- 13 Mar, 2023 2 commits
-
-
Jon Mason authored
The infrastructure for edk2 and fvp-base is already present, but not being used. Make the changes to get it compiling cleanly, and add it to CI. Note: testing is not passing because edk2 isn't booting an image Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Jon Mason authored
Update to the latest version of EDK2. There is an issue with memory not being initialized and hanging boot. So revert the patch that is causing the issue until the proper solution can be found. Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
- 10 Mar, 2023 3 commits
-
-
Jon Mason authored
Update to the latest version and regenerate the patches via devtool. This causes some patch renumeration to occur, which causes some other modifications. Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Jon Mason authored
optee-os-3_19.inc duplicates optee-os.inc. Remove that and cleanup the fallout. Also, remove unused 3.19 bbappend Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Jon Mason authored
Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
- 07 Mar, 2023 5 commits
-
-
Jon Mason authored
With the removal of fvp-base-arm32, we no longer have test coverage for the external Arm toolchain. Add this to qemuarm-secureboot CI so that there is coverage again. Note: it must be a 32bit machine, since there are currently no aarch64 host toolchains for aarch64 Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Jon Mason authored
fvp-base-arm32 isn't a real machine and supporting it has become hacky. Drop support and remove from meta-arm-bsp Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Jon Mason authored
Update to the latest version of u-boot. This requires removing the new way DRAM is handled, since we don't use dtb the way u-boot is expecting. Also, change the default bootcmd to make things work (as that expects env things as well). Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Jon Mason authored
Add the various kernels available in oe-core, as well as the poky-tiny minimal distribution (which has a minimal kernel config). This necessitated combining some kernel bbappends to have patching coverage for all the variants. Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Jon Mason authored
Make things more obvious by adding yml files for the poky defaults instead of disregarding them in the jobs-to-kas script Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
- 03 Mar, 2023 2 commits
-
-
Abdellatif El Khlifi authored
appending classes garantees no previous values are overriden Signed-off-by:
Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Xueliang Zhong authored
This commit includes : - Rebased and fixed N1SDP kernel PCIe quirk patches to apply on 6.1 kernel Signed-off-by:
Xueliang Zhong <xueliang.zhong@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
- 27 Feb, 2023 1 commit
-
-
Gowtham Suresh Kumar authored
The UEFI capsule generated is in the incorrect build directory. This patch copies it to IMGDEPLOYDIR. Signed-off-by:
Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
- 24 Feb, 2023 6 commits
-
-
Peter Hoyes authored
Mirrors of meta-arm may focus their development on a small subset of MACHINEs so provide the option to restrict the boards that are built on CI using the variable BUILD_ENABLE_REGEX. If set, it conditionally enables builds; if unset there is no change in behavior. This variable could be overridden in a scheduled build, to e.g. build all the MACHINEs weekly. Signed-off-by:
Peter Hoyes <Peter.Hoyes@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Jon Mason authored
Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Jon Mason authored
Update tfa version to v2.8. Also, fiptool uses tfa sources. So, keep it with the rest of tfa to prevent the version from becoming stale. NOTE: tf-a-tests is being held back for corstone1000 due to compilation errors. Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Jon Mason authored
Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Jon Mason authored
Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Jon Mason authored
Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
- 22 Feb, 2023 6 commits
-
-
Peter Hoyes authored
Defining a task called do_deploy in an image recipe causes the license_image bbclass in OE-core to think the recipe is not an image recipe, which causes errors with license information collection if you have an image recipe which depends on an image recipe using this bbclass. To fix this, and to add support for caching the signed binaries, use a single task, do_sign_images (and its setscene task). The implementation is based on deploy.bbclass, so the sstate is responsible for installing the signed binaries in ${DEPLOY_DIR_IMAGE}, but using a different name so that license information collection still works as expected. Signed-off-by:
Peter Hoyes <Peter.Hoyes@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Peter Hoyes authored
To simplify adding support for new versions of TF-M scripts in the future, create a common .inc file with the non-version-specific configuration. Signed-off-by:
Peter Hoyes <Peter.Hoyes@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Peter Hoyes authored
To simplify adding support for new versions of TF-M in the future, create a common .inc file with the non-version-specific configuration. Signed-off-by:
Peter Hoyes <Peter.Hoyes@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Peter Hoyes authored
To try and prevent trusted-firmware-m and trusted-firmware-m-scripts from becoming out of sync in the future, create a common trusted-firmware-m-1.7.0-src.inc which defines all the repositories and their SHAs for both. Include this file in both recipes. Add a SUMMARY and DESCRIPTION to trusted-firmware-m-scripts. Update mbedtls to 3.2.1 (the recommended version for TF-M 1.7.0) Signed-off-by:
Peter Hoyes <Peter.Hoyes@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Peter Hoyes authored
Factor out the image signing arguments in tfm_image_sign.bbclass into its own variable, TFM_IMAGE_SIGN_ARGS, so that it can be customized on a per-machine basis if necessary. Signed-off-by:
Peter Hoyes <Peter.Hoyes@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Peter Hoyes authored
Update the TF-M image signing scripts to use the TF-M 1.7.0 sources, so it is in sync with the TF-M recipe itself. Synchronize the trusted-firmware-m and -scripts Python dependencies with the in-repo requirements.txt files. This requires a recipe to be carried for pyhsslms. 1.7.0 introduces the --measured-boot-record argument to the image signing script, which is required to maintain existing behavior. Add it to the arguments in the tfm_sign_image bbclass. Signed-off-by:
Peter Hoyes <Peter.Hoyes@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
- 21 Feb, 2023 5 commits
-
-
Mohamed Omar Asaker authored
TF-M provides IPC as a SPM backend which gives SPM and each Secure Partition it's own execution context. And provides higher isolation levels. corstone1000 isolation level is 2. Hence, switching to IPC backend. Signed-off-by:
Mohamed Omar Asaker <mohamed.omarasaker@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Mohamed Omar Asaker authored
As Corstone1000 stores at boot time few efi variables. Therefore, number of assets is increased to compansate this early usage. Note: Adding platform customized configs to config_tfm.h More information see: https://tf-m-user-guide.trustedfirmware.org/configuration/header_file_system.html Signed-off-by:
Mohamed Omar Asaker <mohamed.omarasaker@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Mohamed Omar Asaker authored
corstone1000 cryptocell (the HW accelerator) doesn't support SHA384/SHA512 Note: TF-Mv1.7 disables the software fallback Signed-off-by:
Mohamed Omar Asaker <mohamed.omarasaker@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Mohamed Omar Asaker authored
Disable obsolete algorithms in the psa-crypto configs Signed-off-by:
Mohamed Omar Asaker <mohamed.omarasaker@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Mohamed Omar Asaker authored
This change adds patches to align psa crypto client of TS with TF-Mv1.7 running on secure enclave of corstone1000 The patches updating - PSA Crypto SID defines values - psa_ipc_crypto_pack_iovec structure - Fix inputs and outputs passed to in/out_vec to match crypto service expectations Signed-off-by:
Mohamed Omar Asaker <mohamed.omarasaker@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
- 20 Feb, 2023 2 commits
-
-
Ross Burton authored
Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Ross Burton authored
Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
- 16 Feb, 2023 6 commits
-
-
Peter Hoyes authored
Signed-off-by:
Peter Hoyes <Peter.Hoyes@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Peter Hoyes authored
Mirrors of meta-arm may have the persistent cache directory mounted in a different place. To make it easier to configure, define this location using a single $CACHE_DIR variable. Signed-off-by:
Peter Hoyes <Peter.Hoyes@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Ross Burton authored
Add missing recipes to the update report. Signed-off-by:
Ross Burton <ross.burton@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Ross Burton authored
This repository doesn't tag releases, so just track the latest SHA. Signed-off-by:
Ross Burton <ross.burton@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Peter Hoyes authored
IMAGE_TYPES += "wic.nopt" is effective if the bbclass is included using IMAGE_CLASSES, but not if included directly (using inherit) due to file parse ordering. To support applying wic_nopt locally (i.e. for certain image recipes but not others), change to use :append. Signed-off-by:
Peter Hoyes <Peter.Hoyes@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Peter Hoyes authored
To support using the wic_nopt bbclass from BSP layers other than meta-arm-bsp, move it to meta-arm. Signed-off-by:
Peter Hoyes <Peter.Hoyes@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
- 15 Feb, 2023 2 commits
-
-
Gowtham Suresh Kumar authored
This patch uses the json config file for UEFI capsule generation as this is efficient and easily scalable to generate multiple capsules. Signed-off-by:
Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-
Gowtham Suresh Kumar authored
The BBCLASSEXTEND configuration can generate native sdk and target recipes as well. The cp command used in do_install will create host contamination issues for these recipes, so this patch makes the recipe native only. Signed-off-by:
Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> Signed-off-by:
Jon Mason <jon.mason@arm.com>
-