subtree updates
meta-security: b9bc938785..1856a7cf43:
Armin Kuster (1):
scap-security-guide: update to 0.1.69+
Lei Maohui (2):
paxctl: Fix do_package QA Issue.
ccs-tools: Fix do_package QA Issue.
Martin Jansa (1):
layer.conf: update LAYERSERIES_COMPAT for nanbield
Yi Zhao (1):
scap-security-guide: pass the correct cpe/schemas/xsl paths to oscap
meta-arm: 992c07f7c0..bd0953cc60:
Abdellatif El Khlifi (1):
arm-bsp/u-boot: corstone1000: detect the kernel size automatically
Anusmita Dutta Mazumder (5):
arm-bsp/u-boot: corstone1000: add unique firmware GUID
arm-bsp/trusted-firmware-m: corstone1000: add unique firmware GUID
arm-bsp/scp-firmware: Update N1SDP scp-firmware version
arm-bsp/n1sdp: Enable tests with pseudo trusted application
CI: Build custom image for N1SDP optee-xtest
Delane Brandy (1):
arm-bsp/corstone1000: mmc2-enablement
Emekcan Aras (2):
arm-bsp/trusted-firmware-a: corstone1000: Update TF-A v2.9
arm-bsp/optee-os: corstone1000: Update optee-os v3.22
Javier Tia (1):
optee-client: Add path condition to tee-supplicant.service
Jon Mason (14):
arm/trusted-firmware-a: update to 2.9.0
arm-bsp/juno: update kernel to 6.4
arm/linux-yocto: change defconfig patch for 6.4
arm/hafnium: update to v2.8
arm/linux-yocto: update kernel patches
arm/trusted-services: add SRCREV_FORMAT
arm-bsp/tc1: update optee
arm-bsp/fvp-baser-aemv8r64: update u-boot to 2023.01
arm-bsp/corstone500: upgrade u-boot to the latest
arm-bsp/corstone500: removal of support
arm: patch clean-ups
arm/edk2: update to 202305 version
arm/sbsa-acs: update to v7.1.2
arm-bsp/trusted-firmware-a: remove unneeded patches
Mariam Elshakfy (2):
arm-bsp/trusted-firmware-a: Update TF-A version for N1SDP
arm-bsp/n1sdp: Update edk2-firmware version for N1SDP to 202305
Ross Burton (3):
kas/: pass through DISPLAY from environment
Remove explicit SRCPV
arm-bsp/external-system: set PACKAGE_ARCH as this is machine-specific
meta-raspberrypi: 5e2f79a6fa..6501ec892c:
Andrei Gherzan (2):
ci: Add usrmerge to distro features
docs: Fix documentation theme
Sangmo Kang (1):
omxplayer: fix an error caused by new srcrev fetcher API
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.8.bb b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.8.bb
new file mode 100644
index 0000000..5302725
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.8.bb
@@ -0,0 +1,81 @@
+SUMMARY = "Hafnium"
+DESCRIPTION = "A reference Secure Partition Manager (SPM) for systems that implement the Armv8.4-A Secure-EL2 extension"
+DEPENDS = "gn-native ninja-native bison-native bc-native dtc-native openssl-native"
+
+LICENSE = "BSD-3-Clause & GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=782b40c14bad5294672c500501edc103"
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+
+CLANGNATIVE = ""
+CLANGNATIVE:runtime-llvm = "clang-native"
+
+inherit deploy python3native pkgconfig ${CLANGNATIVE}
+
+SRC_URI = "gitsm://git.trustedfirmware.org/hafnium/hafnium.git;protocol=https;branch=master \
+ file://0001-arm-hafnium-fix-kernel-tool-linking.patch \
+ file://0002-Fix-build-with-clang-15.patch \
+ file://0001-Use-pkg-config-native-to-find-the-libssl-headers.patch;patchdir=third_party/linux \
+ file://0001-work-around-visibility-issue.patch;patchdir=third_party/dtc \
+ "
+SRCREV = "b7d27acb9c63a52f8bd8a37d1eee335d4ccfbe93"
+S = "${WORKDIR}/git"
+B = "${WORKDIR}/build"
+
+COMPATIBLE_MACHINE ?= "invalid"
+COMPATIBLE_MACHINE:qemuarm64 = "qemuarm64"
+
+# Default build 'reference'
+HAFNIUM_PROJECT ?= "reference"
+
+# Platform must be set for each machine
+HAFNIUM_PLATFORM ?= "invalid"
+HAFNIUM_PLATFORM:qemuarm64 = "qemu_aarch64"
+
+# do_deploy will install everything listed in this variable. It is set by
+# default to hafnium
+HAFNIUM_INSTALL_TARGET ?= "hafnium"
+
+# set project to build
+EXTRA_OEMAKE += "PROJECT=${HAFNIUM_PROJECT}"
+
+EXTRA_OEMAKE += "OUT_DIR=${B}"
+
+# Don't use prebuilt binaries for gn and ninja
+EXTRA_OEMAKE += "GN=${STAGING_BINDIR_NATIVE}/gn NINJA=${STAGING_BINDIR_NATIVE}/ninja"
+
+do_configure[cleandirs] += "${B}"
+
+do_compile() {
+ oe_runmake -C ${S}
+}
+
+do_install() {
+ cd ${B}/${HAFNIUM_PLATFORM}_clang
+ install -d -m 755 ${D}/firmware
+ for bldfile in ${HAFNIUM_INSTALL_TARGET}; do
+ install -m 0755 $bldfile.bin $bldfile.elf ${D}/firmware/
+ done
+}
+
+FILES:${PN} = "/firmware/*.bin"
+FILES:${PN}-dbg = "/firmware/*.elf"
+SYSROOT_DIRS += "/firmware"
+INSANE_SKIP:${PN} = "ldflags"
+INSANE_SKIP:${PN}-dbg = "ldflags"
+# Build paths are currently embedded
+INSANE_SKIP:${PN}-dbg += "buildpaths"
+
+do_deploy() {
+ cp -rf ${D}/firmware/* ${DEPLOYDIR}/
+}
+addtask deploy after do_install
+
+python() {
+ # https://developer.trustedfirmware.org/T898
+ if d.getVar("BUILD_ARCH") != "x86_64":
+ raise bb.parse.SkipRecipe("Cannot be built on non-x86-64 hosts")
+}
+
+EXCLUDE_FROM_WORLD = "1"