From 6d45e1d7a899597c813077c9a5f4a87f8256b815 Mon Sep 17 00:00:00 2001 From: Ali Can Ozaslan Date: Fri, 10 May 2024 14:52:54 +0000 Subject: [PATCH 1/7] ci: Add new trigger rules * Manual trigger option for meta-cassini pipeline if any different branch is specified. * Trigger meta-cassini pipeline with `none` platform if any CI files have changed on meta-cassini-bsp Signed-off-by: Ali Can Ozaslan --- .gitlab-ci.yml | 2 ++ .gitlab/ci/rules.yml | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 67857c5..7a0d0d9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -47,6 +47,8 @@ trigger-meta-cassini: - !reference [".build-image:rules:common", rules] - !reference [".build-image:rules:n1sdp", rules] - !reference [".build-image:rules:corstone1000", rules] + - !reference [".build-image:rules:manual", rules] + - !reference [".build-image:rules:ci-patterns", rules] trigger: project: $META_CASSINI_PROJECT branch: $META_CASSINI_TARGET_BRANCH diff --git a/.gitlab/ci/rules.yml b/.gitlab/ci/rules.yml index 5420160..637fdfc 100644 --- a/.gitlab/ci/rules.yml +++ b/.gitlab/ci/rules.yml @@ -7,10 +7,17 @@ .if-merge-request-or-push: &if-merge-request-or-push if: '$CI_MERGE_REQUEST_IID || $CI_PIPELINE_SOURCE == "push"' +.if-manual: &if-manual + if: '$CI_PIPELINE_SOURCE == "web"' + .if-no-target-project: &if-no-target-project if: '$META_CASSINI_PROJECT == "" || $META_CASSINI_PROJECT == null' # Changes patterns +.ci-patterns: &ci-patterns + - ".gitlab-ci.yml" + - ".gitlab/ci/rules.yml" + .build-common: &build-common - "grub/**/*" - "meta-security/**/*" @@ -50,6 +57,17 @@ variables: META_CASSINI_BUILD_PLATFORM: 'n1sdp, corstone1000-fvp' +.build-image:rules:ci-patterns: + rules: + - <<: *if-merge-request-or-push + changes: *ci-patterns + variables: + META_CASSINI_BUILD_PLATFORM: 'none' + +.build-image:rules:manual: + rules: + - <<: *if-manual + .build-image:rules:set-target-branch: rules: - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"' -- GitLab From 8d3c77e84967c2d2d859a906a4fa0604e1af16b0 Mon Sep 17 00:00:00 2001 From: Ali Can Ozaslan Date: Fri, 10 May 2024 15:35:30 +0000 Subject: [PATCH 2/7] ci: Add trigger rule for `scarthgap` release Automatically trigger pipeline for the target branch on meta-cassini. Signed-off-by: Ali Can Ozaslan --- .gitlab-ci.yml | 3 ++- .gitlab/ci/rules.yml | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7a0d0d9..0443690 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -13,7 +13,8 @@ variables: META_CASSINI_TARGET_BRANCH: value: none description: Comma separated list of meta-cassini branch to trigger - (none, main, nanbield-dev, mickledore-dev, kirkstone-dev) + (none, main, scarthgap-dev, nanbield-dev, + mickledore-dev, kirkstone-dev) META_CASSINI_BUILD_IMAGE: value: all-images description: Comma separated list of images to build diff --git a/.gitlab/ci/rules.yml b/.gitlab/ci/rules.yml index 637fdfc..a7fc0e9 100644 --- a/.gitlab/ci/rules.yml +++ b/.gitlab/ci/rules.yml @@ -73,6 +73,9 @@ - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"' variables: META_CASSINI_TARGET_BRANCH: 'main' + - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "scarthgap"' + variables: + META_CASSINI_TARGET_BRANCH: 'scarthgap-dev' - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "nanbield"' variables: META_CASSINI_TARGET_BRANCH: 'nanbield-dev' -- GitLab From b4c4a73446cea05d34e13799e5cbffc1438cdd26 Mon Sep 17 00:00:00 2001 From: Ali Can Ozaslan Date: Mon, 13 May 2024 16:05:15 +0000 Subject: [PATCH 3/7] ci: Add variables to the inheritance list Extend the scope of variables for the trigger job which creates a child pipeline. Signed-off-by: Ali Can Ozaslan --- .gitlab-ci.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0443690..9b34184 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -40,7 +40,11 @@ include: trigger-meta-cassini: inherit: - variables: false + variables: + - META_CASSINI_TARGET_BRANCH + - META_CASSINI_BUILD_IMAGE + - META_CASSINI_BUILD_PLATFORM + - META_CASSINI_FORCE_TESTS stage: Build rules: - !reference [".build-image:rules:skip-target-build", rules] -- GitLab From 460d0663165bfeeebcc8999b0b2da1811592897e Mon Sep 17 00:00:00 2001 From: Ali Can Ozaslan Date: Tue, 14 May 2024 15:33:32 +0000 Subject: [PATCH 4/7] ci: Remove obsolete ci rules Remove obsolete file path under build-common rule. Signed-off-by: Ali Can Ozaslan --- .gitlab/ci/rules.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitlab/ci/rules.yml b/.gitlab/ci/rules.yml index a7fc0e9..ca95fab 100644 --- a/.gitlab/ci/rules.yml +++ b/.gitlab/ci/rules.yml @@ -20,7 +20,6 @@ .build-common: &build-common - "grub/**/*" - - "meta-security/**/*" - "conf/layer.conf" .build-n1sdp: &build-n1sdp -- GitLab From d48b2f714b4186e1f7a4ca319eac288260702fea Mon Sep 17 00:00:00 2001 From: Ali Can Ozaslan Date: Tue, 14 May 2024 17:11:02 +0000 Subject: [PATCH 5/7] ci: Fix file path The grub folder exists in `meta-arm/meta-arm-bsp` and only relates to Corstone-1000 changes, therefore correct the path. Signed-off-by: Ali Can Ozaslan --- .gitlab/ci/rules.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitlab/ci/rules.yml b/.gitlab/ci/rules.yml index ca95fab..e9cea56 100644 --- a/.gitlab/ci/rules.yml +++ b/.gitlab/ci/rules.yml @@ -19,7 +19,6 @@ - ".gitlab/ci/rules.yml" .build-common: &build-common - - "grub/**/*" - "conf/layer.conf" .build-n1sdp: &build-n1sdp @@ -29,7 +28,7 @@ .build-corstone1000: &build-corstone1000 - "conf/machine/include/corstone1000-*-cassini-extra-settings.inc" - "conf/multiconfig/firmware.conf" - - "meta-arm/meta-arm-bsp/recipes-bsp/u-boot/**/*" + - "meta-arm/meta-arm-bsp/recipes-bsp/**/*" - "meta-arm/meta-arm-bsp/recipes-core/**/*" - "meta-arm/meta-arm-bsp/recipes-kernel/**/*" - "meta-arm/meta-arm-bsp/wic/*" -- GitLab From 6aaf7fd68928af41550460390063cf1d02c9889e Mon Sep 17 00:00:00 2001 From: Emekcan Aras Date: Mon, 13 May 2024 10:14:15 +0100 Subject: [PATCH 6/7] bsp: Fix util image dependency The utils image only depends on TF-A and as this is common to all branches it should be used in place of the master specific firmware package. Signed-off-by: Emekcan Aras --- .../recipes-core/images/corstone1000-utils-overlay-image.bb | 2 +- qa-checks/cassini-bsp-dictionary | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/meta-arm/meta-arm-bsp/recipes-core/images/corstone1000-utils-overlay-image.bb b/meta-arm/meta-arm-bsp/recipes-core/images/corstone1000-utils-overlay-image.bb index 771e8b5..f4ec1ab 100644 --- a/meta-arm/meta-arm-bsp/recipes-core/images/corstone1000-utils-overlay-image.bb +++ b/meta-arm/meta-arm-bsp/recipes-core/images/corstone1000-utils-overlay-image.bb @@ -9,7 +9,7 @@ DESCRIPTION = "Image used during testing of initramfs based platforms to \ tested" LICENSE = "MIT" -DEPENDS += "corstone1000-flash-firmware-image" +DEPENDS += "trusted-firmware-a" inherit image inherit nopackages diff --git a/qa-checks/cassini-bsp-dictionary b/qa-checks/cassini-bsp-dictionary index e99b969..fba8dc9 100644 --- a/qa-checks/cassini-bsp-dictionary +++ b/qa-checks/cassini-bsp-dictionary @@ -79,11 +79,14 @@ sourceparams srcurifile suggestedvar tarbz2 +TF-A THISDIR udev unitdir usbgadget usbhost +util +utils VIRT wchar WIDEC -- GitLab From 47565220cca38a4e376c421bd0e665eb6966259c Mon Sep 17 00:00:00 2001 From: Emekcan Aras Date: Fri, 26 Apr 2024 10:25:11 +0100 Subject: [PATCH 7/7] bsp: Remove boot order patch Removes boot order patches since an equivalent patch merged upstream. Signed-off-by: Emekcan Aras --- ...0001-add-boot-order-into-SP-manifest.patch | 78 ------------------- .../trusted-services/ts-platforms.inc | 5 -- .../ts-sp-attestation_%.bbappend | 6 -- .../ts-sp-block-storage_%.bbappend | 6 -- .../trusted-services/ts-sp-crypto_%.bbappend | 6 -- .../trusted-services/ts-sp-its_%.bbappend | 2 - .../trusted-services/ts-sp-storage_%.bbappend | 2 - 7 files changed, 105 deletions(-) delete mode 100644 meta-arm/meta-arm-bsp/recipes-security/trusted-services/files/n1sdp/0001-add-boot-order-into-SP-manifest.patch delete mode 100644 meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-platforms.inc delete mode 100644 meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-attestation_%.bbappend delete mode 100644 meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_%.bbappend delete mode 100644 meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-crypto_%.bbappend diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/files/n1sdp/0001-add-boot-order-into-SP-manifest.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/files/n1sdp/0001-add-boot-order-into-SP-manifest.patch deleted file mode 100644 index 8853dbf..0000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/files/n1sdp/0001-add-boot-order-into-SP-manifest.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 9cb4babc2e496a4028bcd75337ea4466563f73ca Mon Sep 17 00:00:00 2001 -From: Emekcan Aras -Date: Wed, 13 Mar 2024 16:44:10 +0000 -Subject: [PATCH] add boot order into SP manifest - -The block storage SP should be loaded before the protected storage and ITS -SP due to block storage dependency. After OP-TEE v4.0, SPs can be loaded -in orderly fashion depending on the boot-order property in the SPs -manifest file. This patch loads SPs in a orderly fashion to make sure -there is no runtime dependency issues. - -Signed-off-by: Emekcan Aras -Upstream-Status: Pending ---- - .../config/default-opteesp/default_block-storage.dts.in | 1 + - deployments/crypto/config/default-opteesp/default_crypto.dts.in | 1 + - .../shared-flash-opteesp/default_internal-trusted-storage.dts.in | 1 + - .../config/shared-flash-opteesp/default_protected-storage.dts.in | 1 + - .../config/default-opteesp/default_smm-gateway.dts.in | 1 + - 5 files changed, 5 insertions(+) - -diff --git a/deployments/block-storage/config/default-opteesp/default_block-storage.dts.in b/deployments/block-storage/config/default-opteesp/default_block-storage.dts.in -index 0a97cb5..4b408ca 100644 ---- a/deployments/block-storage/config/default-opteesp/default_block-storage.dts.in -+++ b/deployments/block-storage/config/default-opteesp/default_block-storage.dts.in -@@ -18,4 +18,5 @@ - messaging-method = <3>; /* Direct messaging only */ - ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */ - elf-format = <1>; -+ boot-order = /bits/ 16 <1>; - }; -diff --git a/deployments/crypto/config/default-opteesp/default_crypto.dts.in b/deployments/crypto/config/default-opteesp/default_crypto.dts.in -index c900636..7d90a88 100644 ---- a/deployments/crypto/config/default-opteesp/default_crypto.dts.in -+++ b/deployments/crypto/config/default-opteesp/default_crypto.dts.in -@@ -18,6 +18,7 @@ - messaging-method = <3>; /* Direct messaging only */ - ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */ - elf-format = <1>; -+ boot-order = /bits/ 16 <4>; - - device-regions { - compatible = "arm,ffa-manifest-device-regions"; -diff --git a/deployments/internal-trusted-storage/config/shared-flash-opteesp/default_internal-trusted-storage.dts.in b/deployments/internal-trusted-storage/config/shared-flash-opteesp/default_internal-trusted-storage.dts.in -index 77d0805..a6ac644 100644 ---- a/deployments/internal-trusted-storage/config/shared-flash-opteesp/default_internal-trusted-storage.dts.in -+++ b/deployments/internal-trusted-storage/config/shared-flash-opteesp/default_internal-trusted-storage.dts.in -@@ -18,4 +18,5 @@ - messaging-method = <3>; /* Direct messaging only */ - ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */ - elf-format = <1>; -+ boot-order = /bits/ 16 <3>; - }; -diff --git a/deployments/protected-storage/config/shared-flash-opteesp/default_protected-storage.dts.in b/deployments/protected-storage/config/shared-flash-opteesp/default_protected-storage.dts.in -index b305fbb..95bd537 100644 ---- a/deployments/protected-storage/config/shared-flash-opteesp/default_protected-storage.dts.in -+++ b/deployments/protected-storage/config/shared-flash-opteesp/default_protected-storage.dts.in -@@ -18,4 +18,5 @@ - messaging-method = <3>; /* Direct messaging only */ - ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */ - elf-format = <1>; -+ boot-order = /bits/ 16 <2>; - }; -diff --git a/deployments/smm-gateway/config/default-opteesp/default_smm-gateway.dts.in b/deployments/smm-gateway/config/default-opteesp/default_smm-gateway.dts.in -index d74c2f3..4803de1 100644 ---- a/deployments/smm-gateway/config/default-opteesp/default_smm-gateway.dts.in -+++ b/deployments/smm-gateway/config/default-opteesp/default_smm-gateway.dts.in -@@ -18,6 +18,7 @@ - messaging-method = <3>; /* Direct messaging only */ - ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */ - elf-format = <1>; -+ boot-order = /bits/ 16 <5>; - - memory-regions { - compatible = "arm,ffa-manifest-memory-regions"; --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-platforms.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-platforms.inc deleted file mode 100644 index 789311e..0000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-platforms.inc +++ /dev/null @@ -1,5 +0,0 @@ -FILESEXTRAPATHS:prepend:n1sdp := "${THISDIR}/files/n1sdp:" - -SRC_URI:append:n1sdp = " \ - file://0001-add-boot-order-into-SP-manifest.patch \ - " diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-attestation_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-attestation_%.bbappend deleted file mode 100644 index 48d83d7..0000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-attestation_%.bbappend +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-FileCopyrightText: Copyright 2024 Arm Limited and/or its -# affiliates -# -# SPDX-License-Identifier: MIT - -require ts-platforms.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_%.bbappend deleted file mode 100644 index 48d83d7..0000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_%.bbappend +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-FileCopyrightText: Copyright 2024 Arm Limited and/or its -# affiliates -# -# SPDX-License-Identifier: MIT - -require ts-platforms.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-crypto_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-crypto_%.bbappend deleted file mode 100644 index 48d83d7..0000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-crypto_%.bbappend +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-FileCopyrightText: Copyright 2024 Arm Limited and/or its -# affiliates -# -# SPDX-License-Identifier: MIT - -require ts-platforms.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend index 7794851..c2f96cf 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend @@ -3,7 +3,5 @@ # # SPDX-License-Identifier: MIT -require ts-platforms.inc - # Override configuration to use block storage service OECMAKE_SOURCEPATH:n1sdp = "${S}/deployments/internal-trusted-storage/config/shared-flash-${TS_ENV}" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend index edde7ed..6b514a0 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend @@ -3,7 +3,5 @@ # # SPDX-License-Identifier: MIT -require ts-platforms.inc - # Override configuration to use block storage service OECMAKE_SOURCEPATH:n1sdp = "${S}/deployments/protected-storage/config/shared-flash-${TS_ENV}" -- GitLab