diff --git a/config/cca-4world.yaml b/config/cca-4world.yaml index c879d4269b17efc68dc8b7705627ace1c39b31ae..5255f384ecca0d7db529415aa721c21eaa33fe63 100644 --- a/config/cca-4world.yaml +++ b/config/cca-4world.yaml @@ -17,6 +17,8 @@ concrete: true layers: - cca-3world.yaml - hafnium-base.yaml + # Provides secure partitions that run under Hafnium for demonstration. + - tftf-base.yaml build: tfa: @@ -26,28 +28,6 @@ build: SP_LAYOUT_FILE: ${artifact:SP_LAYOUT} BL32: ${artifact:HAFNIUM} - # Provides secure partitions that run under Hafnium for demonstration. - tfa-tests: - repo: - remote: https://git.trustedfirmware.org/TF-A/tf-a-tests.git - revision: v2.8 - - toolchain: aarch64-none-elf- - - params: - PLAT: fvp - DEBUG: 1 - - build: - # TODO: tfa-tests has makefile dependency bug that prevents parallel make (-j > 1). - - make BUILD_BASE=${param:builddir} ${param:join_equal} all pack_realm - - clean: - - make BUILD_BASE=${param:builddir} realclean - - artifacts: - SP_LAYOUT: ${param:builddir}/fvp/debug/sp_layout.json - run: terminals: bp.terminal_2: diff --git a/config/ffa-tftf.yaml b/config/ffa-tftf.yaml new file mode 100644 index 0000000000000000000000000000000000000000..cc17f394cb43fcfb8785bd30ecffa4e2199dc4c5 --- /dev/null +++ b/config/ffa-tftf.yaml @@ -0,0 +1,27 @@ +# Copyright (c) 2023, Arm Limited. +# SPDX-License-Identifier: MIT + +%YAML 1.2 +--- +description: >- + Brings together a software stack to demonstrate Arm FF-A running on FVP. + Includes TF-A in secure EL3, Hafnium in secure EL2 and some demo TF-A + test secure partitions. + +concrete: true + +layers: + - ns-edk2.yaml + - hafnium-base.yaml + - tftf-base.yaml + - arch/v8.5.yaml + +build: + tfa: + params: + BL33: ${artifact:EDK2} + SPD: spmd + SPMD_SPM_AT_SEL2: 1 + CTX_INCLUDE_EL2_REGS: 1 + SP_LAYOUT_FILE: ${artifact:SP_LAYOUT} + BL32: ${artifact:HAFNIUM} diff --git a/config/ns-edk2-dt.yaml b/config/ns-edk2-dt.yaml deleted file mode 100644 index d2134434c36e0ccc0773f793ed54c336ceeed235..0000000000000000000000000000000000000000 --- a/config/ns-edk2-dt.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright (c) 2022, Arm Limited. -# SPDX-License-Identifier: MIT - -%YAML 1.2 ---- -description: >- - Best choice for: I want to run Linux on FVP, booting with device tree, and - have easy control over its command line. - - Builds on ns-edk2-acpi.yaml, but adds a device tree that is passed to the - kernel to use instead of ACPI. See the description in that file for details. - - An extra rtvar is added (DTB) which allows specification of a custom device - tree. By default (if not overriding the rtvar), the upstream kernel device - tree is used. - -concrete: true - -layers: - - ns-edk2-acpi.yaml - - dt-base.yaml - -run: - rtvars: - DTB: - type: path - value: ${artifact:DTB} - - prerun: - # Override what the base layer did so that dtb= gets added to the - # command line. See ns-edk2-acpi.yaml for rationale on approach. - - cp ${rtvar:DTB} $${SEMIHOSTDIR}/fdt.dtb - - cat < $${SEMIHOSTDIR}/startup.nsh - - Image dtb=fdt.dtb ${rtvar:CMDLINE} - - EOF diff --git a/config/ns-edk2-acpi.yaml b/config/ns-edk2.yaml similarity index 87% rename from config/ns-edk2-acpi.yaml rename to config/ns-edk2.yaml index 2200739f03a9104c146e1b7075041a9e519bb308..96406bb66043e9b325f67fe29358f77231ba1567 100644 --- a/config/ns-edk2-acpi.yaml +++ b/config/ns-edk2.yaml @@ -4,13 +4,18 @@ %YAML 1.2 --- description: >- - Best choice for: I want to run Linux on FVP, booting with ACPI, and have easy - control over its command line. + Best choice for: I want to run Linux on FVP, booting with ACPI/DT, and have + easy control over its command line. Brings together TF-A and EDK2 to provide a simple non-secure world environment running on FVP. Allows easy specification of the kernel image and command line, and rootfs at runtime (see rtvars). ACPI is provided by UEFI. + An extra rtvar is added (DTB) which allows specification of a custom device + tree. By default (if not overriding the rtvar), the upstream kernel device + tree is used. DT is enabled by default. Use 'acpi=force' to enable ACPI + boot. + By default (if not overriding the rtvars) a sensible command line is used that will set up the console for logging and attempt to mount the rootfs image from the FVP's virtio block device. However the default rootfs image is empty, so @@ -32,6 +37,7 @@ layers: - FVP_Base_RevC-2xAEMvA-base.yaml - tfa-base.yaml - edk2-base.yaml + - dt-base.yaml build: tfa: @@ -52,6 +58,10 @@ run: type: path value: ${artifact:FIP} + DTB: + type: path + value: ${artifact:DTB} + CMDLINE: type: string value: console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp @@ -86,8 +96,9 @@ run: - function finish { rm -rf $$SEMIHOSTDIR; } - trap finish EXIT - cp ${rtvar:KERNEL} $${SEMIHOSTDIR}/Image + - cp ${rtvar:DTB} $${SEMIHOSTDIR}/fdt.dtb - cat < $${SEMIHOSTDIR}/startup.nsh - - Image ${rtvar:CMDLINE} + - Image dtb=fdt.dtb ${rtvar:CMDLINE} - EOF terminals: diff --git a/config/tftf-base.yaml b/config/tftf-base.yaml new file mode 100644 index 0000000000000000000000000000000000000000..24133f8e7e04489361dea000d8c1322c8318763b --- /dev/null +++ b/config/tftf-base.yaml @@ -0,0 +1,31 @@ +# Copyright (c) 2023, Arm Limited. +# SPDX-License-Identifier: MIT + +%YAML 1.2 +--- +description: >- + The Trusted Firmware-A Tests (TF-A-Tests) is a suite of baremetal tests that + exercise the Trusted Firmware-A (TF-A) features. This provides a baseline + configuration that can be customized by higher layers. + +build: + tftf: + repo: + remote: https://git.trustedfirmware.org/TF-A/tf-a-tests.git + revision: v2.8 + + toolchain: aarch64-none-elf- + + params: + PLAT: fvp + + build: + # TODO: tfa-tests has makefile dependency bug that prevents parallel make (-j > 1). + - make BUILD_BASE=${param:builddir} ${param:join_equal} all pack_realm + + clean: + - make BUILD_BASE=${param:builddir} realclean + + artifacts: + SP_LAYOUT: ${param:builddir}/fvp/release/sp_layout.json + diff --git a/docker/Dockerfile.slim b/docker/Dockerfile.slim index 867bdd5debf25e3d8074340dac0aa61ec8c9d021..f77f8605fb238f1218f409186011c15458de769f 100644 --- a/docker/Dockerfile.slim +++ b/docker/Dockerfile.slim @@ -60,6 +60,58 @@ RUN apt-get install --assume-yes --no-install-recommends --option=debug::pkgProb RUN pip3 install \ fdt +# Install packages requried by OPTEE. +# From https://optee.readthedocs.io/en/latest/building/prerequisites.html +RUN apt-get install --assume-yes --no-install-recommends --option=debug::pkgProblemResolver=yes \ + adb \ + acpica-tools \ + autoconf \ + automake \ + bc \ + bison \ + build-essential \ + ccache \ + cscope \ + curl \ + device-tree-compiler \ + e2tools \ + expect \ + fastboot \ + flex \ + ftp-upload \ + gdisk \ + libattr1-dev \ + libcap-dev \ + libfdt-dev \ + libftdi-dev \ + libglib2.0-dev \ + libgmp3-dev \ + libhidapi-dev \ + libmpc-dev \ + libncurses5-dev \ + libpixman-1-dev \ + libslirp-dev \ + libssl-dev \ + libtool \ + libusb-1.0-0-dev \ + make \ + mtools \ + netcat \ + ninja-build \ + python3-cryptography \ + python3-pip \ + python3-pyelftools \ + python3-serial \ + python-is-python3 \ + rsync \ + swig \ + unzip \ + uuid-dev \ + xdg-utils \ + xterm \ + xz-utils \ + zlib1g-dev + # Install packages requried by EDK2. # From https://developer.arm.com/documentation/102571/0100/Build-firmware-on-a-Linux-host. RUN apt-get install --assume-yes --no-install-recommends --option=debug::pkgProblemResolver=yes \ diff --git a/test/test.py b/test/test.py index d82294ebfa7305fcf02f0e085ae2753a6b4ebd0a..cc324fd9aa67b092ced389992942d083af7d4d6d 100755 --- a/test/test.py +++ b/test/test.py @@ -20,9 +20,9 @@ ROOTFS = os.path.join(ASSETS, 'rootfs.ext4') CONFIGS = [ - 'ns-preload.yaml', - 'ns-edk2-acpi.yaml', - 'ns-edk2-dt.yaml', + ('ns-preload.yaml', {}), + ('ns-edk2.yaml', {}), + ('ns-edk2.yaml', {'CMDLINE': '\"console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp acpi=force\"'}), ] @@ -147,10 +147,15 @@ def run_config(config, overlay=None, runargs=None, runtime=120): results.append(result) -def run_config_kern(config, kernel, rootfs, overlay=None, runtime=120): +def run_config_kern(config, kernel, rootfs, overlay=None, runtime=120, rtvars={}): kernel = f'-r KERNEL={kernel}' rootfs = f'-r ROOTFS={rootfs}' - run_config(config, overlay, f'{kernel} {rootfs}', runtime) + + rtcmds = '' + for k, v in rtvars.items(): + rtcmds += f'-r {k}={v}' + + run_config(config, overlay, f'{kernel} {rootfs} {rtcmds}', runtime) def run_config_bootwrap(config, bootwrap, rootfs, overlay=None, runtime=120): @@ -163,9 +168,9 @@ def do_main(smoke_test): arches = [ARCHES[-1]] if smoke_test else ARCHES for arch in arches: - build_configs(CONFIGS, arch) - for config in CONFIGS: - run_config_kern(config, KERNEL, ROOTFS, arch) + build_configs([c for c, r in CONFIGS], arch) + for config, rtvars in CONFIGS: + run_config_kern(config, KERNEL, ROOTFS, arch, rtvars=rtvars) for arch in arches: build_configs(['bootwrapper.yaml'], arch)