
-+{
-+ CONST UINT32 *Property;
-+ INT32 Offset;
-+ CONST VOID *NtFwCfgDtBlob;
-+ NEOVERSEN1SOC_NT_FW_CONFIG_INFO_PPI *NtFwConfigInfoPpi;
-+ EFI_STATUS Status;
-+
-+ Status = PeiServicesLocatePpi (
-+ &gNtFwConfigDtInfoPpiGuid,
-+ 0,
-+ NULL,
-+ (VOID **)&NtFwConfigInfoPpi
-+ );
-+
-+ if (EFI_ERROR (Status)) {
-+ DEBUG ((
-+ DEBUG_ERROR,
-+ "PeiServicesLocatePpi failed with error %r\n",
-+ Status
-+ ));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ NtFwCfgDtBlob = (VOID *)(UINTN)NtFwConfigInfoPpi->NtFwConfigDtAddr;
-+ if (fdt_check_header (NtFwCfgDtBlob) != 0) {
-+ DEBUG ((DEBUG_ERROR, "Invalid DTB file %p passed\n", NtFwCfgDtBlob));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ Offset = fdt_subnode_offset (NtFwCfgDtBlob, 0, "platform-info");
-+ if (Offset == -FDT_ERR_NOTFOUND) {
-+ DEBUG ((DEBUG_ERROR, "Invalid DTB : platform-info node not found\n"));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ Property = fdt_getprop (NtFwCfgDtBlob, Offset, "local-ddr-size", NULL);
-+ if (Property == NULL) {
-+ DEBUG ((DEBUG_ERROR, "local-ddr-size property not found\n"));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ plat_info->LocalDdrSize = fdt32_to_cpu (*Property);
-+
-+ Property = fdt_getprop (NtFwCfgDtBlob, Offset, "remote-ddr-size", NULL);
-+ if (Property == NULL) {
-+ DEBUG ((DEBUG_ERROR, "remote-ddr-size property not found\n"));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ plat_info->RemoteDdrSize = fdt32_to_cpu (*Property);
-+
-+ Property = fdt_getprop (NtFwCfgDtBlob, Offset, "secondary-chip-count", NULL);
-+ if (Property == NULL) {
-+ DEBUG ((DEBUG_ERROR, "secondary-chip-count property not found\n"));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ plat_info->SecondaryChipCount = fdt32_to_cpu (*Property);
-+
-+ Property = fdt_getprop (NtFwCfgDtBlob, Offset, "multichip-mode", NULL);
-+ if (Property == NULL) {
-+ DEBUG ((DEBUG_ERROR, "multichip-mode property not found\n"));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ plat_info->MultichipMode = fdt32_to_cpu (*Property);
-+
-+ return EFI_SUCCESS;
-+}
-+
- /**
- Returns the Virtual Memory Map of the platform.
-
-@@ -36,9 +120,24 @@ ArmPlatformGetVirtualMemoryMap (
- NEOVERSEN1SOC_PLAT_INFO *PlatInfo;
- UINT64 DramBlock2Size;
- UINT64 RemoteDdrSize;
-+ EFI_STATUS Status;
-
- Index = 0;
-- PlatInfo = (NEOVERSEN1SOC_PLAT_INFO *)NEOVERSEN1SOC_PLAT_INFO_STRUCT_BASE;
-+
-+ // Create platform info HOB
-+ PlatInfo = (NEOVERSEN1SOC_PLAT_INFO *)BuildGuidHob (
-+ &gArmNeoverseN1SocPlatformInfoDescriptorGuid,
-+ sizeof (NEOVERSEN1SOC_PLAT_INFO)
-+ );
-+
-+ if (PlatInfo == NULL) {
-+ DEBUG ((DEBUG_ERROR, "Platform HOB is NULL\n"));
-+ ASSERT (FALSE);
-+ return;
-+ }
-+
-+ Status = GetNeoverseN1SocPlatInfo (PlatInfo);
-+ ASSERT (Status == 0);
- DramBlock2Size = ((UINT64)(PlatInfo->LocalDdrSize -
- NEOVERSEN1SOC_DRAM_BLOCK1_SIZE / SIZE_1GB) *
- (UINT64)SIZE_1GB);
-diff --git a/Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec b/Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec
-index d59f25a5..9e257ebd 100644
---- a/Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec
-+++ b/Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec
-@@ -1,7 +1,7 @@
- ## @file
- # Describes the entire platform configuration.
- #
--# Copyright (c) 2018 - 2021, ARM Limited. All rights reserved.<BR>
-+# Copyright (c) 2018 - 2023, ARM Limited. All rights reserved.<BR>
- #
- # SPDX-License-Identifier: BSD-2-Clause-Patent
- #
-@@ -22,6 +22,8 @@
- Include # Root include for the package
-
- [Guids.common]
-+ # ARM NeoverseN1Soc Platform Info descriptor
-+ gArmNeoverseN1SocPlatformInfoDescriptorGuid = { 0x095cb024, 0x1e00, 0x4d6f, { 0xaa, 0x34, 0x4a, 0xf8, 0xaf, 0x0e, 0xad, 0x99 } }
- gArmNeoverseN1SocTokenSpaceGuid = { 0xab93eb78, 0x60d7, 0x4099, { 0xac, 0xeb, 0x6d, 0xb5, 0x02, 0x58, 0x7c, 0x24 } }
-
- [PcdsFixedAtBuild]
-@@ -83,3 +85,6 @@
- gArmNeoverseN1SocTokenSpaceGuid.PcdRemotePcieMmio32Translation|0x40000000000|UINT64|0x0000004F
- gArmNeoverseN1SocTokenSpaceGuid.PcdRemotePcieMmio64Translation|0x40000000000|UINT64|0x00000050
- gArmNeoverseN1SocTokenSpaceGuid.PcdRemotePcieSegmentNumber|2|UINT32|0x00000051
-+
-+[Ppis]
-+ gNtFwConfigDtInfoPpiGuid = { 0xb50dee0e, 0x577f, 0x47fb, { 0x83, 0xd0, 0x41, 0x78, 0x61, 0x8b, 0x33, 0x8a } }
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0002-Platform-ARM-N1Sdp-Modify-the-IRQ-ID-of-Debug-UART-a.patch b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0002-Platform-ARM-N1Sdp-Modify-the-IRQ-ID-of-Debug-UART-a.patch
deleted file mode 100644
index cafc299..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0002-Platform-ARM-N1Sdp-Modify-the-IRQ-ID-of-Debug-UART-a.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 2ccb463274d0c04f1e3253194ea6eee80c31cb49 Mon Sep 17 00:00:00 2001
-From: Himanshu Sharma <Himanshu.Sharma@arm.com>
-Date: Mon, 30 May 2022 10:53:30 +0000
-Subject: [PATCH] Platform/ARM/N1Sdp: Modify the IRQ ID of Debug UART and
- routing it to IOFPGA UART1
-
-In DBG2 table, IRQ ID was set as 0 for the UART. This overwrote the
-IPI0 trigger method to "level", which prevented SGI0 to be enabled
-again after a CPU offline/online cycle.
-
-This patch fixes the above issue by assigning a reserved IRQ ID
-for the Debug UART, other than 0 and also routing it to use IOFPGA
-UART1 by unsharing it from currently using serial terminal.
-
-Upstream-Status: Pending
-Signed-off-by: Adam Johnston <adam.johnston@arm.com>
-Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
-Signed-off-by: Himanshu Sharma <Himanshu.Sharma@arm.com>
-Change-Id: Ib35fecc57f1d8c496135c18dbebd0be0a4b76041
----
- .../ConfigurationManagerDxe/ConfigurationManager.c | 2 +-
- Platform/ARM/N1Sdp/N1SdpPlatform.dsc | 8 ++++----
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c
-index b11c0425..44046a00 100644
---- a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c
-+++ b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c
-@@ -320,7 +320,7 @@ EDKII_PLATFORM_REPOSITORY_INFO N1sdpRepositoryInfo = {
- // Debug Serial Port
- {
- FixedPcdGet64 (PcdSerialDbgRegisterBase), // BaseAddress
-- 0, // Interrupt -unused
-+ 250, // Interrupt (reserved)
- FixedPcdGet64 (PcdSerialDbgUartBaudRate), // BaudRate
- FixedPcdGet32 (PcdSerialDbgUartClkInHz), // Clock
- EFI_ACPI_DBG2_PORT_SUBTYPE_SERIAL_ARM_PL011_UART // Port subtype
-diff --git a/Platform/ARM/N1Sdp/N1SdpPlatform.dsc b/Platform/ARM/N1Sdp/N1SdpPlatform.dsc
-index d04b22d3..676ab677 100644
---- a/Platform/ARM/N1Sdp/N1SdpPlatform.dsc
-+++ b/Platform/ARM/N1Sdp/N1SdpPlatform.dsc
-@@ -4,7 +4,7 @@
- # This provides platform specific component descriptions and libraries that
- # conform to EFI/Framework standards.
- #
--# Copyright (c) 2018 - 2021, ARM Limited. All rights reserved.<BR>
-+# Copyright (c) 2018 - 2023, ARM Limited. All rights reserved.<BR>
- #
- # SPDX-License-Identifier: BSD-2-Clause-Patent
- #
-@@ -136,9 +136,9 @@
- gArmPlatformTokenSpaceGuid.PL011UartInterrupt|95
-
- # PL011 Serial Debug UART (DBG2)
-- gArmPlatformTokenSpaceGuid.PcdSerialDbgRegisterBase|gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase
-- gArmPlatformTokenSpaceGuid.PcdSerialDbgUartBaudRate|gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate
-- gArmPlatformTokenSpaceGuid.PcdSerialDbgUartClkInHz|50000000
-+ gArmPlatformTokenSpaceGuid.PcdSerialDbgRegisterBase|0x1C0A0000
-+ gArmPlatformTokenSpaceGuid.PcdSerialDbgUartBaudRate|115200
-+ gArmPlatformTokenSpaceGuid.PcdSerialDbgUartClkInHz|24000000
-
- # SBSA Watchdog
- gArmTokenSpaceGuid.PcdGenericWatchdogEl2IntrNum|93
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0003-Silicon-ARM-NeoverseN1Soc-Enable-SCP-QSPI-flash-regi.patch b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0003-Silicon-ARM-NeoverseN1Soc-Enable-SCP-QSPI-flash-regi.patch
deleted file mode 100644
index 264d262..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0003-Silicon-ARM-NeoverseN1Soc-Enable-SCP-QSPI-flash-regi.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From e4b0fced6f3fd3c8ce5ab4d3aae97b880e7e07b0 Mon Sep 17 00:00:00 2001
-From: sahil <sahil@arm.com>
-Date: Mon, 2 May 2022 17:43:17 +0530
-Subject: [PATCH] Silicon/ARM/NeoverseN1Soc: Enable SCP QSPI flash region
-
-Enable SCP QSPI flash region access by adding it in the PlatformLibMem
-
-Upstream-Status: Pending
-Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
-Signed-off-by: sahil <sahil@arm.com>
-Change-Id: I3ff832746ca94974ed72309eebe00e0024c47005
----
- Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h | 4 ++++
- .../NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c | 8 +++++++-
- 2 files changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h b/Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h
-index 4966011e..c7219136 100644
---- a/Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h
-+++ b/Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h
-@@ -41,6 +41,10 @@
- #define NEOVERSEN1SOC_EXP_PERIPH_BASE0 0x1C000000
- #define NEOVERSEN1SOC_EXP_PERIPH_BASE0_SZ 0x1300000
-
-+// SCP QSPI flash device
-+#define NEOVERSEN1SOC_SCP_QSPI_AHB_BASE 0x18000000
-+#define NEOVERSEN1SOC_SCP_QSPI_AHB_SZ 0x2000000
-+
- /*
- * Platform information structure stored in Non-secure SRAM. Platform
- * information are passed from the trusted firmware with the below structure
-diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c
-index 5cacd437..8bb94074 100644
---- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c
-+++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c
-@@ -15,7 +15,7 @@
- #include <NeoverseN1Soc.h>
-
- // The total number of descriptors, including the final "end-of-table" descriptor.
--#define MAX_VIRTUAL_MEMORY_MAP_DESCRIPTORS 19
-+#define MAX_VIRTUAL_MEMORY_MAP_DESCRIPTORS 20
-
- /** A helper function to locate the NtFwConfig PPI and get the base address of
- NT_FW_CONFIG DT from which values are obtained using FDT helper functions.
-@@ -283,6 +283,12 @@ ArmPlatformGetVirtualMemoryMap (
- VirtualMemoryTable[Index].Length = NEOVERSEN1SOC_EXP_PERIPH_BASE0_SZ;
- VirtualMemoryTable[Index].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_DEVICE;
-
-+ // SCP QSPI flash device
-+ VirtualMemoryTable[++Index].PhysicalBase = NEOVERSEN1SOC_SCP_QSPI_AHB_BASE;
-+ VirtualMemoryTable[Index].VirtualBase = NEOVERSEN1SOC_SCP_QSPI_AHB_BASE;
-+ VirtualMemoryTable[Index].Length = NEOVERSEN1SOC_SCP_QSPI_AHB_SZ;
-+ VirtualMemoryTable[Index].Attributes = ARM_MEMORY_REGION_ATTRIBUTE_DEVICE;
-+
- if (PlatInfo->MultichipMode == 1) {
- //Remote DDR (2GB)
- VirtualMemoryTable[++Index].PhysicalBase = PcdGet64 (PcdExtMemorySpace) +
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0004-Platform-ARM-N1Sdp-NOR-flash-library-for-N1Sdp.patch b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0004-Platform-ARM-N1Sdp-NOR-flash-library-for-N1Sdp.patch
deleted file mode 100644
index eabbaf9..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0004-Platform-ARM-N1Sdp-NOR-flash-library-for-N1Sdp.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From 70e79ba5300f01a13422452c29e26c69042a0c8c Mon Sep 17 00:00:00 2001
-From: sahil <sahil@arm.com>
-Date: Mon, 2 May 2022 18:50:08 +0530
-Subject: [PATCH] Platform/ARM/N1Sdp: NOR flash library for N1Sdp
-
-Add NOR flash library, this library provides APIs for getting the list
-of NOR flash devices on the platform.
-
-Upstream-Status: Pending
-Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
-Signed-off-by: sahil <sahil@arm.com>
-Change-Id: I39ad4143b7fad7e33b3b151a019a74f23e0ed441
----
- .../Library/NorFlashLib/NorFlashLib.c | 52 +++++++++++++++++++
- .../Library/NorFlashLib/NorFlashLib.inf | 36 +++++++++++++
- 2 files changed, 88 insertions(+)
- create mode 100644 Silicon/ARM/NeoverseN1Soc/Library/NorFlashLib/NorFlashLib.c
- create mode 100644 Silicon/ARM/NeoverseN1Soc/Library/NorFlashLib/NorFlashLib.inf
-
-diff --git a/Silicon/ARM/NeoverseN1Soc/Library/NorFlashLib/NorFlashLib.c b/Silicon/ARM/NeoverseN1Soc/Library/NorFlashLib/NorFlashLib.c
-new file mode 100644
-index 00000000..eee3d1c6
---- /dev/null
-+++ b/Silicon/ARM/NeoverseN1Soc/Library/NorFlashLib/NorFlashLib.c
-@@ -0,0 +1,52 @@
-+/** @file
-+ NOR flash lib for N1Sdp
-+
-+ Copyright (c) 2023, ARM Limited. All rights reserved.<BR>
-+
-+ SPDX-License-Identifier: BSD-2-Clause-Patent
-+
-+**/
-+
-+#include <Library/DebugLib.h>
-+#include <Library/IoLib.h>
-+#include <Library/NorFlashPlatformLib.h>
-+#include <NeoverseN1Soc.h>
-+#include <PiDxe.h>
-+
-+#define FW_ENV_REGION_BASE FixedPcdGet32 (PcdFlashNvStorageVariableBase)
-+#define FW_ENV_REGION_SIZE (FixedPcdGet32 (PcdFlashNvStorageVariableSize) + \
-+ FixedPcdGet32 (PcdFlashNvStorageFtwWorkingSize) + \
-+ FixedPcdGet32 (PcdFlashNvStorageFtwSpareSize))
-+
-+STATIC NOR_FLASH_DESCRIPTION mNorFlashDevices[] = {
-+ {
-+ /// Environment variable region
-+ NEOVERSEN1SOC_SCP_QSPI_AHB_BASE, ///< device base
-+ FW_ENV_REGION_BASE, ///< region base
-+ FW_ENV_REGION_SIZE, ///< region size
-+ SIZE_4KB, ///< block size
-+ },
-+};
-+
-+/**
-+ Get NOR flash region info
-+
-+ @param[out] NorFlashDevices NOR flash regions info.
-+ @param[out] Count number of flash instance.
-+
-+ @retval EFI_SUCCESS Success.
-+**/
-+EFI_STATUS
-+NorFlashPlatformGetDevices (
-+ OUT NOR_FLASH_DESCRIPTION **NorFlashDevices,
-+ OUT UINT32 *Count
-+ )
-+{
-+ if ((NorFlashDevices == NULL) || (Count == NULL)) {
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ *NorFlashDevices = mNorFlashDevices;
-+ *Count = ARRAY_SIZE (mNorFlashDevices);
-+ return EFI_SUCCESS;
-+}
-diff --git a/Silicon/ARM/NeoverseN1Soc/Library/NorFlashLib/NorFlashLib.inf b/Silicon/ARM/NeoverseN1Soc/Library/NorFlashLib/NorFlashLib.inf
-new file mode 100644
-index 00000000..784856c8
---- /dev/null
-+++ b/Silicon/ARM/NeoverseN1Soc/Library/NorFlashLib/NorFlashLib.inf
-@@ -0,0 +1,36 @@
-+## @file
-+# NOR flash lib for N1Sdp
-+#
-+# Copyright (c) 2023, ARM Limited. All rights reserved.<BR>
-+#
-+# SPDX-License-Identifier: BSD-2-Clause-Patent
-+#
-+##
-+
-+[Defines]
-+ INF_VERSION = 0x0001001B
-+ BASE_NAME = NorFlashN1SdpLib
-+ FILE_GUID = 7006fcf1-a585-4272-92e3-b286b1dff5bb
-+ MODULE_TYPE = DXE_DRIVER
-+ VERSION_STRING = 1.0
-+ LIBRARY_CLASS = NorFlashPlatformLib
-+
-+[Sources.common]
-+ NorFlashLib.c
-+
-+[Packages]
-+ MdeModulePkg/MdeModulePkg.dec
-+ MdePkg/MdePkg.dec
-+ Platform/ARM/ARM.dec
-+ Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec
-+
-+[LibraryClasses]
-+ BaseLib
-+ DebugLib
-+ IoLib
-+
-+[FixedPcd]
-+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
-+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize
-+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase
-+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0005-Platform-ARM-N1Sdp-NOR-flash-Dxe-Driver-for-N1Sdp.patch b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0005-Platform-ARM-N1Sdp-NOR-flash-Dxe-Driver-for-N1Sdp.patch
deleted file mode 100644
index 1db94e4..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0005-Platform-ARM-N1Sdp-NOR-flash-Dxe-Driver-for-N1Sdp.patch
+++ /dev/null
@@ -1,2538 +0,0 @@
-From 726f4505970c82db1822b127059519044dc496c8 Mon Sep 17 00:00:00 2001
-From: sahil <sahil@arm.com>
-Date: Mon, 2 May 2022 19:00:40 +0530
-Subject: [PATCH] Platform/ARM/N1Sdp: NOR flash Dxe Driver for N1Sdp
-
-Add NOR flash DXE driver, this brings up NV storage on
-QSPI's flash device using FVB protocol.
-
-Upstream-Status: Pending
-Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
-Signed-off-by: sahil <sahil@arm.com>
-Change-Id: Ica383c2be6d1805daa19afd98d28b943816218dd
----
- .../Drivers/CadenceQspiDxe/CadenceQspiDxe.c | 366 +++++++
- .../Drivers/CadenceQspiDxe/CadenceQspiDxe.inf | 70 ++
- .../Drivers/CadenceQspiDxe/CadenceQspiReg.h | 31 +
- .../N1Sdp/Drivers/CadenceQspiDxe/NorFlash.c | 930 ++++++++++++++++++
- .../N1Sdp/Drivers/CadenceQspiDxe/NorFlash.h | 484 +++++++++
- .../Drivers/CadenceQspiDxe/NorFlashFvb.c | 573 +++++++++++
- Platform/ARM/N1Sdp/N1SdpPlatform.dec | 5 +-
- 7 files changed, 2458 insertions(+), 1 deletion(-)
- create mode 100644 Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/CadenceQspiDxe.c
- create mode 100644 Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/CadenceQspiDxe.inf
- create mode 100644 Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/CadenceQspiReg.h
- create mode 100644 Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/NorFlash.c
- create mode 100644 Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/NorFlash.h
- create mode 100644 Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/NorFlashFvb.c
-
-diff --git a/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/CadenceQspiDxe.c b/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/CadenceQspiDxe.c
-new file mode 100644
-index 00000000..fb1dff3e
---- /dev/null
-+++ b/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/CadenceQspiDxe.c
-@@ -0,0 +1,366 @@
-+/** @file
-+ NOR flash DXE
-+
-+ Copyright (c) 2023, ARM Limited. All rights reserved.<BR>
-+
-+ SPDX-License-Identifier: BSD-2-Clause-Patent
-+
-+**/
-+
-+#include <Library/BaseMemoryLib.h>
-+#include <Library/DxeServicesTableLib.h>
-+#include <Library/HobLib.h>
-+#include <Library/MemoryAllocationLib.h>
-+#include <Library/NorFlashInfoLib.h>
-+#include <Library/PcdLib.h>
-+#include <Library/UefiBootServicesTableLib.h>
-+#include <Library/UefiLib.h>
-+#include <Library/UefiRuntimeLib.h>
-+#include <Library/UefiRuntimeServicesTableLib.h>
-+
-+#include "NorFlash.h"
-+
-+STATIC NOR_FLASH_INSTANCE **mNorFlashInstances;
-+STATIC UINT32 mNorFlashDeviceCount;
-+
-+STATIC EFI_EVENT mNorFlashVirtualAddrChangeEvent;
-+
-+/**
-+ Install Fv block onto variable store region
-+
-+ @param[in] Instance Instance of Nor flash variable region.
-+
-+ @retval EFI_SUCCESS The entry point is executed successfully.
-+**/
-+EFI_STATUS
-+EFIAPI
-+NorFlashFvbInitialize (
-+ IN NOR_FLASH_INSTANCE* Instance
-+ )
-+{
-+ EFI_STATUS Status;
-+ UINT32 FvbNumLba;
-+ EFI_BOOT_MODE BootMode;
-+ UINTN RuntimeMmioRegionSize;
-+ UINTN RuntimeMmioDeviceSize;
-+ UINTN BlockSize;
-+
-+ DEBUG ((DEBUG_INFO,"NorFlashFvbInitialize\n"));
-+
-+ BlockSize = Instance->BlockSize;
-+
-+ // FirmwareVolumeHeader->FvLength is declared to have the Variable area
-+ // AND the FTW working area AND the FTW Spare contiguous.
-+ ASSERT (PcdGet32 (PcdFlashNvStorageVariableBase) +
-+ PcdGet32 (PcdFlashNvStorageVariableSize) ==
-+ PcdGet32 (PcdFlashNvStorageFtwWorkingBase));
-+ ASSERT (PcdGet32 (PcdFlashNvStorageFtwWorkingBase) +
-+ PcdGet32 (PcdFlashNvStorageFtwWorkingSize) ==
-+ PcdGet32 (PcdFlashNvStorageFtwSpareBase));
-+
-+ // Check if the size of the area is at least one block size.
-+ ASSERT ((PcdGet32 (PcdFlashNvStorageVariableSize) > 0) &&
-+ (PcdGet32 (PcdFlashNvStorageVariableSize) / BlockSize > 0));
-+ ASSERT ((PcdGet32 (PcdFlashNvStorageFtwWorkingSize) > 0) &&
-+ (PcdGet32 (PcdFlashNvStorageFtwWorkingSize) / BlockSize > 0));
-+ ASSERT ((PcdGet32 (PcdFlashNvStorageFtwSpareSize) > 0) &&
-+ (PcdGet32 (PcdFlashNvStorageFtwSpareSize) / BlockSize > 0));
-+
-+ // Ensure the Variable areas are aligned on block size boundaries.
-+ ASSERT ((PcdGet32 (PcdFlashNvStorageVariableBase) % BlockSize) == 0);
-+ ASSERT ((PcdGet32 (PcdFlashNvStorageFtwWorkingBase) % BlockSize) == 0);
-+ ASSERT ((PcdGet32 (PcdFlashNvStorageFtwSpareBase) % BlockSize) == 0);
-+
-+ Instance->Initialized = TRUE;
-+ mFlashNvStorageVariableBase = FixedPcdGet32 (PcdFlashNvStorageVariableBase);
-+
-+ // Set the index of the first LBA for the FVB.
-+ Instance->StartLba = (PcdGet32 (PcdFlashNvStorageVariableBase) -
-+ Instance->RegionBaseAddress) / BlockSize;
-+
-+ BootMode = GetBootModeHob ();
-+ if (BootMode == BOOT_WITH_DEFAULT_SETTINGS) {
-+ Status = EFI_INVALID_PARAMETER;
-+ } else {
-+ // Determine if there is a valid header at the beginning of the NorFlash.
-+ Status = ValidateFvHeader (Instance);
-+ }
-+
-+ // Install the Default FVB header if required.
-+ if (EFI_ERROR(Status)) {
-+ // There is no valid header, so time to install one.
-+ DEBUG ((DEBUG_INFO, "%a: The FVB Header is not valid.\n", __FUNCTION__));
-+ DEBUG ((DEBUG_INFO, "%a: Installing a correct one for this volume.\n",
-+ __FUNCTION__));
-+
-+ // Erase all the NorFlash that is reserved for variable storage.
-+ FvbNumLba = (PcdGet32 (PcdFlashNvStorageVariableSize) +
-+ PcdGet32 (PcdFlashNvStorageFtwWorkingSize) +
-+ PcdGet32 (PcdFlashNvStorageFtwSpareSize)) /
-+ Instance->BlockSize;
-+
-+ Status = FvbEraseBlocks (
-+ &Instance->FvbProtocol,
-+ (EFI_LBA)0,
-+ FvbNumLba,
-+ EFI_LBA_LIST_TERMINATOR
-+ );
-+ if (EFI_ERROR(Status)) {
-+ return Status;
-+ }
-+
-+ // Install all appropriate headers.
-+ Status = InitializeFvAndVariableStoreHeaders (Instance);
-+ if (EFI_ERROR(Status)) {
-+ return Status;
-+ }
-+
-+ // validate FV header again if FV was created successfully.
-+ Status = ValidateFvHeader (Instance);
-+ if (EFI_ERROR(Status)) {
-+ DEBUG ((DEBUG_ERROR, "ValidateFvHeader is failed \n"));
-+ return Status;
-+ }
-+ }
-+
-+ // The driver implementing the variable read service can now be dispatched;
-+ // the varstore headers are in place.
-+ Status = gBS->InstallProtocolInterface (
-+ &gImageHandle,
-+ &gEdkiiNvVarStoreFormattedGuid,
-+ EFI_NATIVE_INTERFACE,
-+ NULL
-+ );
-+ if (EFI_ERROR (Status)) {
-+ DEBUG ((DEBUG_ERROR,
-+ "%a: Failed to install gEdkiiNvVarStoreFormattedGuid\n",
-+ __FUNCTION__));
-+ return Status;
-+ }
-+
-+ // Declare the Non-Volatile storage as EFI_MEMORY_RUNTIME.
-+ RuntimeMmioRegionSize = Instance->Size;
-+ RuntimeMmioDeviceSize = Instance->RegionBaseAddress - Instance->DeviceBaseAddress;
-+
-+ Status = gDS->AddMemorySpace (
-+ EfiGcdMemoryTypeMemoryMappedIo,
-+ Instance->RegionBaseAddress,
-+ RuntimeMmioRegionSize,
-+ EFI_MEMORY_UC | EFI_MEMORY_RUNTIME
-+ );
-+ ASSERT_EFI_ERROR (Status);
-+
-+ Status = gDS->AddMemorySpace (
-+ EfiGcdMemoryTypeMemoryMappedIo,
-+ Instance->DeviceBaseAddress,
-+ RuntimeMmioDeviceSize,
-+ EFI_MEMORY_UC | EFI_MEMORY_RUNTIME
-+ );
-+ ASSERT_EFI_ERROR (Status);
-+
-+ Status = gDS->SetMemorySpaceAttributes (
-+ Instance->RegionBaseAddress,
-+ RuntimeMmioRegionSize,
-+ EFI_MEMORY_UC | EFI_MEMORY_RUNTIME
-+ );
-+ ASSERT_EFI_ERROR (Status);
-+
-+ Status = gDS->SetMemorySpaceAttributes (
-+ Instance->DeviceBaseAddress,
-+ RuntimeMmioDeviceSize,
-+ EFI_MEMORY_UC | EFI_MEMORY_RUNTIME
-+ );
-+ ASSERT_EFI_ERROR (Status);
-+
-+ return Status;
-+}
-+
-+/**
-+ Fixup internal data so that EFI can be called in virtual mode.
-+ convert any pointers in lib to virtual mode.
-+
-+ @param[in] Event The Event that is being processed
-+ @param[in] Context Event Context
-+**/
-+STATIC
-+VOID
-+EFIAPI
-+NorFlashVirtualNotifyEvent (
-+ IN EFI_EVENT Event,
-+ IN VOID *Context
-+ )
-+{
-+ UINTN Index;
-+
-+ EfiConvertPointer (0x0, (VOID**)&mFlashNvStorageVariableBase);
-+
-+ for (Index = 0; Index < mNorFlashDeviceCount; Index++) {
-+ EfiConvertPointer (0x0,
-+ (VOID**)&mNorFlashInstances[Index]->HostRegisterBaseAddress);
-+ EfiConvertPointer (0x0,
-+ (VOID**)&mNorFlashInstances[Index]->DeviceBaseAddress);
-+ EfiConvertPointer (0x0,
-+ (VOID**)&mNorFlashInstances[Index]->RegionBaseAddress);
-+
-+ // Convert Fvb.
-+ EfiConvertPointer (0x0,
-+ (VOID**)&mNorFlashInstances[Index]->FvbProtocol.EraseBlocks);
-+ EfiConvertPointer (0x0,
-+ (VOID**)&mNorFlashInstances[Index]->FvbProtocol.GetAttributes);
-+ EfiConvertPointer (0x0,
-+ (VOID**)&mNorFlashInstances[Index]->FvbProtocol.GetBlockSize);
-+ EfiConvertPointer (0x0,
-+ (VOID**)&mNorFlashInstances[Index]->FvbProtocol.GetPhysicalAddress);
-+ EfiConvertPointer (0x0,
-+ (VOID**)&mNorFlashInstances[Index]->FvbProtocol.Read);
-+ EfiConvertPointer (0x0,
-+ (VOID**)&mNorFlashInstances[Index]->FvbProtocol.SetAttributes);
-+ EfiConvertPointer (0x0,
-+ (VOID**)&mNorFlashInstances[Index]->FvbProtocol.Write);
-+
-+ if (mNorFlashInstances[Index]->ShadowBuffer != NULL) {
-+ EfiConvertPointer (0x0, (VOID**)&mNorFlashInstances[Index]->ShadowBuffer);
-+ }
-+ }
-+}
-+
-+/**
-+ Entrypoint of Platform Nor flash DXE driver
-+
-+ @param[in] ImageHandle The firmware allocated handle for the EFI image.
-+ @param[in] SystemTable A pointer to the EFI System Table.
-+
-+ @retval EFI_SUCCESS The entry point is executed successfully.
-+**/
-+EFI_STATUS
-+EFIAPI
-+NorFlashInitialise (
-+ IN EFI_HANDLE ImageHandle,
-+ IN EFI_SYSTEM_TABLE *SystemTable
-+ )
-+{
-+ EFI_STATUS Status;
-+ EFI_PHYSICAL_ADDRESS HostRegisterBaseAddress;
-+ UINT32 Index;
-+ NOR_FLASH_DESCRIPTION* NorFlashDevices;
-+ BOOLEAN ContainVariableStorage;
-+
-+ HostRegisterBaseAddress = PcdGet32 (PcdCadenceQspiDxeRegBaseAddress);
-+
-+ Status = gDS->AddMemorySpace (
-+ EfiGcdMemoryTypeMemoryMappedIo,
-+ HostRegisterBaseAddress,
-+ SIZE_64KB,
-+ EFI_MEMORY_UC | EFI_MEMORY_RUNTIME
-+ );
-+ ASSERT_EFI_ERROR (Status);
-+
-+ Status = gDS->SetMemorySpaceAttributes (
-+ HostRegisterBaseAddress,
-+ SIZE_64KB,
-+ EFI_MEMORY_UC | EFI_MEMORY_RUNTIME
-+ );
-+ ASSERT_EFI_ERROR (Status);
-+
-+ // Initialize NOR flash instances.
-+ Status = NorFlashPlatformGetDevices (&NorFlashDevices, &mNorFlashDeviceCount);
-+ if (EFI_ERROR (Status)) {
-+ DEBUG ((DEBUG_ERROR,"NorFlashInitialise: Fail to get Nor Flash devices\n"));
-+ return Status;
-+ }
-+
-+ mNorFlashInstances = AllocateRuntimePool (sizeof (NOR_FLASH_INSTANCE*) *
-+ mNorFlashDeviceCount);
-+
-+ if(mNorFlashInstances == NULL) {
-+ DEBUG ((DEBUG_ERROR,
-+ "NorFlashInitialise: Failed to allocate mem for NorFlashInstance\n"));
-+ return EFI_OUT_OF_RESOURCES;
-+ }
-+
-+ for (Index = 0; Index < mNorFlashDeviceCount; Index++) {
-+ // Check if this NOR Flash device contain the variable storage region.
-+ ContainVariableStorage =
-+ (NorFlashDevices[Index].RegionBaseAddress <=
-+ PcdGet32 (PcdFlashNvStorageVariableBase)) &&
-+ (PcdGet32 (PcdFlashNvStorageVariableBase) +
-+ PcdGet32 (PcdFlashNvStorageVariableSize) <=
-+ NorFlashDevices[Index].RegionBaseAddress + NorFlashDevices[Index].Size);
-+
-+ Status = NorFlashCreateInstance (
-+ HostRegisterBaseAddress,
-+ NorFlashDevices[Index].DeviceBaseAddress,
-+ NorFlashDevices[Index].RegionBaseAddress,
-+ NorFlashDevices[Index].Size,
-+ Index,
-+ NorFlashDevices[Index].BlockSize,
-+ ContainVariableStorage,
-+ &mNorFlashInstances[Index]
-+ );
-+ if (EFI_ERROR (Status)) {
-+ DEBUG ((DEBUG_ERROR,
-+ "NorFlashInitialise: Fail to create instance for NorFlash[%d]\n",
-+ Index));
-+ continue;
-+ }
-+ Status = gBS->InstallMultipleProtocolInterfaces (
-+ &mNorFlashInstances[Index]->Handle,
-+ &gEfiDevicePathProtocolGuid,
-+ &mNorFlashInstances[Index]->DevicePath,
-+ &gEfiFirmwareVolumeBlockProtocolGuid,
-+ &mNorFlashInstances[Index]->FvbProtocol,
-+ NULL
-+ );
-+ ASSERT_EFI_ERROR (Status);
-+ }
-+ // Register for the virtual address change event.
-+ Status = gBS->CreateEventEx (
-+ EVT_NOTIFY_SIGNAL,
-+ TPL_NOTIFY,
-+ NorFlashVirtualNotifyEvent,
-+ NULL,
-+ &gEfiEventVirtualAddressChangeGuid,
-+ &mNorFlashVirtualAddrChangeEvent
-+ );
-+ ASSERT_EFI_ERROR (Status);
-+
-+ return Status;
-+}
-+
-+/**
-+ Lock all pending read/write to Nor flash device
-+
-+ @param[in] Context Nor flash device context structure.
-+**/
-+VOID
-+EFIAPI
-+NorFlashLock (
-+ IN NOR_FLASH_LOCK_CONTEXT *Context
-+ )
-+{
-+ if (!EfiAtRuntime ()) {
-+ // Raise TPL to TPL_HIGH to stop anyone from interrupting us.
-+ Context->OriginalTPL = gBS->RaiseTPL (TPL_HIGH_LEVEL);
-+ } else {
-+ Context->InterruptsEnabled = SaveAndDisableInterrupts ();
-+ }
-+}
-+
-+/**
-+ Unlock all pending read/write to Nor flash device
-+
-+ @param[in] Context Nor flash device context structure.
-+**/
-+VOID
-+EFIAPI
-+NorFlashUnlock (
-+ IN NOR_FLASH_LOCK_CONTEXT *Context
-+ )
-+{
-+ if (!EfiAtRuntime ()) {
-+ // Interruptions can resume.
-+ gBS->RestoreTPL (Context->OriginalTPL);
-+ } else if (Context->InterruptsEnabled) {
-+ SetInterruptState (TRUE);
-+ }
-+}
-diff --git a/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/CadenceQspiDxe.inf b/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/CadenceQspiDxe.inf
-new file mode 100644
-index 00000000..4f20c3ba
---- /dev/null
-+++ b/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/CadenceQspiDxe.inf
-@@ -0,0 +1,70 @@
-+## @file
-+# NOR flash DXE
-+#
-+# Copyright (c) 2023, ARM Limited. All rights reserved.<BR>
-+#
-+# SPDX-License-Identifier: BSD-2-Clause-Patent
-+#
-+##
-+
-+[Defines]
-+ INF_VERSION = 0x0001001B
-+ BASE_NAME = CadenceQspiDxe
-+ FILE_GUID = CC8A9713-4442-4A6C-B389-8B46490A0641
-+ MODULE_TYPE = DXE_RUNTIME_DRIVER
-+ VERSION_STRING = 0.1
-+ ENTRY_POINT = NorFlashInitialise
-+
-+[Sources]
-+ CadenceQspiDxe.c
-+ NorFlash.c
-+ NorFlash.h
-+ NorFlashFvb.c
-+
-+[Packages]
-+ EmbeddedPkg/EmbeddedPkg.dec
-+ MdeModulePkg/MdeModulePkg.dec
-+ MdePkg/MdePkg.dec
-+ Platform/ARM/ARM.dec
-+ Platform/ARM/N1Sdp/N1SdpPlatform.dec
-+
-+[LibraryClasses]
-+ BaseLib
-+ BaseMemoryLib
-+ DebugLib
-+ DevicePathLib
-+ DxeServicesTableLib
-+ HobLib
-+ IoLib
-+ MemoryAllocationLib
-+ NorFlashInfoLib
-+ NorFlashPlatformLib
-+ UefiBootServicesTableLib
-+ UefiDriverEntryPoint
-+ UefiLib
-+ UefiRuntimeLib
-+ UefiRuntimeServicesTableLib
-+
-+[Guids]
-+ gEdkiiNvVarStoreFormattedGuid
-+ gEfiAuthenticatedVariableGuid
-+ gEfiEventVirtualAddressChangeGuid
-+ gEfiSystemNvDataFvGuid
-+ gEfiVariableGuid
-+ gEfiGlobalVariableGuid
-+
-+[Protocols]
-+ gEfiDevicePathProtocolGuid
-+ gEfiFirmwareVolumeBlockProtocolGuid
-+
-+[FixedPcd]
-+ gArmN1SdpTokenSpaceGuid.PcdCadenceQspiDxeRegBaseAddress
-+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase
-+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
-+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase
-+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize
-+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase
-+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
-+
-+[Depex]
-+ gEfiCpuArchProtocolGuid
-diff --git a/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/CadenceQspiReg.h b/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/CadenceQspiReg.h
-new file mode 100644
-index 00000000..fe3b327c
---- /dev/null
-+++ b/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/CadenceQspiReg.h
-@@ -0,0 +1,31 @@
-+/** @file
-+
-+ Copyright (c) 2023, ARM Limited. All rights reserved.<BR>
-+
-+ SPDX-License-Identifier: BSD-2-Clause-Patent
-+
-+**/
-+
-+#ifndef CADENCE_QSPI_REG_H_
-+#define CADENCE_QSPI_REG_H_
-+
-+// QSPI Controller defines
-+#define CDNS_QSPI_FLASH_CMD_CTRL_REG_OFFSET 0x90
-+#define CDNS_QSPI_FLASH_CMD_CTRL_REG_EXECUTE 0x01
-+#define CDNS_QSPI_FLASH_CMD_CTRL_REG_ADDR_ENABLE 0x01
-+#define CDNS_QSPI_FLASH_CMD_CTRL_REG_ADDR_BIT_POS 19
-+#define CDNS_QSPI_FLASH_CMD_CTRL_REG_ADDR_BYTE_BIT_POS 16
-+#define CDNS_QSPI_FLASH_CMD_CTRL_REG_STATUS_BIT 0x02
-+#define CDNS_QSPI_FLASH_CMD_CTRL_REG_ADDR_BYTE_4B 0x03
-+#define CDNS_QSPI_FLASH_CMD_CTRL_REG_ADDR_BYTE_3B 0x02
-+#define CDNS_QSPI_FLASH_CMD_CTRL_REG_OPCODE_BIT_POS 24
-+#define CDNS_QSPI_FLASH_CMD_CTRL_REG_READ_ENABLE 0x01
-+#define CDNS_QSPI_FLASH_CMD_CTRL_REG_READ_BYTE_3B 0x02
-+#define CDNS_QSPI_FLASH_CMD_CTRL_REG_READEN_BIT_POS 23
-+#define CDNS_QSPI_FLASH_CMD_CTRL_REG_READBYTE_BIT_POS 20
-+
-+#define CDNS_QSPI_FLASH_CMD_READ_DATA_REG_OFFSET 0xA0
-+
-+#define CDNS_QSPI_FLASH_CMD_ADDR_REG_OFFSET 0x94
-+
-+#endif /* CADENCE_QSPI_REG_H_ */
-diff --git a/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/NorFlash.c b/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/NorFlash.c
-new file mode 100644
-index 00000000..188c75e2
---- /dev/null
-+++ b/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/NorFlash.c
-@@ -0,0 +1,930 @@
-+/** @file
-+
-+ Copyright (c) 2023 ARM Limited. All rights reserved.<BR>
-+
-+ SPDX-License-Identifier: BSD-2-Clause-Patent
-+
-+**/
-+
-+#include <Library/BaseMemoryLib.h>
-+#include <Library/MemoryAllocationLib.h>
-+#include <Library/NorFlashInfoLib.h>
-+#include <Library/PcdLib.h>
-+#include <Library/UefiBootServicesTableLib.h>
-+#include <Library/UefiLib.h>
-+
-+#include "NorFlash.h"
-+
-+STATIC CONST NOR_FLASH_INSTANCE mNorFlashInstanceTemplate = {
-+ NOR_FLASH_SIGNATURE, // Signature
-+ NULL, // Handle
-+
-+ FALSE, // Initialized
-+ NULL, // Initialize
-+
-+ 0, // HostRegisterBaseAddress
-+ 0, // DeviceBaseAddress
-+ 0, // RegionBaseAddress
-+ 0, // Size
-+ 0, // BlockSize
-+ 0, // LastBlock
-+ 0, // StartLba
-+ 0, // OffsetLba
-+
-+ {
-+ FvbGetAttributes, // GetAttributes
-+ FvbSetAttributes, // SetAttributes
-+ FvbGetPhysicalAddress, // GetPhysicalAddress
-+ FvbGetBlockSize, // GetBlockSize
-+ FvbRead, // Read
-+ FvbWrite, // Write
-+ FvbEraseBlocks, // EraseBlocks
-+ NULL, //ParentHandle
-+ }, // FvbProtoccol;
-+ NULL, // ShadowBuffer
-+
-+ {
-+ {
-+ {
-+ HARDWARE_DEVICE_PATH,
-+ HW_VENDOR_DP,
-+ {
-+ (UINT8)(OFFSET_OF (NOR_FLASH_DEVICE_PATH, End)),
-+ (UINT8)(OFFSET_OF (NOR_FLASH_DEVICE_PATH, End) >> 8)
-+ }
-+ },
-+ { 0x0, 0x0, 0x0, { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 } },
-+ },
-+ 0, // Index
-+
-+ {
-+ END_DEVICE_PATH_TYPE,
-+ END_ENTIRE_DEVICE_PATH_SUBTYPE,
-+ { sizeof (EFI_DEVICE_PATH_PROTOCOL), 0 }
-+ }
-+
-+ }, // DevicePath
-+ 0 // Flags
-+};
-+
-+/**
-+ Execute Flash cmd ctrl and Read Status.
-+
-+ @param[in] Instance NOR flash Instance.
-+ @param[in] Val Value to be written to Flash cmd ctrl Register.
-+
-+ @retval EFI_SUCCESS Request is executed successfully.
-+
-+**/
-+STATIC
-+EFI_STATUS
-+CdnsQspiExecuteCommand (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN UINT32 Val
-+ )
-+{
-+ // Set the command
-+ MmioWrite32 (Instance->HostRegisterBaseAddress + CDNS_QSPI_FLASH_CMD_CTRL_REG_OFFSET,
-+ Val);
-+ // Execute the command
-+ MmioWrite32 (Instance->HostRegisterBaseAddress + CDNS_QSPI_FLASH_CMD_CTRL_REG_OFFSET,
-+ Val | CDNS_QSPI_FLASH_CMD_CTRL_REG_EXECUTE);
-+
-+ // Wait until command has been executed
-+ while ((MmioRead32 (Instance->HostRegisterBaseAddress + CDNS_QSPI_FLASH_CMD_CTRL_REG_OFFSET)
-+ & CDNS_QSPI_FLASH_CMD_CTRL_REG_STATUS_BIT) == CDNS_QSPI_FLASH_CMD_CTRL_REG_STATUS_BIT)
-+ continue;
-+
-+ return EFI_SUCCESS;
-+}
-+
-+/**
-+ Create Nor flash Instance for given region.
-+
-+ @param[in] HostRegisterBase Base address of Nor flash controller.
-+ @param[in] NorFlashDeviceBase Base address of flash device.
-+ @param[in] NorFlashRegionBase Base address of flash region on device.
-+ @param[in] NorFlashSize Size of flash region.
-+ @param[in] Index Index of given flash region.
-+ @param[in] BlockSize Block size of NOR flash device.
-+ @param[in] HasVarStore Boolean set for VarStore on given region.
-+ @param[out] NorFlashInstance Instance of given flash region.
-+
-+ @retval EFI_SUCCESS On successful creation of NOR flash instance.
-+**/
-+EFI_STATUS
-+NorFlashCreateInstance (
-+ IN UINTN HostRegisterBase,
-+ IN UINTN NorFlashDeviceBase,
-+ IN UINTN NorFlashRegionBase,
-+ IN UINTN NorFlashSize,
-+ IN UINT32 Index,
-+ IN UINT32 BlockSize,
-+ IN BOOLEAN HasVarStore,
-+ OUT NOR_FLASH_INSTANCE** NorFlashInstance
-+ )
-+{
-+ EFI_STATUS Status;
-+ NOR_FLASH_INSTANCE* Instance;
-+ NOR_FLASH_INFO *FlashInfo;
-+ UINT8 JedecId[3];
-+
-+ ASSERT(NorFlashInstance != NULL);
-+ Instance = AllocateRuntimeCopyPool (sizeof (mNorFlashInstanceTemplate),
-+ &mNorFlashInstanceTemplate);
-+ if (Instance == NULL) {
-+ return EFI_OUT_OF_RESOURCES;
-+ }
-+
-+ Instance->HostRegisterBaseAddress = HostRegisterBase;
-+ Instance->DeviceBaseAddress = NorFlashDeviceBase;
-+ Instance->RegionBaseAddress = NorFlashRegionBase;
-+ Instance->Size = NorFlashSize;
-+ Instance->BlockSize = BlockSize;
-+ Instance->LastBlock = (NorFlashSize / BlockSize) - 1;
-+
-+ Instance->OffsetLba = (NorFlashRegionBase - NorFlashDeviceBase) / BlockSize;
-+
-+ CopyGuid (&Instance->DevicePath.Vendor.Guid, &gEfiCallerIdGuid);
-+ Instance->DevicePath.Index = (UINT8)Index;
-+
-+ Status = NorFlashReadID (Instance, JedecId);
-+ if (EFI_ERROR (Status)) {
-+ goto FreeInstance;
-+ }
-+
-+ Status = NorFlashGetInfo (JedecId, &FlashInfo, TRUE);
-+ if (EFI_ERROR (Status)) {
-+ goto FreeInstance;
-+ }
-+
-+ NorFlashPrintInfo (FlashInfo);
-+
-+ Instance->Flags = 0;
-+ if (FlashInfo->Flags & NOR_FLASH_WRITE_FSR) {
-+ Instance->Flags = NOR_FLASH_POLL_FSR;
-+ }
-+
-+ Instance->ShadowBuffer = AllocateRuntimePool (BlockSize);
-+ if (Instance->ShadowBuffer == NULL) {
-+ Status = EFI_OUT_OF_RESOURCES;
-+ goto FreeInstance;
-+ }
-+
-+ if (HasVarStore) {
-+ Instance->Initialize = NorFlashFvbInitialize;
-+ }
-+
-+ *NorFlashInstance = Instance;
-+ FreePool (FlashInfo);
-+ return EFI_SUCCESS;
-+
-+FreeInstance:
-+ FreePool (Instance);
-+ return Status;
-+}
-+
-+/**
-+ Check whether NOR flash opertions are Locked.
-+
-+ @param[in] Instance NOR flash Instance.
-+ @param[in] BlockAddress BlockAddress in NOR flash device.
-+
-+ @retval FALSE If NOR flash is not locked.
-+**/
-+STATIC
-+BOOLEAN
-+NorFlashBlockIsLocked (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN UINTN BlockAddress
-+ )
-+{
-+ return FALSE;
-+}
-+
-+/**
-+ Unlock NOR flash operations on given block.
-+
-+ @param[in] Instance NOR flash instance.
-+ @param[in] BlockAddress BlockAddress in NOR flash device.
-+
-+ @retval EFI_SUCCESS NOR flash operations is unlocked.
-+**/
-+STATIC
-+EFI_STATUS
-+NorFlashUnlockSingleBlock (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN UINTN BlockAddress
-+ )
-+{
-+ return EFI_SUCCESS;
-+}
-+
-+/**
-+ Unlock NOR flash operations if it is necessary.
-+
-+ @param[in] Instance NOR flash instance.
-+ @param[in] BlockAddress BlockAddress in NOR flash device.
-+
-+ @retval EFI_SUCCESS Request is executed successfully.
-+**/
-+STATIC
-+EFI_STATUS
-+NorFlashUnlockSingleBlockIfNecessary (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN UINTN BlockAddress
-+ )
-+{
-+ EFI_STATUS Status;
-+
-+ Status = EFI_SUCCESS;
-+
-+ if (!NorFlashBlockIsLocked (Instance, BlockAddress)) {
-+ Status = NorFlashUnlockSingleBlock (Instance, BlockAddress);
-+ }
-+
-+ return Status;
-+}
-+
-+/**
-+ Enable write to NOR flash device.
-+
-+ @param[in] Instance NOR flash instance.
-+
-+ @retval EFI_SUCCESS Request is executed successfully.
-+**/
-+STATIC
-+EFI_STATUS
-+NorFlashEnableWrite (
-+ IN NOR_FLASH_INSTANCE *Instance
-+ )
-+{
-+
-+ UINT32 val;
-+
-+ DEBUG ((DEBUG_INFO, "NorFlashEnableWrite()\n"));
-+ val = (SPINOR_OP_WREN << CDNS_QSPI_FLASH_CMD_CTRL_REG_OPCODE_BIT_POS);
-+ if (EFI_ERROR (CdnsQspiExecuteCommand (Instance, val))) {
-+ return EFI_DEVICE_ERROR;
-+ }
-+
-+ return EFI_SUCCESS;
-+}
-+
-+/**
-+ The following function presumes that the block has already been unlocked.
-+
-+ @param[in] Instance NOR flash instance.
-+ @param[in] BlockAddress Block address within the variable region.
-+
-+ @retval EFI_SUCCESS Request is executed successfully.
-+ **/
-+EFI_STATUS
-+NorFlashEraseSingleBlock (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN UINTN BlockAddress
-+ )
-+{
-+
-+ UINT32 DevConfigVal;
-+ UINT32 EraseOffset;
-+
-+ EraseOffset = 0x0;
-+
-+ DEBUG ((DEBUG_INFO, "NorFlashEraseSingleBlock(BlockAddress=0x%08x)\n",
-+ BlockAddress));
-+
-+ if (EFI_ERROR (NorFlashEnableWrite (Instance))) {
-+ return EFI_DEVICE_ERROR;
-+ }
-+
-+ EraseOffset = BlockAddress - Instance->DeviceBaseAddress;
-+
-+ MmioWrite32 (Instance->HostRegisterBaseAddress + CDNS_QSPI_FLASH_CMD_ADDR_REG_OFFSET,
-+ EraseOffset);
-+
-+ DevConfigVal = SPINOR_OP_BE_4K << CDNS_QSPI_FLASH_CMD_CTRL_REG_OPCODE_BIT_POS |
-+ CDNS_QSPI_FLASH_CMD_CTRL_REG_ADDR_ENABLE << CDNS_QSPI_FLASH_CMD_CTRL_REG_ADDR_BIT_POS |
-+ CDNS_QSPI_FLASH_CMD_CTRL_REG_ADDR_BYTE_3B << CDNS_QSPI_FLASH_CMD_CTRL_REG_ADDR_BYTE_BIT_POS;
-+
-+ if (EFI_ERROR (CdnsQspiExecuteCommand (Instance, DevConfigVal))) {
-+ return EFI_DEVICE_ERROR;
-+ }
-+
-+ return EFI_SUCCESS;
-+}
-+
-+/**
-+ This function unlock and erase an entire NOR Flash block.
-+
-+ @param[in] Instance NOR flash Instance of variable store region.
-+ @param[in] BlockAddress Block address within the variable store region.
-+
-+ @retval EFI_SUCCESS The erase and unlock successfully completed.
-+**/
-+EFI_STATUS
-+NorFlashUnlockAndEraseSingleBlock (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN UINTN BlockAddress
-+ )
-+{
-+ EFI_STATUS Status;
-+ UINTN Index;
-+ NOR_FLASH_LOCK_CONTEXT Lock;
-+ NorFlashLock (&Lock);
-+
-+ Index = 0;
-+ do {
-+ // Unlock the block if we have to
-+ Status = NorFlashUnlockSingleBlockIfNecessary (Instance, BlockAddress);
-+ if (EFI_ERROR (Status)) {
-+ break;
-+ }
-+ Status = NorFlashEraseSingleBlock (Instance, BlockAddress);
-+ if (EFI_ERROR (Status)) {
-+ break;
-+ }
-+ Index++;
-+ } while ((Index < NOR_FLASH_ERASE_RETRY) && (Status == EFI_WRITE_PROTECTED));
-+
-+ if (Index == NOR_FLASH_ERASE_RETRY) {
-+ DEBUG ((DEBUG_ERROR,
-+ "EraseSingleBlock(BlockAddress=0x%08x: Block Locked Error (try to erase %d times)\n",
-+ BlockAddress,Index));
-+ }
-+
-+ NorFlashUnlock (&Lock);
-+
-+ return Status;
-+}
-+
-+/**
-+ Write a single word to given location.
-+
-+ @param[in] Instance NOR flash Instance of variable store region.
-+ @param[in] WordAddress The address in NOR flash to write given word.
-+ @param[in] WriteData The data to write into NOR flash location.
-+
-+ @retval EFI_SUCCESS The write is completed.
-+**/
-+STATIC
-+EFI_STATUS
-+NorFlashWriteSingleWord (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN UINTN WordAddress,
-+ IN UINT32 WriteData
-+ )
-+{
-+ DEBUG ((DEBUG_INFO,
-+ "NorFlashWriteSingleWord(WordAddress=0x%08x, WriteData=0x%08x)\n",
-+ WordAddress, WriteData));
-+
-+ if (EFI_ERROR (NorFlashEnableWrite (Instance))) {
-+ return EFI_DEVICE_ERROR;
-+ }
-+ MmioWrite32 (WordAddress, WriteData);
-+ return EFI_SUCCESS;
-+}
-+
-+/**
-+ Write a full block to given location.
-+
-+ @param[in] Instance NOR flash Instance of variable store region.
-+ @param[in] Lba The logical block address in NOR flash.
-+ @param[in] DataBuffer The data to write into NOR flash location.
-+ @param[in] BlockSizeInWords The number of bytes to write.
-+
-+ @retval EFI_SUCCESS The write is completed.
-+**/
-+STATIC
-+EFI_STATUS
-+NorFlashWriteFullBlock (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN EFI_LBA Lba,
-+ IN UINT32 *DataBuffer,
-+ IN UINT32 BlockSizeInWords
-+ )
-+{
-+ EFI_STATUS Status;
-+ UINTN WordAddress;
-+ UINT32 WordIndex;
-+ UINTN BlockAddress;
-+ NOR_FLASH_LOCK_CONTEXT Lock;
-+
-+ Status = EFI_SUCCESS;
-+
-+ // Get the physical address of the block
-+ BlockAddress = GET_NOR_BLOCK_ADDRESS (Instance->RegionBaseAddress, Lba,
-+ BlockSizeInWords * 4);
-+
-+ // Start writing from the first address at the start of the block
-+ WordAddress = BlockAddress;
-+
-+ NorFlashLock (&Lock);
-+
-+ Status = NorFlashUnlockAndEraseSingleBlock (Instance, BlockAddress);
-+ if (EFI_ERROR (Status)) {
-+ DEBUG ((DEBUG_ERROR,
-+ "WriteSingleBlock: ERROR - Failed to Unlock and Erase the single block at 0x%X\n",
-+ BlockAddress));
-+ goto EXIT;
-+ }
-+
-+ for (WordIndex=0;
-+ WordIndex < BlockSizeInWords;
-+ WordIndex++, DataBuffer++, WordAddress += 4) {
-+ Status = NorFlashWriteSingleWord (Instance, WordAddress, *DataBuffer);
-+ if (EFI_ERROR (Status)) {
-+ goto EXIT;
-+ }
-+ }
-+
-+EXIT:
-+ NorFlashUnlock (&Lock);
-+
-+ if (EFI_ERROR (Status)) {
-+ DEBUG ((DEBUG_ERROR,
-+ "NOR FLASH Programming [WriteSingleBlock] failed at address 0x%08x. Exit Status = %r.\n",
-+ WordAddress, Status));
-+ }
-+ return Status;
-+}
-+
-+/**
-+ Write a full block.
-+
-+ @param[in] Instance NOR flash Instance of variable store region.
-+ @param[in] Lba The starting logical block index.
-+ @param[in] BufferSizeInBytes The number of bytes to read.
-+ @param[in] Buffer The pointer to a caller-allocated buffer that
-+ contains the source for the write.
-+
-+ @retval EFI_SUCCESS The write is completed.
-+**/
-+EFI_STATUS
-+NorFlashWriteBlocks (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN EFI_LBA Lba,
-+ IN UINTN BufferSizeInBytes,
-+ IN VOID *Buffer
-+ )
-+{
-+ UINT32 *pWriteBuffer;
-+ EFI_STATUS Status;
-+ EFI_LBA CurrentBlock;
-+ UINT32 BlockSizeInWords;
-+ UINT32 NumBlocks;
-+ UINT32 BlockCount;
-+
-+ Status = EFI_SUCCESS;
-+ // The buffer must be valid
-+ if (Buffer == NULL) {
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ // We must have some bytes to read
-+ DEBUG ((DEBUG_INFO, "NorFlashWriteBlocks: BufferSizeInBytes=0x%x\n",
-+ BufferSizeInBytes));
-+ if (BufferSizeInBytes == 0) {
-+ return EFI_BAD_BUFFER_SIZE;
-+ }
-+
-+ // The size of the buffer must be a multiple of the block size
-+ DEBUG ((DEBUG_INFO, "NorFlashWriteBlocks: BlockSize in bytes =0x%x\n",
-+ Instance->BlockSize));
-+ if ((BufferSizeInBytes % Instance->BlockSize) != 0) {
-+ return EFI_BAD_BUFFER_SIZE;
-+ }
-+
-+ // All blocks must be within the device
-+ NumBlocks = ((UINT32)BufferSizeInBytes) / Instance->BlockSize;
-+
-+ DEBUG ((DEBUG_INFO,
-+ "NorFlashWriteBlocks: NumBlocks=%d, LastBlock=%ld, Lba=%ld.\n", NumBlocks,
-+ Instance->LastBlock, Lba));
-+
-+ if ((Lba + NumBlocks) > (Instance->LastBlock + 1)) {
-+ DEBUG ((DEBUG_ERROR,
-+ "NorFlashWriteBlocks: ERROR - Write will exceed last block.\n"));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ ASSERT (((UINTN)Buffer % sizeof (UINT32)) == 0);
-+
-+ BlockSizeInWords = Instance->BlockSize / 4;
-+
-+ // Because the target *Buffer is a pointer to VOID, we must put
-+ // all the data into a pointer to a proper data type, so use *ReadBuffer
-+ pWriteBuffer = (UINT32 *)Buffer;
-+
-+ CurrentBlock = Lba;
-+ for (BlockCount = 0;
-+ BlockCount < NumBlocks;
-+ BlockCount++, CurrentBlock++, pWriteBuffer += BlockSizeInWords) {
-+
-+ DEBUG ((DEBUG_INFO, "NorFlashWriteBlocks: Writing block #%d\n",
-+ (UINTN)CurrentBlock));
-+
-+ Status = NorFlashWriteFullBlock (
-+ Instance,
-+ CurrentBlock,
-+ pWriteBuffer,
-+ BlockSizeInWords
-+ );
-+
-+ if (EFI_ERROR (Status)) {
-+ break;
-+ }
-+ }
-+
-+ DEBUG ((DEBUG_INFO, "NorFlashWriteBlocks: Exit Status = %r.\n", Status));
-+ return Status;
-+}
-+
-+/**
-+ Read a full block.
-+
-+ @param[in] Instance NOR flash Instance of variable store region.
-+ @param[in] Lba The starting logical block index to read from.
-+ @param[in] BufferSizeInBytes The number of bytes to read.
-+ @param[out] Buffer The pointer to a caller-allocated buffer that
-+ should be copied with read data.
-+
-+ @retval EFI_SUCCESS The read is completed.
-+**/
-+EFI_STATUS
-+NorFlashReadBlocks (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN EFI_LBA Lba,
-+ IN UINTN BufferSizeInBytes,
-+ OUT VOID *Buffer
-+ )
-+{
-+ UINT32 NumBlocks;
-+ UINTN StartAddress;
-+ DEBUG ((DEBUG_INFO,
-+ "NorFlashReadBlocks: BufferSize=0x%xB BlockSize=0x%xB LastBlock=%ld, Lba=%ld.\n",
-+ BufferSizeInBytes, Instance->BlockSize, Instance->LastBlock,
-+ Lba));
-+
-+ // The buffer must be valid
-+ if (Buffer == NULL) {
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ // Return if we do not have any byte to read
-+ if (BufferSizeInBytes == 0) {
-+ return EFI_SUCCESS;
-+ }
-+
-+ // The size of the buffer must be a multiple of the block size
-+ if ((BufferSizeInBytes % Instance->BlockSize) != 0) {
-+ return EFI_BAD_BUFFER_SIZE;
-+ }
-+
-+ NumBlocks = ((UINT32)BufferSizeInBytes) / Instance->BlockSize;
-+
-+ if ((Lba + NumBlocks) > (Instance->LastBlock + 1)) {
-+ DEBUG ((DEBUG_ERROR,
-+ "NorFlashReadBlocks: ERROR - Read will exceed last block\n"));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ // Get the address to start reading from
-+ StartAddress = GET_NOR_BLOCK_ADDRESS (Instance->RegionBaseAddress, Lba,
-+ Instance->BlockSize);
-+
-+ // Readout the data
-+ CopyMem(Buffer, (UINTN *)StartAddress, BufferSizeInBytes);
-+
-+ return EFI_SUCCESS;
-+}
-+
-+/**
-+ Read from nor flash.
-+
-+ @param[in] Instance NOR flash Instance of variable store region.
-+ @param[in] Lba The starting logical block index to read from.
-+ @param[in] Offset Offset into the block at which to begin reading.
-+ @param[in] BufferSizeInBytes The number of bytes to read.
-+ @param[out] Buffer The pointer to a caller-allocated buffer that
-+ should copied with read data.
-+
-+ @retval EFI_SUCCESS The read is completed.
-+**/
-+EFI_STATUS
-+NorFlashRead (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN EFI_LBA Lba,
-+ IN UINTN Offset,
-+ IN UINTN BufferSizeInBytes,
-+ OUT VOID *Buffer
-+ )
-+{
-+ UINTN StartAddress;
-+ // The buffer must be valid
-+ if (Buffer == NULL) {
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ // Return if we do not have any byte to read
-+ if (BufferSizeInBytes == 0) {
-+ return EFI_SUCCESS;
-+ }
-+
-+ if (((Lba * Instance->BlockSize) + Offset + BufferSizeInBytes) >
-+ Instance->Size) {
-+ DEBUG ((DEBUG_ERROR,
-+ "NorFlashRead: ERROR - Read will exceed device size.\n"));
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ // Get the address to start reading from
-+ StartAddress = GET_NOR_BLOCK_ADDRESS (Instance->RegionBaseAddress, Lba,
-+ Instance->BlockSize);
-+
-+ // Readout the data
-+ CopyMem (Buffer, (UINTN *)(StartAddress + Offset), BufferSizeInBytes);
-+
-+ return EFI_SUCCESS;
-+}
-+
-+/**
-+ Write a full or portion of a block.
-+
-+ @param[in] Instance NOR flash Instance of variable store region.
-+ @param[in] Lba The starting logical block index to write to.
-+ @param[in] Offset Offset into the block at which to begin writing.
-+ @param[in, out] NumBytes The total size of the buffer.
-+ @param[in] Buffer The pointer to a caller-allocated buffer that
-+ contains the source for the write.
-+
-+ @retval EFI_SUCCESS The write is completed.
-+**/
-+EFI_STATUS
-+NorFlashWriteSingleBlock (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN EFI_LBA Lba,
-+ IN UINTN Offset,
-+ IN OUT UINTN *NumBytes,
-+ IN UINT8 *Buffer
-+ )
-+{
-+ EFI_STATUS Status;
-+ UINT32 Tmp;
-+ UINT32 TmpBuf;
-+ UINT32 WordToWrite;
-+ UINT32 Mask;
-+ BOOLEAN DoErase;
-+ UINTN BytesToWrite;
-+ UINTN CurOffset;
-+ UINTN WordAddr;
-+ UINTN BlockSize;
-+ UINTN BlockAddress;
-+ UINTN PrevBlockAddress;
-+
-+ if (Buffer == NULL) {
-+ DEBUG ((DEBUG_ERROR,
-+ "NorFlashWriteSingleBlock: ERROR - Buffer is invalid\n" ));
-+ return EFI_OUT_OF_RESOURCES;
-+ }
-+
-+ PrevBlockAddress = 0;
-+ if (!Instance->Initialized && Instance->Initialize) {
-+ Instance->Initialize(Instance);
-+ }
-+
-+ DEBUG ((DEBUG_INFO,
-+ "NorFlashWriteSingleBlock(Parameters: Lba=%ld, Offset=0x%x, *NumBytes=0x%x, Buffer @ 0x%08x)\n",
-+ Lba, Offset, *NumBytes, Buffer));
-+
-+ // Localise the block size to avoid de-referencing pointers all the time
-+ BlockSize = Instance->BlockSize;
-+
-+ // The write must not span block boundaries.
-+ // We need to check each variable individually because adding two large
-+ // values together overflows.
-+ if (Offset >= BlockSize ||
-+ *NumBytes > BlockSize ||
-+ (Offset + *NumBytes) > BlockSize) {
-+ DEBUG ((DEBUG_ERROR,
-+ "NorFlashWriteSingleBlock: ERROR - EFI_BAD_BUFFER_SIZE: (Offset=0x%x + NumBytes=0x%x) > BlockSize=0x%x\n",
-+ Offset, *NumBytes, BlockSize ));
-+ return EFI_BAD_BUFFER_SIZE;
-+ }
-+
-+ // We must have some bytes to write
-+ if (*NumBytes == 0) {
-+ DEBUG ((DEBUG_ERROR,
-+ "NorFlashWriteSingleBlock: ERROR - EFI_BAD_BUFFER_SIZE: (Offset=0x%x + NumBytes=0x%x) > BlockSize=0x%x\n",
-+ Offset, *NumBytes, BlockSize ));
-+ return EFI_BAD_BUFFER_SIZE;
-+ }
-+
-+ // Pick 128bytes as a good start for word operations as opposed to erasing the
-+ // block and writing the data regardless if an erase is really needed.
-+ // It looks like most individual NV variable writes are smaller than 128bytes.
-+ if (*NumBytes <= 128) {
-+ // Check to see if we need to erase before programming the data into NOR.
-+ // If the destination bits are only changing from 1s to 0s we can just write.
-+ // After a block is erased all bits in the block is set to 1.
-+ // If any byte requires us to erase we just give up and rewrite all of it.
-+ DoErase = FALSE;
-+ BytesToWrite = *NumBytes;
-+ CurOffset = Offset;
-+
-+ while (BytesToWrite > 0) {
-+ // Read full word from NOR, splice as required. A word is the smallest
-+ // unit we can write.
-+ Status = NorFlashRead (
-+ Instance,
-+ Lba,
-+ CurOffset & ~(0x3),
-+ sizeof(Tmp),
-+ &Tmp
-+ );
-+ if (EFI_ERROR (Status)) {
-+ return EFI_DEVICE_ERROR;
-+ }
-+
-+ // Physical address of word in NOR to write.
-+ WordAddr = (CurOffset & ~(0x3)) +
-+ GET_NOR_BLOCK_ADDRESS (Instance->RegionBaseAddress, Lba,
-+ BlockSize);
-+
-+ // The word of data that is to be written.
-+ TmpBuf = ReadUnaligned32 ((UINT32 *)(Buffer + (*NumBytes - BytesToWrite)));
-+
-+ // First do word aligned chunks.
-+ if ((CurOffset & 0x3) == 0) {
-+ if (BytesToWrite >= 4) {
-+ // Is the destination still in 'erased' state?
-+ if (~Tmp != 0) {
-+ // Check to see if we are only changing bits to zero.
-+ if ((Tmp ^ TmpBuf) & TmpBuf) {
-+ DoErase = TRUE;
-+ break;
-+ }
-+ }
-+ // Write this word to NOR
-+ WordToWrite = TmpBuf;
-+ CurOffset += sizeof(TmpBuf);
-+ BytesToWrite -= sizeof(TmpBuf);
-+ } else {
-+ // BytesToWrite < 4. Do small writes and left-overs
-+ Mask = ~((~0) << (BytesToWrite * 8));
-+ // Mask out the bytes we want.
-+ TmpBuf &= Mask;
-+ // Is the destination still in 'erased' state?
-+ if ((Tmp & Mask) != Mask) {
-+ // Check to see if we are only changing bits to zero.
-+ if ((Tmp ^ TmpBuf) & TmpBuf) {
-+ DoErase = TRUE;
-+ break;
-+ }
-+ }
-+ // Merge old and new data. Write merged word to NOR
-+ WordToWrite = (Tmp & ~Mask) | TmpBuf;
-+ CurOffset += BytesToWrite;
-+ BytesToWrite = 0;
-+ }
-+ } else {
-+ // Do multiple words, but starting unaligned.
-+ if (BytesToWrite > (4 - (CurOffset & 0x3))) {
-+ Mask = ((~0) << ((CurOffset & 0x3) * 8));
-+ // Mask out the bytes we want.
-+ TmpBuf &= Mask;
-+ // Is the destination still in 'erased' state?
-+ if ((Tmp & Mask) != Mask) {
-+ // Check to see if we are only changing bits to zero.
-+ if ((Tmp ^ TmpBuf) & TmpBuf) {
-+ DoErase = TRUE;
-+ break;
-+ }
-+ }
-+ // Merge old and new data. Write merged word to NOR
-+ WordToWrite = (Tmp & ~Mask) | TmpBuf;
-+ BytesToWrite -= (4 - (CurOffset & 0x3));
-+ CurOffset += (4 - (CurOffset & 0x3));
-+ } else {
-+ // Unaligned and fits in one word.
-+ Mask = (~((~0) << (BytesToWrite * 8))) << ((CurOffset & 0x3) * 8);
-+ // Mask out the bytes we want.
-+ TmpBuf = (TmpBuf << ((CurOffset & 0x3) * 8)) & Mask;
-+ // Is the destination still in 'erased' state?
-+ if ((Tmp & Mask) != Mask) {
-+ // Check to see if we are only changing bits to zero.
-+ if ((Tmp ^ TmpBuf) & TmpBuf) {
-+ DoErase = TRUE;
-+ break;
-+ }
-+ }
-+ // Merge old and new data. Write merged word to NOR
-+ WordToWrite = (Tmp & ~Mask) | TmpBuf;
-+ CurOffset += BytesToWrite;
-+ BytesToWrite = 0;
-+ }
-+ }
-+
-+ BlockAddress = GET_NOR_BLOCK_ADDRESS (
-+ Instance->RegionBaseAddress,
-+ Lba,
-+ BlockSize
-+ );
-+ if (BlockAddress != PrevBlockAddress) {
-+ Status = NorFlashUnlockSingleBlockIfNecessary (Instance, BlockAddress);
-+ if (EFI_ERROR (Status)) {
-+ return EFI_DEVICE_ERROR;
-+ }
-+ PrevBlockAddress = BlockAddress;
-+ }
-+ Status = NorFlashWriteSingleWord (Instance, WordAddr, WordToWrite);
-+ if (EFI_ERROR (Status)) {
-+ return EFI_DEVICE_ERROR;
-+ }
-+ }
-+ // Exit if we got here and could write all the data. Otherwise do the
-+ // Erase-Write cycle.
-+ if (!DoErase) {
-+ return EFI_SUCCESS;
-+ }
-+ }
-+
-+ // Check we did get some memory. Buffer is BlockSize.
-+ if (Instance->ShadowBuffer == NULL) {
-+ DEBUG ((DEBUG_ERROR, "FvbWrite: ERROR - Buffer not ready\n"));
-+ return EFI_DEVICE_ERROR;
-+ }
-+
-+ // Read NOR Flash data into shadow buffer
-+ Status = NorFlashReadBlocks (
-+ Instance,
-+ Lba,
-+ BlockSize,
-+ Instance->ShadowBuffer
-+ );
-+ if (EFI_ERROR (Status)) {
-+ // Return one of the pre-approved error statuses
-+ return EFI_DEVICE_ERROR;
-+ }
-+
-+ // Put the data at the appropriate location inside the buffer area
-+ CopyMem ((VOID*)((UINTN)Instance->ShadowBuffer + Offset), Buffer, *NumBytes);
-+
-+ // Write the modified buffer back to the NorFlash
-+ Status = NorFlashWriteBlocks (
-+ Instance,
-+ Lba,
-+ BlockSize,
-+ Instance->ShadowBuffer
-+ );
-+ if (EFI_ERROR (Status)) {
-+ // Return one of the pre-approved error statuses
-+ return EFI_DEVICE_ERROR;
-+ }
-+
-+ return EFI_SUCCESS;
-+}
-+
-+/**
-+ Read JEDEC ID of NOR flash device.
-+
-+ @param[in] Instance NOR flash Instance of variable store region.
-+ @param[out] JedecId JEDEC ID of NOR flash device.
-+
-+ @retval EFI_SUCCESS The write is completed.
-+**/
-+EFI_STATUS
-+NorFlashReadID (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ OUT UINT8 JedecId[3]
-+ )
-+{
-+ UINT32 val;
-+ if (Instance == NULL || JedecId == NULL) {
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ val = SPINOR_OP_RDID << CDNS_QSPI_FLASH_CMD_CTRL_REG_OPCODE_BIT_POS |
-+ CDNS_QSPI_FLASH_CMD_CTRL_REG_READ_ENABLE << CDNS_QSPI_FLASH_CMD_CTRL_REG_READEN_BIT_POS |
-+ CDNS_QSPI_FLASH_CMD_CTRL_REG_ADDR_BYTE_3B << CDNS_QSPI_FLASH_CMD_CTRL_REG_READBYTE_BIT_POS;
-+
-+ if (EFI_ERROR (CdnsQspiExecuteCommand (Instance, val))) {
-+ return EFI_DEVICE_ERROR;
-+ }
-+
-+ val = MmioRead32 (Instance->HostRegisterBaseAddress + CDNS_QSPI_FLASH_CMD_READ_DATA_REG_OFFSET);
-+
-+ // Manu.ID field
-+ JedecId[0] = (UINT8) val;
-+ // Type field
-+ JedecId[1] = (UINT8) (val >> 8);
-+ // Capacity field
-+ JedecId[2] = (UINT8) (val >> 16);
-+
-+ DEBUG ((DEBUG_INFO,
-+ "Nor flash detected, Jedec ID, Manu.Id=%x Type=%x Capacity=%x \n",
-+ JedecId[0],JedecId[1],JedecId[2]));
-+
-+ return EFI_SUCCESS;
-+}
-diff --git a/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/NorFlash.h b/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/NorFlash.h
-new file mode 100644
-index 00000000..e720937e
---- /dev/null
-+++ b/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/NorFlash.h
-@@ -0,0 +1,484 @@
-+/** @file
-+
-+ Copyright (c) 2023, ARM Limited. All rights reserved.<BR>
-+
-+ SPDX-License-Identifier: BSD-2-Clause-Patent
-+
-+**/
-+
-+#ifndef NOR_FLASH_DXE_H_
-+#define NOR_FLASH_DXE_H_
-+
-+#include <Guid/EventGroup.h>
-+#include <Library/DebugLib.h>
-+#include <Library/IoLib.h>
-+#include <Library/NorFlashPlatformLib.h>
-+#include <PiDxe.h>
-+#include <Protocol/BlockIo.h>
-+#include <Protocol/DiskIo.h>
-+#include <Protocol/FirmwareVolumeBlock.h>
-+
-+#include "CadenceQspiReg.h"
-+
-+#define NOR_FLASH_ERASE_RETRY 10
-+
-+#define GET_NOR_BLOCK_ADDRESS(BaseAddr, Lba, LbaSize) \
-+ ((BaseAddr) + (UINTN)((Lba) * (LbaSize)))
-+
-+#define NOR_FLASH_SIGNATURE SIGNATURE_32('S', 'n', 'o', 'r')
-+#define INSTANCE_FROM_FVB_THIS(a) CR(a, NOR_FLASH_INSTANCE, FvbProtocol, \
-+ NOR_FLASH_SIGNATURE)
-+
-+#define NOR_FLASH_POLL_FSR BIT0
-+
-+typedef struct _NOR_FLASH_INSTANCE NOR_FLASH_INSTANCE;
-+
-+typedef EFI_STATUS (*NOR_FLASH_INITIALIZE) (NOR_FLASH_INSTANCE* Instance);
-+
-+#pragma pack(1)
-+typedef struct {
-+ VENDOR_DEVICE_PATH Vendor;
-+ UINT8 Index;
-+ EFI_DEVICE_PATH_PROTOCOL End;
-+} NOR_FLASH_DEVICE_PATH;
-+#pragma pack()
-+
-+struct _NOR_FLASH_INSTANCE {
-+ UINT32 Signature;
-+ EFI_HANDLE Handle;
-+
-+ BOOLEAN Initialized;
-+ NOR_FLASH_INITIALIZE Initialize;
-+
-+ UINTN HostRegisterBaseAddress;
-+ UINTN DeviceBaseAddress;
-+ UINTN RegionBaseAddress;
-+ UINTN Size;
-+ UINTN BlockSize;
-+ UINTN LastBlock;
-+ EFI_LBA StartLba;
-+ EFI_LBA OffsetLba;
-+
-+ EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL FvbProtocol;
-+ VOID* ShadowBuffer;
-+
-+ NOR_FLASH_DEVICE_PATH DevicePath;
-+
-+ UINT32 Flags;
-+};
-+
-+typedef struct {
-+ EFI_TPL OriginalTPL;
-+ BOOLEAN InterruptsEnabled;
-+} NOR_FLASH_LOCK_CONTEXT;
-+
-+/**
-+ Lock all pending read/write to Nor flash device
-+
-+ @param[in] Context Nor flash device context structure.
-+**/
-+VOID
-+EFIAPI
-+NorFlashLock (
-+ IN NOR_FLASH_LOCK_CONTEXT *Context
-+ );
-+
-+/**
-+ Unlock all pending read/write to Nor flash device
-+
-+ @param[in] Context Nor flash device context structure.
-+**/
-+VOID
-+EFIAPI
-+NorFlashUnlock (
-+ IN NOR_FLASH_LOCK_CONTEXT *Context
-+ );
-+
-+extern UINTN mFlashNvStorageVariableBase;
-+
-+/**
-+ Create Nor flash Instance for given region.
-+
-+ @param[in] HostRegisterBase Base address of Nor flash controller.
-+ @param[in] NorFlashDeviceBase Base address of flash device.
-+ @param[in] NorFlashRegionBase Base address of flash region on device.
-+ @param[in] NorFlashSize Size of flash region.
-+ @param[in] Index Index of given flash region.
-+ @param[in] BlockSize Block size of NOR flash device.
-+ @param[in] HasVarStore Boolean set for VarStore on given region.
-+ @param[out] NorFlashInstance Instance of given flash region.
-+
-+ @retval EFI_SUCCESS On successful creation of NOR flash instance.
-+**/
-+EFI_STATUS
-+NorFlashCreateInstance (
-+ IN UINTN HostRegisterBase,
-+ IN UINTN NorFlashDeviceBase,
-+ IN UINTN NorFlashRegionBase,
-+ IN UINTN NorFlashSize,
-+ IN UINT32 Index,
-+ IN UINT32 BlockSize,
-+ IN BOOLEAN HasVarStore,
-+ OUT NOR_FLASH_INSTANCE** NorFlashInstance
-+ );
-+
-+/**
-+ Install Fv block on to variable store region
-+
-+ @param[in] Instance Instance of Nor flash variable region.
-+
-+ @retval EFI_SUCCESS The entry point is executed successfully.
-+**/
-+EFI_STATUS
-+EFIAPI
-+NorFlashFvbInitialize (
-+ IN NOR_FLASH_INSTANCE* Instance
-+ );
-+
-+/**
-+ Check the integrity of firmware volume header.
-+
-+ @param[in] Instance Instance of Nor flash variable region.
-+
-+ @retval EFI_SUCCESS The firmware volume is consistent.
-+ @retval EFI_NOT_FOUND The firmware volume has been corrupted.
-+
-+**/
-+EFI_STATUS
-+ValidateFvHeader (
-+ IN NOR_FLASH_INSTANCE *Instance
-+ );
-+
-+/**
-+ Initialize the FV Header and Variable Store Header
-+ to support variable operations.
-+
-+ @param[in] Instance Location to Initialize the headers
-+
-+ @retval EFI_SUCCESS Fv init is done
-+
-+**/
-+EFI_STATUS
-+InitializeFvAndVariableStoreHeaders (
-+ IN NOR_FLASH_INSTANCE *Instance
-+ );
-+
-+/**
-+ Retrieves the attributes and current settings of the block.
-+
-+ @param[in] This Indicates the EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL instance.
-+
-+ @param[out] Attributes Pointer to EFI_FVB_ATTRIBUTES_2 in which the attributes and
-+ current settings are returned.
-+ Type EFI_FVB_ATTRIBUTES_2 is defined in
-+ EFI_FIRMWARE_VOLUME_HEADER.
-+
-+ @retval EFI_SUCCESS The firmware volume attributes were returned.
-+
-+**/
-+EFI_STATUS
-+EFIAPI
-+FvbGetAttributes(
-+ IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This,
-+ OUT EFI_FVB_ATTRIBUTES_2 *Attributes
-+ );
-+
-+/**
-+ Sets configurable firmware volume attributes and returns the
-+ new settings of the firmware volume.
-+
-+
-+ @param[in] This EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL instance.
-+
-+ @param[in, out] Attributes On input, Attributes is a pointer to
-+ EFI_FVB_ATTRIBUTES_2 that contains the desired
-+ firmware volume settings.
-+ On successful return, it contains the new
-+ settings of the firmware volume.
-+
-+ @retval EFI_UNSUPPORTED The firmware volume attributes are not supported.
-+
-+**/
-+EFI_STATUS
-+EFIAPI
-+FvbSetAttributes(
-+ IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This,
-+ IN OUT EFI_FVB_ATTRIBUTES_2 *Attributes
-+ );
-+
-+/**
-+ Retrieves the base address of a memory-mapped firmware volume.
-+ This function should be called only for memory-mapped firmware volumes.
-+
-+ @param[in] This EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL instance.
-+
-+ @param[out] Address Pointer to a caller-allocated
-+ EFI_PHYSICAL_ADDRESS that, on successful
-+ return from GetPhysicalAddress(), contains the
-+ base address of the firmware volume.
-+
-+ @retval EFI_SUCCESS The firmware volume base address was returned.
-+
-+**/
-+EFI_STATUS
-+EFIAPI
-+FvbGetPhysicalAddress(
-+ IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This,
-+ OUT EFI_PHYSICAL_ADDRESS *Address
-+ );
-+
-+/**
-+ Retrieves the size of the requested block.
-+ It also returns the number of additional blocks with the identical size.
-+ The GetBlockSize() function is used to retrieve the block map
-+ (see EFI_FIRMWARE_VOLUME_HEADER).
-+
-+
-+ @param[in] This EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL instance.
-+
-+ @param[in] Lba Indicates the block whose size to return
-+
-+ @param[out] BlockSize Pointer to a caller-allocated UINTN in which
-+ the size of the block is returned.
-+
-+ @param[out] NumberOfBlocks Pointer to a caller-allocated UINTN in
-+ which the number of consecutive blocks,
-+ starting with Lba, is returned. All
-+ blocks in this range have a size of
-+ BlockSize.
-+
-+ @retval EFI_SUCCESS The firmware volume base address was returned.
-+
-+ @retval EFI_INVALID_PARAMETER The requested LBA is out of range.
-+
-+**/
-+EFI_STATUS
-+EFIAPI
-+FvbGetBlockSize(
-+ IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This,
-+ IN EFI_LBA Lba,
-+ OUT UINTN *BlockSize,
-+ OUT UINTN *NumberOfBlocks
-+ );
-+
-+/**
-+ Reads the specified number of bytes into a buffer from the specified block.
-+
-+ The Read() function reads the requested number of bytes from the
-+ requested block and stores them in the provided buffer.
-+
-+ @param[in] This EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL instance.
-+
-+ @param[in] Lba The starting logical block index from which to read
-+
-+ @param[in] Offset Offset into the block at which to begin reading.
-+
-+ @param[in, out] NumBytes Pointer to a UINTN.
-+ At entry, *NumBytes contains the total size of the
-+ buffer. *NumBytes should have a non zero value.
-+ At exit, *NumBytes contains the total number of
-+ bytes read.
-+
-+ @param[in out] Buffer Pointer to a caller-allocated buffer that will be
-+ used to hold the data that is read.
-+
-+ @retval EFI_SUCCESS The firmware volume was read successfully, and
-+ contents are in Buffer.
-+
-+ @retval EFI_BAD_BUFFER_SIZE Read attempted across an LBA boundary.
-+
-+ @retval EFI_DEVICE_ERROR The block device is not functioning correctly and
-+ could not be read.
-+
-+**/
-+EFI_STATUS
-+EFIAPI
-+FvbRead(
-+ IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This,
-+ IN EFI_LBA Lba,
-+ IN UINTN Offset,
-+ IN OUT UINTN *NumBytes,
-+ IN OUT UINT8 *Buffer
-+ );
-+
-+/**
-+ Writes the specified number of bytes from the input buffer to the block.
-+
-+ @param[in] This EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL instance.
-+
-+ @param[in] Lba The starting logical block index to write to.
-+
-+ @param[in] Offset Offset into the block at which to begin writing.
-+
-+ @param[in, out] NumBytes The pointer to a UINTN.
-+ At entry, *NumBytes contains the total size of the
-+ buffer.
-+ At exit, *NumBytes contains the total number of
-+ bytes actually written.
-+
-+ @param[in] Buffer The pointer to a caller-allocated buffer that
-+ contains the source for the write.
-+
-+ @retval EFI_SUCCESS The firmware volume was written successfully.
-+
-+**/
-+EFI_STATUS
-+EFIAPI
-+FvbWrite(
-+ IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This,
-+ IN EFI_LBA Lba,
-+ IN UINTN Offset,
-+ IN OUT UINTN *NumBytes,
-+ IN UINT8 *Buffer
-+ );
-+
-+/**
-+ Erases and initialises a firmware volume block.
-+
-+ @param[in] This EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL
-+
-+ @param[in] ... The variable argument list is a list of tuples.
-+ Each tuple describes a range of LBAs to erase
-+ and consists of the following:
-+ - An EFI_LBA that indicates the starting LBA
-+ - A UINTN that indicates the number of blocks
-+ to erase.
-+
-+ The list is terminated with an
-+ EFI_LBA_LIST_TERMINATOR.
-+
-+ @retval EFI_SUCCESS The erase request successfully completed.
-+
-+ @retval EFI_ACCESS_DENIED The firmware volume is in the WriteDisabled
-+ state.
-+
-+ @retval EFI_DEVICE_ERROR The block device is not functioning correctly
-+ and could not be written.
-+ The firmware device may have been partially
-+ erased.
-+
-+ @retval EFI_INVALID_PARAMETER One or more of the LBAs listed in the variable
-+ argument list do not exist in the firmware
-+ volume.
-+
-+**/
-+EFI_STATUS
-+EFIAPI
-+FvbEraseBlocks(
-+ IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This,
-+ ...
-+ );
-+
-+/**
-+ This function unlock and erase an entire NOR Flash block.
-+
-+ @param[in] Instance NOR flash Instance of variable store region.
-+ @param[in] BlockAddress Block address within the variable store region.
-+
-+ @retval EFI_SUCCESS The erase and unlock successfully completed.
-+**/
-+EFI_STATUS
-+NorFlashUnlockAndEraseSingleBlock (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN UINTN BlockAddress
-+ );
-+
-+/**
-+ Write a full or portion of a block.
-+
-+ @param[in] Instance NOR flash Instance of variable store region.
-+ @param[in] Lba The starting logical block index to write to.
-+ @param[in] Offset Offset into the block at which to begin writing.
-+ @param[in,out] NumBytes The total size of the buffer.
-+ @param[in] Buffer The pointer to a caller-allocated buffer that
-+ contains the source for the write.
-+
-+ @retval EFI_SUCCESS The write is completed.
-+**/
-+EFI_STATUS
-+NorFlashWriteSingleBlock (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN EFI_LBA Lba,
-+ IN UINTN Offset,
-+ IN OUT UINTN *NumBytes,
-+ IN UINT8 *Buffer
-+ );
-+
-+/**
-+ Write a full block.
-+
-+ @param[in] Instance NOR flash Instance of variable store region.
-+ @param[in] Lba The starting logical block index to write to.
-+ @param[in] BufferSizeInBytes The number of bytes to write.
-+ @param[in] Buffer The pointer to a caller-allocated buffer that
-+ contains the source for the write.
-+
-+ @retval EFI_SUCCESS The write is completed.
-+**/
-+EFI_STATUS
-+NorFlashWriteBlocks (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN EFI_LBA Lba,
-+ IN UINTN BufferSizeInBytes,
-+ IN VOID *Buffer
-+ );
-+
-+/**
-+ Read a full block.
-+
-+ @param[in] Instance NOR flash Instance of variable store region.
-+ @param[in] Lba The starting logical block index to read from.
-+ @param[in] BufferSizeInBytes The number of bytes to read.
-+ @param[out] Buffer The pointer to a caller-allocated buffer that
-+ should be copied with read data.
-+
-+ @retval EFI_SUCCESS The read is completed.
-+**/
-+EFI_STATUS
-+NorFlashReadBlocks (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN EFI_LBA Lba,
-+ IN UINTN BufferSizeInBytes,
-+ OUT VOID *Buffer
-+ );
-+
-+/**
-+ Read from nor flash.
-+
-+ @param[in] Instance NOR flash Instance of variable store region.
-+ @param[in] Lba The starting logical block index to read from.
-+ @param[in] Offset Offset into the block at which to begin reading.
-+ @param[in] BufferSizeInBytes The number of bytes to read.
-+ @param[out] Buffer The pointer to a caller-allocated buffer that
-+ should copied with read data.
-+
-+ @retval EFI_SUCCESS The read is completed.
-+**/
-+EFI_STATUS
-+NorFlashRead (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ IN EFI_LBA Lba,
-+ IN UINTN Offset,
-+ IN UINTN BufferSizeInBytes,
-+ OUT VOID *Buffer
-+ );
-+
-+/**
-+ Read JEDEC ID of NOR flash device.
-+
-+ @param[in] Instance NOR flash Instance of variable store region.
-+ @param[out] JedecId JEDEC ID of NOR flash device.
-+
-+ @retval EFI_SUCCESS The write is completed.
-+**/
-+EFI_STATUS
-+NorFlashReadID (
-+ IN NOR_FLASH_INSTANCE *Instance,
-+ OUT UINT8 JedecId[3]
-+ );
-+
-+#define SPINOR_OP_WREN 0x06 // Write enable
-+#define SPINOR_OP_BE_4K 0x20 // Erase 4KiB block
-+#define SPINOR_OP_RDID 0x9f // Read JEDEC ID
-+
-+#endif /* NOR_FLASH_DXE_H_ */
-diff --git a/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/NorFlashFvb.c b/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/NorFlashFvb.c
-new file mode 100644
-index 00000000..edd84c07
---- /dev/null
-+++ b/Platform/ARM/N1Sdp/Drivers/CadenceQspiDxe/NorFlashFvb.c
-@@ -0,0 +1,573 @@
-+/** @file
-+
-+ Copyright (c) 2023, ARM Limited. All rights reserved.<BR>
-+
-+ SPDX-License-Identifier: BSD-2-Clause-Patent
-+
-+**/
-+
-+#include <Guid/VariableFormat.h>
-+#include <Guid/SystemNvDataGuid.h>
-+
-+#include <Library/BaseLib.h>
-+#include <Library/BaseMemoryLib.h>
-+#include <Library/MemoryAllocationLib.h>
-+#include <Library/PcdLib.h>
-+#include <Library/UefiBootServicesTableLib.h>
-+#include <Library/UefiLib.h>
-+
-+#include <PiDxe.h>
-+
-+#include "NorFlash.h"
-+
-+UINTN mFlashNvStorageVariableBase;
-+
-+/**
-+ Initialize the FV Header and Variable Store Header
-+ to support variable operations.
-+
-+ @param[in] Instance Location to initialise the headers.
-+
-+ @retval EFI_SUCCESS Fv init is done.
-+
-+**/
-+EFI_STATUS
-+InitializeFvAndVariableStoreHeaders (
-+ IN NOR_FLASH_INSTANCE *Instance
-+ )
-+{
-+ EFI_STATUS Status;
-+ VOID* Headers;
-+ UINTN HeadersLength;
-+ EFI_FIRMWARE_VOLUME_HEADER *FirmwareVolumeHeader;
-+ VARIABLE_STORE_HEADER *VariableStoreHeader;
-+
-+ if (!Instance->Initialized && Instance->Initialize) {
-+ Instance->Initialize (Instance);
-+ }
-+
-+ HeadersLength = sizeof (EFI_FIRMWARE_VOLUME_HEADER) +
-+ sizeof (EFI_FV_BLOCK_MAP_ENTRY) +
-+ sizeof (VARIABLE_STORE_HEADER);
-+ Headers = AllocateZeroPool (HeadersLength);
-+
-+ FirmwareVolumeHeader = (EFI_FIRMWARE_VOLUME_HEADER*)Headers;
-+ CopyGuid (&FirmwareVolumeHeader->FileSystemGuid, &gEfiSystemNvDataFvGuid);
-+ FirmwareVolumeHeader->FvLength =
-+ PcdGet32 (PcdFlashNvStorageVariableSize) +
-+ PcdGet32 (PcdFlashNvStorageFtwWorkingSize) +
-+ PcdGet32 (PcdFlashNvStorageFtwSpareSize);
-+ FirmwareVolumeHeader->Signature = EFI_FVH_SIGNATURE;
-+ FirmwareVolumeHeader->Attributes = EFI_FVB2_READ_ENABLED_CAP |
-+ EFI_FVB2_READ_STATUS |
-+ EFI_FVB2_STICKY_WRITE |
-+ EFI_FVB2_MEMORY_MAPPED |
-+ EFI_FVB2_ERASE_POLARITY |
-+ EFI_FVB2_WRITE_STATUS |
-+ EFI_FVB2_WRITE_ENABLED_CAP;
-+
-+ FirmwareVolumeHeader->HeaderLength = sizeof (EFI_FIRMWARE_VOLUME_HEADER) +
-+ sizeof (EFI_FV_BLOCK_MAP_ENTRY);
-+ FirmwareVolumeHeader->Revision = EFI_FVH_REVISION;
-+ FirmwareVolumeHeader->BlockMap[0].NumBlocks = Instance->LastBlock + 1;
-+ FirmwareVolumeHeader->BlockMap[0].Length = Instance->BlockSize;
-+ FirmwareVolumeHeader->BlockMap[1].NumBlocks = 0;
-+ FirmwareVolumeHeader->BlockMap[1].Length = 0;
-+ FirmwareVolumeHeader->Checksum = CalculateCheckSum16 (
-+ (UINT16*)FirmwareVolumeHeader,
-+ FirmwareVolumeHeader->HeaderLength);
-+
-+ VariableStoreHeader = (VOID *)((UINTN)Headers +
-+ FirmwareVolumeHeader->HeaderLength);
-+ CopyGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid);
-+ VariableStoreHeader->Size = PcdGet32 (PcdFlashNvStorageVariableSize) -
-+ FirmwareVolumeHeader->HeaderLength;
-+ VariableStoreHeader->Format = VARIABLE_STORE_FORMATTED;
-+ VariableStoreHeader->State = VARIABLE_STORE_HEALTHY;
-+
-+ // Install the combined super-header in the NorFlash
-+ Status = FvbWrite (&Instance->FvbProtocol, 0, 0, &HeadersLength, Headers);
-+
-+ FreePool (Headers);
-+ return Status;
-+}
-+
-+/**
-+ Check the integrity of firmware volume header.
-+
-+ @param[in] Instance Instance of Nor flash variable region.
-+
-+ @retval EFI_SUCCESS The firmware volume is consistent.
-+ @retval EFI_NOT_FOUND The firmware volume has been corrupted.
-+
-+**/
-+EFI_STATUS