From e48959a92ad14b52e26c31bdf1155df3da31abb6 Mon Sep 17 00:00:00 2001
From: Vikas Katariya <vikas.katariya@arm.com>
Date: Sat, 2 Dec 2023 12:46:45 +0000
Subject: [PATCH 1/5] cassini-[distro,bsp,docs]: Add `wait-online.sh` script to
 base image

Due to limitations of the Corstone-1000 platform, `wait-online.sh`
script can be included as part of Cassini base image instead of
test image only. This tool will be beneficial to the user
if the networking needs to be restarted.

Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>
---
 .../include/corstone1000-mps3-cassini-extra-settings.inc        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/machine/include/corstone1000-mps3-cassini-extra-settings.inc b/conf/machine/include/corstone1000-mps3-cassini-extra-settings.inc
index e77caa5..c824d3c 100644
--- a/conf/machine/include/corstone1000-mps3-cassini-extra-settings.inc
+++ b/conf/machine/include/corstone1000-mps3-cassini-extra-settings.inc
@@ -24,4 +24,4 @@ IMAGE_INSTALL:remove = "k3s-server k3s-integration-tests-ptest"
 KERNEL_CLASSES:remove = "k3s_kernelcfg_check"
 
 # Due to performance limitations, add wait-online helper
-IMAGE_INSTALL:append:cassini-test = "wait-online"
+IMAGE_INSTALL:append:cassini = " wait-online"
-- 
GitLab


From f1816192787c499e0471fb343d03ea8b51d073ad Mon Sep 17 00:00:00 2001
From: Adam Johnston <adam.johnston@arm.com>
Date: Mon, 4 Dec 2023 17:12:25 +0000
Subject: [PATCH 2/5] cassini-[config,bsp]: Enable SE IOCTL logs for
 Corstone-1000 FVP

Enables logs for IOCTL calls to Secure Enclave to increase visibility of
boot flow. This is useful for test/debug on the FVP platform

Signed-off-by: Adam Johnston <adam.johnston@arm.com>
---
 ...gs-for-ioctl-calls-to-secure-enclave.patch | 93 +++++++++++++++++++
 1 file changed, 93 insertions(+)
 create mode 100644 meta-arm/patches/meta-arm/0001-cs1k-enable-logs-for-ioctl-calls-to-secure-enclave.patch

diff --git a/meta-arm/patches/meta-arm/0001-cs1k-enable-logs-for-ioctl-calls-to-secure-enclave.patch b/meta-arm/patches/meta-arm/0001-cs1k-enable-logs-for-ioctl-calls-to-secure-enclave.patch
new file mode 100644
index 0000000..403a12c
--- /dev/null
+++ b/meta-arm/patches/meta-arm/0001-cs1k-enable-logs-for-ioctl-calls-to-secure-enclave.patch
@@ -0,0 +1,93 @@
+From 1f094bd63a86b03637c79a8d928af63917a53577 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Fri, 1 Dec 2023 23:07:37 +0000
+Subject: [PATCH] arm-bsp/trusted-services: Enable logs for IOCTL calls to
+ Secure Enclave
+
+Enables the logs for IOCTL calls to secure-enclave to increase logging and
+visbility of the boot flow.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+---
+ .../0009-enable-logs-for-ioctl-calls.patch    | 56 +++++++++++++++++++
+ .../trusted-services/ts-arm-platforms.inc     |  1 +
+ 2 files changed, 57 insertions(+)
+ create mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-enable-logs-for-ioctl-calls.patch
+
+diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-enable-logs-for-ioctl-calls.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-enable-logs-for-ioctl-calls.patch
+new file mode 100644
+index 00000000..3671157b
+--- /dev/null
++++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-enable-logs-for-ioctl-calls.patch
+@@ -0,0 +1,56 @@
++From dfd125cafe8fbf8aa78634e1c8ce7ed5c33f1704 Mon Sep 17 00:00:00 2001
++From: Emekcan Aras <emekcan.aras@arm.com>
++Date: Sat, 2 Dec 2023 12:00:50 +0000
++Subject: [PATCH] Enable logs for IOCTL calls to Secure Enclave
++
++Enables logs for IOCTL calls to Secure Enclave to increase visibility of boot
++flow.
++
++Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
++---
++ .../capsule_update/provider/capsule_update_provider.c       | 4 +++-
++ .../capsule_update/provider/corstone1000_fmp_service.c      | 6 ++++--
++ 2 files changed, 7 insertions(+), 3 deletions(-)
++
++diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
++index 6809249f..31c3a4fc 100644
++--- a/components/service/capsule_update/provider/capsule_update_provider.c
+++++ b/components/service/capsule_update/provider/capsule_update_provider.c
++@@ -86,10 +86,12 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
++ 		case KERNEL_STARTED_EVENT:
++ 		ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
++ 		/*openamp call with IOCTL for kernel start*/
++-		
+++		EMSG("IOCTL kernel start sent");
++ 		psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
++ 			in_vec,IOVEC_LEN(in_vec), NULL, 0);
+++		EMSG("ACK for IOCTL kernel start received");
++ 		set_fmp_image_info(caller);
+++		EMSG("FMP set_image_info  complete");
++ 		break;
++ 		default:
++ 			EMSG("%s unsupported opcode", __func__);
++diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
++index fe0a0454..95da4bb0 100644
++--- a/components/service/capsule_update/provider/corstone1000_fmp_service.c
+++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
++@@ -253,12 +253,14 @@ static psa_status_t get_image_info(struct rpc_caller *caller)
++     };
++ 
++     memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
++-
+++    EMSG("FMP get_image_info IOCTL sent");
++     psa_call(caller, TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
++ 	     in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++-
+++    EMSG("FMP get_image_info IOCTL call ack received");
++     status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
+++    EMSG("FMP unpack_image_info complete");
++     if (status != PSA_SUCCESS) {
+++	 EMSG("FMP unpack_image_info error");
++ 	return status;
++     }
++ 
++-- 
++2.25.1
++
+diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
+index 3c7e94e6..2d5382af 100644
+--- a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
++++ b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
+@@ -10,6 +10,7 @@ SRC_URI:append:corstone1000  = " \
+     file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch \
+     file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch \
+     file://0008-platform-corstone1000-fix-synchronization-issue.patch \
++    file://0009-enable-logs-for-ioctl-calls.patch \
+     "
+ 
+ 
+-- 
+GitLab
+
-- 
GitLab


From 1479efdf1fa45c11080b37b2ac4e0204a0a38ab8 Mon Sep 17 00:00:00 2001
From: Adam Johnston <adam.johnston@arm.com>
Date: Tue, 12 Dec 2023 15:33:26 +0000
Subject: [PATCH 3/5] cassini-bsp: Use Block Storage SP for Trusted Services on
 N1SDP

Although Block Storage SP is being deployed on the N1SDP it is not yet
being used. Re-configure Internal Trusted Storage and Protected Storage
to use Block Storage SP as a backend.

Changelog: feature
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
---
 .../recipes-security/trusted-services/ts-sp-its_%.bbappend | 7 +++++++
 .../trusted-services/ts-sp-storage_%.bbappend              | 7 +++++++
 2 files changed, 14 insertions(+)
 create mode 100644 meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend
 create mode 100644 meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend

diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend
new file mode 100644
index 0000000..64215cd
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend
@@ -0,0 +1,7 @@
+# SPDX-FileCopyrightText: <text>Copyright 2023 Arm Limited and/or its
+# affiliates <open-source-office@arm.com></text>
+#
+# SPDX-License-Identifier: MIT
+
+# Override configuration to use block storage service
+OECMAKE_SOURCEPATH:n1sdp = "${S}/deployments/internal-trusted-storage/config/shared-flash-${TS_ENV}"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend
new file mode 100644
index 0000000..2d3e9e9
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend
@@ -0,0 +1,7 @@
+# SPDX-FileCopyrightText: <text>Copyright 2023 Arm Limited and/or its
+# affiliates <open-source-office@arm.com></text>
+#
+# SPDX-License-Identifier: MIT
+
+# Override configuration to use block storage service
+OECMAKE_SOURCEPATH:n1sdp = "${S}/deployments/protected-storage/config/shared-flash-${TS_ENV}"
-- 
GitLab


From a556566c79f7b994e9c71dd1f7cf25070ff0fdae Mon Sep 17 00:00:00 2001
From: Adam Johnston <adam.johnston@arm.com>
Date: Tue, 19 Dec 2023 14:33:41 +0000
Subject: [PATCH 4/5] cassini-[bsp,config]: Remove kas patches from
 meta-cassini-bsp

meta-cassini-bsp is about to be separated from meta-cassini.

However meta-cassini-bsp contains out-of-tree patches which kas applies
when fetching upstream layers from other repositories. When
meta-cassini-bsp is removed, these patches will not be found.

Before removing meta-cassini-bsp, move the out-of-layer patches to
meta-cassini-config/kas

BSP-specific out-of-layer patches should be avoided as much as possible
going forwards.

Signed-off-by: Adam Johnston <adam.johnston@arm.com>
---
 ...gs-for-ioctl-calls-to-secure-enclave.patch | 93 -------------------
 1 file changed, 93 deletions(-)
 delete mode 100644 meta-arm/patches/meta-arm/0001-cs1k-enable-logs-for-ioctl-calls-to-secure-enclave.patch

diff --git a/meta-arm/patches/meta-arm/0001-cs1k-enable-logs-for-ioctl-calls-to-secure-enclave.patch b/meta-arm/patches/meta-arm/0001-cs1k-enable-logs-for-ioctl-calls-to-secure-enclave.patch
deleted file mode 100644
index 403a12c..0000000
--- a/meta-arm/patches/meta-arm/0001-cs1k-enable-logs-for-ioctl-calls-to-secure-enclave.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 1f094bd63a86b03637c79a8d928af63917a53577 Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Fri, 1 Dec 2023 23:07:37 +0000
-Subject: [PATCH] arm-bsp/trusted-services: Enable logs for IOCTL calls to
- Secure Enclave
-
-Enables the logs for IOCTL calls to secure-enclave to increase logging and
-visbility of the boot flow.
-
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
----
- .../0009-enable-logs-for-ioctl-calls.patch    | 56 +++++++++++++++++++
- .../trusted-services/ts-arm-platforms.inc     |  1 +
- 2 files changed, 57 insertions(+)
- create mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-enable-logs-for-ioctl-calls.patch
-
-diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-enable-logs-for-ioctl-calls.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-enable-logs-for-ioctl-calls.patch
-new file mode 100644
-index 00000000..3671157b
---- /dev/null
-+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-enable-logs-for-ioctl-calls.patch
-@@ -0,0 +1,56 @@
-+From dfd125cafe8fbf8aa78634e1c8ce7ed5c33f1704 Mon Sep 17 00:00:00 2001
-+From: Emekcan Aras <emekcan.aras@arm.com>
-+Date: Sat, 2 Dec 2023 12:00:50 +0000
-+Subject: [PATCH] Enable logs for IOCTL calls to Secure Enclave
-+
-+Enables logs for IOCTL calls to Secure Enclave to increase visibility of boot
-+flow.
-+
-+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-+---
-+ .../capsule_update/provider/capsule_update_provider.c       | 4 +++-
-+ .../capsule_update/provider/corstone1000_fmp_service.c      | 6 ++++--
-+ 2 files changed, 7 insertions(+), 3 deletions(-)
-+
-+diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
-+index 6809249f..31c3a4fc 100644
-+--- a/components/service/capsule_update/provider/capsule_update_provider.c
-++++ b/components/service/capsule_update/provider/capsule_update_provider.c
-+@@ -86,10 +86,12 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
-+ 		case KERNEL_STARTED_EVENT:
-+ 		ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
-+ 		/*openamp call with IOCTL for kernel start*/
-+-		
-++		EMSG("IOCTL kernel start sent");
-+ 		psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
-+ 			in_vec,IOVEC_LEN(in_vec), NULL, 0);
-++		EMSG("ACK for IOCTL kernel start received");
-+ 		set_fmp_image_info(caller);
-++		EMSG("FMP set_image_info  complete");
-+ 		break;
-+ 		default:
-+ 			EMSG("%s unsupported opcode", __func__);
-+diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-+index fe0a0454..95da4bb0 100644
-+--- a/components/service/capsule_update/provider/corstone1000_fmp_service.c
-++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-+@@ -253,12 +253,14 @@ static psa_status_t get_image_info(struct rpc_caller *caller)
-+     };
-+ 
-+     memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
-+-
-++    EMSG("FMP get_image_info IOCTL sent");
-+     psa_call(caller, TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
-+ 	     in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+-
-++    EMSG("FMP get_image_info IOCTL call ack received");
-+     status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
-++    EMSG("FMP unpack_image_info complete");
-+     if (status != PSA_SUCCESS) {
-++	 EMSG("FMP unpack_image_info error");
-+ 	return status;
-+     }
-+ 
-+-- 
-+2.25.1
-+
-diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
-index 3c7e94e6..2d5382af 100644
---- a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
-+++ b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
-@@ -10,6 +10,7 @@ SRC_URI:append:corstone1000  = " \
-     file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch \
-     file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch \
-     file://0008-platform-corstone1000-fix-synchronization-issue.patch \
-+    file://0009-enable-logs-for-ioctl-calls.patch \
-     "
- 
- 
--- 
-GitLab
-
-- 
GitLab


From 31e8f65ac457a41693b51be384fbb1188896efe1 Mon Sep 17 00:00:00 2001
From: Drew Reed <Drew.Reed@arm.com>
Date: Fri, 22 Dec 2023 10:44:52 +0000
Subject: [PATCH 5/5] bsp: Ensure timeouts don't change other package defaults

The systemd-conf base recipe already contained a file called
system.conf so by adding the same file in the append recipe we were
overwriting the original and installing 2 copies of the same file into
the image.  The file in the append recipe has now been renamed to avoid
this.

Signed-off-by: Drew Reed <Drew.Reed@arm.com>
---
 .../systemd/corstone1000/{system.conf => timeouts.conf}       | 0
 .../meta-arm-bsp/recipes-core/systemd/systemd-conf_%.bbappend | 4 ++--
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename meta-arm/meta-arm-bsp/recipes-core/systemd/corstone1000/{system.conf => timeouts.conf} (100%)

diff --git a/meta-arm/meta-arm-bsp/recipes-core/systemd/corstone1000/system.conf b/meta-arm/meta-arm-bsp/recipes-core/systemd/corstone1000/timeouts.conf
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-core/systemd/corstone1000/system.conf
rename to meta-arm/meta-arm-bsp/recipes-core/systemd/corstone1000/timeouts.conf
diff --git a/meta-arm/meta-arm-bsp/recipes-core/systemd/systemd-conf_%.bbappend b/meta-arm/meta-arm-bsp/recipes-core/systemd/systemd-conf_%.bbappend
index 1ca0633..28399fb 100644
--- a/meta-arm/meta-arm-bsp/recipes-core/systemd/systemd-conf_%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-core/systemd/systemd-conf_%.bbappend
@@ -6,10 +6,10 @@
 FILESEXTRAPATHS:prepend := "${THISDIR}:"
 
 SRC_URI:append:corstone1000 = " \
-    file://system.conf \
+    file://timeouts.conf \
 "
 
 # nooelint: oelint.func.specific - Common name set in Corstone-1000 definitions
 do_install:append:corstone1000() {
-    install -D -m0644 ${WORKDIR}/system.conf ${D}${systemd_system_unitdir}.conf.d/01-${PN}.conf
+    install -D -m0644 ${WORKDIR}/timeouts.conf ${D}${systemd_system_unitdir}.conf.d/01-${PN}.conf
 }
-- 
GitLab