From ed45cfc586ee0fc9e69eddc6e06d032390c095a4 Mon Sep 17 00:00:00 2001 From: Sudeep Holla Date: Sun, 12 Mar 2023 22:05:33 +0000 Subject: [PATCH 1/5] docker: Add packages required for OPTEE build OPTEE needs python-is-python3 and python3-pyelftools apt packages and pip cryptography package for its build. Also it needs Arm32 toolchain which is already present in the Dockerfile.full Just all the full list of dependency for the OPTEE build from the official OPTEE docs instead of just delta. Signed-off-by: Sudeep Holla --- docker/Dockerfile.slim | 52 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/docker/Dockerfile.slim b/docker/Dockerfile.slim index 867bdd5..f77f860 100644 --- a/docker/Dockerfile.slim +++ b/docker/Dockerfile.slim @@ -60,6 +60,58 @@ RUN apt-get install --assume-yes --no-install-recommends --option=debug::pkgProb RUN pip3 install \ fdt +# Install packages requried by OPTEE. +# From https://optee.readthedocs.io/en/latest/building/prerequisites.html +RUN apt-get install --assume-yes --no-install-recommends --option=debug::pkgProblemResolver=yes \ + adb \ + acpica-tools \ + autoconf \ + automake \ + bc \ + bison \ + build-essential \ + ccache \ + cscope \ + curl \ + device-tree-compiler \ + e2tools \ + expect \ + fastboot \ + flex \ + ftp-upload \ + gdisk \ + libattr1-dev \ + libcap-dev \ + libfdt-dev \ + libftdi-dev \ + libglib2.0-dev \ + libgmp3-dev \ + libhidapi-dev \ + libmpc-dev \ + libncurses5-dev \ + libpixman-1-dev \ + libslirp-dev \ + libssl-dev \ + libtool \ + libusb-1.0-0-dev \ + make \ + mtools \ + netcat \ + ninja-build \ + python3-cryptography \ + python3-pip \ + python3-pyelftools \ + python3-serial \ + python-is-python3 \ + rsync \ + swig \ + unzip \ + uuid-dev \ + xdg-utils \ + xterm \ + xz-utils \ + zlib1g-dev + # Install packages requried by EDK2. # From https://developer.arm.com/documentation/102571/0100/Build-firmware-on-a-Linux-host. RUN apt-get install --assume-yes --no-install-recommends --option=debug::pkgProblemResolver=yes \ -- GitLab From bc21f9bb7797798e77fb2fb5d811f7da5fdc0106 Mon Sep 17 00:00:00 2001 From: Sudeep Holla Date: Sun, 12 Mar 2023 22:18:56 +0000 Subject: [PATCH 2/5] config: Move TF-A tests into separate base layer that can be shared Other configs may need TF-A tests as well, move it to a separate base layer that can used/shared by multiple configs. Signed-off-by: Sudeep Holla --- config/cca-4world.yaml | 24 ++---------------------- config/tftf-base.yaml | 31 +++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 22 deletions(-) create mode 100644 config/tftf-base.yaml diff --git a/config/cca-4world.yaml b/config/cca-4world.yaml index c879d42..5255f38 100644 --- a/config/cca-4world.yaml +++ b/config/cca-4world.yaml @@ -17,6 +17,8 @@ concrete: true layers: - cca-3world.yaml - hafnium-base.yaml + # Provides secure partitions that run under Hafnium for demonstration. + - tftf-base.yaml build: tfa: @@ -26,28 +28,6 @@ build: SP_LAYOUT_FILE: ${artifact:SP_LAYOUT} BL32: ${artifact:HAFNIUM} - # Provides secure partitions that run under Hafnium for demonstration. - tfa-tests: - repo: - remote: https://git.trustedfirmware.org/TF-A/tf-a-tests.git - revision: v2.8 - - toolchain: aarch64-none-elf- - - params: - PLAT: fvp - DEBUG: 1 - - build: - # TODO: tfa-tests has makefile dependency bug that prevents parallel make (-j > 1). - - make BUILD_BASE=${param:builddir} ${param:join_equal} all pack_realm - - clean: - - make BUILD_BASE=${param:builddir} realclean - - artifacts: - SP_LAYOUT: ${param:builddir}/fvp/debug/sp_layout.json - run: terminals: bp.terminal_2: diff --git a/config/tftf-base.yaml b/config/tftf-base.yaml new file mode 100644 index 0000000..24133f8 --- /dev/null +++ b/config/tftf-base.yaml @@ -0,0 +1,31 @@ +# Copyright (c) 2023, Arm Limited. +# SPDX-License-Identifier: MIT + +%YAML 1.2 +--- +description: >- + The Trusted Firmware-A Tests (TF-A-Tests) is a suite of baremetal tests that + exercise the Trusted Firmware-A (TF-A) features. This provides a baseline + configuration that can be customized by higher layers. + +build: + tftf: + repo: + remote: https://git.trustedfirmware.org/TF-A/tf-a-tests.git + revision: v2.8 + + toolchain: aarch64-none-elf- + + params: + PLAT: fvp + + build: + # TODO: tfa-tests has makefile dependency bug that prevents parallel make (-j > 1). + - make BUILD_BASE=${param:builddir} ${param:join_equal} all pack_realm + + clean: + - make BUILD_BASE=${param:builddir} realclean + + artifacts: + SP_LAYOUT: ${param:builddir}/fvp/release/sp_layout.json + -- GitLab From f2306490461e105b2fbe3636e70e5d2bac9bd97d Mon Sep 17 00:00:00 2001 From: Sudeep Holla Date: Tue, 28 Mar 2023 14:49:35 +0100 Subject: [PATCH 3/5] config: Merge ns-edk2 ACPI and DT variants There is no need to maintain two separate configs for ACPI and DT as 'acpi=force' allows us to boot in ACPI mode even if dtb is supplied. So let us merge the two variants and reduce the maintenance overhead. Signed-off-by: Sudeep Holla --- config/ns-edk2-dt.yaml | 35 ---------------------- config/{ns-edk2-acpi.yaml => ns-edk2.yaml} | 17 +++++++++-- test/test.py | 3 +- 3 files changed, 15 insertions(+), 40 deletions(-) delete mode 100644 config/ns-edk2-dt.yaml rename config/{ns-edk2-acpi.yaml => ns-edk2.yaml} (87%) diff --git a/config/ns-edk2-dt.yaml b/config/ns-edk2-dt.yaml deleted file mode 100644 index d213443..0000000 --- a/config/ns-edk2-dt.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright (c) 2022, Arm Limited. -# SPDX-License-Identifier: MIT - -%YAML 1.2 ---- -description: >- - Best choice for: I want to run Linux on FVP, booting with device tree, and - have easy control over its command line. - - Builds on ns-edk2-acpi.yaml, but adds a device tree that is passed to the - kernel to use instead of ACPI. See the description in that file for details. - - An extra rtvar is added (DTB) which allows specification of a custom device - tree. By default (if not overriding the rtvar), the upstream kernel device - tree is used. - -concrete: true - -layers: - - ns-edk2-acpi.yaml - - dt-base.yaml - -run: - rtvars: - DTB: - type: path - value: ${artifact:DTB} - - prerun: - # Override what the base layer did so that dtb= gets added to the - # command line. See ns-edk2-acpi.yaml for rationale on approach. - - cp ${rtvar:DTB} $${SEMIHOSTDIR}/fdt.dtb - - cat < $${SEMIHOSTDIR}/startup.nsh - - Image dtb=fdt.dtb ${rtvar:CMDLINE} - - EOF diff --git a/config/ns-edk2-acpi.yaml b/config/ns-edk2.yaml similarity index 87% rename from config/ns-edk2-acpi.yaml rename to config/ns-edk2.yaml index 2200739..96406bb 100644 --- a/config/ns-edk2-acpi.yaml +++ b/config/ns-edk2.yaml @@ -4,13 +4,18 @@ %YAML 1.2 --- description: >- - Best choice for: I want to run Linux on FVP, booting with ACPI, and have easy - control over its command line. + Best choice for: I want to run Linux on FVP, booting with ACPI/DT, and have + easy control over its command line. Brings together TF-A and EDK2 to provide a simple non-secure world environment running on FVP. Allows easy specification of the kernel image and command line, and rootfs at runtime (see rtvars). ACPI is provided by UEFI. + An extra rtvar is added (DTB) which allows specification of a custom device + tree. By default (if not overriding the rtvar), the upstream kernel device + tree is used. DT is enabled by default. Use 'acpi=force' to enable ACPI + boot. + By default (if not overriding the rtvars) a sensible command line is used that will set up the console for logging and attempt to mount the rootfs image from the FVP's virtio block device. However the default rootfs image is empty, so @@ -32,6 +37,7 @@ layers: - FVP_Base_RevC-2xAEMvA-base.yaml - tfa-base.yaml - edk2-base.yaml + - dt-base.yaml build: tfa: @@ -52,6 +58,10 @@ run: type: path value: ${artifact:FIP} + DTB: + type: path + value: ${artifact:DTB} + CMDLINE: type: string value: console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp @@ -86,8 +96,9 @@ run: - function finish { rm -rf $$SEMIHOSTDIR; } - trap finish EXIT - cp ${rtvar:KERNEL} $${SEMIHOSTDIR}/Image + - cp ${rtvar:DTB} $${SEMIHOSTDIR}/fdt.dtb - cat < $${SEMIHOSTDIR}/startup.nsh - - Image ${rtvar:CMDLINE} + - Image dtb=fdt.dtb ${rtvar:CMDLINE} - EOF terminals: diff --git a/test/test.py b/test/test.py index d82294e..43258a4 100755 --- a/test/test.py +++ b/test/test.py @@ -21,8 +21,7 @@ ROOTFS = os.path.join(ASSETS, 'rootfs.ext4') CONFIGS = [ 'ns-preload.yaml', - 'ns-edk2-acpi.yaml', - 'ns-edk2-dt.yaml', + 'ns-edk2.yaml', ] -- GitLab From 429360d5c9867b7cb67f3f2a03568b8c691444d6 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Wed, 29 Mar 2023 15:01:37 +0100 Subject: [PATCH 4/5] test: refactor the test to supply list of tuples in the configs Refactor the test so that CONFIGS specifies a list of tuples with the second element being an optional dictionary of RTVARs. This helps to do ACPI boot test with ns-edk2.ymal which is default DT boot. We just need to have "acpi=false" in the command line for this test case. Signed-off-by: Ryan Roberts Signed-off-by: Sudeep Holla --- test/test.py | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/test/test.py b/test/test.py index 43258a4..cc324fd 100755 --- a/test/test.py +++ b/test/test.py @@ -20,8 +20,9 @@ ROOTFS = os.path.join(ASSETS, 'rootfs.ext4') CONFIGS = [ - 'ns-preload.yaml', - 'ns-edk2.yaml', + ('ns-preload.yaml', {}), + ('ns-edk2.yaml', {}), + ('ns-edk2.yaml', {'CMDLINE': '\"console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp acpi=force\"'}), ] @@ -146,10 +147,15 @@ def run_config(config, overlay=None, runargs=None, runtime=120): results.append(result) -def run_config_kern(config, kernel, rootfs, overlay=None, runtime=120): +def run_config_kern(config, kernel, rootfs, overlay=None, runtime=120, rtvars={}): kernel = f'-r KERNEL={kernel}' rootfs = f'-r ROOTFS={rootfs}' - run_config(config, overlay, f'{kernel} {rootfs}', runtime) + + rtcmds = '' + for k, v in rtvars.items(): + rtcmds += f'-r {k}={v}' + + run_config(config, overlay, f'{kernel} {rootfs} {rtcmds}', runtime) def run_config_bootwrap(config, bootwrap, rootfs, overlay=None, runtime=120): @@ -162,9 +168,9 @@ def do_main(smoke_test): arches = [ARCHES[-1]] if smoke_test else ARCHES for arch in arches: - build_configs(CONFIGS, arch) - for config in CONFIGS: - run_config_kern(config, KERNEL, ROOTFS, arch) + build_configs([c for c, r in CONFIGS], arch) + for config, rtvars in CONFIGS: + run_config_kern(config, KERNEL, ROOTFS, arch, rtvars=rtvars) for arch in arches: build_configs(['bootwrapper.yaml'], arch) -- GitLab From e85bd6c75f4c29ab7fc85ab1c4d52821f1aebaf9 Mon Sep 17 00:00:00 2001 From: Sudeep Holla Date: Mon, 6 Mar 2023 15:41:34 +0000 Subject: [PATCH 5/5] config: Add config for FF-A testing with TF-A test secure partitions(TFTF) Signed-off-by: Sudeep Holla --- config/ffa-tftf.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 config/ffa-tftf.yaml diff --git a/config/ffa-tftf.yaml b/config/ffa-tftf.yaml new file mode 100644 index 0000000..cc17f39 --- /dev/null +++ b/config/ffa-tftf.yaml @@ -0,0 +1,27 @@ +# Copyright (c) 2023, Arm Limited. +# SPDX-License-Identifier: MIT + +%YAML 1.2 +--- +description: >- + Brings together a software stack to demonstrate Arm FF-A running on FVP. + Includes TF-A in secure EL3, Hafnium in secure EL2 and some demo TF-A + test secure partitions. + +concrete: true + +layers: + - ns-edk2.yaml + - hafnium-base.yaml + - tftf-base.yaml + - arch/v8.5.yaml + +build: + tfa: + params: + BL33: ${artifact:EDK2} + SPD: spmd + SPMD_SPM_AT_SEL2: 1 + CTX_INCLUDE_EL2_REGS: 1 + SP_LAYOUT_FILE: ${artifact:SP_LAYOUT} + BL32: ${artifact:HAFNIUM} -- GitLab