From d914b3163322cae34ae1fba79da3cf7cce25aeb1 Mon Sep 17 00:00:00 2001
From: Adam Johnston <adam.johnston@linaro.org>
Date: Wed, 4 Oct 2023 11:01:16 +0000
Subject: [PATCH 1/6] cassini-[bsp,distro,tests]: Update LAYERSERIES_COMPAT for
 `nanbield`

Update LAYERSERIES_COMPAT prior to creation of `nanbield` branches.

Changelog: other
Signed-off-by: Adam Johnston <adam.johnston@linaro.org>
---
 conf/layer.conf | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/conf/layer.conf b/conf/layer.conf
index 7250e5d..2e779be 100644
--- a/conf/layer.conf
+++ b/conf/layer.conf
@@ -1,5 +1,7 @@
-# Copyright (c) 2022-2023 Arm Limited and/or its affiliates.
-# <open-source-office@arm.com>
+# SPDX-FileCopyrightText: Copyright (c) 2023, Linaro Limited.
+#
+# SPDX-FileCopyrightText: <text>Copyright 2022-2023 Arm Limited and/or its
+# affiliates <open-source-office@arm.com></text>
 #
 # SPDX-License-Identifier: MIT
 
@@ -16,7 +18,7 @@ BBFILES_DYNAMIC += " \
 
 BBFILE_COLLECTIONS += "meta-cassini-bsp"
 BBFILE_PATTERN_meta-cassini-bsp = "^${LAYERDIR}/"
-LAYERSERIES_COMPAT_meta-cassini-bsp = "mickledore"
+LAYERSERIES_COMPAT_meta-cassini-bsp = "nanbield"
 
 # Root directory for the meta-cassini-bsp/meta-arm/meta-arm-bsp
 CASSINI_ARM_BSP_DYNAMIC_DIR := "${LAYERDIR}/meta-arm/meta-arm-bsp"
-- 
GitLab


From 6c008508c94415e83c9f33a6805bb909bce8adb2 Mon Sep 17 00:00:00 2001
From: Drew Reed <Drew.Reed@arm.com>
Date: Mon, 14 Aug 2023 12:43:16 +0000
Subject: [PATCH 2/6] [bsp, distro] Move parsec configuration recipe

The changes to the parsec configuration file should always be made on
cassini images and are not tied to the BSP but only dependent on the BSP
setting the correct machine feature to indicate the presence of trusted
services on the platform.

Changelog: bug
Signed-off-by: Drew Reed <Drew.Reed@arm.com>
Signed-off-by: Adam Johnston <adam.johnston@linaro.org>
---
 .../parsec-service/parsec-service_%.bbappend         | 12 ------------
 1 file changed, 12 deletions(-)
 delete mode 100644 meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_%.bbappend

diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_%.bbappend b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_%.bbappend
deleted file mode 100644
index 87b1dd1..0000000
--- a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_%.bbappend
+++ /dev/null
@@ -1,12 +0,0 @@
-# SPDX-FileCopyrightText: <text>Copyright 2023 Arm Limited and/or its
-# affiliates <open-source-office@arm.com></text>
-#
-# SPDX-License-Identifier: MIT
-
-FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
-
-SRC_URI:append:cassini = " file://config-ts.toml"
-
-PARSEC_CONFIG:cassini = "${@bb.utils.contains('PACKAGECONFIG', 'TS', \
-                        '${WORKDIR}/config-ts.toml', '${S}/config.toml', d)}"
-
-- 
GitLab


From 14afa3de03eda895aecc65c686b83c99c3e74436 Mon Sep 17 00:00:00 2001
From: Vikas Katariya <vikas.katariya@arm.com>
Date: Sat, 2 Dec 2023 12:46:45 +0000
Subject: [PATCH 3/6] cassini-[distro,bsp,docs]: Add `wait-online.sh` script to
 base image

Due to limitations of the Corstone-1000 platform, `wait-online.sh`
script can be included as part of Cassini base image instead of
test image only. This tool will be beneficial to the user
if the networking needs to be restarted.

Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>
---
 .../include/corstone1000-mps3-cassini-extra-settings.inc        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/machine/include/corstone1000-mps3-cassini-extra-settings.inc b/conf/machine/include/corstone1000-mps3-cassini-extra-settings.inc
index e77caa5..c824d3c 100644
--- a/conf/machine/include/corstone1000-mps3-cassini-extra-settings.inc
+++ b/conf/machine/include/corstone1000-mps3-cassini-extra-settings.inc
@@ -24,4 +24,4 @@ IMAGE_INSTALL:remove = "k3s-server k3s-integration-tests-ptest"
 KERNEL_CLASSES:remove = "k3s_kernelcfg_check"
 
 # Due to performance limitations, add wait-online helper
-IMAGE_INSTALL:append:cassini-test = "wait-online"
+IMAGE_INSTALL:append:cassini = " wait-online"
-- 
GitLab


From 38b000ac8794dab04f102cf54ad1a46aa9080405 Mon Sep 17 00:00:00 2001
From: Adam Johnston <adam.johnston@arm.com>
Date: Mon, 4 Dec 2023 17:12:25 +0000
Subject: [PATCH 4/6] cassini-[config,bsp]: Enable SE IOCTL logs for
 Corstone-1000 FVP

Enables logs for IOCTL calls to Secure Enclave to increase visibility of
boot flow. This is useful for test/debug on the FVP platform

Signed-off-by: Adam Johnston <adam.johnston@arm.com>
---
 ...gs-for-ioctl-calls-to-secure-enclave.patch | 93 +++++++++++++++++++
 1 file changed, 93 insertions(+)
 create mode 100644 meta-arm/patches/meta-arm/0001-cs1k-enable-logs-for-ioctl-calls-to-secure-enclave.patch

diff --git a/meta-arm/patches/meta-arm/0001-cs1k-enable-logs-for-ioctl-calls-to-secure-enclave.patch b/meta-arm/patches/meta-arm/0001-cs1k-enable-logs-for-ioctl-calls-to-secure-enclave.patch
new file mode 100644
index 0000000..403a12c
--- /dev/null
+++ b/meta-arm/patches/meta-arm/0001-cs1k-enable-logs-for-ioctl-calls-to-secure-enclave.patch
@@ -0,0 +1,93 @@
+From 1f094bd63a86b03637c79a8d928af63917a53577 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Fri, 1 Dec 2023 23:07:37 +0000
+Subject: [PATCH] arm-bsp/trusted-services: Enable logs for IOCTL calls to
+ Secure Enclave
+
+Enables the logs for IOCTL calls to secure-enclave to increase logging and
+visbility of the boot flow.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+---
+ .../0009-enable-logs-for-ioctl-calls.patch    | 56 +++++++++++++++++++
+ .../trusted-services/ts-arm-platforms.inc     |  1 +
+ 2 files changed, 57 insertions(+)
+ create mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-enable-logs-for-ioctl-calls.patch
+
+diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-enable-logs-for-ioctl-calls.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-enable-logs-for-ioctl-calls.patch
+new file mode 100644
+index 00000000..3671157b
+--- /dev/null
++++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-enable-logs-for-ioctl-calls.patch
+@@ -0,0 +1,56 @@
++From dfd125cafe8fbf8aa78634e1c8ce7ed5c33f1704 Mon Sep 17 00:00:00 2001
++From: Emekcan Aras <emekcan.aras@arm.com>
++Date: Sat, 2 Dec 2023 12:00:50 +0000
++Subject: [PATCH] Enable logs for IOCTL calls to Secure Enclave
++
++Enables logs for IOCTL calls to Secure Enclave to increase visibility of boot
++flow.
++
++Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
++---
++ .../capsule_update/provider/capsule_update_provider.c       | 4 +++-
++ .../capsule_update/provider/corstone1000_fmp_service.c      | 6 ++++--
++ 2 files changed, 7 insertions(+), 3 deletions(-)
++
++diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
++index 6809249f..31c3a4fc 100644
++--- a/components/service/capsule_update/provider/capsule_update_provider.c
+++++ b/components/service/capsule_update/provider/capsule_update_provider.c
++@@ -86,10 +86,12 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
++ 		case KERNEL_STARTED_EVENT:
++ 		ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
++ 		/*openamp call with IOCTL for kernel start*/
++-		
+++		EMSG("IOCTL kernel start sent");
++ 		psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
++ 			in_vec,IOVEC_LEN(in_vec), NULL, 0);
+++		EMSG("ACK for IOCTL kernel start received");
++ 		set_fmp_image_info(caller);
+++		EMSG("FMP set_image_info  complete");
++ 		break;
++ 		default:
++ 			EMSG("%s unsupported opcode", __func__);
++diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
++index fe0a0454..95da4bb0 100644
++--- a/components/service/capsule_update/provider/corstone1000_fmp_service.c
+++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
++@@ -253,12 +253,14 @@ static psa_status_t get_image_info(struct rpc_caller *caller)
++     };
++ 
++     memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
++-
+++    EMSG("FMP get_image_info IOCTL sent");
++     psa_call(caller, TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
++ 	     in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++-
+++    EMSG("FMP get_image_info IOCTL call ack received");
++     status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
+++    EMSG("FMP unpack_image_info complete");
++     if (status != PSA_SUCCESS) {
+++	 EMSG("FMP unpack_image_info error");
++ 	return status;
++     }
++ 
++-- 
++2.25.1
++
+diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
+index 3c7e94e6..2d5382af 100644
+--- a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
++++ b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
+@@ -10,6 +10,7 @@ SRC_URI:append:corstone1000  = " \
+     file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch \
+     file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch \
+     file://0008-platform-corstone1000-fix-synchronization-issue.patch \
++    file://0009-enable-logs-for-ioctl-calls.patch \
+     "
+ 
+ 
+-- 
+GitLab
+
-- 
GitLab


From 59c8f419168d7950a6c2392bd49902327d6f0a59 Mon Sep 17 00:00:00 2001
From: Adam Johnston <adam.johnston@arm.com>
Date: Tue, 12 Dec 2023 15:33:26 +0000
Subject: [PATCH 5/6] cassini-bsp: Use Block Storage SP for Trusted Services on
 N1SDP

Although Block Storage SP is being deployed on the N1SDP it is not yet
being used. Re-configure Internal Trusted Storage and Protected Storage
to use Block Storage SP as a backend.

Changelog: feature
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
---
 .../recipes-security/trusted-services/ts-sp-its_%.bbappend | 7 +++++++
 .../trusted-services/ts-sp-storage_%.bbappend              | 7 +++++++
 2 files changed, 14 insertions(+)
 create mode 100644 meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend
 create mode 100644 meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend

diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend
new file mode 100644
index 0000000..64215cd
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend
@@ -0,0 +1,7 @@
+# SPDX-FileCopyrightText: <text>Copyright 2023 Arm Limited and/or its
+# affiliates <open-source-office@arm.com></text>
+#
+# SPDX-License-Identifier: MIT
+
+# Override configuration to use block storage service
+OECMAKE_SOURCEPATH:n1sdp = "${S}/deployments/internal-trusted-storage/config/shared-flash-${TS_ENV}"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend
new file mode 100644
index 0000000..2d3e9e9
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend
@@ -0,0 +1,7 @@
+# SPDX-FileCopyrightText: <text>Copyright 2023 Arm Limited and/or its
+# affiliates <open-source-office@arm.com></text>
+#
+# SPDX-License-Identifier: MIT
+
+# Override configuration to use block storage service
+OECMAKE_SOURCEPATH:n1sdp = "${S}/deployments/protected-storage/config/shared-flash-${TS_ENV}"
-- 
GitLab


From 8989e84fdfc7a6b16243d9fb4f846896ab515ec1 Mon Sep 17 00:00:00 2001
From: Adam Johnston <adam.johnston@arm.com>
Date: Tue, 19 Dec 2023 14:33:41 +0000
Subject: [PATCH 6/6] cassini-[bsp,config]: Remove kas patches from
 meta-cassini-bsp

meta-cassini-bsp is about to be separated from meta-cassini.

However meta-cassini-bsp contains out-of-tree patches which kas applies
when fetching upstream layers from other repositories. When
meta-cassini-bsp is removed, these patches will not be found.

Before removing meta-cassini-bsp, move the out-of-layer patches to
meta-cassini-config/kas

BSP-specific out-of-layer patches should be avoided as much as possible
going forwards.

Signed-off-by: Adam Johnston <adam.johnston@arm.com>
---
 ...gs-for-ioctl-calls-to-secure-enclave.patch | 93 -------------------
 1 file changed, 93 deletions(-)
 delete mode 100644 meta-arm/patches/meta-arm/0001-cs1k-enable-logs-for-ioctl-calls-to-secure-enclave.patch

diff --git a/meta-arm/patches/meta-arm/0001-cs1k-enable-logs-for-ioctl-calls-to-secure-enclave.patch b/meta-arm/patches/meta-arm/0001-cs1k-enable-logs-for-ioctl-calls-to-secure-enclave.patch
deleted file mode 100644
index 403a12c..0000000
--- a/meta-arm/patches/meta-arm/0001-cs1k-enable-logs-for-ioctl-calls-to-secure-enclave.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 1f094bd63a86b03637c79a8d928af63917a53577 Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Fri, 1 Dec 2023 23:07:37 +0000
-Subject: [PATCH] arm-bsp/trusted-services: Enable logs for IOCTL calls to
- Secure Enclave
-
-Enables the logs for IOCTL calls to secure-enclave to increase logging and
-visbility of the boot flow.
-
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
----
- .../0009-enable-logs-for-ioctl-calls.patch    | 56 +++++++++++++++++++
- .../trusted-services/ts-arm-platforms.inc     |  1 +
- 2 files changed, 57 insertions(+)
- create mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-enable-logs-for-ioctl-calls.patch
-
-diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-enable-logs-for-ioctl-calls.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-enable-logs-for-ioctl-calls.patch
-new file mode 100644
-index 00000000..3671157b
---- /dev/null
-+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-enable-logs-for-ioctl-calls.patch
-@@ -0,0 +1,56 @@
-+From dfd125cafe8fbf8aa78634e1c8ce7ed5c33f1704 Mon Sep 17 00:00:00 2001
-+From: Emekcan Aras <emekcan.aras@arm.com>
-+Date: Sat, 2 Dec 2023 12:00:50 +0000
-+Subject: [PATCH] Enable logs for IOCTL calls to Secure Enclave
-+
-+Enables logs for IOCTL calls to Secure Enclave to increase visibility of boot
-+flow.
-+
-+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-+---
-+ .../capsule_update/provider/capsule_update_provider.c       | 4 +++-
-+ .../capsule_update/provider/corstone1000_fmp_service.c      | 6 ++++--
-+ 2 files changed, 7 insertions(+), 3 deletions(-)
-+
-+diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
-+index 6809249f..31c3a4fc 100644
-+--- a/components/service/capsule_update/provider/capsule_update_provider.c
-++++ b/components/service/capsule_update/provider/capsule_update_provider.c
-+@@ -86,10 +86,12 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
-+ 		case KERNEL_STARTED_EVENT:
-+ 		ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
-+ 		/*openamp call with IOCTL for kernel start*/
-+-		
-++		EMSG("IOCTL kernel start sent");
-+ 		psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
-+ 			in_vec,IOVEC_LEN(in_vec), NULL, 0);
-++		EMSG("ACK for IOCTL kernel start received");
-+ 		set_fmp_image_info(caller);
-++		EMSG("FMP set_image_info  complete");
-+ 		break;
-+ 		default:
-+ 			EMSG("%s unsupported opcode", __func__);
-+diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-+index fe0a0454..95da4bb0 100644
-+--- a/components/service/capsule_update/provider/corstone1000_fmp_service.c
-++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-+@@ -253,12 +253,14 @@ static psa_status_t get_image_info(struct rpc_caller *caller)
-+     };
-+ 
-+     memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
-+-
-++    EMSG("FMP get_image_info IOCTL sent");
-+     psa_call(caller, TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
-+ 	     in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+-
-++    EMSG("FMP get_image_info IOCTL call ack received");
-+     status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
-++    EMSG("FMP unpack_image_info complete");
-+     if (status != PSA_SUCCESS) {
-++	 EMSG("FMP unpack_image_info error");
-+ 	return status;
-+     }
-+ 
-+-- 
-+2.25.1
-+
-diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
-index 3c7e94e6..2d5382af 100644
---- a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
-+++ b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
-@@ -10,6 +10,7 @@ SRC_URI:append:corstone1000  = " \
-     file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch \
-     file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch \
-     file://0008-platform-corstone1000-fix-synchronization-issue.patch \
-+    file://0009-enable-logs-for-ioctl-calls.patch \
-     "
- 
- 
--- 
-GitLab
-
-- 
GitLab