From eef7e11f6f41088beaa4c91666b74240df621916 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Fri, 5 Jan 2024 12:24:45 +0000 Subject: [PATCH 01/12] config: cca-3world.yaml: Suppress MPAM warning Previously the FVP would emit a warning about MPAM when RME was enabled: WARNING: MPAM_NS is deprecated when RME is in use. Should use MPAM_SP Fix that with an incomprehensible FVP directive. Signed-off-by: Ryan Roberts --- config/cca-3world.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/cca-3world.yaml b/config/cca-3world.yaml index 711264a..04ce1a6 100644 --- a/config/cca-3world.yaml +++ b/config/cca-3world.yaml @@ -212,6 +212,10 @@ run: -C cluster0.rme_support_level: 2 -C cluster1.rme_support_level: 2 + # Suppress "WARNING: MPAM_NS is deprecated when RME is in use. Should use MPAM_SP" + -C cluster0.output_attributes: ExtendedID[62:55]=MPAM_PMG,ExtendedID[54:39]=MPAM_PARTID,ExtendedID[38:37]=MPAM_SP + -C cluster1.output_attributes: ExtendedID[62:55]=MPAM_PMG,ExtendedID[54:39]=MPAM_PARTID,ExtendedID[38:37]=MPAM_SP + # SME is not supported concurrently with CCA yet. -C SVE.ScalableVectorExtension.has_sme: 0 -- GitLab From 2231a18b27a1420a42b708be539933342fc938c9 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Fri, 5 Jan 2024 12:34:16 +0000 Subject: [PATCH 02/12] config: Update TFA to v2.10 Update TFA and associated, tightly coupled components (TFTF and Hafnium) to v2.10. TFA's feature system has been been reworked to allow runtime detection of (most) features. This is valuable for the FVP, where features can be enabled/disabled with high granularity, and simplifies the per-arch extension TFA directives that we have to carry in config/arch/vX.Y.yaml. TFA's intent was that it should be possible to configure (almost) all features as runtime-detected (the default for FVP platform) and everything would just work. However, this was found not to work as expected and I have instead had to explicitly set ARM_ARCH_MAJOR and ARM_ARCH_MINOR for each arch version (this was intended only for silicon). Setting these values cause TFA to compile-time enable all the mandatory features for that arch version, leaving all the optional features as runtime-detected. So in practice this fits the shrinkwrap model quite well; as long as the TFA arch version is in sync with the FVP arch version, we can then just enable optional features in the FVP as required and TFA will runtime-detect them. There are some rough edges though: - PAUTH cannot be runtime detected as the compiler needs to know about it, so we still explicitly set BRANCH_PROTECTION; its disabled until v8.3, where PAUTH becomes mandatory, so we set it to 2 (PAUTH only). Then at v8.5 where BTI becomes mandatory, we set BRANCH_PROTECTION to 1 (both PAUTH and BTI). - TFA can't handle a v9.X major/minor (presumably due to a broken makefile directive). So as a workaround, we always leave it set to the highest equivalent v8.X version. (e.g. 9.0 <- 8.5, 9.1 <- 8.6, etc). TFTF and Hafnium are also upgraded to 2.10 since they are released in lock-step with TFA. Signed-off-by: Ryan Roberts --- config/arch/v8.0.yaml | 2 ++ config/arch/v8.1.yaml | 1 + config/arch/v8.2.yaml | 3 +-- config/arch/v8.3.yaml | 3 ++- config/arch/v8.4.yaml | 1 + config/arch/v8.5.yaml | 2 +- config/arch/v8.6.yaml | 6 ++++++ config/arch/v8.7.yaml | 3 ++- config/arch/v8.8.yaml | 6 ++++++ config/arch/v8.9.yaml | 8 ++++++++ config/arch/v9.2.yaml | 6 ------ config/arch/v9.4.yaml | 2 ++ config/cca-3world.yaml | 19 +++++++------------ config/ffa-tftf.yaml | 1 - config/hafnium-base.yaml | 22 +++++++++++++++++++++- config/tfa-base.yaml | 2 +- config/tftf-base.yaml | 2 +- 17 files changed, 62 insertions(+), 27 deletions(-) diff --git a/config/arch/v8.0.yaml b/config/arch/v8.0.yaml index defaec3..4bc7db3 100644 --- a/config/arch/v8.0.yaml +++ b/config/arch/v8.0.yaml @@ -12,7 +12,9 @@ description: >- build: tfa: params: + ARM_ARCH_MAJOR: 8 ARM_ARCH_MINOR: 0 + BRANCH_PROTECTION: 0 run: params: diff --git a/config/arch/v8.1.yaml b/config/arch/v8.1.yaml index 3db5a1b..41e8752 100644 --- a/config/arch/v8.1.yaml +++ b/config/arch/v8.1.yaml @@ -15,6 +15,7 @@ layers: build: tfa: params: + ARM_ARCH_MAJOR: 8 ARM_ARCH_MINOR: 1 run: diff --git a/config/arch/v8.2.yaml b/config/arch/v8.2.yaml index 126bd81..ecaec2d 100644 --- a/config/arch/v8.2.yaml +++ b/config/arch/v8.2.yaml @@ -15,9 +15,8 @@ layers: build: tfa: params: + ARM_ARCH_MAJOR: 8 ARM_ARCH_MINOR: 2 - ENABLE_SVE_FOR_NS: 1 - ENABLE_SVE_FOR_SWD: 1 run: params: diff --git a/config/arch/v8.3.yaml b/config/arch/v8.3.yaml index 3298d7f..8cf0008 100644 --- a/config/arch/v8.3.yaml +++ b/config/arch/v8.3.yaml @@ -15,8 +15,9 @@ layers: build: tfa: params: + ARM_ARCH_MAJOR: 8 ARM_ARCH_MINOR: 3 - CTX_INCLUDE_PAUTH_REGS: 1 + BRANCH_PROTECTION: 2 run: params: diff --git a/config/arch/v8.4.yaml b/config/arch/v8.4.yaml index b68eb5e..067bd19 100644 --- a/config/arch/v8.4.yaml +++ b/config/arch/v8.4.yaml @@ -15,6 +15,7 @@ layers: build: tfa: params: + ARM_ARCH_MAJOR: 8 ARM_ARCH_MINOR: 4 run: diff --git a/config/arch/v8.5.yaml b/config/arch/v8.5.yaml index 6a6b058..11d8855 100644 --- a/config/arch/v8.5.yaml +++ b/config/arch/v8.5.yaml @@ -15,9 +15,9 @@ layers: build: tfa: params: + ARM_ARCH_MAJOR: 8 ARM_ARCH_MINOR: 5 BRANCH_PROTECTION: 1 - CTX_INCLUDE_MTE_REGS: 1 run: params: diff --git a/config/arch/v8.6.yaml b/config/arch/v8.6.yaml index e6eb503..4607165 100644 --- a/config/arch/v8.6.yaml +++ b/config/arch/v8.6.yaml @@ -12,6 +12,12 @@ description: >- layers: - arch/v8.5.yaml +build: + tfa: + params: + ARM_ARCH_MAJOR: 8 + ARM_ARCH_MINOR: 6 + run: params: -C cluster0.has_arm_v8-6: 1 diff --git a/config/arch/v8.7.yaml b/config/arch/v8.7.yaml index c5f4f5a..7dc281a 100644 --- a/config/arch/v8.7.yaml +++ b/config/arch/v8.7.yaml @@ -15,7 +15,8 @@ layers: build: tfa: params: - ENABLE_FEAT_HCX: 1 + ARM_ARCH_MAJOR: 8 + ARM_ARCH_MINOR: 7 run: params: diff --git a/config/arch/v8.8.yaml b/config/arch/v8.8.yaml index 04d0ace..921e4df 100644 --- a/config/arch/v8.8.yaml +++ b/config/arch/v8.8.yaml @@ -12,6 +12,12 @@ description: >- layers: - arch/v8.7.yaml +build: + tfa: + params: + ARM_ARCH_MAJOR: 8 + ARM_ARCH_MINOR: 8 + run: params: -C cluster0.has_arm_v8-8: 1 diff --git a/config/arch/v8.9.yaml b/config/arch/v8.9.yaml index 8651ebf..82838e2 100644 --- a/config/arch/v8.9.yaml +++ b/config/arch/v8.9.yaml @@ -12,6 +12,12 @@ description: >- layers: - arch/v8.8.yaml +build: + tfa: + params: + ARM_ARCH_MAJOR: 8 + ARM_ARCH_MINOR: 9 + run: params: -C cluster0.has_arm_v8-9: 1 @@ -24,3 +30,5 @@ run: -C cluster1.has_permission_overlay_s1: 1 -C cluster0.has_permission_overlay_s2: 1 -C cluster1.has_permission_overlay_s2: 1 + -C cluster0.memory_tagging_support_level: 4 # FEAT_MTE4 is mandatory from Armv8.9 when FEAT_MTE2 is implemented. + -C cluster1.memory_tagging_support_level: 4 diff --git a/config/arch/v9.2.yaml b/config/arch/v9.2.yaml index 33abd8e..f00fb2e 100644 --- a/config/arch/v9.2.yaml +++ b/config/arch/v9.2.yaml @@ -13,12 +13,6 @@ layers: - arch/v8.7.yaml - arch/v9.1.yaml -build: - tfa: - params: - ENABLE_SME_FOR_NS: 1 - ENABLE_SME_FOR_SWD: 1 - run: params: -C cluster0.has_arm_v9-2: 1 diff --git a/config/arch/v9.4.yaml b/config/arch/v9.4.yaml index c29d4e4..1b0baed 100644 --- a/config/arch/v9.4.yaml +++ b/config/arch/v9.4.yaml @@ -19,3 +19,5 @@ run: -C cluster1.has_arm_v9-4: 1 -C cluster0.has_gcs: 1 -C cluster1.has_gcs: 1 + -C cluster0.memory_tagging_support_level: 4 # FEAT_MTE4 is mandatory from Armv8.9 when FEAT_MTE2 is implemented. Due to the layers, 8.8 ends up on top of 8.9 so we have to override again. + -C cluster1.memory_tagging_support_level: 4 diff --git a/config/cca-3world.yaml b/config/cca-3world.yaml index 04ce1a6..de53284 100644 --- a/config/cca-3world.yaml +++ b/config/cca-3world.yaml @@ -77,17 +77,8 @@ build: params: ENABLE_RME: 1 RMM: ${artifact:RMM} - CTX_INCLUDE_EL2_REGS: 1 FVP_HW_CONFIG: ${artifact:DTB} - # SME is not supported concurrently with CCA yet. - ENABLE_SME_FOR_NS: 0 - ENABLE_SME_FOR_SWD: 0 - ENABLE_FEAT_HCX: 0 - - # MTE is not supported by RMM yet. - CTX_INCLUDE_MTE_REGS: 0 - edk2: repo: edk2-platforms: @@ -216,9 +207,6 @@ run: -C cluster0.output_attributes: ExtendedID[62:55]=MPAM_PMG,ExtendedID[54:39]=MPAM_PARTID,ExtendedID[38:37]=MPAM_SP -C cluster1.output_attributes: ExtendedID[62:55]=MPAM_PMG,ExtendedID[54:39]=MPAM_PARTID,ExtendedID[38:37]=MPAM_SP - # SME is not supported concurrently with CCA yet. - -C SVE.ScalableVectorExtension.has_sme: 0 - # MTE is not supported by RMM yet. -C cluster0.memory_tagging_support_level: 0 -C cluster1.memory_tagging_support_level: 0 @@ -228,6 +216,13 @@ run: -C pci.pci_smmuv3.mmu.SMMU_ROOT_IIDR: 0x43B -C pci.pci_smmuv3.mmu.root_register_page_offset: 0x20000 + # Enable FEAT_CSV2_2, which is optional. But TFA 2.10 force-enables it when + # ENABLE_RME=1 so if it's not there we see an exception. + -C cluster0.restriction_on_speculative_execution: 2 + -C cluster1.restriction_on_speculative_execution: 2 + -C cluster0.restriction_on_speculative_execution_aarch32: 2 + -C cluster1.restriction_on_speculative_execution_aarch32: 2 + terminals: bp.terminal_3: friendly: rmm diff --git a/config/ffa-tftf.yaml b/config/ffa-tftf.yaml index cc17f39..7c69388 100644 --- a/config/ffa-tftf.yaml +++ b/config/ffa-tftf.yaml @@ -22,6 +22,5 @@ build: BL33: ${artifact:EDK2} SPD: spmd SPMD_SPM_AT_SEL2: 1 - CTX_INCLUDE_EL2_REGS: 1 SP_LAYOUT_FILE: ${artifact:SP_LAYOUT} BL32: ${artifact:HAFNIUM} diff --git a/config/hafnium-base.yaml b/config/hafnium-base.yaml index 77a076e..3f98e6b 100644 --- a/config/hafnium-base.yaml +++ b/config/hafnium-base.yaml @@ -10,10 +10,11 @@ build: hafnium: repo: remote: https://git.trustedfirmware.org/hafnium/hafnium.git - revision: v2.9 + revision: v2.10 params: PROJECT: reference + PLATFORM: secure_aem_v8a_fvp_vhe build: # Hafnium doesn't provide a mechanism to forward number of jobs to ninja, @@ -23,3 +24,22 @@ build: artifacts: HAFNIUM: ${param:builddir}/secure_aem_v8a_fvp_vhe_clang/hafnium.bin + + tfa: + params: + # Although TFA is now able to detect most features dynamically, there are + # still a few, which are required by Hafnium, which it can't. Given these + # are hard requirements for Hafnium, define them here. + GIC_EXT_INTID: 1 + CTX_INCLUDE_MTE_REGS: 1 + ENABLE_SVE_FOR_SWD: 1 + +run: + params: + # Hafnium requires extended gic support, so define these here to show they + # are tightly coupled. + -C gic_distributor.ARE-fixed-to-one: 1 + -C gic_distributor.extended-ppi-count: 64 + -C gic_distributor.extended-spi-count: 1024 + -C cluster0.gicv3.extended-interrupt-range-support: 1 + -C cluster1.gicv3.extended-interrupt-range-support: 1 diff --git a/config/tfa-base.yaml b/config/tfa-base.yaml index 1728ee5..4a12a39 100644 --- a/config/tfa-base.yaml +++ b/config/tfa-base.yaml @@ -11,7 +11,7 @@ build: tfa: repo: remote: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git - revision: v2.9.0 + revision: v2.10 toolchain: aarch64-none-elf- diff --git a/config/tftf-base.yaml b/config/tftf-base.yaml index f5fcfbb..c508dda 100644 --- a/config/tftf-base.yaml +++ b/config/tftf-base.yaml @@ -12,7 +12,7 @@ build: tftf: repo: remote: https://git.trustedfirmware.org/TF-A/tf-a-tests.git - revision: v2.9 + revision: v2.10 toolchain: aarch64-none-elf- -- GitLab From 98b4fceed4d71733d03d2baa741519796f37801a Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Fri, 5 Jan 2024 12:56:29 +0000 Subject: [PATCH 03/12] config: Update cca-3world.yaml for rmm-v1.0-eac5 release This updates the CCA components to use the rmm-v1.0-eac5 spec version. RMM is updated to 0.4, and edk2, linux, kvmtool and kvm-unit-tests are all updated to the required compatible tag. No new functionality is exposed so build/run instructions remain unchanged. Signed-off-by: Ryan Roberts --- config/cca-3world.yaml | 15 +++++++++------ config/rmm-base.yaml | 2 +- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/config/cca-3world.yaml b/config/cca-3world.yaml index de53284..2b7695c 100644 --- a/config/cca-3world.yaml +++ b/config/cca-3world.yaml @@ -81,14 +81,17 @@ build: edk2: repo: + edk2: + remote: https://git.gitlab.arm.com/linux-arm/edk2-cca.git + revision: 2802_arm_cca_rmm-v1.0-eac5 edk2-platforms: - # Contains change to carve out 64MB for RMM. - revision: 310d31231d69c378ff85d253477d830913b77739 + remote: https://git.gitlab.arm.com/linux-arm/edk2-platforms-cca.git + revision: 2802_arm_cca_rmm-v1.0-eac5 linux: repo: remote: https://git.gitlab.arm.com/linux-arm/linux-cca.git - revision: cca-full/rfc-v1 + revision: cca-full/rmm-v1.0-eac5 kvmtool: repo: @@ -96,12 +99,12 @@ build: revision: v1.6.1 kvmtool: remote: https://gitlab.arm.com/linux-arm/kvmtool-cca - revision: cca/rfc-v1 + revision: cca/rmm-v1.0-eac5 kvm-unit-tests: repo: remote: https://gitlab.arm.com/linux-arm/kvm-unit-tests-cca - revision: cca/rfc-v1 + revision: cca/rmm-v1.0-eac5 toolchain: aarch64-linux-gnu- @@ -125,7 +128,7 @@ build: repo: edk2: remote: https://git.gitlab.arm.com/linux-arm/edk2-cca.git - revision: 2595_arm_cca_0abet0_rfc_v1 + revision: 2802_arm_cca_rmm-v1.0-eac5 toolchain: aarch64-none-elf- diff --git a/config/rmm-base.yaml b/config/rmm-base.yaml index d9d03e4..6b7da94 100644 --- a/config/rmm-base.yaml +++ b/config/rmm-base.yaml @@ -7,7 +7,7 @@ build: rmm: repo: remote: https://git.trustedfirmware.org/TF-RMM/tf-rmm.git - revision: tf-rmm-v0.3.0 + revision: tf-rmm-v0.4.0 toolchain: aarch64-none-elf- -- GitLab From 6f3eb4fb82a3c5a4bd939707b7f24b258cc90ee3 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Fri, 5 Jan 2024 12:54:41 +0000 Subject: [PATCH 04/12] config: Add overlay for v9.5 architecture version Only the mandatory features are enabled currently. Signed-off-by: Ryan Roberts --- config/arch/v9.5.yaml | 18 ++++++++++++++++++ test/test.py | 1 + 2 files changed, 19 insertions(+) create mode 100644 config/arch/v9.5.yaml diff --git a/config/arch/v9.5.yaml b/config/arch/v9.5.yaml new file mode 100644 index 0000000..789e64f --- /dev/null +++ b/config/arch/v9.5.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2023, Arm Limited. +# SPDX-License-Identifier: MIT + +%YAML 1.2 +--- +description: >- + Implements all mandatory requirements and features as well as a sensible + selection of optional ones for the Armv9.5 architecture extension within the + Base_RevC-2xAEMvA FVP. Intended for use as an overlay to + FVP_Base_RevC-2xAEMvA-base.yaml. + +layers: + - arch/v9.4.yaml + +run: + params: + -C cluster0.has_arm_v9-5: 1 + -C cluster1.has_arm_v9-5: 1 diff --git a/test/test.py b/test/test.py index a4f66b9..bdea0c9 100755 --- a/test/test.py +++ b/test/test.py @@ -56,6 +56,7 @@ ARCHES = [ 'arch/v9.2.yaml', 'arch/v9.3.yaml', 'arch/v9.4.yaml', + 'arch/v9.5.yaml', ] -- GitLab From e97f6deb386dae43285d3f2b12e747a186fae062 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Fri, 5 Jan 2024 13:21:30 +0000 Subject: [PATCH 05/12] config: Update default Linux version to v6.6 Signed-off-by: Ryan Roberts --- config/dt-base.yaml | 2 +- config/linux-base.yaml | 2 +- test/assets/genassets.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/dt-base.yaml b/config/dt-base.yaml index 095930c..c26bffc 100644 --- a/config/dt-base.yaml +++ b/config/dt-base.yaml @@ -15,7 +15,7 @@ build: dt: repo: remote: git://git.kernel.org/pub/scm/linux/kernel/git/devicetree/devicetree-rebasing.git - revision: v6.1-dts + revision: v6.6-dts toolchain: aarch64-none-elf- diff --git a/config/linux-base.yaml b/config/linux-base.yaml index 40358c0..047e640 100644 --- a/config/linux-base.yaml +++ b/config/linux-base.yaml @@ -22,7 +22,7 @@ build: linux: repo: remote: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git - revision: v6.1 + revision: v6.6 toolchain: aarch64-linux-gnu- diff --git a/test/assets/genassets.sh b/test/assets/genassets.sh index df1fbc9..35373f0 100755 --- a/test/assets/genassets.sh +++ b/test/assets/genassets.sh @@ -49,7 +49,7 @@ cd - # Build Linux defconfig. git clone https://github.com/torvalds/linux.git cd linux -git checkout v6.0 +git checkout v6.6 make defconfig make -j`nproc` Image arm/fvp-base-revc.dtb cp arch/arm64/boot/Image ${ASSETS_DIR}/. -- GitLab From ede2ff7c94747090790e81834dba1f0d1b2f1de4 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Fri, 5 Jan 2024 13:32:36 +0000 Subject: [PATCH 06/12] config: Update edk2 to edk2-stable202311 Also update associated acpica to R06_28_23, and update edk-platforms to a nearby sha (edk-platforms doesn't do releases or tags). Signed-off-by: Ryan Roberts --- config/edk2-base.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/edk2-base.yaml b/config/edk2-base.yaml index fcddd91..1fda602 100644 --- a/config/edk2-base.yaml +++ b/config/edk2-base.yaml @@ -12,7 +12,7 @@ build: acpica: repo: remote: https://github.com/acpica/acpica.git - revision: R10_20_22 + revision: R06_28_23 build: - rm -rf ${param:sourcedir}/generate/unix/acpica @@ -29,10 +29,10 @@ build: repo: edk2: remote: https://github.com/tianocore/edk2.git - revision: edk2-stable202211 + revision: edk2-stable202311 edk2-platforms: remote: https://github.com/tianocore/edk2-platforms.git - revision: 20e07099d8f11889d101dd710ca85001be20e179 + revision: 4b07df2e6f3813c6e955197dacb2cdfbe3471caa toolchain: aarch64-none-elf- -- GitLab From 414aceca1a46c2f7f3c6b884189016204bb54f8a Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Sun, 7 Jan 2024 07:57:37 +0000 Subject: [PATCH 07/12] docker: Update images to use latest component versions Base image is updated to Debian Bookworm (which means the GNU/Linux toolchain is now 12.2), FVP is updated to 11.24_11 and the GNU/None toolchain is updated to 13.2. Bookworm no lonfer allows installing pip packages as system packages, so we set up a venv at /pyvenv and add it to the path so all pip packages end up there. Bookworm no longer has the "netcat" package so switch to "netcat-openbsd", which the Bullseye "netcat" package was an alias for anyway. Signed-off-by: Ryan Roberts --- docker/Dockerfile.slim | 11 ++++++++++- docker/build.sh | 30 +++++++++++++++--------------- 2 files changed, 25 insertions(+), 16 deletions(-) diff --git a/docker/Dockerfile.slim b/docker/Dockerfile.slim index c023fdd..6e6a5ca 100644 --- a/docker/Dockerfile.slim +++ b/docker/Dockerfile.slim @@ -13,6 +13,15 @@ RUN apt-get update \ && (timeout --signal=KILL 10s auto-apt-proxy \ || apt-get purge --quiet --assume-yes auto-apt-proxy) +# Explicitly install Python and create a venv for pip packages, since Debian +# does not allow us to install pip packages system-wide. +RUN apt-get install --assume-yes --no-install-recommends --option=debug::pkgProblemResolver=yes \ + python3 \ + python3-pip \ + python3-venv +RUN python3 -m venv /pyvenv +ENV PATH="/pyvenv/bin:${PATH}" + # We now install packages required by all the FW components that Shrinkwrap # supports building. Often there are overlapping components, but we (re)specify # them for each component in order to keep track of who needs what. @@ -96,7 +105,7 @@ RUN apt-get install --assume-yes --no-install-recommends --option=debug::pkgProb libusb-1.0-0-dev \ make \ mtools \ - netcat \ + netcat-openbsd \ ninja-build \ python3-cryptography \ python3-pip \ diff --git a/docker/build.sh b/docker/build.sh index aa02813..528f772 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -31,32 +31,32 @@ REGISTRY=shrinkwraptool # Configure the arch-specific variables which are passed to the Dockerfile. if [ "${ARCH}" == "x86_64" ]; then - TCH_PKG_URL_AARCH64=https://developer.arm.com/-/media/Files/downloads/gnu/11.3.rel1/binrel - TCH_PKG_NAME_AARCH64=arm-gnu-toolchain-11.3.rel1-x86_64-aarch64-none-elf.tar.xz - TCH_PATH_AARCH64=arm-gnu-toolchain-11.3.rel1-x86_64-aarch64-none-elf/bin + TCH_PKG_URL_AARCH64=https://developer.arm.com/-/media/Files/downloads/gnu/13.2.rel1/binrel + TCH_PKG_NAME_AARCH64=arm-gnu-toolchain-13.2.rel1-x86_64-aarch64-none-elf.tar.xz + TCH_PATH_AARCH64=arm-gnu-toolchain-13.2.Rel1-x86_64-aarch64-none-elf/bin TCH_LLVM_PKG_URL=https://github.com/llvm/llvm-project/releases/download/llvmorg-15.0.6 TCH_LLVM_PKG_NAME=clang+llvm-15.0.6-x86_64-linux-gnu-ubuntu-18.04.tar.xz TCH_LLVM_PATH=clang+llvm-15.0.6-x86_64-linux-gnu-ubuntu-18.04/bin - TCH_PKG_URL_AARCH32=https://developer.arm.com/-/media/Files/downloads/gnu/11.3.rel1/binrel - TCH_PKG_NAME_AARCH32=arm-gnu-toolchain-11.3.rel1-x86_64-arm-none-eabi.tar.xz - TCH_PATH_AARCH32=arm-gnu-toolchain-11.3.rel1-x86_64-arm-none-eabi/bin + TCH_PKG_URL_AARCH32=https://developer.arm.com/-/media/Files/downloads/gnu/13.2.rel1/binrel + TCH_PKG_NAME_AARCH32=arm-gnu-toolchain-13.2.rel1-x86_64-arm-none-eabi.tar.xz + TCH_PATH_AARCH32=arm-gnu-toolchain-13.2.Rel1-x86_64-arm-none-eabi/bin FVP_PKG_URL=https://developer.arm.com/-/media/Files/downloads/ecosystem-models - FVP_PKG_NAME=FVP_Base_RevC-2xAEMvA_11.23_9_Linux64.tgz + FVP_PKG_NAME=FVP_Base_RevC-2xAEMvA_11.24_11_Linux64.tgz FVP_MODEL_DIR=Base_RevC_AEMvA_pkg/models/Linux64_GCC-9.3 FVP_PLUGIN_DIR=Base_RevC_AEMvA_pkg/plugins/Linux64_GCC-9.3 # ARCH is "aarch64" on Ubuntu, or "arm" on Mac OS elif [ "${ARCH}" == "aarch64" ] || [ "${ARCH}" == "arm" ]; then - TCH_PKG_URL_AARCH64=https://developer.arm.com/-/media/Files/downloads/gnu/11.3.rel1/binrel - TCH_PKG_NAME_AARCH64=arm-gnu-toolchain-11.3.rel1-aarch64-aarch64-none-elf.tar.xz - TCH_PATH_AARCH64=arm-gnu-toolchain-11.3.rel1-aarch64-aarch64-none-elf/bin + TCH_PKG_URL_AARCH64=https://developer.arm.com/-/media/Files/downloads/gnu/13.2.rel1/binrel + TCH_PKG_NAME_AARCH64=arm-gnu-toolchain-13.2.rel1-aarch64-aarch64-none-elf.tar.xz + TCH_PATH_AARCH64=arm-gnu-toolchain-13.2.Rel1-aarch64-aarch64-none-elf/bin TCH_LLVM_PKG_URL=https://github.com/llvm/llvm-project/releases/download/llvmorg-15.0.6 TCH_LLVM_PKG_NAME=clang+llvm-15.0.6-aarch64-linux-gnu.tar.xz TCH_LLVM_PATH=clang+llvm-15.0.6-aarch64-linux-gnu/bin - TCH_PKG_URL_AARCH32=https://developer.arm.com/-/media/Files/downloads/gnu/11.3.rel1/binrel - TCH_PKG_NAME_AARCH32=arm-gnu-toolchain-11.3.rel1-aarch64-arm-none-eabi.tar.xz - TCH_PATH_AARCH32=arm-gnu-toolchain-11.3.rel1-aarch64-arm-none-eabi/bin + TCH_PKG_URL_AARCH32=https://developer.arm.com/-/media/Files/downloads/gnu/13.2.rel1/binrel + TCH_PKG_NAME_AARCH32=arm-gnu-toolchain-13.2.rel1-aarch64-arm-none-eabi.tar.xz + TCH_PATH_AARCH32=arm-gnu-toolchain-13.2.Rel1-aarch64-arm-none-eabi/bin FVP_PKG_URL=https://developer.arm.com/-/media/Files/downloads/ecosystem-models - FVP_PKG_NAME=FVP_Base_RevC-2xAEMvA_11.23_9_Linux64_armv8l.tgz + FVP_PKG_NAME=FVP_Base_RevC-2xAEMvA_11.24_11_Linux64_armv8l.tgz FVP_MODEL_DIR=Base_RevC_AEMvA_pkg/models/Linux64_armv8l_GCC-9.3 FVP_PLUGIN_DIR=Base_RevC_AEMvA_pkg/plugins/Linux64_armv8l_GCC-9.3 else @@ -72,7 +72,7 @@ wget -q -O ${TCH_LLVM_PKG_NAME} ${TCH_LLVM_PKG_URL}/${TCH_LLVM_PKG_NAME} wget -q -O ${TCH_PKG_NAME_AARCH32} ${TCH_PKG_URL_AARCH32}/${TCH_PKG_NAME_AARCH32} wget -q -O ${FVP_PKG_NAME} ${FVP_PKG_URL}/${FVP_PKG_NAME} docker build \ - --build-arg=BASE=docker.io/library/debian:bullseye-slim \ + --build-arg=BASE=docker.io/library/debian:bookworm-slim \ --build-arg=TCH_PKG_NAME_AARCH64=${TCH_PKG_NAME_AARCH64} \ --build-arg=TCH_PATH_AARCH64=${TCH_PATH_AARCH64} \ --file=Dockerfile.slim \ -- GitLab From 4df66bef61aa5df626cf5d3e6c7465b6cd6cc397 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Mon, 8 Jan 2024 09:36:01 +0000 Subject: [PATCH 08/12] docs: Re-autogenerate cca documentation Re-autogenerate the cca-3world.yaml and cca-4world.yaml rst files to update the modified CMDLINE rtvar. This was changed a while back, but the docs were not regenerated. Signed-off-by: Ryan Roberts --- documentation/_scripts/genconfigstore.py | 2 +- .../userguide/configstore/cca-3world.rst | 8 +++---- .../userguide/configstore/cca-4world.rst | 24 +++++++++---------- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/documentation/_scripts/genconfigstore.py b/documentation/_scripts/genconfigstore.py index 6dbe90e..e8e32b0 100755 --- a/documentation/_scripts/genconfigstore.py +++ b/documentation/_scripts/genconfigstore.py @@ -97,7 +97,7 @@ cfgs_raw = subprocess.run('shrinkwrap inspect --json', cfgs = json.loads(cfgs_raw) -docsdir = os.path.dirname(os.path.dirname(__file__)) +docsdir = os.path.dirname(os.path.dirname(os.path.dirname(__file__))) docsdir = os.path.join(docsdir, 'userguide', 'configstore') with open(os.path.join(docsdir, 'index.rst'), 'w') as indexf: diff --git a/documentation/userguide/configstore/cca-3world.rst b/documentation/userguide/configstore/cca-3world.rst index 358ae00..9a22138 100644 --- a/documentation/userguide/configstore/cca-3world.rst +++ b/documentation/userguide/configstore/cca-3world.rst @@ -79,16 +79,16 @@ GUEST_ROOTFS Run-Time Variables ################## -============== ====================================================================== +============== =============================================================== rtvar default -============== ====================================================================== +============== =============================================================== LOCAL_NET_PORT 8022 BL1 ${artifact:BL1} FIP ${artifact:FIP} DTB ${artifact:DTB} -CMDLINE mem=1G console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp +CMDLINE console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp KERNEL ${artifact:KERNEL} ROOTFS EDK2FLASH ${artifact:EDK2FLASH} -============== ====================================================================== +============== =============================================================== diff --git a/documentation/userguide/configstore/cca-4world.rst b/documentation/userguide/configstore/cca-4world.rst index 776c13d..0fd6a1d 100644 --- a/documentation/userguide/configstore/cca-4world.rst +++ b/documentation/userguide/configstore/cca-4world.rst @@ -29,16 +29,16 @@ GUEST_ROOTFS Run-Time Variables ################## -============== ====================================================================== -rtvar default -============== ====================================================================== -LOCAL_NET_PORT 8022 -BL1 ${artifact:BL1} -FIP ${artifact:FIP} -DTB ${artifact:DTB} -CMDLINE mem=1G console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp -KERNEL ${artifact:KERNEL} -ROOTFS -EDK2FLASH ${artifact:EDK2FLASH} -============== ====================================================================== +============== =============================================================== +rtvar default +============== =============================================================== +LOCAL_NET_PORT 8022 +BL1 ${artifact:BL1} +FIP ${artifact:FIP} +DTB ${artifact:DTB} +CMDLINE console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp +KERNEL ${artifact:KERNEL} +ROOTFS +EDK2FLASH ${artifact:EDK2FLASH} +============== =============================================================== -- GitLab From 12590db1d236770f6d531462728f69ccc300b463 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Mon, 8 Jan 2024 14:01:39 +0000 Subject: [PATCH 09/12] test: Refactor test.py for fine-graned arch overlays Refactor test.py so that the CONFIGS table contains a range of arches for which the config should be tested. This allows the future addition of configs that only work from a given starting arch version, for example. As part of this work move all the rtvars into the CONFIGS table so that we no longer need to special case bootwrapper.yaml. This means it can be built in parallel and speeds up the testing. For now, cca configs remain special-cased, since they don't take an arch overlay; they are fixed. Signed-off-by: Ryan Roberts --- test/test.py | 117 ++++++++++++++++++++++++++++++--------------------- 1 file changed, 68 insertions(+), 49 deletions(-) diff --git a/test/test.py b/test/test.py index bdea0c9..19bfde0 100755 --- a/test/test.py +++ b/test/test.py @@ -6,6 +6,7 @@ import argparse import json import os +import re import subprocess import tempfile import yaml @@ -21,46 +22,75 @@ BOOTWRAPPER = os.path.join(ASSETS, 'linux-system.axf') ROOTFS = os.path.join(ASSETS, 'rootfs.ext4') +ARCH_LATEST = 'v9.5' CONFIGS = [ { 'config': 'ns-preload.yaml', 'btvars': {}, - 'rtvars': {}, + 'rtvars': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS}, + 'arch': {'start': 'v8.0', 'end': ARCH_LATEST}, }, { 'config': 'ns-edk2.yaml', 'btvars': {}, - 'rtvars': {}, + 'rtvars': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS}, + 'arch': {'start': 'v8.0', 'end': ARCH_LATEST}, }, { 'config': 'ns-edk2.yaml', 'btvars': {}, - 'rtvars': {'CMDLINE': '\"console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp acpi=force\"'}, + 'rtvars': { + 'KERNEL': KERNEL, + 'ROOTFS': ROOTFS, + 'CMDLINE': '\"console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp acpi=force\"' + }, + 'arch': {'start': 'v8.0', 'end': ARCH_LATEST}, + }, + { + 'config': 'bootwrapper.yaml', + 'btvars': {}, + 'rtvars': {'BOOTWRAPPER': BOOTWRAPPER, 'ROOTFS': ROOTFS}, + 'arch': {'start': 'v8.0', 'end': ARCH_LATEST}, }, ] -ARCHES = [ - 'arch/v8.0.yaml', - 'arch/v8.1.yaml', - 'arch/v8.2.yaml', - 'arch/v8.3.yaml', - 'arch/v8.4.yaml', - 'arch/v8.5.yaml', - 'arch/v8.6.yaml', - 'arch/v8.7.yaml', - 'arch/v8.8.yaml', - 'arch/v8.9.yaml', - 'arch/v9.0.yaml', - 'arch/v9.1.yaml', - 'arch/v9.2.yaml', - 'arch/v9.3.yaml', - 'arch/v9.4.yaml', - 'arch/v9.5.yaml', -] +results = [] +arch_regex = re.compile(r"^v(\d+\.\d)$") -results = [] +def arch_range(start, end): + """ + Given a start and end version string (in format "vX.Y"), yields all + version strings between start and end, inclusive of both start and end. + """ + match_s = arch_regex.match(start) + match_e = arch_regex.match(end) + + start = int(float(match_s.group(1)) * 10) + end = int(float(match_e.group(1)) * 10) + + for version in range(start, end + 1): + major = version // 10 + minor = version - major * 10 + yield f'v{major}.{minor}' + + +def arch_in_range(arch, start, end): + """ + Given an arch version and a start and end version string (all in format + "vX.Y"), returns true if arch is within the range, inclusive of both + start and end. + """ + match_a = arch_regex.match(arch) + match_s = arch_regex.match(start) + match_e = arch_regex.match(end) + + arch = float(match_a.group(1)) + start = float(match_s.group(1)) + end = float(match_e.group(1)) + + return start <= arch and arch <= end def print_result(r): @@ -186,47 +216,36 @@ def run_config(config, overlay=None, runargs=None, runtime=600): results.append(result) -def run_config_kern(config, kernel, rootfs, overlay=None, runtime=600, rtvars={}): - kernel = f'-r KERNEL={kernel}' - rootfs = f'-r ROOTFS={rootfs}' - - rtcmds = '' - for k, v in rtvars.items(): - rtcmds += f'-r {k}={v}' - - run_config(config, overlay, f'{kernel} {rootfs} {rtcmds}', runtime) - - -def run_config_bootwrap(config, bootwrap, rootfs, overlay=None, runtime=600): - bootwrap = f'-r BOOTWRAPPER={bootwrap}' - rootfs = f'-r ROOTFS={rootfs}' - run_config(config, overlay, f'{bootwrap} {rootfs}', runtime) +def make_rtcmds(rtvars): + return ' '.join([f'-r {k}={v}' for k, v in rtvars.items()]) def do_main(smoke_test): - arches = [ARCHES[-1]] if smoke_test else ARCHES + if smoke_test: + arches = set([c['arch']['end'] for c in CONFIGS]) + else: + arches = list(arch_range('v8.0', ARCH_LATEST)) for arch in arches: - configs = [c['config'] for c in CONFIGS] - btvarss = [c['btvars'] for c in CONFIGS] - rtvarss = [c['rtvars'] for c in CONFIGS] - build_configs(configs, arch, btvarss=btvarss) + configs = [c['config'] for c in CONFIGS if arch_in_range(arch, c['arch']['end'] if smoke_test else c['arch']['start'], c['arch']['end'])] + btvarss = [c['btvars'] for c in CONFIGS if arch_in_range(arch, c['arch']['end'] if smoke_test else c['arch']['start'], c['arch']['end'])] + rtvarss = [c['rtvars'] for c in CONFIGS if arch_in_range(arch, c['arch']['end'] if smoke_test else c['arch']['start'], c['arch']['end'])] + if len(configs) == 0: + continue + build_configs(configs, f'arch/{arch}.yaml', btvarss=btvarss) for config, rtvars in zip(configs, rtvarss): - run_config_kern(config, KERNEL, ROOTFS, arch, rtvars=rtvars) - - for arch in arches: - build_configs(['bootwrapper.yaml'], arch) - run_config_bootwrap('bootwrapper.yaml', BOOTWRAPPER, ROOTFS, arch) + run_config(config, f'arch/{arch}.yaml', make_rtcmds(rtvars)) + # Special-case configs that don't support arch overrides. build_configs(['cca-3world.yaml', 'cca-4world.yaml'], btvarss=[ {'GUEST_ROOTFS': ROOTFS}, {'GUEST_ROOTFS': ROOTFS} ]) - run_config_kern('cca-3world.yaml', KERNEL, ROOTFS) + run_config('cca-3world.yaml', None, make_rtcmds({'KERNEL': KERNEL, 'ROOTFS': ROOTFS})) # TODO: Disabled due to Hafnium requiring MTE but RMM does not support # it. Reenable when Hafnium fixed to remove dependency. - # run_config_kern('cca-4world.yaml', KERNEL, ROOTFS) + # run_config('cca-4world.yaml', None, make_rtcmds({'KERNEL': KERNEL, 'ROOTFS': ROOTFS})) print_results() -- GitLab From 9fb3dc45909f01efdbe80efd4eeb4f8eae9c371f Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Mon, 8 Jan 2024 14:06:20 +0000 Subject: [PATCH 10/12] test: Add tests for ffa-tftf.yaml Add build/boot tests for this config, which is only supported from arch v8.5 onwards. There is currently a suspected TFA issue that prevents this config working above v8.7 so clamp it to that range of architectures. Signed-off-by: Ryan Roberts --- test/test.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/test/test.py b/test/test.py index 19bfde0..a55d322 100755 --- a/test/test.py +++ b/test/test.py @@ -46,6 +46,22 @@ CONFIGS = [ }, 'arch': {'start': 'v8.0', 'end': ARCH_LATEST}, }, + { + 'config': 'ffa-tftf.yaml', + 'btvars': {}, + 'rtvars': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS}, + 'arch': {'start': 'v8.5', 'end': 'v8.7'}, # BL2 freezes from v8.8. Haven't traced root cause yet. + }, + { + 'config': 'ffa-tftf.yaml', + 'btvars': {}, + 'rtvars': { + 'KERNEL': KERNEL, + 'ROOTFS': ROOTFS, + 'CMDLINE': '\"console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp acpi=force\"' + }, + 'arch': {'start': 'v8.5', 'end': 'v8.7'}, # BL2 freezes from v8.8. Haven't traced root cause yet. + }, { 'config': 'bootwrapper.yaml', 'btvars': {}, -- GitLab From a37f5a6a5e3ce7a152c389b4a652a5f428086020 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Tue, 9 Jan 2024 09:00:31 +0000 Subject: [PATCH 11/12] config: Add debug overlays for tfa and rmm By default, the release builds are used for both tfa and rmm. In some circumstances it is useful to use the debug builds though. Add some overlays for convenience to do this switch. Users can now do e.g.: $ shrinkwrap build cca-3world.yaml -o debug/tfa.yaml -o debug/rmm.yaml Note the new "debug" directory convention for overlays of this type within the config store. Signed-off-by: Ryan Roberts --- config/debug/rmm.yaml | 15 +++++++++++++++ config/debug/tfa.yaml | 18 ++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 config/debug/rmm.yaml create mode 100644 config/debug/tfa.yaml diff --git a/config/debug/rmm.yaml b/config/debug/rmm.yaml new file mode 100644 index 0000000..c123b58 --- /dev/null +++ b/config/debug/rmm.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2024, Arm Limited. +# SPDX-License-Identifier: MIT + +%YAML 1.2 +--- +description: >- + Overlay for RMM to build debug configuration. + +build: + rmm: + params: + -DCMAKE_BUILD_TYPE: Debug + + artifacts: + RMM: ${param:builddir}/Debug/rmm.img diff --git a/config/debug/tfa.yaml b/config/debug/tfa.yaml new file mode 100644 index 0000000..9be378c --- /dev/null +++ b/config/debug/tfa.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2024, Arm Limited. +# SPDX-License-Identifier: MIT + +%YAML 1.2 +--- +description: >- + Overlay for TFA to build debug configuration. + +build: + tfa: + params: + DEBUG: 1 + + artifacts: + BL1: ${param:builddir}/fvp/debug/bl1.bin + BL2: ${param:builddir}/fvp/debug/bl2.bin + BL31: ${param:builddir}/fvp/debug/bl31.bin + FIP: ${param:builddir}/fvp/debug/fip.bin -- GitLab From 378f685dc1d802bce26bb72511be3526a6e18004 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Tue, 9 Jan 2024 11:49:36 +0000 Subject: [PATCH 12/12] config: Speed up TFA and TFTF builds In the past, build failures have been observed when using parallel make on systems with large numbers of cores for both tfa and tftf. As a result, make has been limited to 1 job for both components. But this is slow and the TFA team advise that it is known to be solid when running parallel make with 8 jobs. So there is likely a dependency bug that only manifests when there are a huge number of jobs. Work around this by allowing parallel make upto a maximum of 8 jobs. This significantly improves build times. Signed-off-by: Ryan Roberts --- config/tfa-base.yaml | 5 +++-- config/tftf-base.yaml | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/config/tfa-base.yaml b/config/tfa-base.yaml index 4a12a39..404b404 100644 --- a/config/tfa-base.yaml +++ b/config/tfa-base.yaml @@ -23,8 +23,9 @@ build: FVP_HW_CONFIG_DTS: fdts/fvp-base-gicv3-psci-1t.dts build: - # TODO: tfa has makefile dependency bug that prevents parallel make (-j > 1). - - make BUILD_BASE=${param:builddir} ${param:join_equal} all fip + # tfa has makefile dependency bug that makes parallel make for more than + # ~8 jobs unreliable, so limit it to 8. + - "make BUILD_BASE=${param:builddir} ${param:join_equal} -j$$(( ${param:jobs} < 8 ? ${param:jobs} : 8 )) all fip" clean: - make BUILD_BASE=${param:builddir} realclean diff --git a/config/tftf-base.yaml b/config/tftf-base.yaml index c508dda..d3e470d 100644 --- a/config/tftf-base.yaml +++ b/config/tftf-base.yaml @@ -20,8 +20,9 @@ build: PLAT: fvp build: - # TODO: tfa-tests has makefile dependency bug that prevents parallel make (-j > 1). - - make BUILD_BASE=${param:builddir} ${param:join_equal} all pack_realm + # tfa-tests has makefile dependency bug that makes parallel make for more + # than ~8 jobs unreliable, so limit it to 8. + - "make BUILD_BASE=${param:builddir} ${param:join_equal} -j$$(( ${param:jobs} < 8 ? ${param:jobs} : 8 )) all pack_realm" clean: - make BUILD_BASE=${param:builddir} realclean -- GitLab