From 8b0aada42dd388abba7da5c9689db390661f19b6 Mon Sep 17 00:00:00 2001 From: Arturo Buzarra Date: Thu, 28 Nov 2024 14:50:14 +0100 Subject: [PATCH] stm-st-stm32mp: tf-a: sync arm-trusted-firmware recipe with v2.10 This commit removes all outdated TF-A recipes and synchronizes the Digi custom .bbappend with the latest v2.10 from the ST BSP release, based on the openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06 tag for Yocto 5.0 (scarthgap). https://onedigi.atlassian.net/browse/DEL-9381 Signed-off-by: Arturo Buzarra --- meta-digi-arm/conf/machine/include/ccmp2.inc | 4 - .../tf-a-stm32mp2-common.inc | 36 -- .../tf-a-stm32mp2-config.inc | 19 - .../trusted-firmware-a/tf-a-stm32mp2.inc | 603 ------------------ ....6.bbappend => tf-a-stm32mp_2.10.bbappend} | 11 +- .../trusted-firmware-a/tf-a-stm32mp_2.8.bb | 42 -- .../tf-a-stm32mp_2.8.bbappend | 35 - .../trusted-firmware-a/tf-a-tools.inc | 48 -- .../0001-FIX-GCC-tools-overwrite.patch | 48 -- ...se-a-root-key-password-from-command-.patch | 126 ---- .../trusted-firmware-a/tf-a-tools_2.8.bb | 22 - 11 files changed, 9 insertions(+), 985 deletions(-) delete mode 100644 meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp2-common.inc delete mode 100644 meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp2-config.inc delete mode 100644 meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp2.inc rename meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/{tf-a-stm32mp_2.6.bbappend => tf-a-stm32mp_2.10.bbappend} (90%) delete mode 100644 meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.8.bb delete mode 100644 meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.8.bbappend delete mode 100644 meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-tools.inc delete mode 100644 meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-tools/0001-FIX-GCC-tools-overwrite.patch delete mode 100644 meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-tools/0001-tools-allow-to-use-a-root-key-password-from-command-.patch delete mode 100644 meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-tools_2.8.bb diff --git a/meta-digi-arm/conf/machine/include/ccmp2.inc b/meta-digi-arm/conf/machine/include/ccmp2.inc index 8762a1c28..47a899fed 100644 --- a/meta-digi-arm/conf/machine/include/ccmp2.inc +++ b/meta-digi-arm/conf/machine/include/ccmp2.inc @@ -17,7 +17,6 @@ FIP_UBOOT_DTB = "u-boot" # trusted-firmware-a # ========================================================================= PREFERRED_PROVIDER_virtual/trusted-firmware-a = "tf-a-stm32mp" -PREFERRED_VERSION_tf-a-stm32mp ?= "v2.8%" # Configure use of BL31 FIP_BL31_ENABLE = "1" @@ -31,9 +30,6 @@ PREFERRED_VERSION_optee-os-stm32mp ?= "3.19%" PREFERRED_VERSION_gcnano-driver-stm32mp ?= "6.4.15%" PREFERRED_VERSION_gcnano-userland-multi-binary-stm32mp ?= "6.4.15%" -PREFERRED_VERSION_nativesdk-tf-a-tools ?= "v2.8%" -PREFERRED_VERSION_tf-a-tools-native ?= "v2.8%" - # ========================================================================= # Kernel # ========================================================================= diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp2-common.inc b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp2-common.inc deleted file mode 100644 index a118981d3..000000000 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp2-common.inc +++ /dev/null @@ -1,36 +0,0 @@ -FILESEXTRAPATHS:prepend := "${THISDIR}/tf-a-stm32mp:" - -SECTION = "bootloaders" - -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://license.rst;md5=1dd070c98a281d18d9eefd938729b031" -CVE_PRODUCT = "arm:trusted_firmware-a" - -SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=http;branch=lts-v2.8" -SRCREV = "f94d6db9b101d3d4cd053e54edd5b876f1cc84ec" - -SRC_URI += " \ - file://tf-a-st-ddr.tar.gz;subdir=git;name=fw \ - file://0001-v2.8-stm32mp25-beta.patch \ - " - -SRC_URI[fw.sha256sum] = "c87d8a03a8feab1f8a51818a7942deade5d31abb7f4afaa6d6dfa922383e9805" - -TF_A_VERSION = "v2.8.12" -TF_A_SUBVERSION = "stm32mp" -TF_A_RELEASE = "beta-r1" -PV = "${TF_A_VERSION}-${TF_A_SUBVERSION}-${TF_A_RELEASE}" - -ARCHIVER_ST_BRANCH = "${TF_A_VERSION}-${TF_A_SUBVERSION}" -ARCHIVER_ST_REVISION = "${PV}" -ARCHIVER_COMMUNITY_BRANCH = "master" -ARCHIVER_COMMUNITY_REVISION = "${TF_A_VERSION}" - -S = "${WORKDIR}/git" - -# --------------------------------- -# Configure default preference to manage dynamic selection between tarball and github -# --------------------------------- -STM32MP_SOURCE_SELECTION ?= "tarball" - -DEFAULT_PREFERENCE = "${@bb.utils.contains('STM32MP_SOURCE_SELECTION', 'github', '-1', '1', d)}" diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp2-config.inc b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp2-config.inc deleted file mode 100644 index 64a42bfbc..000000000 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp2-config.inc +++ /dev/null @@ -1,19 +0,0 @@ -# Define config for each TF_A_CONFIG -# TF_A_CONFIG[config] ?= ",,,," - -TF_A_OPTEE_param:stm32mp1common = "AARCH32_SP=optee" -TF_A_OPTEE_param:stm32mp2common = "SPD=opteed" - -TF_A_CONFIG[optee] ?= "${STM32MP_DEVICETREE},${TF_A_OPTEE_param},,${@bb.utils.contains('FIP_BL31_ENABLE', '1', 'bl31 dtbs', 'dtbs', d)},${@bb.utils.contains('FIP_BL31_ENABLE', '1', 'bl31 fwconfig', 'fwconfig', d)}" - -TF_A_CONFIG[emmc] ?= "${DEVICE_BOARD_ENABLE:EMMC},STM32MP_EMMC=1 ${@bb.utils.contains('MACHINE_FEATURES', 'fw-update', 'PSA_FWU_SUPPORT=1', '', d)}" -TF_A_CONFIG[nand] ?= "${DEVICE_BOARD_ENABLE:NAND},STM32MP_RAW_NAND=1 ${@bb.utils.contains('MACHINE_FEATURES', 'fw-update', 'PSA_FWU_SUPPORT=1', '', d)} ${@'STM32MP_FORCE_MTD_START_OFFSET=${TF_A_MTD_START_OFFSET_NAND}' if ${TF_A_MTD_START_OFFSET_NAND} else ''}" -TF_A_CONFIG[nor] ?= "${DEVICE_BOARD_ENABLE:NOR},STM32MP_SPI_NOR=1 ${@bb.utils.contains('MACHINE_FEATURES', 'fw-update', 'PSA_FWU_SUPPORT=1', '', d)} ${@'STM32MP_FORCE_MTD_START_OFFSET=${TF_A_MTD_START_OFFSET_NOR}' if ${TF_A_MTD_START_OFFSET_NOR} else ''}" -TF_A_CONFIG[sdcard] ?= "${DEVICE_BOARD_ENABLE:SDCARD},STM32MP_SDMMC=1 ${@bb.utils.contains('MACHINE_FEATURES', 'fw-update', 'PSA_FWU_SUPPORT=1', '', d)}" -TF_A_CONFIG[spinand] ?= "${DEVICE_BOARD_ENABLE:SPINAND},STM32MP_SPI_NAND=1 ${@bb.utils.contains('MACHINE_FEATURES', 'fw-update', 'PSA_FWU_SUPPORT=1', '', d)} ${@'STM32MP_FORCE_MTD_START_OFFSET=${TF_A_MTD_START_OFFSET_SPINAND}' if ${TF_A_MTD_START_OFFSET_SPINAND} else ''}" -TF_A_CONFIG[uart] ?= "${STM32MP_DEVICETREE},STM32MP_UART_PROGRAMMER=1" -TF_A_CONFIG[usb] ?= "${STM32MP_DEVICETREE},STM32MP_USB_PROGRAMMER=1" - -# Define configuration for SSP -TF_A_CONFIG[uart-ssp] ?= "${STM32MP_DEVICETREE},STM32MP_UART_PROGRAMMER=1 STM32MP_SSP=1,tf-a-ssp" -TF_A_CONFIG[usb-ssp] ?= "${STM32MP_DEVICETREE},STM32MP_USB_PROGRAMMER=1 STM32MP_SSP=1,tf-a-ssp" diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp2.inc b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp2.inc deleted file mode 100644 index 9ad148a23..000000000 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp2.inc +++ /dev/null @@ -1,603 +0,0 @@ -FILESEXTRAPATHS:prepend := "${THISDIR}/tf-a-stm32mp:" - -PROVIDES += "virtual/trusted-firmware-a" - -PACKAGE_ARCH = "${MACHINE_ARCH}" - -inherit deploy -#inherit sign-stm32mp -inherit fip-utils-stm32mp2 -#inherit external-dt - - -STAGING_EXTDT_DIR = "${TMPDIR}/work-shared/${MACHINE}/external-dt" - -# Include TF-A config definitions -require tf-a-stm32mp2-config.inc - -# ------------------------------------ -# Set MBEDTLS support -TFA_MBEDTLS_DIR ?= "mbedtls" -# MBEDTLS v2.28.5 -SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;protocol=https;destsuffix=git/${TFA_MBEDTLS_DIR};branch=mbedtls-2.28;name=mbedtls" -SRCREV_mbedtls = "47e8cc9db2e469d902b0e3093ae9e482c3d87188" -LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" -LICENSE_MBEDTLS = "Apache-2.0" -# Add MBEDTLS to our sources -SRC_URI:append = " ${@bb.utils.contains('SIGN_ENABLE', '1', '${SRC_URI_MBEDTLS}', '', d)}" -# Update license variables -LICENSE:append = "${@bb.utils.contains('SIGN_ENABLE', '1', ' & ${LICENSE_MBEDTLS}', '', d)}" -LIC_FILES_CHKSUM:append = "${@bb.utils.contains('SIGN_ENABLE', '1', ' ${LIC_FILES_CHKSUM_MBEDTLS}', '', d)}" -# Add mbed TLS to version -SRCREV_FORMAT:append = "${@bb.utils.contains('SIGN_ENABLE', '1', '_mbedtls', '', d)}" -# ------------------------------------ - -B = "${WORKDIR}/build" -# Configure build dir for externalsrc class usage through devtool -EXTERNALSRC_BUILD:pn-${PN} = "${WORKDIR}/build" - -DEPENDS += "dtc-native openssl-native" -DEPENDS:append = " ${@bb.utils.contains('TF_A_ENABLE_DEBUG_WRAPPER', '1', 'stm32wrapper4dbg-native', '', d)}" - -# Default log level -ST_TF_A_DEBUG ??= "1" -ST_TF_A_DEBUG_TRACE ??= "0" -ST_TF_A_LOG_LEVEL_RELEASE ??= "20" -ST_TF_A_LOG_LEVEL_DEBUG ??= "40" - -# Configure make settings -EXTRA_OEMAKE += 'PLAT=${TFA_PLATFORM}' -EXTRA_OEMAKE += 'ARCH=${TFA_ARM_ARCH}' -EXTRA_OEMAKE += 'ARM_ARCH_MAJOR=${TFA_ARM_MAJOR}' -EXTRA_OEMAKE += 'CROSS_COMPILE=${TARGET_PREFIX}' -# Debug support -EXTRA_OEMAKE += "${@bb.utils.contains('ST_TF_A_DEBUG_TRACE', '1', 'DEBUG=${ST_TF_A_DEBUG}', '', d)}" -EXTRA_OEMAKE += "${@bb.utils.contains('ST_TF_A_DEBUG_TRACE', '1', 'LOG_LEVEL=${ST_TF_A_LOG_LEVEL_DEBUG}', 'LOG_LEVEL=${ST_TF_A_LOG_LEVEL_RELEASE}', d)}" -EXTRA_OEMAKE += "${@bb.utils.contains('EXTERNAL_DT_ENABLED', '1', 'TFA_EXTERNAL_DT=${STAGING_EXTDT_DIR}/tf-a', '', d)}" -# OPTEE in sysram -EXTRA_OEMAKE:append:stm32mp1common = " ${@bb.utils.contains('ST_OPTEE_IN_SYSRAM', '1', 'STM32MP1_OPTEE_IN_SYSRAM=1', '', d)}" - -# Define default TF-A namings -TF_A_BASENAME ?= "tf-a" -TF_A_SUFFIX ?= "stm32" - -# Output the ELF generated -ELF_DEBUG_ENABLE ?= "" -TF_A_ELF_SUFFIX = "elf" - -BL1_NAME ?= "bl1/bl1" -BL1_ELF = "${BL1_NAME}.${TF_A_ELF_SUFFIX}" -BL1_BASENAME = "${@os.path.basename(d.getVar("BL1_NAME"))}" -BL1_BASENAME_DEPLOY ?= "${@os.path.basename(d.getVar("BL1_NAME"))}" - -BL2_NAME ?= "bl2/bl2" -BL2_ELF = "${BL2_NAME}.${TF_A_ELF_SUFFIX}" -BL2_BASENAME = "${@os.path.basename(d.getVar("BL2_NAME"))}" -BL2_BASENAME_DEPLOY ?= "${@os.path.basename(d.getVar("BL2_NAME"))}" - -BL31_NAME ?= "bl31/bl31" -BL31_ELF = "${BL31_NAME}.${TF_A_ELF_SUFFIX}" -BL31_BASENAME = "${@os.path.basename(d.getVar("BL31_NAME"))}" -BL31_BASENAME_DEPLOY ?= "${@os.path.basename(d.getVar("BL31_NAME"))}" -BL31_SUFFIX ?= "bin" - -BL32_NAME ?= "bl32/bl32" -BL32_ELF = "${BL32_NAME}.${TF_A_ELF_SUFFIX}" -BL32_BASENAME = "${@os.path.basename(d.getVar("BL32_NAME"))}" -BL32_BASENAME_DEPLOY ?= "${@os.path.basename(d.getVar("BL32_NAME"))}" -BL32_SUFFIX ?= "bin" - -DT_SUFFIX ?= "dtb" -FWCONFIG_NAME ?= "fw-config" - -# Output the firwmare ddr -TF_A_FWDDR ?= "0" -TF_A_FWDDR:stm32mp25common = "1" - -FWDDR_NAME ?= "ddr_pmu" -FWDDR_SUFFIX ?= "bin" - -# Set default TF-A config -TF_A_CONFIG ?= "" - -# Enable the wrapper for debug -TF_A_ENABLE_DEBUG_WRAPPER ??= "1" - -# Set default configuration to allow signing -TF_A_SIGN_SUFFIX ??= "${@bb.utils.contains('SIGN_ENABLE', '1', '${SIGN_SUFFIX}', '', d)}" -TF_A_SIGN_OF ?= "0x00000001" -TF_A_SIGN_OF:stm32mp1common ?= "0x00000001" -TF_A_SIGN_OF:stm32mp25common ?= "0x00000001" -TF_A_SIGN_OF:stm32mp25revabcommon ?= "0x00000001" - -TF_A_ENCRYPT_SUFFIX ??= "${@bb.utils.contains('ENCRYPT_ENABLE', '1', '${ENCRYPT_SUFFIX}', '', d)}" -TF_A_ENCRYPT_DC ?= "0x0E5F2025" -TF_A_ENCRYPT_DC:stm32mp1common ?= "0x0E5F2025" -TF_A_ENCRYPT_DC:stm32mp25common ?= "0x25205f0e" -TF_A_ENCRYPT_DC:stm32mp25revabcommon ?= "0x25205f0e" - -TF_A_ENCRYPT_IMGVER ?= "0" -TF_A_ENCRYPT_OF ?= "0x80000003" -TF_A_ENCRYPT_OF:stm32mp1common ?= "0x80000003" -TF_A_ENCRYPT_OF:stm32mp2common ?= "0x10000003" - - -# Set metadata generation -TF_A_ENABLE_METADATA ??= "${@bb.utils.contains('MACHINE_FEATURES', 'fw-update', '1', '0', d)}" -TF_A_METADATA_NAME ?= "metadata" -TF_A_METADATA_SUFFIX ?= "bin" -TF_A_METADATA_BINARY ??= "${TF_A_METADATA_NAME}.${TF_A_METADATA_SUFFIX}" - -TF_A_METADATA_TOOL ?= "tools/fwu_gen_metadata/fwumd_tool.py" -TF_A_METADATA_JSON ?= "plat/st/common/default_metadata.json" - -# Configure specific build flags -EXTRA_OEMAKE += "${@bb.utils.contains('SIGN_ENABLE', '1', 'TRUSTED_BOARD_BOOT=1', '', d)}" -EXTRA_OEMAKE += "${@bb.utils.contains('SIGN_ENABLE', '1', 'MBEDTLS_DIR=${TFA_MBEDTLS_DIR}', '', d)}" -EXTRA_OEMAKE:append:stm32mp2common = " ${@bb.utils.contains('SIGN_ENABLE', '1', 'BRANCH_PROTECTION=0', '', d)} " - -EXTRA_OEMAKE += "${@bb.utils.contains('ENCRYPT_ENABLE', '1', 'DECRYPTION_SUPPORT=aes_gcm ENCRYPT_BL32=1', '', d)}" -EXTRA_OEMAKE += "${@bb.utils.contains('ENCRYPT_ENABLE', '1', bb.utils.contains('FIP_BL31_ENABLE', '1', 'ENCRYPT_BL31=1', '', d), '', d)} " - -# Addons parameters for SIGN_TOOL -SIGN_TOOL_EXTRA ?= "" -SIGN_TOOL_EXTRA:stm32mp25common = "--header-version 2" -SIGN_TOOL_EXTRA:stm32mp25revabcommon = "--header-version 2" - -# Specific for revA board -EXTRA_OEMAKE:append:stm32mp25revabcommon = " CONFIG_STM32MP25X_REVA=1 " - -# ----------------------------------------------- -# Handle TF-A config and set internal vars -# TF_A_DEVICETREE -# TF_A_EXTRA_OPTFLAGS -python () { - import re - - tfaconfigflags = d.getVarFlags('TF_A_CONFIG') - # The "doc" varflag is special, we don't want to see it here - tfaconfigflags.pop('doc', None) - tfaconfig = (d.getVar('TF_A_CONFIG') or "").split() - tfabasename = d.getVar('TF_A_BASENAME') - - if not tfaconfig: - raise bb.parse.SkipRecipe("TF_A_CONFIG must be set in the %s machine configuration." % d.getVar("MACHINE")) - if (d.getVar('TF_A_DEVICETREE') or "").split(): - raise bb.parse.SkipRecipe("You cannot use TF_A_DEVICETREE as it is internal to TF_A_CONFIG var expansion.") - if (d.getVar('TF_A_EXTRA_OPTFLAGS') or "").split(): - raise bb.parse.SkipRecipe("You cannot use TF_A_EXTRA_OPTFLAGS as it is internal to TF_A_CONFIG var expansion.") - if (d.getVar('TF_A_BINARIES') or "").split(): - raise bb.parse.SkipRecipe("You cannot use TF_A_BINARIES as it is internal to TF_A_CONFIG var expansion.") - if (d.getVar('TF_A_MAKE_TARGET') or "").split(): - raise bb.parse.SkipRecipe("You cannot use TF_A_MAKE_TARGET as it is internal to TF_A_CONFIG var expansion.") - if (d.getVar('TF_A_FILES') or "").split(): - raise bb.parse.SkipRecipe("You cannot use TF_A_FILES as it is internal to TF_A_CONFIG var expansion.") - - if len(tfaconfig) > 0: - for config in tfaconfig: - for f, v in tfaconfigflags.items(): - if config == f: - # Make sure to get var flag properly expanded - v = d.getVarFlag('TF_A_CONFIG', config) - if not v.strip(): - bb.fatal('[TF_A_CONFIG] Missing configuration for %s config' % config) - items = v.split(',') - if items[0] and len(items) > 5: - raise bb.parse.SkipRecipe('Only ,,,, can be specified!') - # Set internal vars - bb.debug(1, "Appending '%s' to TF_A_DEVICETREE" % items[0]) - d.appendVar('TF_A_DEVICETREE', items[0] + ',') - if len(items) > 1 and items[1]: - bb.debug(1, "Appending '%s' to TF_A_EXTRA_OPTFLAGS." % items[1]) - d.appendVar('TF_A_EXTRA_OPTFLAGS', items[1] + ',') - else: - d.appendVar('TF_A_EXTRA_OPTFLAGS', '' + ',') - if len(items) > 2 and items[2]: - bb.debug(1, "Appending '%s' to TF_A_BINARIES." % items[2]) - d.appendVar('TF_A_BINARIES', items[2] + ',') - else: - bb.debug(1, "Appending '%s' to TF_A_BINARIES." % tfabasename) - d.appendVar('TF_A_BINARIES', tfabasename + ',') - if len(items) > 3 and items[3]: - bb.debug(1, "Appending '%s' to TF_A_MAKE_TARGET." % items[3]) - d.appendVar('TF_A_MAKE_TARGET', items[3] + ',') - else: - d.appendVar('TF_A_MAKE_TARGET', 'all' + ',') - if len(items) > 4 and items[4]: - bb.debug(1, "Appending '%s' to TF_A_FILES." % items[4]) - d.appendVar('TF_A_FILES', items[4] + ',') - else: - d.appendVar('TF_A_FILES', 'bl2' + ',') - break - - # Manage case of signature: - if d.getVar('SIGN_ENABLE') == "1": - # If signature are activated, for winning space, the debug parameter will be remove and level of trace decrease - if d.getVar('ST_TF_A_DEBUG_TRACE') == '1': - bb.warn("TF-A SIGNATURE: force ST_TF_A_DEBUG_TRACE to '0' to disable DEBUG and decrease log level") - d.setVar('ST_TF_A_DEBUG_TRACE', "0") -} - -# ----------------------------------------------- -# Enable use of work-shared folder -TFA_SHARED_SOURCES ??= "1" -STAGING_TFA_DIR = "${TMPDIR}/work-shared/${MACHINE}/tfa-source" -# Make sure to move ${S} to STAGING_TFA_DIR. We can't just -# create the symlink in advance as the git fetcher can't cope with -# the symlink. -do_unpack[cleandirs] += "${S}" -do_unpack[cleandirs] += "${@bb.utils.contains('TFA_SHARED_SOURCES', '1', '${STAGING_TFA_DIR}', '', d)}" -do_clean[cleandirs] += "${S}" -do_clean[cleandirs] += "${@bb.utils.contains('TFA_SHARED_SOURCES', '1', '${STAGING_TFA_DIR}', '', d)}" -base_do_unpack:append () { - # Specific part to update devtool-source class - if bb.data.inherits_class('devtool-source', d): - # We don't want to move the source to STAGING_TFA_DIR here - if d.getVar('STAGING_TFA_DIR', d): - d.setVar('STAGING_TFA_DIR', '${S}') - - shared = d.getVar("TFA_SHARED_SOURCES") - if shared and oe.types.boolean(shared): - # Copy/Paste from kernel class with adaptation to TFA var - s = d.getVar("S") - if s[-1] == '/': - # drop trailing slash, so that os.symlink(tfasrc, s) doesn't use s as directory name and fail - s=s[:-1] - tfasrc = d.getVar("STAGING_TFA_DIR") - if s != tfasrc: - bb.utils.mkdirhier(tfasrc) - bb.utils.remove(tfasrc, recurse=True) - if d.getVar("EXTERNALSRC"): - # With EXTERNALSRC S will not be wiped so we can symlink to it - os.symlink(s, tfasrc) - else: - import shutil - shutil.move(s, tfasrc) - os.symlink(tfasrc, s) -} - -do_compile() { - unset LDFLAGS - unset CFLAGS - unset CPPFLAGS - - unset i - for config in ${TF_A_CONFIG}; do - i=$(expr $i + 1) - # Initialize devicetree list, extra make options and tf-a basename - dt_config=$(echo ${TF_A_DEVICETREE} | cut -d',' -f${i}) - extra_opt=$(echo ${TF_A_EXTRA_OPTFLAGS} | cut -d',' -f${i}) - tfa_basename=$(echo ${TF_A_BINARIES} | cut -d',' -f${i}) - tf_a_make_target=$(echo ${TF_A_MAKE_TARGET} | cut -d',' -f${i}) - for dt in ${dt_config}; do - # Init specific soc settings - soc_extra_opt="" - soc_suffix="" - if [ -n "${STM32MP_SOC_NAME}" ]; then - for soc in ${STM32MP_SOC_NAME}; do - if [ "$(echo ${dt} | grep -c ${soc})" -eq 1 ]; then - soc_extra_opt="$(echo ${soc} | awk '{print toupper($0)}')=1" - soc_suffix="-${soc}" - fi - done - fi - mkdir -p ${B}/${config}${soc_suffix} - if [ "${TF_A_ENABLE_METADATA}" = "1" ]; then - ${S}/${TF_A_METADATA_TOOL} jsonparse "${S}/${TF_A_METADATA_JSON}" -b "${B}/${config}${soc_suffix}/${TF_A_METADATA_NAME}.${TF_A_METADATA_SUFFIX}" - fi - - # Init specific ddr settings - ddr_extra_opt="" - if [ "${TF_A_FWDDR}" = "1" ]; then - # Detect ddr type if it's present - oe_runmake -C "${S}" BUILD_PLAT="${B}/${config}${soc_suffix}-${dt}" DTB_FILE_NAME="${dt}.dtb" ${extra_opt} ${soc_extra_opt} dtbs - if [ -f "${B}/${config}${soc_suffix}-${dt}/fdts/${dt}-bl2.dtb" ]; then - ddr_dtb_node=$(${STAGING_BINDIR_NATIVE}/fdtget -l ${B}/${config}${soc_suffix}-${dt}/fdts/${dt}-bl2.dtb /soc | grep ddr | head -n 1) - ddr_propertie=$(${STAGING_BINDIR_NATIVE}/fdtget ${B}/${config}${soc_suffix}-${dt}/fdts/${dt}-bl2.dtb /soc/${ddr_dtb_node} st,mem-name || echo "none") - ddr_target="" - # potentials value of ddr_propertie: - # DDR3 16bits - # DDR4 32bits - # DDR4 8Gbits - # LPDDR4 32bits - case ${ddr_propertie} in - DDR3*) - ddr_extra_opt=" STM32MP_DDR3_TYPE=1 " - ddr_target="ddr3" - ;; - DDR4*) - ddr_extra_opt=" STM32MP_DDR4_TYPE=1 " - ddr_target="ddr4" - ;; - LPDDR4*) - ddr_extra_opt=" STM32MP_LPDDR4_TYPE=1 " - ddr_target="lpddr4" - ;; - *) - bbwarn "Missing st,mem-name information for ${dt}" - ;; - esac - bbnote "${dt}: ${tf_a_make_target} -> ${ddr_extra_opt}" - # Copy TF-A ddr binary with explicit devicetree filename - if [ -n "${ddr_target}" ]; then - if [ -s "${S}/drivers/st/ddr/phy/firmware/bin/${ddr_target}_pmu_train.bin" ]; then - cp "${S}/drivers/st/ddr/phy/firmware/bin/${ddr_target}_pmu_train.bin" "${B}/${config}${soc_suffix}-${dt}/${FWDDR_NAME}-${dt}.${FWDDR_SUFFIX}" - else - bbwarn "Missing ddr firmware file ${ddr_target}_pmu_train.bin for ${dt}" - fi - fi - fi - fi - - encrypt_extra_opt="" - if [ "${ENCRYPT_ENABLE}" = "1" ]; then - encrypt_key="${ENCRYPT_FIP_KEY_PATH_LIST}" - if [ -n "${STM32MP_ENCRYPT_SOC_NAME}" ]; then - unset k - for soc in ${STM32MP_ENCRYPT_SOC_NAME}; do - k=$(expr $k + 1) - [ "$(echo ${dt} | grep -c ${soc})" -eq 1 ] && encrypt_key=$(echo ${ENCRYPT_FIP_KEY_PATH_LIST} | cut -d',' -f${k}) - done - fi - encrypt_extra_opt="ENC_KEY=$(hexdump -e '/1 "%02x"' ${encrypt_key})" - fi - - oe_runmake -C "${S}" BUILD_PLAT="${B}/${config}${soc_suffix}-${dt}" DTB_FILE_NAME="${dt}.dtb" ${extra_opt} ${soc_extra_opt} ${ddr_extra_opt} ${encrypt_extra_opt} ${tf_a_make_target} - - # Copy TF-A binary with explicit devicetree filename - if [ -f "${B}/${config}${soc_suffix}-${dt}/${tfa_basename}-${dt}.${TF_A_SUFFIX}" ]; then - cp "${B}/${config}${soc_suffix}-${dt}/${tfa_basename}-${dt}.${TF_A_SUFFIX}" "${B}/${config}${soc_suffix}-${dt}/${tfa_basename}-${dt}-${config}.${TF_A_SUFFIX}" - if [ "${TF_A_ENABLE_DEBUG_WRAPPER}" = "1" ]; then - stm32wrapper4dbg -s "${B}/${config}${soc_suffix}-${dt}/${tfa_basename}-${dt}.${TF_A_SUFFIX}" -d "${B}/${config}${soc_suffix}-${dt}/debug-${tfa_basename}-${dt}-${config}.${TF_A_SUFFIX}" - fi - - if [ "${SIGN_ENABLE}" = "1" ]; then - # Init sign key for signing tools - sign_key="${SIGN_KEY_PATH_LIST}" - if [ -n "${STM32MP_SOC_NAME}" ]; then - unset k - for soc in ${STM32MP_SOC_NAME}; do - k=$(expr $k + 1) - [ "$(echo ${dt} | grep -c ${soc})" -eq 1 ] && sign_key=$(echo ${SIGN_KEY_PATH_LIST} | cut -d',' -f${k}) - done - fi - # Init default '-of' option for signing case - tf_a_sign_of_opt="" - dd if="${B}/${config}${soc_suffix}-${dt}/${tfa_basename}-${dt}-${config}.${TF_A_SUFFIX}" of=header.dump bs=1 count=4 skip=72 > /dev/null 2> /dev/null - temp_version=$(od -A o -t dI header.dump | head -n 1 | cut -d' ' -f2- | sed "s/ //g") - rm -f header.dump - [ "$(expr $temp_version / 65536)" = "2" ] && tf_a_sign_of_opt="-of ${TF_A_SIGN_OF}" - # Sign tf-a binary - echo "${SIGN_TOOL} \ - -bin "${B}/${config}${soc_suffix}-${dt}/${tfa_basename}-${dt}-${config}.${TF_A_SUFFIX}" \ - -o "${B}/${config}${soc_suffix}-${dt}/${tfa_basename}-${dt}-${config}${TF_A_SIGN_SUFFIX}.${TF_A_SUFFIX}" \ - --password ${SIGN_KEY_PASS} \ - --public-key $(ls -1 $(dirname ${sign_key})/publicKey*.pem | tr '\n' '\t') \ - --private-key ${sign_key} \ - --type fsbl \ - --silent \ - ${SIGN_TOOL_EXTRA} \ - ${tf_a_sign_of_opt}" - ${SIGN_TOOL} \ - -bin "${B}/${config}${soc_suffix}-${dt}/${tfa_basename}-${dt}-${config}.${TF_A_SUFFIX}" \ - -o "${B}/${config}${soc_suffix}-${dt}/${tfa_basename}-${dt}-${config}${TF_A_SIGN_SUFFIX}.${TF_A_SUFFIX}" \ - --password ${SIGN_KEY_PASS} \ - --public-key $(ls -1 $(dirname ${sign_key})/publicKey*.pem | tr '\n' '\t') \ - --private-key ${sign_key} \ - --type fsbl \ - --silent \ - ${SIGN_TOOL_EXTRA} \ - ${tf_a_sign_of_opt} - if [ "${TF_A_ENABLE_DEBUG_WRAPPER}" = "1" ]; then - echo "${SIGN_TOOL} \ - -bin "${B}/${config}${soc_suffix}-${dt}/debug-${tfa_basename}-${dt}-${config}.${TF_A_SUFFIX}" \ - -o "${B}/${config}${soc_suffix}-${dt}/debug-${tfa_basename}-${dt}-${config}${TF_A_SIGN_SUFFIX}.${TF_A_SUFFIX}" \ - --password ${SIGN_KEY_PASS} \ - --public-key $(ls -1 $(dirname ${sign_key})/publicKey*.pem | tr '\n' '\t') \ - --private-key "${sign_key}" \ - --type fsbl \ - --silent \ - ${SIGN_TOOL_EXTRA} \ - ${tf_a_sign_of_opt}" - ${SIGN_TOOL} \ - -bin "${B}/${config}${soc_suffix}-${dt}/debug-${tfa_basename}-${dt}-${config}.${TF_A_SUFFIX}" \ - -o "${B}/${config}${soc_suffix}-${dt}/debug-${tfa_basename}-${dt}-${config}${TF_A_SIGN_SUFFIX}.${TF_A_SUFFIX}" \ - --password ${SIGN_KEY_PASS} \ - --public-key $(ls -1 $(dirname ${sign_key})/publicKey*.pem | tr '\n' '\t') \ - --private-key "${sign_key}" \ - --type fsbl \ - --silent \ - ${SIGN_TOOL_EXTRA} \ - ${tf_a_sign_of_opt} - fi - fi - - if [ "${ENCRYPT_ENABLE}" = "1" ]; then - # Init encrypt key for signing tools - encrypt_key="${ENCRYPT_FSBL_KEY_PATH_LIST}" - if [ -n "${STM32MP_ENCRYPT_SOC_NAME}" ]; then - unset k - for soc in ${STM32MP_ENCRYPT_SOC_NAME}; do - k=$(expr $k + 1) - [ "$(echo ${dt} | grep -c ${soc})" -eq 1 ] && encrypt_key=$(echo ${ENCRYPT_FSBL_KEY_PATH_LIST} | cut -d',' -f${k}) - done - fi - # Init default '-of' option for signing case - tf_a_sign_of_opt="" - dd if="${B}/${config}${soc_suffix}-${dt}/${tfa_basename}-${dt}-${config}.${TF_A_SUFFIX}" of=header.dump bs=1 count=4 skip=72 > /dev/null 2> /dev/null - temp_version=$(od -A o -t dI header.dump | head -n 1 | cut -d' ' -f2- | sed "s/ //g") - rm -f header.dump - [ "$(expr $temp_version / 65536)" = "2" ] && tf_a_sign_of_opt="-hv 2" - # Encrypt tf-a binary - echo '${SIGN_TOOL} \ - -bin "${B}/${config}${soc_suffix}-${dt}/${tfa_basename}-${dt}-${config}${TF_A_SIGN_SUFFIX}.${TF_A_SUFFIX}" \ - -o "${B}/${config}${soc_suffix}-${dt}/${tfa_basename}-${dt}-${config}${TF_A_ENCRYPT_SUFFIX}${TF_A_SIGN_SUFFIX}.${TF_A_SUFFIX}" \ - --password ${SIGN_KEY_PASS} \ - --public-key $(ls -1 $(dirname ${sign_key})/publicKey*.pem | tr '\n' '\t') \ - --private-key ${sign_key} \ - --type fsbl \ - --silent \ - --enc-key ${encrypt_key} \ - --enc-dc "${TF_A_ENCRYPT_DC}" \ - --image-version "${TF_A_ENCRYPT_IMGVER}" \ - -of "${TF_A_ENCRYPT_OF}" \ - ${tf_a_sign_of_opt} ' - ${SIGN_TOOL} \ - -bin "${B}/${config}${soc_suffix}-${dt}/${tfa_basename}-${dt}-${config}${TF_A_SIGN_SUFFIX}.${TF_A_SUFFIX}" \ - -o "${B}/${config}${soc_suffix}-${dt}/${tfa_basename}-${dt}-${config}${TF_A_ENCRYPT_SUFFIX}${TF_A_SIGN_SUFFIX}.${TF_A_SUFFIX}" \ - --password ${SIGN_KEY_PASS} \ - --public-key $(ls -1 $(dirname ${sign_key})/publicKey*.pem | tr '\n' '\t') \ - --private-key ${sign_key} \ - --type fsbl \ - --silent \ - --enc-key ${encrypt_key} \ - --enc-dc "${TF_A_ENCRYPT_DC}" \ - --image-version "${TF_A_ENCRYPT_IMGVER}" \ - -of "${TF_A_ENCRYPT_OF}" \ - ${tf_a_sign_of_opt} - if [ "${TF_A_ENABLE_DEBUG_WRAPPER}" = "1" ]; then - echo '${SIGN_TOOL} \ - -bin "${B}/${config}${soc_suffix}-${dt}/debug-${tfa_basename}-${dt}-${config}${TF_A_SIGN_SUFFIX}.${TF_A_SUFFIX}" \ - -o "${B}/${config}${soc_suffix}-${dt}/debug-${tfa_basename}-${dt}-${config}${TF_A_ENCRYPT_SUFFIX}${TF_A_SIGN_SUFFIX}.${TF_A_SUFFIX}" \ - --password ${SIGN_KEY_PASS} \ - --public-key $(ls -1 $(dirname ${sign_key})/publicKey*.pem | tr '\n' '\t') \ - --private-key ${sign_key} \ - --type fsbl \ - --silent \ - --enc-key ${encrypt_key} \ - --enc-dc "${TF_A_ENCRYPT_DC}" \ - --image-version "${TF_A_ENCRYPT_IMGVER}" \ - -of "${TF_A_ENCRYPT_OF}" \ - ${tf_a_sign_of_opt}' - ${SIGN_TOOL} \ - -bin "${B}/${config}${soc_suffix}-${dt}/debug-${tfa_basename}-${dt}-${config}${TF_A_SIGN_SUFFIX}.${TF_A_SUFFIX}" \ - -o "${B}/${config}${soc_suffix}-${dt}/debug-${tfa_basename}-${dt}-${config}${TF_A_ENCRYPT_SUFFIX}${TF_A_SIGN_SUFFIX}.${TF_A_SUFFIX}" \ - --password ${SIGN_KEY_PASS} \ - --public-key $(ls -1 $(dirname ${sign_key})/publicKey*.pem | tr '\n' '\t') \ - --private-key ${sign_key} \ - --type fsbl \ - --silent \ - --enc-key ${encrypt_key} \ - --enc-dc "${TF_A_ENCRYPT_DC}" \ - --image-version "${TF_A_ENCRYPT_IMGVER}" \ - -of "${TF_A_ENCRYPT_OF}"\ - ${tf_a_sign_of_opt} - fi - fi - fi - done - done - - if [ "${TF_A_ENABLE_METADATA}" = "1" ]; then - ${S}/${TF_A_METADATA_TOOL} jsonparse "${S}/${TF_A_METADATA_JSON}" -b "${B}/${TF_A_METADATA_NAME}.${TF_A_METADATA_SUFFIX}" - fi -} - -do_deploy() { - install -d ${DEPLOYDIR} - install -d ${DEPLOYDIR}/arm-trusted-firmware - - unset i - for config in ${TF_A_CONFIG}; do - i=$(expr $i + 1) - # Initialize devicetree list and tf-a basename - dt_config=$(echo ${TF_A_DEVICETREE} | cut -d',' -f${i}) - tfa_basename=$(echo ${TF_A_BINARIES} | cut -d',' -f${i}) - tfa_file_type=$(echo ${TF_A_FILES} | cut -d',' -f${i}) - for dt in ${dt_config}; do - # Init soc suffix - soc_suffix="" - if [ -n "${STM32MP_SOC_NAME}" ]; then - for soc in ${STM32MP_SOC_NAME}; do - [ "$(echo ${dt} | grep -c ${soc})" -eq 1 ] && soc_suffix="-${soc}" - done - fi - for file_type in ${tfa_file_type}; do - case "${file_type}" in - bl2) - # Install TF-A binary - if [ -f "${B}/${config}${soc_suffix}-${dt}/${tfa_basename}-${dt}-${config}.${TF_A_SUFFIX}" ]; then - install -m 644 "${B}/${config}${soc_suffix}-${dt}/${tfa_basename}-${dt}-${config}${TF_A_ENCRYPT_SUFFIX}${TF_A_SIGN_SUFFIX}.${TF_A_SUFFIX}" "${DEPLOYDIR}/arm-trusted-firmware/" - if [ "${TF_A_ENABLE_DEBUG_WRAPPER}" = "1" ]; then - install -d "${DEPLOYDIR}/arm-trusted-firmware/debug" - install -m 644 "${B}/${config}${soc_suffix}-${dt}/debug-${tfa_basename}-${dt}-${config}${TF_A_ENCRYPT_SUFFIX}${TF_A_SIGN_SUFFIX}.${TF_A_SUFFIX}" "${DEPLOYDIR}/arm-trusted-firmware/debug/" - fi - fi - if [ -n "${ELF_DEBUG_ENABLE}" ]; then - install -d "${DEPLOYDIR}/arm-trusted-firmware/debug" - if [ -f "${B}/${config}${soc_suffix}-${dt}/${BL2_ELF}" ]; then - install -m 644 "${B}/${config}${soc_suffix}-${dt}/${BL2_ELF}" "${DEPLOYDIR}/arm-trusted-firmware/debug/${tfa_basename}-${BL2_BASENAME_DEPLOY}${soc_suffix}-${config}.${TF_A_ELF_SUFFIX}" - fi - fi - if [ "${TF_A_FWDDR}" = "1" ]; then - install -d "${DEPLOYDIR}/arm-trusted-firmware/ddr" - # Install DDR firmware binary - if [ -f "${B}/${config}${soc_suffix}-${dt}/${FWDDR_NAME}-${dt}.${FWDDR_SUFFIX}" ]; then - if [ ! -s "${DEPLOYDIR}/arm-trusted-firmware/ddr/${FWDDR_NAME}-${dt}.${FWDDR_SUFFIX}" ]; then - install -m 644 "${B}/${config}${soc_suffix}-${dt}/${FWDDR_NAME}-${dt}.${FWDDR_SUFFIX}" "${DEPLOYDIR}/arm-trusted-firmware/ddr/" - fi - fi - fi - ;; - bl31) - # Install BL31 files - install -d "${DEPLOYDIR}/arm-trusted-firmware/bl31" - # Install BL31 binary - if [ -f "${B}/${config}${soc_suffix}-${dt}/${BL31_BASENAME}.${BL31_SUFFIX}" ]; then - install -m 644 "${B}/${config}${soc_suffix}-${dt}/${BL31_BASENAME}.${BL31_SUFFIX}" "${DEPLOYDIR}/arm-trusted-firmware/bl31/${tfa_basename}-${BL31_BASENAME_DEPLOY}${soc_suffix}.${BL31_SUFFIX}" - fi - # Install BL31 devicetree - if [ -f "${B}/${config}${soc_suffix}-${dt}/fdts/${dt}-${BL31_BASENAME}.${DT_SUFFIX}" ]; then - install -m 644 "${B}/${config}${soc_suffix}-${dt}/fdts/${dt}-${BL31_BASENAME}.${DT_SUFFIX}" "${DEPLOYDIR}/arm-trusted-firmware/bl31/${dt}-${BL31_BASENAME}.${DT_SUFFIX}" - fi - if [ -n "${ELF_DEBUG_ENABLE}" ]; then - install -d "${DEPLOYDIR}/arm-trusted-firmware/bl31/debug" - if [ -f "${B}/${config}${soc_suffix}-${dt}/${BL31_ELF}" ]; then - install -m 644 "${B}/${config}${soc_suffix}-${dt}/${BL31_ELF}" "${DEPLOYDIR}/arm-trusted-firmware/bl31/debug/${tfa_basename}-${BL31_BASENAME_DEPLOY}${soc_suffix}-${config}.${TF_A_ELF_SUFFIX}" - fi - fi - ;; - bl32) - # Install BL32 files - install -d "${DEPLOYDIR}/arm-trusted-firmware/bl32" - # Install BL32 binary - if [ -f "${B}/${config}${soc_suffix}-${dt}/${BL32_BASENAME}.${BL32_SUFFIX}" ]; then - install -m 644 "${B}/${config}${soc_suffix}-${dt}/${BL32_BASENAME}.${BL32_SUFFIX}" "${DEPLOYDIR}/arm-trusted-firmware/bl32/${tfa_basename}-${BL32_BASENAME_DEPLOY}${soc_suffix}.${BL32_SUFFIX}" - fi - # Install BL32 devicetree - if [ -f "${B}/${config}${soc_suffix}-${dt}/fdts/${dt}-${BL32_BASENAME}.${DT_SUFFIX}" ]; then - install -m 644 "${B}/${config}${soc_suffix}-${dt}/fdts/${dt}-${BL32_BASENAME}.${DT_SUFFIX}" "${DEPLOYDIR}/arm-trusted-firmware/bl32/${dt}-${BL32_BASENAME}.${DT_SUFFIX}" - fi - if [ -n "${ELF_DEBUG_ENABLE}" ]; then - install -d "${DEPLOYDIR}/arm-trusted-firmware/bl32/debug" - if [ -f "${B}/${config}${soc_suffix}-${dt}/${BL32_ELF}" ]; then - install -m 644 "${B}/${config}${soc_suffix}-${dt}/${BL32_ELF}" "${DEPLOYDIR}/arm-trusted-firmware/bl32/debug/${tfa_basename}-${BL32_BASENAME_DEPLOY}${soc_suffix}-${config}.${TF_A_ELF_SUFFIX}" - fi - fi - ;; - fwconfig) - # Install fwconfig - install -d "${DEPLOYDIR}/arm-trusted-firmware/fwconfig" - if [ -f "${B}/${config}${soc_suffix}-${dt}/fdts/${dt}-${FWCONFIG_NAME}.${DT_SUFFIX}" ]; then - install -m 644 "${B}/${config}${soc_suffix}-${dt}/fdts/${dt}-${FWCONFIG_NAME}.${DT_SUFFIX}" "${DEPLOYDIR}/arm-trusted-firmware/fwconfig/${dt}-${FWCONFIG_NAME}-${config}.${DT_SUFFIX}" - fi - ;; - esac - done # for file_type in ${tfa_file_type} - done # for dt in ${dt_config} - if [ -n "${ELF_DEBUG_ENABLE}" ]; then - install -d "${DEPLOYDIR}/arm-trusted-firmware/debug" - if [ -f "${B}/${config}${soc_suffix}-${dt}/${BL1_ELF}" ]; then - install -m 644 "${B}/${config}${soc_suffix}-${dt}/${BL1_ELF}" "${DEPLOYDIR}/arm-trusted-firmware/debug/${tfa_basename}-${BL1_BASENAME_DEPLOY}-${config}.${TF_A_ELF_SUFFIX}" - fi - fi - done # for config in ${TF_A_CONFIG} - - if [ "${TF_A_ENABLE_METADATA}" = "1" ]; then - install -d "${DEPLOYDIR}/arm-trusted-firmware" - if [ -f "${B}/${TF_A_METADATA_NAME}.${TF_A_METADATA_SUFFIX}" ]; then - install -m 644 "${B}/${TF_A_METADATA_NAME}.${TF_A_METADATA_SUFFIX}" "${DEPLOYDIR}/arm-trusted-firmware/${TF_A_METADATA_BINARY}" - fi - fi -} -addtask deploy before do_build after do_compile diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.6.bbappend b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.10.bbappend similarity index 90% rename from meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.6.bbappend rename to meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.10.bbappend index 4eb407535..1d27256bc 100644 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.6.bbappend +++ b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.10.bbappend @@ -1,5 +1,5 @@ # -# Copyright (C) 2022, Digi International Inc. +# Copyright (C) 2022-2024, Digi International Inc. # # Select internal or Github TF-A repo @@ -7,7 +7,7 @@ TFA_URI_STASH = "${DIGI_MTK_GIT}/emp/arm-trusted-firmware.git;protocol=ssh" TFA_URI_GITHUB = "${DIGI_GITHUB_GIT}/arm-trusted-firmware.git;protocol=https" TFA_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${TFA_URI_STASH}', '${TFA_URI_GITHUB}', d)}" -SRCBRANCH = "v2.6/stm32mp/master" +SRCBRANCH = "v2.10/stm32mp/master" SRCREV = "${AUTOREV}" SRC_URI = " \ @@ -66,6 +66,13 @@ do_deploy:append() { done done + # Last value of 'dt' is good for metadata binary, so use that. + if [ "${TF_A_ENABLE_METADATA}" = "1" ]; then + if [ -f "${DEPLOYDIR}/arm-trusted-firmware/${TF_A_METADATA_BINARY}" ]; then + ln -s "arm-trusted-firmware/${TF_A_METADATA_BINARY}" "${DEPLOYDIR}/${TF_A_METADATA_NAME}-${dt}.${TF_A_METADATA_SUFFIX}" + fi + fi + unset i for config in ${FIP_CONFIG}; do i="$(expr ${i} + 1)" diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.8.bb b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.8.bb deleted file mode 100644 index d83049b77..000000000 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.8.bb +++ /dev/null @@ -1,42 +0,0 @@ -# -# Copyright (C) 2024 Digi International Inc. -# -require tf-a-stm32mp2-common.inc -require tf-a-stm32mp2.inc - -SUMMARY = "Trusted Firmware-A for STM32MP1" -LICENSE = "BSD-3-Clause" - -# Select internal or Github TF-A repo -TFA_URI_STASH = "${DIGI_MTK_GIT}/emp/arm-trusted-firmware.git;protocol=ssh" -TFA_URI_GITHUB = "${DIGI_GITHUB_GIT}/arm-trusted-firmware.git;protocol=https" -TFA_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${TFA_URI_STASH}', '${TFA_URI_GITHUB}', d)}" - -SRCBRANCH = "v2.8/stm32mp/master" -SRCREV = "${AUTOREV}" - -SRC_URI = " \ - ${TFA_GIT_URI};branch=${SRCBRANCH} \ -" - -TF_A_VERSION = "v2.8.12" -TF_A_RELEASE = "beta-r1" - -# Configure settings -TFA_PLATFORM = "stm32mp1" -TFA_ARM_MAJOR = "7" -TFA_ARM_ARCH = "aarch32" - -TFA_PLATFORM:aarch64 = "stm32mp2" -TFA_ARM_MAJOR:aarch64 = "8" -TFA_ARM_ARCH:aarch64 = "aarch64" - -# Enable the wrapper for debug -TF_A_ENABLE_DEBUG_WRAPPER ?= "1" - -# --------------------------------- -# Configure archiver use -# --------------------------------- -include ${@oe.utils.ifelse(d.getVar('ST_ARCHIVER_ENABLE') == '1', 'tf-a-stm32mp-archiver.inc','')} - -COMPATIBLE_MACHINE = "(ccmp2)" diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.8.bbappend b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.8.bbappend deleted file mode 100644 index 9412cbbac..000000000 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.8.bbappend +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright (C) 2024, Digi International Inc. - -do_deploy:append() { - unset i - for config in ${TF_A_CONFIG}; do - i=$(expr $i + 1) - dt_config=$(echo ${TF_A_DEVICETREE} | cut -d',' -f${i}) - tfa_basename=$(echo ${TF_A_BINARIES} | cut -d',' -f${i}) - for dt in ${dt_config}; do - TF_A_FILENAME="${tfa_basename}-${dt}-${config}.${TF_A_SUFFIX}" - if [ -f "${DEPLOYDIR}/arm-trusted-firmware/${TF_A_FILENAME}" ]; then - ln -s "arm-trusted-firmware/${TF_A_FILENAME}" "${DEPLOYDIR}" - fi - done - done - - # Last value of 'dt' is good for metadata binary, so use that. - if [ "${TF_A_ENABLE_METADATA}" = "1" ]; then - if [ -f "${DEPLOYDIR}/arm-trusted-firmware/${TF_A_METADATA_BINARY}" ]; then - ln -s "arm-trusted-firmware/${TF_A_METADATA_BINARY}" "${DEPLOYDIR}/${TF_A_METADATA_NAME}-${dt}.${TF_A_METADATA_SUFFIX}" - fi - fi - - unset i - for config in ${FIP_CONFIG}; do - i=$(expr $i + 1) - dt_config="$(echo ${FIP_DEVICETREE} | cut -d',' -f${i})" - for dt in ${dt_config}; do - FIP_FILENAME="${FIP_BASENAME}-${dt}-${config}${FIP_SIGN_SUFFIX}.${FIP_SUFFIX}" - if [ -f "${DEPLOYDIR}/fip/${FIP_FILENAME}" ]; then - ln -s "fip/${FIP_FILENAME}" "${DEPLOYDIR}" - fi - done - done -} diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-tools.inc b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-tools.inc deleted file mode 100644 index 5d0fe9913..000000000 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-tools.inc +++ /dev/null @@ -1,48 +0,0 @@ -FILESEXTRAPATHS:prepend := "${THISDIR}/tf-a-tools:" - -SRC_URI:append = " \ - file://0001-FIX-GCC-tools-overwrite.patch \ - file://0001-tools-allow-to-use-a-root-key-password-from-command-.patch \ - " - -DEPENDS += "dtc-native openssl" - -COMPATIBLE_HOST:class-target = "null" - -HOSTCC:class-native = "${BUILD_CC}" -HOSTCC:class-nativesdk = "${CC}" - -EXTRA_OEMAKE += "HOSTCC='${HOSTCC}' OPENSSL_DIR='${STAGING_EXECPREFIXDIR}'" -EXTRA_OEMAKE += "certtool enctool fiptool" -EXTRA_OEMAKE += "PLAT=${TFA_PLATFORM}" - -do_configure[noexec] = "1" - -do_compile:prepend:class-native () { - # This is still needed to have the native fiptool executing properly by - # setting the RPATH - sed -e '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' \ - -e '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' \ - -i ${S}/tools/fiptool/Makefile - # This is still needed to have the native cert_create executing properly by - # setting the RPATH - sed -e '/^LIB_DIR/ s,$, \$\{BUILD_LDFLAGS},' \ - -e '/^INC_DIR/ s,$, \$\{BUILD_CFLAGS},' \ - -i ${S}/tools/cert_create/Makefile - # This is still needed to have the native fiptool executing properly by - # setting the RPATH - sed -e '/^LIB_DIR/ s,$, \$\{BUILD_LDFLAGS},' \ - -e '/^INC_DIR/ s,$, \$\{BUILD_CFLAGS},' \ - -i ${S}/tools/encrypt_fw/Makefile -} - -do_install() { - install -d ${D}${bindir} - install -m 0755 \ - ${B}/tools/fiptool/fiptool \ - ${B}/tools/cert_create/cert_create \ - ${B}/tools/encrypt_fw/encrypt_fw \ - ${D}${bindir} -} - -BBCLASSEXTEND += "native nativesdk" diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-tools/0001-FIX-GCC-tools-overwrite.patch b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-tools/0001-FIX-GCC-tools-overwrite.patch deleted file mode 100644 index 63d7dc604..000000000 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-tools/0001-FIX-GCC-tools-overwrite.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 68a2098a3035b8374d0ce0b1feead650dadbce64 Mon Sep 17 00:00:00 2001 -From: Christophe Priouzeau -Date: Thu, 24 Nov 2022 16:18:27 +0100 -Subject: [PATCH] FIX GCC tools overwrite - -Signed-off-by: Christophe Priouzeau ---- - Makefile | 22 +++++++++++----------- - 1 file changed, 11 insertions(+), 11 deletions(-) - -diff --git a/Makefile b/Makefile -index 1ddb7b844..d6583dfe9 100644 ---- a/Makefile -+++ b/Makefile -@@ -183,19 +183,19 @@ endif - # Toolchain - ################################################################################ - --HOSTCC := gcc -+HOSTCC ?= gcc - export HOSTCC - --CC := ${CROSS_COMPILE}gcc --CPP := ${CROSS_COMPILE}cpp --AS := ${CROSS_COMPILE}gcc --AR := ${CROSS_COMPILE}ar --LINKER := ${CROSS_COMPILE}ld --OC := ${CROSS_COMPILE}objcopy --OD := ${CROSS_COMPILE}objdump --NM := ${CROSS_COMPILE}nm --PP := ${CROSS_COMPILE}gcc -E --DTC := dtc -+#CC := ${CROSS_COMPILE}gcc -+#CPP := ${CROSS_COMPILE}cpp -+#AS := ${CROSS_COMPILE}gcc -+#AR := ${CROSS_COMPILE}ar -+#LINKER := ${CROSS_COMPILE}ld -+#OC := ${CROSS_COMPILE}objcopy -+#OD := ${CROSS_COMPILE}objdump -+#NM := ${CROSS_COMPILE}nm -+#PP := ${CROSS_COMPILE}gcc -E -+#DTC := dtc - - # Use ${LD}.bfd instead if it exists (as absolute path or together with $PATH). - ifneq ($(strip $(wildcard ${LD}.bfd) \ --- -2.25.1 - diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-tools/0001-tools-allow-to-use-a-root-key-password-from-command-.patch b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-tools/0001-tools-allow-to-use-a-root-key-password-from-command-.patch deleted file mode 100644 index 0a17ea37f..000000000 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-tools/0001-tools-allow-to-use-a-root-key-password-from-command-.patch +++ /dev/null @@ -1,126 +0,0 @@ -From 204cde3bd45f634e3699a42ed8f865a8385743a5 Mon Sep 17 00:00:00 2001 -From: Christophe Priouzeau -Date: Mon, 28 Nov 2022 12:16:38 +0100 -Subject: [PATCH] tools: allow to use a root key password from command line - -By defining the ROT_KEY_PWD, user is able to define the private -root key password. Useful for build system management. - -Signed-off-by: Lionel Debieve ---- - make_helpers/tbbr/tbbr_tools.mk | 2 ++ - tools/cert_create/include/key.h | 2 +- - tools/cert_create/src/key.c | 4 ++-- - tools/cert_create/src/main.c | 13 +++++++++++-- - 4 files changed, 16 insertions(+), 5 deletions(-) - -diff --git a/make_helpers/tbbr/tbbr_tools.mk b/make_helpers/tbbr/tbbr_tools.mk -index 5ef2d852e..147159b1a 100644 ---- a/make_helpers/tbbr/tbbr_tools.mk -+++ b/make_helpers/tbbr/tbbr_tools.mk -@@ -25,6 +25,7 @@ - # KEY_SIZE - # ROT_KEY - # PROT_KEY -+# ROT_KEY_PWD - # PLAT_KEY - # SWD_ROT_KEY - # CORE_SWD_KEY -@@ -74,6 +75,7 @@ $(if ${HASH_ALG},$(eval $(call CERT_ADD_CMD_OPT,${HASH_ALG},--hash-alg,FWU_))) - $(if ${ROT_KEY},$(eval $(call CERT_ADD_CMD_OPT,${ROT_KEY},--rot-key))) - $(if ${ROT_KEY},$(eval $(call CERT_ADD_CMD_OPT,${ROT_KEY},--rot-key,FWU_))) - $(if ${PROT_KEY},$(eval $(call CERT_ADD_CMD_OPT,${PROT_KEY},--prot-key))) -+$(if ${ROT_KEY_PWD},$(eval $(call CERT_ADD_CMD_OPT,${ROT_KEY_PWD},--rot-key-pwd))) - $(if ${PLAT_KEY},$(eval $(call CERT_ADD_CMD_OPT,${PLAT_KEY},--plat-key))) - $(if ${SWD_ROT_KEY},$(eval $(call CERT_ADD_CMD_OPT,${SWD_ROT_KEY},--swd-rot-key))) - $(if ${CORE_SWD_KEY},$(eval $(call CERT_ADD_CMD_OPT,${CORE_SWD_KEY},--core-swd-key))) -diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h -index 312575b44..ed3654b08 100644 ---- a/tools/cert_create/include/key.h -+++ b/tools/cert_create/include/key.h -@@ -74,7 +74,7 @@ key_t *key_get_by_opt(const char *opt); - int key_new(key_t *key); - #endif - int key_create(key_t *key, int type, int key_bits); --int key_load(key_t *key, unsigned int *err_code); -+int key_load(key_t *key, char *rot_key_pwd, unsigned int *err_code); - int key_store(key_t *key); - void key_cleanup(void); - -diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c -index 487777b67..c8f5357be 100644 ---- a/tools/cert_create/src/key.c -+++ b/tools/cert_create/src/key.c -@@ -189,7 +189,7 @@ int key_create(key_t *key, int type, int key_bits) - return 0; - } - --int key_load(key_t *key, unsigned int *err_code) -+int key_load(key_t *key, char *rot_key_pwd, unsigned int *err_code) - { - FILE *fp; - EVP_PKEY *k; -@@ -198,7 +198,7 @@ int key_load(key_t *key, unsigned int *err_code) - /* Load key from file */ - fp = fopen(key->fn, "r"); - if (fp) { -- k = PEM_read_PrivateKey(fp, &key->key, NULL, NULL); -+ k = PEM_read_PrivateKey(fp, &key->key, NULL, rot_key_pwd); - fclose(fp); - if (k) { - *err_code = KEY_ERR_NONE; -diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c -index 2ab6bcfd9..90bb82ba8 100644 ---- a/tools/cert_create/src/main.c -+++ b/tools/cert_create/src/main.c -@@ -292,6 +292,10 @@ static const cmd_opt_t common_cmd_opt[] = { - { "print-cert", no_argument, NULL, 'p' }, - "Print the certificates in the standard output" - } -+ ,{ -+ { "rot-key-pwd", required_argument, NULL, 'r' }, -+ "Password for the root key" -+ }, - }; - - int main(int argc, char *argv[]) -@@ -310,6 +314,7 @@ int main(int argc, char *argv[]) - unsigned char md[SHA512_DIGEST_LENGTH]; - unsigned int md_len; - const EVP_MD *md_info; -+ char *rot_key_pw = NULL; - - NOTICE("CoT Generation Tool: %s\n", build_msg); - NOTICE("Target platform: %s\n", platform_msg); -@@ -347,7 +352,7 @@ int main(int argc, char *argv[]) - - while (1) { - /* getopt_long stores the option index here. */ -- c = getopt_long(argc, argv, "a:b:hknps:", cmd_opt, &opt_idx); -+ c = getopt_long(argc, argv, "a:b:hknpr:s:", cmd_opt, &opt_idx); - - /* Detect the end of the options. */ - if (c == -1) { -@@ -381,6 +386,10 @@ int main(int argc, char *argv[]) - case 'p': - print_cert = 1; - break; -+ case 'r': -+ rot_key_pw = malloc(sizeof(char) * strlen(optarg)); -+ strncpy(rot_key_pw, optarg, strlen(optarg)); -+ break; - case 's': - hash_alg = get_hash_alg(optarg); - if (hash_alg < 0) { -@@ -441,7 +450,7 @@ int main(int argc, char *argv[]) - #endif - - /* First try to load the key from disk */ -- if (key_load(&keys[i], &err_code)) { -+ if (key_load(&keys[i], rot_key_pw, &err_code)) { - /* Key loaded successfully */ - continue; - } --- -2.25.1 - diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-tools_2.8.bb b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-tools_2.8.bb deleted file mode 100644 index 27bff1dde..000000000 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-tools_2.8.bb +++ /dev/null @@ -1,22 +0,0 @@ -require tf-a-stm32mp2-common.inc -require tf-a-tools.inc - -SUMMARY = "Cert_create & Fiptool for fip generation for Trusted Firmware-A" -LICENSE = "BSD-3-Clause" - -# Select internal or Github TF-A repo -TFA_URI_STASH = "${DIGI_MTK_GIT}/emp/arm-trusted-firmware.git;protocol=ssh" -TFA_URI_GITHUB = "${DIGI_GITHUB_GIT}/arm-trusted-firmware.git;protocol=https" -TFA_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${TFA_URI_STASH}', '${TFA_URI_GITHUB}', d)}" - -SRCBRANCH = "v2.8/stm32mp/master" -SRCREV = "${AUTOREV}" - -SRC_URI = " \ - ${TFA_GIT_URI};branch=${SRCBRANCH} \ -" - -# Configure settings -TFA_PLATFORM = "stm32mp1" -TFA_PLATFORM:class-native = "stm32mp2" -TFA_PLATFORM:class-nativesdk = "stm32mp2"