diff --git a/conf/layer.conf b/conf/layer.conf index 2e779befca0fb3e5c44c77d98e92f80dc8b98d95..d3cec3783f78bdb42124a4184d0609827545e1f1 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -1,6 +1,6 @@ # SPDX-FileCopyrightText: Copyright (c) 2023, Linaro Limited. # -# SPDX-FileCopyrightText: Copyright 2022-2023 Arm Limited and/or its +# SPDX-FileCopyrightText: Copyright 2022-2024 Arm Limited and/or its # affiliates # # SPDX-License-Identifier: MIT @@ -18,7 +18,7 @@ BBFILES_DYNAMIC += " \ BBFILE_COLLECTIONS += "meta-cassini-bsp" BBFILE_PATTERN_meta-cassini-bsp = "^${LAYERDIR}/" -LAYERSERIES_COMPAT_meta-cassini-bsp = "nanbield" +LAYERSERIES_COMPAT_meta-cassini-bsp = "scarthgap" # Root directory for the meta-cassini-bsp/meta-arm/meta-arm-bsp CASSINI_ARM_BSP_DYNAMIC_DIR := "${LAYERDIR}/meta-arm/meta-arm-bsp" diff --git a/meta-arm/meta-arm-bsp/recipes-core/images/corstone1000-utils-overlay-image.bb b/meta-arm/meta-arm-bsp/recipes-core/images/corstone1000-utils-overlay-image.bb index 47d0b60cd7333cc58a9bc4481b1e218c09a008e9..771e8b5a68811412149e044b1f6dfc593835616e 100644 --- a/meta-arm/meta-arm-bsp/recipes-core/images/corstone1000-utils-overlay-image.bb +++ b/meta-arm/meta-arm-bsp/recipes-core/images/corstone1000-utils-overlay-image.bb @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: Copyright 2023 Arm Limited and/or its +# SPDX-FileCopyrightText: Copyright 2023-2024 Arm Limited and/or its # affiliates # # SPDX-License-Identifier: MIT @@ -9,10 +9,12 @@ DESCRIPTION = "Image used during testing of initramfs based platforms to \ tested" LICENSE = "MIT" -inherit core-image +DEPENDS += "corstone1000-flash-firmware-image" + +inherit image inherit nopackages -PACKAGE_INSTALL = "bmap-tools" +PACKAGE_INSTALL = "bmaptool" IMAGE_FEATURES = "" IMAGE_LINGUAS = "" @@ -20,4 +22,4 @@ IMAGE_LINGUAS = "" IMAGE_ROOTFS_SIZE = "0" IMAGE_ROOTFS_EXTRA_SPACE = "0" -IMAGE_FSTYPES += "tar.bz2" +IMAGE_FSTYPES = "tar.bz2" diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-ts.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-ts.inc deleted file mode 100644 index e4f8c53f158179a187bc2b98eaef6dd9f8a8c2de..0000000000000000000000000000000000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-ts.inc +++ /dev/null @@ -1,17 +0,0 @@ -# SPDX-FileCopyrightText: Copyright 2023 Arm Limited and/or its -# affiliates -# -# SPDX-License-Identifier: MIT - -# Include Trusted Services Secure Partitions according to defined machine features - -# From meta-cassini -require ../trusted-services/ts-uuid.inc - -# Block Storage SP -DEPENDS:append:n1sdp = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ - ' ts-sp-block-storage', '' , d)}" - -# Load Block Storage SP first -SP_PATHS:prepend:n1sdp = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ - ' ${TS_BIN}/${BLOCK_STORAGE_UUID}.stripped.elf', '', d)}" diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_%.bbappend deleted file mode 100644 index 8a215d35fc550b8619d06118f1a0c52e9decbb22..0000000000000000000000000000000000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_%.bbappend +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-FileCopyrightText: Copyright 2023 Arm Limited and/or its -# affiliates -# -# SPDX-License-Identifier: MIT - -# Include Trusted Services Secure Partitions - -require optee-os-ts.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/files/n1sdp/0001-add-boot-order-into-SP-manifest.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/files/n1sdp/0001-add-boot-order-into-SP-manifest.patch new file mode 100644 index 0000000000000000000000000000000000000000..8853dbf8c632ba1f114c0f4589bb6677656ad613 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/files/n1sdp/0001-add-boot-order-into-SP-manifest.patch @@ -0,0 +1,78 @@ +From 9cb4babc2e496a4028bcd75337ea4466563f73ca Mon Sep 17 00:00:00 2001 +From: Emekcan Aras +Date: Wed, 13 Mar 2024 16:44:10 +0000 +Subject: [PATCH] add boot order into SP manifest + +The block storage SP should be loaded before the protected storage and ITS +SP due to block storage dependency. After OP-TEE v4.0, SPs can be loaded +in orderly fashion depending on the boot-order property in the SPs +manifest file. This patch loads SPs in a orderly fashion to make sure +there is no runtime dependency issues. + +Signed-off-by: Emekcan Aras +Upstream-Status: Pending +--- + .../config/default-opteesp/default_block-storage.dts.in | 1 + + deployments/crypto/config/default-opteesp/default_crypto.dts.in | 1 + + .../shared-flash-opteesp/default_internal-trusted-storage.dts.in | 1 + + .../config/shared-flash-opteesp/default_protected-storage.dts.in | 1 + + .../config/default-opteesp/default_smm-gateway.dts.in | 1 + + 5 files changed, 5 insertions(+) + +diff --git a/deployments/block-storage/config/default-opteesp/default_block-storage.dts.in b/deployments/block-storage/config/default-opteesp/default_block-storage.dts.in +index 0a97cb5..4b408ca 100644 +--- a/deployments/block-storage/config/default-opteesp/default_block-storage.dts.in ++++ b/deployments/block-storage/config/default-opteesp/default_block-storage.dts.in +@@ -18,4 +18,5 @@ + messaging-method = <3>; /* Direct messaging only */ + ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */ + elf-format = <1>; ++ boot-order = /bits/ 16 <1>; + }; +diff --git a/deployments/crypto/config/default-opteesp/default_crypto.dts.in b/deployments/crypto/config/default-opteesp/default_crypto.dts.in +index c900636..7d90a88 100644 +--- a/deployments/crypto/config/default-opteesp/default_crypto.dts.in ++++ b/deployments/crypto/config/default-opteesp/default_crypto.dts.in +@@ -18,6 +18,7 @@ + messaging-method = <3>; /* Direct messaging only */ + ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */ + elf-format = <1>; ++ boot-order = /bits/ 16 <4>; + + device-regions { + compatible = "arm,ffa-manifest-device-regions"; +diff --git a/deployments/internal-trusted-storage/config/shared-flash-opteesp/default_internal-trusted-storage.dts.in b/deployments/internal-trusted-storage/config/shared-flash-opteesp/default_internal-trusted-storage.dts.in +index 77d0805..a6ac644 100644 +--- a/deployments/internal-trusted-storage/config/shared-flash-opteesp/default_internal-trusted-storage.dts.in ++++ b/deployments/internal-trusted-storage/config/shared-flash-opteesp/default_internal-trusted-storage.dts.in +@@ -18,4 +18,5 @@ + messaging-method = <3>; /* Direct messaging only */ + ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */ + elf-format = <1>; ++ boot-order = /bits/ 16 <3>; + }; +diff --git a/deployments/protected-storage/config/shared-flash-opteesp/default_protected-storage.dts.in b/deployments/protected-storage/config/shared-flash-opteesp/default_protected-storage.dts.in +index b305fbb..95bd537 100644 +--- a/deployments/protected-storage/config/shared-flash-opteesp/default_protected-storage.dts.in ++++ b/deployments/protected-storage/config/shared-flash-opteesp/default_protected-storage.dts.in +@@ -18,4 +18,5 @@ + messaging-method = <3>; /* Direct messaging only */ + ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */ + elf-format = <1>; ++ boot-order = /bits/ 16 <2>; + }; +diff --git a/deployments/smm-gateway/config/default-opteesp/default_smm-gateway.dts.in b/deployments/smm-gateway/config/default-opteesp/default_smm-gateway.dts.in +index d74c2f3..4803de1 100644 +--- a/deployments/smm-gateway/config/default-opteesp/default_smm-gateway.dts.in ++++ b/deployments/smm-gateway/config/default-opteesp/default_smm-gateway.dts.in +@@ -18,6 +18,7 @@ + messaging-method = <3>; /* Direct messaging only */ + ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */ + elf-format = <1>; ++ boot-order = /bits/ 16 <5>; + + memory-regions { + compatible = "arm,ffa-manifest-memory-regions"; +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-platforms.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-platforms.inc new file mode 100644 index 0000000000000000000000000000000000000000..789311e42f1c84c5fd6b9f4eefd79d8df6a8f9af --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-platforms.inc @@ -0,0 +1,5 @@ +FILESEXTRAPATHS:prepend:n1sdp := "${THISDIR}/files/n1sdp:" + +SRC_URI:append:n1sdp = " \ + file://0001-add-boot-order-into-SP-manifest.patch \ + " diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-attestation_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-attestation_%.bbappend new file mode 100644 index 0000000000000000000000000000000000000000..48d83d79111f3b6abaf0deccf36f1de116ce48f0 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-attestation_%.bbappend @@ -0,0 +1,6 @@ +# SPDX-FileCopyrightText: Copyright 2024 Arm Limited and/or its +# affiliates +# +# SPDX-License-Identifier: MIT + +require ts-platforms.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_%.bbappend new file mode 100644 index 0000000000000000000000000000000000000000..48d83d79111f3b6abaf0deccf36f1de116ce48f0 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_%.bbappend @@ -0,0 +1,6 @@ +# SPDX-FileCopyrightText: Copyright 2024 Arm Limited and/or its +# affiliates +# +# SPDX-License-Identifier: MIT + +require ts-platforms.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_git.bb b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_git.bb deleted file mode 100644 index d1477960bc5888829382def495d1bc9672028857..0000000000000000000000000000000000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_git.bb +++ /dev/null @@ -1,17 +0,0 @@ -# nooelint: oelint.var.mandatoryvar - This recipe has no source files -# -# SPDX-FileCopyrightText: Copyright 2023 Arm Limited and/or its -# affiliates -# -# SPDX-License-Identifier: MIT - -SUMMARY = "Trusted Services block storage service provider" -HOMEPAGE = "https://cassini.readthedocs.io/en/latest/" - -require ts-sp-common.inc -require recipes-security/trusted-services/ts-arm-platforms.inc - -SP_UUID = "${BLOCK_STORAGE_UUID}" -TS_SP_BLOCK_STORAGE_CONFIG ?= "default" - -OECMAKE_SOURCEPATH = "${S}/deployments/block-storage/config/${TS_SP_BLOCK_STORAGE_CONFIG}-${TS_ENV}" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-common.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-common.inc deleted file mode 100644 index 69ccab2fb01eb34905b8dd6c109387637a2d9f98..0000000000000000000000000000000000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-common.inc +++ /dev/null @@ -1,13 +0,0 @@ -# SPDX-FileCopyrightText: Copyright 2023 Arm Limited and/or its -# affiliates -# -# SPDX-License-Identifier: MIT - -# Common part of all Trusted Services SPs recipes - -# From meta-arm -# nooelint: oelint.var.multiinclude - including file is in different layer -require recipes-security/trusted-services/ts-sp-common.inc - -# Local overrides -require ts-uuid.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-crypto_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-crypto_%.bbappend new file mode 100644 index 0000000000000000000000000000000000000000..48d83d79111f3b6abaf0deccf36f1de116ce48f0 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-crypto_%.bbappend @@ -0,0 +1,6 @@ +# SPDX-FileCopyrightText: Copyright 2024 Arm Limited and/or its +# affiliates +# +# SPDX-License-Identifier: MIT + +require ts-platforms.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend index 64215cd535558d89487082dec51ad188d34f6b48..7794851be537330a159459d7803a372803f05d7d 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend @@ -1,7 +1,9 @@ -# SPDX-FileCopyrightText: Copyright 2023 Arm Limited and/or its +# SPDX-FileCopyrightText: Copyright 2023-2024 Arm Limited and/or its # affiliates # # SPDX-License-Identifier: MIT +require ts-platforms.inc + # Override configuration to use block storage service OECMAKE_SOURCEPATH:n1sdp = "${S}/deployments/internal-trusted-storage/config/shared-flash-${TS_ENV}" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend index 2d3e9e98347456916688ed45bb42d4742d054e28..edde7ed562573d34070e7a80f0b03efd8be54d33 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend @@ -1,7 +1,9 @@ -# SPDX-FileCopyrightText: Copyright 2023 Arm Limited and/or its +# SPDX-FileCopyrightText: Copyright 2023-2024 Arm Limited and/or its # affiliates # # SPDX-License-Identifier: MIT +require ts-platforms.inc + # Override configuration to use block storage service OECMAKE_SOURCEPATH:n1sdp = "${S}/deployments/protected-storage/config/shared-flash-${TS_ENV}" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-uuid.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-uuid.inc deleted file mode 100644 index 786a0ead9cf28509b6bc669dde6e1667ff71ddc3..0000000000000000000000000000000000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-uuid.inc +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-FileCopyrightText: Copyright 2023 Arm Limited and/or its -# affiliates -# -# SPDX-License-Identifier: MIT - -# Trusted Services SPs canonical UUIDs - -BLOCK_STORAGE_UUID = "63646e80-eb52-462f-ac4f-8cdf3987519c" diff --git a/qa-checks/cassini-bsp-dictionary b/qa-checks/cassini-bsp-dictionary index ddc56901c2ecd3aabe481535ba1969f842df8622..147a6c216f16cedaecd6b89a75e7ada047cf09fc 100644 --- a/qa-checks/cassini-bsp-dictionary +++ b/qa-checks/cassini-bsp-dictionary @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: Copyright 2023 Arm Limited and/or its +# SPDX-FileCopyrightText: Copyright 2023-2024 Arm Limited and/or its # affiliates # # SPDX-License-Identifier: MIT @@ -14,28 +14,35 @@ buildable BUILDIN cassini cgroups +COMPAT config CONFIG_AUTOFS_FS CONFIG_AUTOFS4_FS configfile corstone cpio +crypto distro DISTROOVERRIDES efidisk eglibc envparse extfs +FILESEXTRAPATHS flashfw fstype +FSTYPES gcsections gettext gitlab gitlab-ciyml gzio homepageping +IMAGE_FSTYPES initscripts kernelcfg +LAYERSERIES +LAYERSERIES_COMPAT LIBC Linaro mandatoryvar @@ -64,10 +71,13 @@ requireinclude requirenotfound RPROVIDER SAST +scarthgap SDHC sourceparams srcurifile suggestedvar +tarbz2 +THISDIR udev unitdir usbgadget