jim.lai/OpenBMC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Your Name
2026-04-23 17:07:55 +08:00
commit b7e39e063b
16725 changed files with 1625565 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-arm/meta-arm-bsp/README.md
+1
View File
@@ -0,0 +1 @@
See ../README.md
meta-arm/meta-arm-bsp/conf/layer.conf
+21
View File
@@ -0,0 +1,21 @@
# We have a conf and classes directory, add to BBPATH
BBPATH .= ":${LAYERDIR}"
# We have recipes-* directories, add to BBFILES
BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
${LAYERDIR}/recipes-*/*/*.bbappend"
BBFILE_COLLECTIONS += "meta-arm-bsp"
BBFILE_PATTERN_meta-arm-bsp = "^${LAYERDIR}/"
BBFILE_PRIORITY_meta-arm-bsp = "5"
LAYERSERIES_COMPAT_meta-arm-bsp = "mickledore"
LAYERDEPENDS_meta-arm-bsp = "core meta-arm"
# This won't be used by layerindex-fetch, but works everywhere else
LAYERDEPENDS_meta-arm-bsp:append:corstone1000 = " meta-python openembedded-layer"
LAYERDEPENDS_meta-arm-bsp:append:musca-b1 = " meta-python"
LAYERDEPENDS_meta-arm-bsp:append:musca-s1 = " meta-python"
# Additional license directories.
LICENSE_PATH += "${LAYERDIR}/custom-licenses"
meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
+51
View File
@@ -0,0 +1,51 @@
#@TYPE: Machine
#@NAME: corstone1000-fvp machine
#@DESCRIPTION: Machine configuration for Corstone1000 64-bit FVP
require conf/machine/include/corstone1000.inc
TFA_TARGET_PLATFORM = "fvp"
TFM_PLATFORM_IS_FVP = "TRUE"
# testimage config
TEST_TARGET = "OEFVPTarget"
TEST_SUITES = "fvp_boot"
# FVP Config
FVP_PROVIDER ?= "fvp-corstone1000-native"
FVP_EXE ?= "FVP_Corstone-1000"
FVP_CONSOLE ?= "host_terminal_0"
# FVP Parameters
FVP_CONFIG[se.trustedBootROMloader.fname] ?= "bl1.bin"
FVP_CONFIG[board.xnvm_size] ?= "64"
FVP_CONFIG[se.trustedSRAM_config] ?= "6"
FVP_CONFIG[se.BootROM_config] ?= "3"
FVP_CONFIG[board.hostbridge.interfaceName] ?= "tap0"
FVP_CONFIG[board.smsc_91c111.enabled] ?= "1"
FVP_CONFIG[board.hostbridge.userNetworking] ?= "true"
FVP_CONFIG[board.hostbridge.userNetPorts] ?= "5555=5555,8080=80,8022=22"
FVP_CONFIG[board.se_flash_size] ?= "8192"
FVP_CONFIG[diagnostics] ?= "4"
FVP_CONFIG[disable_visualisation] ?= "true"
FVP_CONFIG[se.nvm.update_raw_image] ?= "0"
FVP_CONFIG[se.cryptocell.USER_OTP_FILTERING_DISABLE] ?= "1"
# Boot image
FVP_DATA ?= "board.flash0=${IMAGE_NAME}.wic@0x68000000"
# External system (cortex-M3)
FVP_CONFIG[extsys_harness0.extsys_flashloader.fname] ?= "es_flashfw.bin"
# FVP Terminals
FVP_TERMINALS[host.host_terminal_0] ?= "Normal World Console"
FVP_TERMINALS[host.host_terminal_1] ?= "Secure World Console"
FVP_TERMINALS[se.secenc_terminal] ?= "Secure Enclave Console"
FVP_TERMINALS[extsys0.extsys_terminal] ?= "Cortex M3"
# MMC card configuration
FVP_CONFIG[board.msd_mmc.card_type] ?= "SDHC"
FVP_CONFIG[board.msd_mmc.p_fast_access] ?= "0"
FVP_CONFIG[board.msd_mmc.diagnostics] ?= "2"
FVP_CONFIG[board.msd_mmc.p_max_block_count] ?= "0xFFFF"
FVP_CONFIG[board.msd_config.pl180_fifo_depth] ?= "16"
meta-arm/meta-arm-bsp/conf/machine/corstone1000-mps3.conf
+9
View File
@@ -0,0 +1,9 @@
#@TYPE: Machine
#@NAME: corstone1000-mps3 machine
#@DESCRIPTION: Machine configuration for Corstone1000 64-bit MPS3 FPGA board
require conf/machine/include/corstone1000.inc
TFA_TARGET_PLATFORM = "fpga"
PLATFORM_IS_FVP = "FALSE"
meta-arm/meta-arm-bsp/conf/machine/corstone500.conf
+49
View File
@@ -0,0 +1,49 @@
#@TYPE: Machine
#@NAME: Corstone-500 machine
#@DESCRIPTION: Machine configuration for the Corstone-500 platform
require conf/machine/include/arm/armv7a/tune-cortexa5.inc
# Corstone-500 is built against poky-tiny distro.
# poky-tiny sets PREFERRED_PROVIDER_virtual/kernel to linux-yocto-tiny.
# Since distro config is evaluated after the machine config, we need to
# use the strongest override possible (forcevariable) so the
# PREFERRED_PROVIDER_virtual/kernel specified in the machine config will
# apply.
#
PREFERRED_PROVIDER_virtual/kernel:forcevariable = "linux-yocto"
PREFERRED_VERSION_linux-yocto ?= "6.1%"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a u-boot"
IMAGE_CLASSES += "wic_nopt"
IMAGE_FSTYPES:forcevariable = "cpio.gz squashfs wic wic.nopt"
SERIAL_CONSOLES = "115200;ttyAMA0"
# Corstone-500 u-boot configuration
UBOOT_MACHINE = "corstone500_defconfig"
UBOOT_IMAGE_ENTRYPOINT = "0x84000000"
UBOOT_IMAGE_LOADADDRESS = "0x84000000"
PREFERRED_VERSION_u-boot ?= "2023.01"
# making sure EXTRA_IMAGEDEPENDS will be used while creating the image
WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}"
WKS_FILE ?= "core-image-minimal.corstone500.wks"
TEST_TARGET = "OEFVPTarget"
TEST_SUITES = "fvp_boot"
FVP_PROVIDER ?= "fvp-corstone500-native"
FVP_EXE ?= "FVP_Corstone-500"
FVP_CONFIG[board.flashloader0.fname] ?= "bl1.bin"
FVP_DATA ?= "css.cluster.cpu0=${IMAGE_NAME}.wic.nopt@0x80000000"
FVP_CONSOLE ?= "terminal_0"
FVP_TERMINALS[css.terminal_0] ?= "console"
FVP_TERMINALS[css.terminal_1] ?= ""
# Disable openssl in kmod to shink the initramfs size
PACKAGECONFIG:remove:pn-kmod = "openssl"
IMAGE_NAME_SUFFIX = ""
meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
+18
View File
@@ -0,0 +1,18 @@
# Configuration for Armv8-A Base Platform FVP
#@TYPE: Machine
#@NAME: Armv8-A Base Platform FVP machine
#@DESCRIPTION: Machine configuration for Armv8-A Base Platform FVP model
require conf/machine/include/fvp-common.inc
require conf/machine/include/arm/arch-armv8a.inc
TUNE_FEATURES = "aarch64"
# FVP u-boot configuration
UBOOT_MACHINE = "vexpress_aemv8a_semi_defconfig"
KERNEL_IMAGETYPE = "Image"
FVP_CONFIG[bp.virtio_rng.enabled] ?= "1"
IMAGE_NAME_SUFFIX = ""
meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf
+66
View File
@@ -0,0 +1,66 @@
# Configuration for Fixed Virtual Platform BaseR AEMv8r64 Machine
#@TYPE: Machine
#@NAME: FVP BaseR AEMv8r64 Machine
#@DESCRIPTION: Machine configuration for FVP BaseR AEMv8r64
require conf/machine/include/arm/armv8r/arch-armv8r64.inc
EXTRA_IMAGEDEPENDS += "boot-wrapper-aarch64"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
PREFERRED_VERSION_u-boot ?= "2022.10"
KERNEL_IMAGETYPE = "Image"
KERNEL_DEVICETREE = "arm/fvp-baser-aemv8r64.dtb"
UBOOT_MACHINE ?= "vexpress_aemv8r_defconfig"
SERIAL_CONSOLES = "115200;ttyAMA0"
IMAGE_CLASSES:append = " fvpboot"
IMAGE_FSTYPES += "wic"
WKS_FILE ?= "efi-disk.wks.in"
EFI_PROVIDER ?= "grub-efi"
MACHINE_FEATURES:append = " efi"
IMAGE_NAME_SUFFIX = ""
# As this is a virtual target that will not be used in the real world there is
# no need for real SSH keys.
MACHINE_EXTRA_RRECOMMENDS += "ssh-pregen-hostkeys"
# testimage configuration
TEST_TARGET = "OEFVPTarget"
TEST_SUITES:append = " fvp_boot fvp_devices"
TEST_TARGET_IP ?= "127.0.0.1:8022"
TEST_SERVER_IP ?= "127.0.1.1"
TEST_FVP_DEVICES ?= "rtc watchdog networking virtiorng cpu_hotplug"
FVP_EXTRA_ARGS = "-a cluster0*=linux-system.axf"
FVP_PROVIDER ?= "fvp-base-r-aem-native"
FVP_EXE ?= "FVP_BaseR_AEMv8R"
FVP_CONSOLE ?= "terminal_0"
# FVP parameters
FVP_CONFIG[bp.exclusive_monitor.monitor_access_level] ?= "2"
FVP_CONFIG[bp.refcounter.non_arch_start_at_default] ?= "1"
FVP_CONFIG[bp.refcounter.use_real_time] ?= "1"
FVP_CONFIG[bp.ve_sysregs.exit_on_shutdown] ?= "1"
FVP_CONFIG[bp.virtio_net.enabled] ?= "1"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] ?= "8022=22"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetworking] ?= "1"
FVP_CONFIG[bp.virtio_net.secure_accesses] = "1"
FVP_CONFIG[bp.virtio_rng.enabled] ?= "1"
FVP_CONFIG[bp.virtio_rng.secure_accesses] = "1"
FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic"
FVP_CONFIG[bp.virtioblockdevice.secure_accesses] = "1"
FVP_CONFIG[cache_state_modelled] ?= "0"
FVP_CONFIG[cci400.force_on_from_start] = "1"
FVP_CONFIG[cluster0.gicv3.cpuintf-mmap-access-level] ?= "2"
FVP_CONFIG[cluster0.gicv3.extended-interrupt-range-support] ?= "1"
FVP_CONFIG[cluster0.gicv3.SRE-EL2-enable-RAO] ?= "1"
FVP_CONFIG[cluster0.gicv3.SRE-enable-action-on-mmap] ?= "2"
FVP_CONFIG[cluster0.has_aarch64] ?= "1"
FVP_CONFIG[gic_distributor.GICD_CTLR-DS-1-means-secure-only] ?= "1"
FVP_CONFIG[gic_distributor.has-two-security-states] ?= "0"
meta-arm/meta-arm-bsp/conf/machine/include/arm/armv8r/arch-armv8r64.inc
+10
View File
@@ -0,0 +1,10 @@
require conf/machine/include/arm/arch-armv8r.inc
TUNE_FEATURES:tune-armv8r =+ "aarch64"
PACKAGE_EXTRA_ARCHS:tune-armv8r =+ "aarch64"
BASE_LIB:tune-armv8r = "lib64"
BASE_LIB:tune-armv8r-crc = "lib64"
BASE_LIB:tune-armv8r-crypto = "lib64"
BASE_LIB:tune-armv8r-simd = "lib64"
BASE_LIB:tune-armv8r-crc-simd = "lib64"
BASE_LIB:tune-armv8r-crc-crypto-simd = "lib64"
meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
+80
View File
@@ -0,0 +1,80 @@
require conf/machine/include/arm/armv8a/tune-cortexa35.inc
MACHINEOVERRIDES =. "corstone1000:"
# TF-A
TFA_PLATFORM = "corstone1000"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
TFA_BL2_BINARY = "bl2-corstone1000.bin"
TFA_FIP_BINARY = "fip-corstone1000.bin"
# TF-M
EXTRA_IMAGEDEPENDS += "virtual/trusted-firmware-m"
# TF-M settings for signing host images
TFA_BL2_RE_IMAGE_LOAD_ADDRESS = "0x62353000"
TFA_BL2_RE_SIGN_BIN_SIZE = "0x2d000"
TFA_FIP_RE_IMAGE_LOAD_ADDRESS = "0x68130000"
TFA_FIP_RE_SIGN_BIN_SIZE = "0x00200000"
RE_LAYOUT_WRAPPER_VERSION = "0.0.7"
TFM_SIGN_PRIVATE_KEY = "${libdir}/tfm-scripts/root-RSA-3072_1.pem"
RE_IMAGE_OFFSET = "0x1000"
# u-boot
PREFERRED_VERSION_u-boot ?= "2023.01"
EXTRA_IMAGEDEPENDS += "u-boot"
UBOOT_CONFIG ??= "EFI"
UBOOT_CONFIG[EFI] = "corstone1000_defconfig"
UBOOT_ENTRYPOINT = "0x80000000"
UBOOT_LOADADDRESS = "0x80000000"
UBOOT_BOOTARGS = "earlycon=pl011,0x1a510000 console=ttyAMA0 loglevel=9"
UBOOT_ARCH = "arm"
UBOOT_EXTLINUX = "0"
#optee
PREFERRED_VERSION_optee-os ?= "3.20.%"
PREFERRED_VERSION_optee-client ?= "3.18.%"
EXTRA_IMAGEDEPENDS += "optee-os"
OPTEE_ARCH = "arm64"
OPTEE_BINARY = "tee-pager_v2.bin"
# Include smm-gateway and se-proxy SPs into optee-os binary
MACHINE_FEATURES += "ts-smm-gateway ts-se-proxy"
TS_PLATFORM = "arm/corstone1000"
TS_SP_SE_PROXY_CONFIG = "corstone1000"
# External System(Cortex-M3)
EXTRA_IMAGEDEPENDS += "external-system"
# Linux kernel
PREFERRED_PROVIDER_virtual/kernel:forcevariable = "linux-yocto"
PREFERRED_VERSION_linux-yocto = "6.1%"
KERNEL_IMAGETYPE = "Image.gz"
INITRAMFS_IMAGE_BUNDLE ?= "1"
#telling the build system which image is responsible of the generation of the initramfs rootfs
INITRAMFS_IMAGE = "corstone1000-initramfs-image"
IMAGE_NAME_SUFFIX = ""
# add FF-A support in the kernel
MACHINE_FEATURES += "arm-ffa"
# prevent the kernel image from being included in the intramfs rootfs
PACKAGE_EXCLUDE = "kernel-image-*"
# enable this feature for kernel debugging
# MACHINE_FEATURES += "corstone1000_kernel_debug"
# login terminal serial port settings
SERIAL_CONSOLES ?= "115200;ttyAMA0"
# making sure EXTRA_IMAGEDEPENDS will be used while creating the image
WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}"
WKS_FILE ?= "corstone1000-image.corstone1000.wks"
# Disable openssl in kmod to shink the initramfs size
PACKAGECONFIG:remove:pn-kmod = "openssl"
meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc
+50
View File
@@ -0,0 +1,50 @@
# FVP common parameters
#
# Capturing FVP common configurations (Armv8-A Base Platform FVP,
# Armv8-A Foundation Platform and Armv7-A Base Platform FVP).
#
MACHINE_FEATURES = "optee"
IMAGE_FSTYPES += "wic"
WKS_FILE ?= "fvp-base.wks"
SERIAL_CONSOLES = "115200;ttyAMA0"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
KERNEL_DEVICETREE = "arm/fvp-base-revc.dtb"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
# As this is a virtual target that will not be used in the real world there is
# no need for real SSH keys.
MACHINE_EXTRA_RRECOMMENDS += "ssh-pregen-hostkeys"
TEST_TARGET = "OEFVPTarget"
TEST_TARGET_IP = "127.0.0.1:8022"
TEST_SUITES:append = " fvp_boot fvp_devices"
TEST_FVP_DEVICES ?= "rtc watchdog networking virtiorng cpu_hotplug"
FVP_PROVIDER ?= "fvp-base-a-aem-native"
FVP_EXE ?= "FVP_Base_RevC-2xAEMvA"
FVP_CONFIG[bp.ve_sysregs.exit_on_shutdown] ?= "1"
FVP_CONFIG[bp.virtio_net.enabled] ?= "1"
FVP_CONFIG[bp.virtio_net.hostbridge.userNetworking] ?= "1"
# Tell testimage to connect to localhost:8022, and forward that to SSH in the FVP.
FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] = "8022=22"
FVP_CONFIG[cache_state_modelled] ?= "0"
FVP_CONFIG[bp.secureflashloader.fname] ?= "bl1-fvp.bin"
FVP_CONFIG[bp.flashloader0.fname] ?= "fip-fvp.bin"
FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic"
# Set the baseline to ARMv8.4, as the default is 8.0.
FVP_CONFIG[cluster0.has_arm_v8-4] = "1"
FVP_CONFIG[cluster1.has_arm_v8-4] = "1"
FVP_CONSOLE ?= "terminal_0"
FVP_DATA ?= "cluster0.cpu0=${KERNEL_IMAGETYPE}@0x80080000 \
cluster0.cpu0=fvp-base-revc.dtb@0x8fc00000"
FVP_TERMINALS[bp.terminal_0] ?= "Console"
FVP_TERMINALS[bp.terminal_1] ?= ""
FVP_TERMINALS[bp.terminal_2] ?= ""
FVP_TERMINALS[bp.terminal_3] ?= ""
meta-arm/meta-arm-bsp/conf/machine/include/tc.inc
+35
View File
@@ -0,0 +1,35 @@
TUNE_FEATURES = "aarch64"
require conf/machine/include/arm/arch-armv8a.inc
MACHINEOVERRIDES =. "tc:"
# Das U-boot
UBOOT_MACHINE ?= "total_compute_defconfig"
UBOOT_RD_LOADADDRESS = "0x88000000"
UBOOT_RD_ENTRYPOINT = "0x88000000"
UBOOT_LOADADDRESS = "0x80080000"
UBOOT_ENTRYPOINT = "0x80080000"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
# OP-TEE
PREFERRED_VERSION_optee-os ?= "3.18%"
PREFERRED_VERSION_optee-client ?= "3.18%"
PREFERRED_VERSION_optee-test ?= "3.18%"
# Cannot use the default zImage on arm64
KERNEL_IMAGETYPE = "Image"
KERNEL_IMAGETYPES += "fitImage"
KERNEL_CLASSES = " kernel-fitimage "
IMAGE_FSTYPES += "cpio.gz"
INITRAMFS_IMAGE ?= "core-image-minimal"
IMAGE_NAME_SUFFIX = ""
SERIAL_CONSOLES = "115200;ttyAMA0"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a optee-os"
# FIXME - there is signed image dependency/race with testimage.
# This should be fixed in oe-core
TESTIMAGEDEPENDS:append = " virtual/kernel:do_deploy"
meta-arm/meta-arm-bsp/conf/machine/juno.conf
+30
View File
@@ -0,0 +1,30 @@
# Configuration for juno development board
#@TYPE: Machine
#@NAME: Juno machine
#@DESCRIPTION: Machine configuration for Juno
TUNE_FEATURES = "aarch64"
require conf/machine/include/arm/arch-armv8a.inc
MACHINE_FEATURES = "usbhost usbgadget alsa screen wifi bluetooth optee pci"
KERNEL_IMAGETYPE = "Image.gz"
KERNEL_DEVICETREE = "arm/juno.dtb arm/juno-r1.dtb arm/juno-r2.dtb"
IMAGE_FSTYPES += "tar.bz2 ext4 cpio.gz"
SERIAL_CONSOLES = "115200;ttyAMA0"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
PREFERRED_PROVIDER_virtual/bootloader ?= "u-boot"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a virtual/bootloader firmware-image-juno"
# Juno u-boot configuration
UBOOT_MACHINE = "vexpress_aemv8a_juno_defconfig"
INITRAMFS_IMAGE_BUNDLE ?= "1"
INITRAMFS_IMAGE = "core-image-minimal"
IMAGE_NAME_SUFFIX = ""
meta-arm/meta-arm-bsp/conf/machine/musca-b1.conf
+23
View File
@@ -0,0 +1,23 @@
# Configuration for Musca-B1 development board
#@TYPE: Machine
#@NAME: Musca-B1 machine
#@DESCRIPTION: Machine configuration for Musca-B1
DEFAULTTUNE ?= "armv8m-main"
require conf/machine/include/arm/armv8-m/tune-cortexm33.inc
# GLIBC will not work with Cortex-M.
TCLIBC = "newlib"
# For runqemu
IMAGE_FSTYPES += "ext4"
IMAGE_CLASSES += "qemuboot"
QB_SYSTEM_NAME = "qemu-system-arm"
QB_MACHINE = "-machine musca-b1"
QB_CPU = "-cpu cortex-m33"
QB_GRAPHICS = "-nographic -vga none"
QB_MEM = "512k"
QB_RNG = ""
TFM_PLATFORM = "arm/musca_b1"
meta-arm/meta-arm-bsp/conf/machine/musca-s1.conf
+22
View File
@@ -0,0 +1,22 @@
# Configuration for Musca-S1 development board
#@TYPE: Machine
#@NAME: Musca-S1 machine
#@DESCRIPTION: Machine configuration for Musca-S1
require conf/machine/include/arm/armv8-m/tune-cortexm33.inc
# GLIBC will not work with Cortex-M.
TCLIBC = "newlib"
# For runqemu
IMAGE_FSTYPES += "ext4"
IMAGE_CLASSES += "qemuboot"
QB_SYSTEM_NAME = "qemu-system-arm"
QB_MACHINE = "-machine musca-s1"
QB_CPU = "-cpu cortex-m33"
QB_GRAPHICS = "-nographic -vga none"
QB_MEM = "512k"
QB_RNG = ""
TFM_PLATFORM = "arm/musca_s1"
meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf
+42
View File
@@ -0,0 +1,42 @@
# Configuration for Arm N1SDP development board
#@TYPE: Machine
#@NAME: N1SDP machine
#@DESCRIPTION: Machine configuration for N1SDP
require conf/machine/include/arm/armv8-2a/tune-neoversen1.inc
KERNEL_IMAGETYPE = "Image"
IMAGE_FSTYPES += "wic wic.gz wic.bmap tar.bz2 ext4"
SERIAL_CONSOLES = "115200;ttyAMA0"
# Set default WKS
WKS_FILE ?= "n1sdp-efidisk.wks"
IMAGE_EFI_BOOT_FILES ?= "n1sdp-multi-chip.dtb n1sdp-single-chip.dtb"
WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}"
# Use kernel provided by yocto
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
PREFERRED_VERSION_linux-yocto ?= "6.1%"
# RTL8168E Gigabit Ethernet Controller is attached to the PCIe interface
MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "linux-firmware-rtl8168"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware"
#UEFI EDK2 firmware
EXTRA_IMAGEDEPENDS += "edk2-firmware"
PREFERRED_VERSION_edk2-firmware ?= "202211"
#optee
PREFERRED_VERSION_optee-os ?= "3.20.%"
#grub-efi
EFI_PROVIDER ?= "grub-efi"
MACHINE_FEATURES += "efi"
# SD-Card firmware
EXTRA_IMAGEDEPENDS += "sdcard-image-n1sdp"
meta-arm/meta-arm-bsp/conf/machine/sgi575.conf
+24
View File
@@ -0,0 +1,24 @@
# Configuration for Arm SGI575 development board
#@TYPE: Machine
#@NAME: SGI575
#@DESCRIPTION: Machine configuration for SGI575
require conf/machine/include/arm/armv8-2a/tune-cortexa75.inc
EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
KERNEL_IMAGETYPE ?= "Image"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
SERIAL_CONSOLES = "115200;ttyAMA0"
#grub-efi
EFI_PROVIDER ?= "grub-efi"
MACHINE_FEATURES += "efi"
IMAGE_FSTYPES += "cpio.gz wic"
WKS_FILE ?= "sgi575-efidisk.wks"
WKS_FILE_DEPENDS:append = " ${EXTRA_IMAGEDEPENDS}"
meta-arm/meta-arm-bsp/conf/machine/tc1.conf
+31
View File
@@ -0,0 +1,31 @@
# Configuration for TC1
#@TYPE: Machine
#@NAME: TC1
#@DESCRIPTION: Machine configuration for TC1
require conf/machine/include/tc.inc
TEST_TARGET = "OEFVPTarget"
TEST_SUITES = "fvp_boot"
# FVP Config
FVP_PROVIDER ?= "fvp-tc1-native"
FVP_EXE ?= "FVP_TC1"
# FVP Parameters
FVP_CONFIG[css.scp.ROMloader.fname] ?= "scp_romfw.bin"
FVP_CONFIG[css.trustedBootROMloader.fname] ?= "bl1-tc.bin"
FVP_CONFIG[board.flashloader0.fname] ?= "fip_gpt-tc.bin"
#FVP_CONFIG[board.hostbridge.userNetworking] ?= "true"
#FVP_CONFIG[board.hostbridge.userNetPorts] ?= "8022=22"
#smsc ethernet takes a very long time to come up. disable now to prevent testimage timeout
#FVP_CONFIG[board.smsc_91c111.enabled] ?= "1"
FVP_CONSOLE = "terminal_s1"
FVP_TERMINALS[soc.terminal_s0] ?= "Secure Console"
FVP_TERMINALS[soc.terminal_s1] ?= "Console"
# Boot image
FVP_DATA ?= "board.dram=fitImage-core-image-minimal-tc1-tc1@0x20000000"
meta-arm/meta-arm-bsp/custom-licenses/STM-SLA0044-Rev5
+18
View File
@@ -0,0 +1,18 @@
SLA0044 Rev5/February 2018
BY INSTALLING COPYING, DOWNLOADING, ACCESSING OR OTHERWISE USING THIS SOFTWARE OR ANY PART THEREOF (AND THE RELATED DOCUMENTATION) FROM STMICROELECTRONICS INTERNATIONAL N.V, SWISS BRANCH AND/OR ITS AFFILIATED COMPANIES (STMICROELECTRONICS), THE RECIPIENT, ON BEHALF OF HIMSELF OR HERSELF, OR ON BEHALF OF ANY ENTITY BY WHICH SUCH RECIPIENT IS EMPLOYED AND/OR ENGAGED AGREES TO BE BOUND BY THIS SOFTWARE LICENSE AGREEMENT.
Under STMicroelectronics intellectual property rights, the redistribution, reproduction and use in source and binary forms of the software or any part thereof, with or without modification, are permitted provided that the following conditions are met:
1. Redistribution of source code (modified or not) must retain any copyright notice, this list of conditions and the disclaimer set forth below as items 10 and 11.
2. Redistributions in binary form, except as embedded into microcontroller or microprocessor device manufactured by or for STMicroelectronics or a software update for such device, must reproduce any copyright notice provided with the binary code, this list of conditions, and the disclaimer set forth below as items 10 and 11, in documentation and/or other materials provided with the distribution.
3. Neither the name of STMicroelectronics nor the names of other contributors to this software may be used to endorse or promote products derived from this software or part thereof without specific written permission.
4. This software or any part thereof, including modifications and/or derivative works of this software, must be used and execute solely and exclusively on or in combination with a microcontroller or microprocessor device manufactured by or for STMicroelectronics.
5. No use, reproduction or redistribution of this software partially or totally may be done in any manner that would subject this software to any Open Source Terms. “Open Source Terms” shall mean any open source license which requires as part of distribution of software that the source code of such software is distributed therewith or otherwise made available, or open source license that substantially complies with the Open Source definition specified at www.opensource.org and any other comparable open source license such as for example GNU General Public License (GPL), Eclipse Public License (EPL), Apache Software License, BSD license or MIT license.
6. STMicroelectronics has no obligation to provide any maintenance, support or updates for the software.
7. The software is and will remain the exclusive property of STMicroelectronics and its licensors. The recipient will not take any action that jeopardizes STMicroelectronics and its licensors' proprietary rights or acquire any rights in the software, except the limited rights specified hereunder.
8. The recipient shall comply with all applicable laws and regulations affecting the use of the software or any part thereof including any applicable export control law or regulation.
9. Redistribution and use of this software or any part thereof other than as permitted under this license is void and will automatically terminate your rights under this license.
10. THIS SOFTWARE IS PROVIDED BY STMICROELECTRONICS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS, IMPLIED OR STATUTORY WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS, WHICH ARE DISCLAIMED TO THE FULLEST EXTENT PERMITTED BY LAW. IN NO EVENT SHALL STMICROELECTRONICS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
11. EXCEPT AS EXPRESSLY PERMITTED HEREUNDER, NO LICENSE OR OTHER RIGHTS, WHETHER EXPRESS OR IMPLIED, ARE GRANTED UNDER ANY PATENT OR OTHER INTELLECTUAL PROPERTY RIGHTS OF STMICROELECTRONICS OR ANY THIRD PARTY.
meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
+230
View File
@@ -0,0 +1,230 @@
..
# Copyright (c) 2022-2023, Arm Limited.
#
# SPDX-License-Identifier: MIT
##########
Change Log
##########
This document contains a summary of the new features, changes and
fixes in each release of Corstone-1000 software stack.
***************
Version 2023.06
***************
Changes
=======
- GPT support (in TF-M, TF-A, U-boot)
- Use TF-M BL1 code as the ROM code instead of MCUboot (the next stage bootloader BL2 remains to be MCUboot)
- Secure Enclave uses CC312 OTP as the provisioning backend in FVP and FPGA
- NVMXIP block storage support in U-Boot
- Upgrading the SW stack recipes
- Upgrades for the U-Boot FF-A driver and MM communication
Corstone-1000 components versions
=================================
+-------------------------------------------+--------------------------------------------+
| arm-ffa-tee | 1.1.2-r0 |
+-------------------------------------------+--------------------------------------------+
| arm-ffa-user | 5.0.1-r0 |
+-------------------------------------------+--------------------------------------------+
| corstone1000-external-sys-tests | 1.0+gitAUTOINC+2945cd92f7-r0 |
+-------------------------------------------+--------------------------------------------+
| external-system | 0.1.0+gitAUTOINC+8c9dca74b1-r0 |
+-------------------------------------------+--------------------------------------------+
| linux-yocto | 6.1.25+gitAUTOINC+36901b5b29_581dc1aa2f-r0 |
+-------------------------------------------+--------------------------------------------+
| u-boot | 2023.01-r0 |
+-------------------------------------------+--------------------------------------------+
| optee-client | 3.18.0-r0 |
+-------------------------------------------+--------------------------------------------+
| optee-os | 3.20.0-r0 |
+-------------------------------------------+--------------------------------------------+
| trusted-firmware-a | 2.8.0-r0 |
+-------------------------------------------+--------------------------------------------+
| trusted-firmware-m | 1.7.0-r0 |
+-------------------------------------------+--------------------------------------------+
| ts-newlib | 4.1.0-r0 |
+-------------------------------------------+--------------------------------------------+
| ts-psa-{crypto, iat, its. ps}-api-test | 38cb53a4d9 |
+-------------------------------------------+--------------------------------------------+
| ts-sp-{se-proxy, smm-gateway} | 08b3d39471 |
+-------------------------------------------+--------------------------------------------+
Yocto distribution components versions
======================================
+-------------------------------------------+--------------------------------+
| meta-arm | mickledore |
+-------------------------------------------+--------------------------------+
| poky | mickledore |
+-------------------------------------------+--------------------------------+
| meta-openembedded | mickledore |
+-------------------------------------------+--------------------------------+
| busybox | 1.36.0-r0 |
+-------------------------------------------+--------------------------------+
| musl | 1.2.3+gitAUTOINC+7d756e1c04-r0 |
+-------------------------------------------+--------------------------------+
| gcc-arm-none-eabi-native | 11.2-2022.02 |
+-------------------------------------------+--------------------------------+
| gcc-cross-aarch64 | 12.2.rel1-r0 |
+-------------------------------------------+--------------------------------+
| openssl | 3.1.0-r0 |
+-------------------------------------------+--------------------------------+
******************
Version 2022.11.23
******************
Changes
=======
- Booting the External System (Cortex-M3) with RTX RTOS
- Adding MHU communication between the HOST (Cortex-A35) and the External System
- Adding a Linux application to test the External System
- Adding ESRT (EFI System Resource Table) support
- Upgrading the SW stack recipes
- Upgrades for the U-Boot FF-A driver and MM communication
Corstone-1000 components versions
=================================
+-------------------------------------------+------------+
| arm-ffa-tee | 1.1.1 |
+-------------------------------------------+------------+
| arm-ffa-user | 5.0.0 |
+-------------------------------------------+------------+
| corstone1000-external-sys-tests | 1.0 |
+-------------------------------------------+------------+
| external-system | 0.1.0 |
+-------------------------------------------+------------+
| linux-yocto | 5.19 |
+-------------------------------------------+------------+
| u-boot | 2022.07 |
+-------------------------------------------+------------+
| optee-client | 3.18.0 |
+-------------------------------------------+------------+
| optee-os | 3.18.0 |
+-------------------------------------------+------------+
| trusted-firmware-a | 2.7.0 |
+-------------------------------------------+------------+
| trusted-firmware-m | 1.6.0 |
+-------------------------------------------+------------+
| ts-newlib | 4.1.0 |
+-------------------------------------------+------------+
| ts-psa-{crypto, iat, its. ps}-api-test | 451aa087a4 |
+-------------------------------------------+------------+
| ts-sp-{se-proxy, smm-gateway} | 3d4956770f |
+-------------------------------------------+------------+
Yocto distribution components versions
======================================
+-------------------------------------------+---------------------+
| meta-arm | langdale |
+-------------------------------------------+---------------------+
| poky | langdale |
+-------------------------------------------+---------------------+
| meta-openembedded | langdale |
+-------------------------------------------+---------------------+
| busybox | 1.35.0 |
+-------------------------------------------+---------------------+
| musl | 1.2.3+git37e18b7bf3 |
+-------------------------------------------+---------------------+
| gcc-arm-none-eabi-native | 11.2-2022.02 |
+-------------------------------------------+---------------------+
| gcc-cross-aarch64 | 12.2 |
+-------------------------------------------+---------------------+
| openssl | 3.0.5 |
+-------------------------------------------+---------------------+
******************
Version 2022.04.04
******************
Changes
=======
- Linux distro openSUSE, raw image installation and boot in the FVP.
- SCT test support in FVP.
- Manual capsule update support in FVP.
******************
Version 2022.02.25
******************
Changes
=======
- Building and running psa-arch-tests on Corstone-1000 FVP
- Enabled smm-gateway partition in Trusted Service on Corstone-1000 FVP
- Enabled MHU driver in Trusted Service on Corstone-1000 FVP
- Enabled OpenAMP support in SE proxy SP on Corstone-1000 FVP
******************
Version 2022.02.21
******************
Changes
=======
- psa-arch-tests: recipe is dropped and merged into the secure-partitons recipe.
- psa-arch-tests: The tests are align with latest tfm version for psa-crypto-api suite.
******************
Version 2022.01.18
******************
Changes
=======
- psa-arch-tests: change master to main for psa-arch-tests
- U-Boot: fix null pointer exception for get_image_info
- TF-M: fix capsule instability issue for Corstone-1000
******************
Version 2022.01.07
******************
Changes
=======
- Corstone-1000: fix SystemReady-IR ACS test (SCT, FWTS) failures.
- U-Boot: send bootcomplete event to secure enclave.
- U-Boot: support populating Corstone-1000 image_info to ESRT table.
- U-Boot: add ethernet device and enable configs to support bootfromnetwork SCT.
******************
Version 2021.12.15
******************
Changes
=======
- Enabling Corstone-1000 FPGA support on:
- Linux 5.10
- OP-TEE 3.14
- Trusted Firmware-A 2.5
- Trusted Firmware-M 1.5
- Building and running psa-arch-tests
- Adding openamp support in SE proxy SP
- OP-TEE: adding smm-gateway partition
- U-Boot: introducing Arm FF-A and MM support
******************
Version 2021.10.29
******************
Changes
=======
- Enabling Corstone-1000 FVP support on:
- Linux 5.10
- OP-TEE 3.14
- Trusted Firmware-A 2.5
- Trusted Firmware-M 1.4
- Linux kernel: enabling EFI, adding FF-A debugfs driver, integrating ARM_FFA_TRANSPORT.
- U-Boot: Extending EFI support
- python3-imgtool: adding recipe for Trusted-firmware-m
- python3-imgtool: adding the Yocto recipe used in signing host images (based on MCUBOOT format)
--------------
*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
meta-arm/meta-arm-bsp/documentation/corstone1000/conf.py
+52
View File
@@ -0,0 +1,52 @@
# Configuration file for the Sphinx documentation builder.
#
# This file only contains a selection of the most common options. For a full
# list see the documentation:
# https://www.sphinx-doc.org/en/master/usage/configuration.html
# -- Path setup --------------------------------------------------------------
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#
# import os
# import sys
# sys.path.insert(0, os.path.abspath('.'))
# -- Project information -----------------------------------------------------
project = 'corstone1000'
copyright = '2020-2022, Arm Limited'
author = 'Arm Limited'
# -- General configuration ---------------------------------------------------
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
]
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
# This pattern also affects html_static_path and html_extra_path.
exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store', 'docs/infra']
# -- Options for HTML output -------------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
#
html_theme = 'sphinx_rtd_theme'
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
#html_static_path = ['_static']
meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 77 KiB

meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 93 KiB

meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureFirmwareUpdate.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 60 KiB

meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 57 KiB

meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB

meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst
+16
View File
@@ -0,0 +1,16 @@
..
# Copyright (c) 2022, Arm Limited.
#
# SPDX-License-Identifier: MIT
################
ARM Corstone1000
################
.. toctree::
:maxdepth: 1
software-architecture
user-guide
release-notes
change-log
meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
+199
View File
@@ -0,0 +1,199 @@
..
# Copyright (c) 2022-2023, Arm Limited.
#
# SPDX-License-Identifier: MIT
#############
Release notes
#############
*************************
Disclaimer
*************************
You expressly assume all liabilities and risks relating to your use or operation
of Your Software and Your Hardware designed or modified using the Arm Tools,
including without limitation, Your software or Your Hardware designed or
intended for safety-critical applications. Should Your Software or Your Hardware
prove defective, you assume the entire cost of all necessary servicing, repair
or correction.
***********************
Release notes - 2023.06
***********************
Known Issues or Limitations
---------------------------
- FPGA supports Linux distro install and boot through installer. However, FVP only supports openSUSE raw image installation and boot.
- Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
- PSA Crypto tests (psa-crypto-api-test command) take 30 minutes to complete for FVP and 1 hour for MPS3.
- Corstone-1000 SoC on FVP doesn't have a secure debug peripheral. It does on the MPS3 .
- The following limitations listed in the previous release are still applicable:
- UEFI Compliant - Boot from network protocols must be implemented -- FAILURE
- Known limitations regarding ACS tests - see previous release's notes.
Platform Support
-----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v2
https://developer.arm.com/downloads/-/download-fpga-images
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.19_21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
**************************
Release notes - 2022.11.23
**************************
Known Issues or Limitations
---------------------------
- The external-system can not be reset individually on (or using) AN550_v1 FPGA release. However, the system-wide reset still applies to the external-system.
- FPGA supports Linux distro install and boot through installer. However, FVP only supports openSUSE raw image installation and boot.
- Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
- Below SCT FAILURE is a known issues in the FVP:
UEFI Compliant - Boot from network protocols must be implemented -- FAILURE
- Below SCT FAILURE is a known issue when a terminal emulator (in the system where the user connects to serial ports) does not support 80x25 or 80x50 mode:
EFI_SIMPLE_TEXT_OUT_PROTOCOL.SetMode - SetMode() with valid mode -- FAILURE
- Known limitations regarding ACS tests: The behavior after running ACS tests on FVP is not consistent. Both behaviors are expected and are valid;
The system might boot till the Linux prompt. Or, the system might wait after finishing the ACS tests.
In both cases, the system executes the entire test suite and writes the results as stated in the user guide.
Platform Support
-----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v1
https://developer.arm.com/downloads/-/download-fpga-images
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.19_21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
**************************
Release notes - 2022.04.04
**************************
Known Issues or Limitations
---------------------------
- FPGA support Linux distro install and boot through installer. However,
FVP only support openSUSE raw image installation and boot.
- Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide
cannot boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
- Below SCT FAILURE is a known issues in the FVP:
UEFI Compliant - Boot from network protocols must be implemented -- FAILURE
Platform Support
-----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v1
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.17_23
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
**************************
Release notes - 2022.02.25
**************************
Known Issues or Limitations
---------------------------
- The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS,
BSA), manual capsule update test, Linux distro install and boot.
Platform Support
----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v1
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.17_23
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
Release notes - 2022.02.21
--------------------------
Known Issues or Limitations
---------------------------
- The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS,
BSA), manual capsule update test, Linux distro install and boot, psa-arch-test.
Platform Support
----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v1
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
Release notes - 2022.01.18
--------------------------
Known Issues or Limitations
---------------------------
- Before running each SystemReady-IR tests: ACS tests (SCT, FWTS, BSA), manual
capsule update test, Linux distro install and boot, etc., the SecureEnclave
flash must be cleaned. See user-guide "Clean Secure Flash Before Testing"
section.
Release notes - 2021.12.15
--------------------------
Software Features
------------------
The following components are present in the release:
- Yocto version Honister
- Linux kernel version 5.10
- U-Boot 2021.07
- OP-TEE version 3.14
- Trusted Firmware-A 2.5
- Trusted Firmware-M 1.5
- OpenAMP 347397decaa43372fc4d00f965640ebde042966d
- Trusted Services a365a04f937b9b76ebb2e0eeade226f208cbc0d2
Platform Support
----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v1
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
Known Issues or Limitations
---------------------------
- The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS,
BSA), manual capsule update test, Linux distro install and boot, and
psa-arch-tests.
- Only the manual capsule update from UEFI shell is supported on FPGA.
- Due to flash size limitation and to support A/B banks,the wic image provided
by the user should be smaller than 15MB.
- The failures in PSA Arch Crypto Test are known limitations with crypto
library. It requires further investigation. The user can refer to `PSA Arch Crypto Test Failure Analysis In TF-M V1.5 Release <https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_failure_analysis_in_tf-m_v1.5_release/>`__
for the reason for each failing test.
Release notes - 2021.10.29
--------------------------
Software Features
-----------------
This initial release of Corstone-1000 supports booting Linux on the Cortex-A35
and TF-M/MCUBOOT in the Secure Enclave. The following components are present in
the release:
- Linux kernel version 5.10
- U-Boot 2021.07
- OP-TEE version 3.14
- Trusted Firmware-A 2.5
- Trusted Firmware-M 1.4
Platform Support
----------------
- This Software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
Known Issues or Limitations
---------------------------
- No software support for external system(Cortex M3)
- No communication established between A35 and M0+
- Very basic functionality of booting Secure Enclave, Trusted Firmware-A , OP-TEE , u-boot and Linux are performed
Support
-------
For technical support email: support-subsystem-iot@arm.com
For all security issues, contact Arm by email at arm-security@arm.com.
--------------
*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst
+242
View File
@@ -0,0 +1,242 @@
..
# Copyright (c) 2022-2023, Arm Limited.
#
# SPDX-License-Identifier: MIT
######################
Software architecture
######################
*****************
Arm Corstone-1000
*****************
Arm Corstone-1000 is a reference solution for IoT devices. It is part of
Total Solution for IoT which consists of hardware and software reference
implementation.
Corstone-1000 software plus hardware reference solution is PSA Level-2 ready
certified (`PSA L2 Ready`_) as well as System Ready IR certified(`SRIR cert`_).
More information on the Corstone-1000 subsystem product and design can be
found at:
`Arm corstone1000 Software`_ and `Arm corstone1000 Technical Overview`_.
This readme explicitly focuses on the software part of the solution and
provides internal details on the software components. The reference
software package of the platform can be retrieved following instructions
present in the user-guide document.
***************
Design Overview
***************
The software architecture of Corstone-1000 platform is a reference
implementation of Platform Security Architecture (`PSA`_) which provides
framework to build secure IoT devices.
The base system architecture of the platform is created from three
different types of systems: Secure Enclave, Host and External System.
Each subsystem provides different functionality to overall SoC.
.. image:: images/CorstoneSubsystems.png
:width: 720
:alt: CorstoneSubsystems
The Secure Enclave System, provides PSA Root of Trust (RoT) and
cryptographic functions. It is based on an Cortex-M0+ processor,
CC312 Cryptographic Accelerator and peripherals, such as watchdog and
secure flash. Software running on the Secure Enclave is isolated via
hardware for enhanced security. Communication with the Secure Encalve
is achieved using Message Handling Units (MHUs) and shared memory.
On system power on, the Secure Enclave boots first. Its software
comprises of a ROM code (TF-M BL1), Mcuboot BL2, and
TrustedFirmware-M(`TF-M`_) as runtime software. The software design on
Secure Enclave follows Firmware Framework for M class
processor (`FF-M`_) specification.
The Host System is based on ARM Cotex-A35 processor with standardized
peripherals to allow for the booting of a Linux OS. The Cortex-A35 has
the TrustZone technology that allows secure and non-secure security
states in the processor. The software design in the Host System follows
Firmware Framework for A class procseeor (`FF-A`_) specification.
The boot process follows Trusted Boot Base Requirement (`TBBR`_).
The Host Subsystem is taken out of reset by the Secure Enclave system
during its final stages of the initialization. The Host subsystem runs
FF-A Secure Partitions(based on `Trusted Services`_) and OPTEE-OS
(`OPTEE-OS`_) in the secure world, and U-Boot(`U-Boot repo`_) and
linux (`linux repo`_) in the non-secure world. The communication between
non-secure and the secure world is performed via FF-A messages.
An external system is intended to implement use-case specific
functionality. The system is based on Cortex-M3 and run RTX RTOS.
Communictaion between external system and Host(cortex-A35) is performed
using MHU as transport mechanism and rpmsg messaging system.
Overall, the Corstone-1000 architecture is designed to cover a range
of Power, Performance, and Area (PPA) applications, and enable extension
for use-case specific applications, for example, sensors, cloud
connectivitiy, and edge computing.
*****************
Secure Boot Chain
*****************
For the security of a device, it is essential that only authorized
software should run on the device. The Corstone-1000 boot uses a
Secure Boot Chain process where an already authenticated image verifies
and loads the following software in the chain. For the boot chain
process to work, the start of the chain should be trusted, forming the
Root of Trust (RoT) of the device. The RoT of the device is immutable in
nature and encoded into the device by the device owner before it
is deployed into the field. In Corstone-1000, the BL1 image of the secure
enclave and content of the CC312 OTP (One Time Programmable) memory
forms the RoT. The BL1 image exists in ROM (Read Only Memory).
.. image:: images/SecureBootChain.png
:width: 870
:alt: SecureBootChain
It is a lengthy chain to boot the software on Corstone-1000. On power on,
the secure enclave starts executing BL1 code from the ROM which is the RoT
of the device. Authentication of an image involves the steps listed below:
- Load image from flash to dynamic RAM.
- The public key present in the image header is validated by comparing with the hash.
Depending on the image, the hash of the public key is either stored in the OTP or part
of the software which is being already verified in the previous stages.
- The image is validated using the public key.
In the secure enclave, BL1 authenticates the BL2 and passes the execution
control. BL2 authenticates the initial boot loader of the host (Host TF-A BL2)
and TF-M. The execution control is now passed to TF-M. TF-M being the run
time executable of secure enclave which initializes itself and, at the end,
brings the host CPU out of rest. The host follows the boot standard defined
in the `TBBR`_ to authenticate the secure and non-secure software.
***************
Secure Services
***************
Corstone-1000 is unique in providing a secure environment to run a secure
workload. The platform has TrustZone technology in the Host subsystem but
it also has hardware isolated secure enclave environment to run such secure
workloads. In Corstone-1000, known Secure Services such as Crypto, Protected
Storage, Internal Trusted Storage and Attestation are available via PSA
Functional APIs in TF-M. There is no difference for a user communicating to
these services which are running on a secure enclave instead of the
secure world of the host subsystem. The below diagram presents the data
flow path for such calls.
.. image:: images/SecureServices.png
:width: 930
:alt: SecureServices
The SE Proxy SP (Secure Enclave Proxy Secure Partition) is a proxy partition
managed by OPTEE which forwards such calls to the secure enclave. The
solution relies on OpenAMP which uses shared memory and MHU interrupts as
a doorbell for communication between two cores. Corstone-1000 implements
isolation level 2. Cortex-M0+ MPU (Memory Protection Unit) is used to implement
isolation level 2.
For a user to define its own secure service, both the options of the host
secure world or secure encalve are available. It's a trade-off between
lower latency vs higher security. Services running on a secure enclave are
secure by real hardware isolation but have a higher latency path. In the
second scenario, the services running on the secure world of the host
subsystem have lower latency but virtual hardware isolation created by
TrustZone technology.
**********************
Secure Firmware Update
**********************
Apart from always booting the authorized images, it is also essential that
the device only accepts the authorized images in the firmware update
process. Corstone-1000 supports OTA (Over the Air) firmware updates and
follows Platform Security Firmware Update sepcification (`FWU`_).
As standardized into `FWU`_, the external flash is divided into two
banks of which one bank has currently running images and the other bank is
used for staging new images. There are four updatable units, i.e. Secure
Enclave's BL2 and TF-M, and Host's FIP (Firmware Image Package) and Kernel
Image (the initramfs bundle). The new images are accepted in the form of a UEFI capsule.
.. image:: images/ExternalFlash.png
:width: 690
:alt: ExternalFlash
The Metadata Block in the flash has the below firmware update state machine.
TF-M runs an OTA service that is responsible for accepting and updating the
images in the flash. The communication between the UEFI Capsule update
subsystem and the OTA service follows the same data path explained above.
The OTA service writes the new images to the passive bank after successful
capsule verification. It changes the state of the system to trial state and
triggers the reset. Boot loaders in Secure Enclave and Host read the Metadata
block to get the information on the boot bank. In the successful trial stage,
the acknowledgment from the host moves the state of the system from trial to
regular. Any failure in the trial stage or system hangs leads to a system
reset. This is made sure by the use of watchdog hardware. The Secure Enclave's
BL1 has the logic to identify multiple resets and eventually switch back to the
previous good bank. The ability to revert to the previous bank is crucial to
guarantee the availability of the device.
.. image:: images/SecureFirmwareUpdate.png
:width: 430
:alt: SecureFirmwareUpdate
******************************
UEFI Runtime Support in U-Boot
******************************
Implementation of UEFI boottime and runtime APIs require variable storage.
In Corstone-1000, these UEFI variables are stored in the Protected Storage
service. The below diagram presents the data flow to store UEFI variables.
The U-Boot implementation of the UEFI subsystem uses the U-Boot FF-A driver to
communicate with the SMM Service in the secure world. The backend of the
SMM service uses the proxy PS from the SE Proxy SP. From there on, the PS
calls are forwarded to the secure enclave as explained above.
.. image:: images/UEFISupport.png
:width: 590
:alt: UEFISupport
***************
References
***************
`ARM corstone1000 Search`_
`Arm security features`_
--------------
*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
.. _Arm corstone1000 Technical Overview: https://developer.arm.com/documentation/102360/0000
.. _Arm corstone1000 Software: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software
.. _Arm corstone1000 Search: https://developer.arm.com/search#q=corstone-1000
.. _Arm security features: https://www.arm.com/architecture/security-features/platform-security
.. _linux repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/
.. _FF-A: https://developer.arm.com/documentation/den0077/latest
.. _FF-M: https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Architect/DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf?revision=2d1429fa-4b5b-461a-a60e-4ef3d8f7f4b4&hash=3BFD6F3E687F324672F18E5BE9F08EDC48087C93
.. _FWU: https://developer.arm.com/documentation/den0118/a/
.. _OPTEE-OS: https://github.com/OP-TEE/optee_os
.. _PSA: https://www.psacertified.org/
.. _PSA L2 Ready: https://www.psacertified.org/products/corstone-1000/
.. _SRIR cert: https://armkeil.blob.core.windows.net/developer/Files/pdf/certificate-list/arm-systemready-ir-certification-arm-corstone-1000.pdf
.. _TBBR: https://developer.arm.com/documentation/den0006/latest
.. _TF-M: https://www.trustedfirmware.org/projects/tf-m/
.. _Trusted Services: https://www.trustedfirmware.org/projects/trusted-services/
.. _U-Boot repo: https://github.com/u-boot/u-boot.git
meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
+1254
View File
File diff suppressed because it is too large Load Diff
meta-arm/meta-arm-bsp/documentation/corstone500.md
+28
View File
@@ -0,0 +1,28 @@
# Corstone-500 Platform Support in meta-arm-bsp
## Howto Build and Run
### Configuration:
Use the kas
### Build:
``bash$ kas build kas/corstone500.yml
### Run:
Building using kas should have fetch the Fixed Virtual Platform for this
platform and installed at:
build/tmp/sysroots-components/x86_64/fvp-corstone500-native/usr/bin/./FVP_Corstone-500
with this in place is possible to launch the FVP using the runfvp inside the
scripts directory:
cd scripts
./runfvp ../build/tmp/deploy/images/corstone500/core-image-minimal-corstone500.fvpconf --console
this will output the console in the launching terminal
meta-arm/meta-arm-bsp/documentation/fvp-base.md
+30
View File
@@ -0,0 +1,30 @@
# Armv8-A Base Platform FVP Support in meta-arm-bsp
## Howto Build and Run
### Configuration:
In the local.conf file, `MACHINE` should be set:
```
MACHINE = "fvp-base"
```
### Build:
```
$ bitbake core-image-base
```
### Run:
The `fvp-base` machine has support for the `runfvp` script, so running is simple:
```
$ runfvp tmp/deploy/images/fvp-base/core-image-base-fvp-base.fvpconf
```
## Devices supported in the kernel
- serial
- virtio disk
- network
- watchdog
- rtc
## Devices not supported or not functional
None
meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md
+264
View File
@@ -0,0 +1,264 @@
Armv8-R AArch64 AEM FVP Support in meta-arm-bsp
===============================================
Overview
--------
Fixed Virtual Platforms (FVP) are complete simulations of an Arm system,
including processor, memory and peripherals. These are set out in a
"programmer's view", which gives you a comprehensive model on which to build
and test your software.
The Armv8-R AEM FVP is a free of charge Armv8-R Fixed Virtual Platform. It
supports the latest Armv8-R feature set.
This BSP implements a reference stack for the AArch64 support in the R-class
first announced with the Cortex-R82 processor:
https://developer.arm.com/ip-products/processors/cortex-r/cortex-r82
Fast Models Fixed Virtual Platforms (FVP) Reference Guide:
https://developer.arm.com/docs/100966/latest
BSP Support
-----------
The fvp-baser-aemv8r64 Yocto MACHINE supports the following BSP components,
where either a standard or Real-Time Linux kernel (PREEMPT\_RT) can be built
and run:
- FVP_Base_AEMv8R: v11.20.15
- boot-wrapper-aarch64: provides PSCI support
- U-Boot: v2022.07 - provides UEFI services
- Linux kernel: linux-yocto-5.15
- Linux kernel with PREEMPT\_RT support: linux-yocto-rt-5.15
Note that the Real-Time Linux kernel (PREEMPT\_RT) does not use the real-time
architectural extensions of the Armv8-R feature set.
High-Level Architecture
-----------------------
The diagram below shows the current boot flow:
+---------------------------------------------------------------+
| Linux kernel |
+---------------------------------------------------------------+
/|\ /|\
| |
| UEFI services |
| PSCI services |
\|/ |
+----------------+ | S-EL1
----| U-Boot |------------------------------|-----------
+----------------+ | S-EL2
/|\ |
| |
| |
| |
+--------------------------------------------------\|/----------+
| +----------------+ +----------------+ |
| boot-wrapper-aarch64 | Device tree | | PSCI handler | |
| +----------------+ +----------------+ |
+---------------------------------------------------------------+
The firmware binary (generated as `linux-system.axf`) includes
boot-wrapper-aarch64, the flattened device tree and U-Boot. U-Boot is configured
to automatically detect a virtio block device and boot the UEFI payload at the
path `/efi/boot/bootaa64.efi`. Using the standard build, the first partition
contains a Grub image at this path, which boots the Linux kernel at `/Image` on
the same partition. The second partition of the image contains the Linux root
file system.
There is no EL3 or non-secure world in the Armv8-R AArch64 architecture, so the
reset vector starts boot-wrapper-aarch64 at S-EL2. Boot-wrapper-aarch64 is
compiled with the `--enable-keep-el` flag, which causes it to boot U-Boot at
S-EL2 too. U-Boot is compiled with the `CONFIG_ARMV8_SWITCH_TO_EL1` flag, which
causes it to switch to S-EL1 before booting Linux.
The bundled device tree is passed to U-Boot via register x0. U-Boot passes the
same device tree to Linux via the UEFI system table.
Power state management is provided by PSCI services in boot-wrapper-aarch64.
Linux accesses the PSCI handler via HVC calls to S-EL2. U-Boot has been patched
to prevent it from overriding the exception vector at S-EL2. The PSCI handler
memory region is added to a `/memreserve/` node in the device tree.
Please note that the final firmware architecture for the fvp-baser-aemv8r64 is
not yet stabilized. The patches in this layer are provided for development and
evaluation purposes only, and should not be used in production firmware.
Quick start: Howto Build and Run
--------------------------------
### Host environment setup
The following instructions have been tested on hosts running Ubuntu 18.04 and
Ubuntu 20.04.
Install the required packages for the build host:
https://docs.yoctoproject.org/singleindex.html#required-packages-for-the-build-host
Kas is a setup tool for bitbake based projects. The minimal supported version
is 3.0, install it like so:
pip3 install --user --upgrade kas
For more details on kas, see https://kas.readthedocs.io/.
To build the images for the fvp-baser-aemv8r64 machine, you also need to accept
the EULA at
https://developer.arm.com/downloads/-/arm-ecosystem-fvps/eula
by setting the following environment variable:
ARM_FVP_EULA_ACCEPT="True"
**Note:** The host machine should have at least 50 GBytes of free disk space
for the next steps to work correctly.
### Fetch sources
To fetch and build the ongoing development of the software stack follow the
instructions on this document.
To fetch and build the version 1 (single core) find instructions at https://community.arm.com/developer/tools-software/oss-platforms/w/docs/633/release-1-single-core
To fetch and build the version 2 (linux smp) find instructions at https://community.arm.com/developer/tools-software/oss-platforms/w/docs/634/release-2---smp
Fetch the meta-arm repository into a build directory:
mkdir -p ~/fvp-baser-aemv8r64-build
cd ~/fvp-baser-aemv8r64-build
git clone https://git.yoctoproject.org/git/meta-arm
### Build
Building with the standard Linux kernel:
cd ~/fvp-baser-aemv8r64-build
export ARM_FVP_EULA_ACCEPT="True"
kas build meta-arm/kas/fvp-baser-aemv8r64-bsp.yml
Building with the Real-Time Linux kernel (PREEMPT\_RT):
cd ~/fvp-baser-aemv8r64-build
export ARM_FVP_EULA_ACCEPT="True"
kas build meta-arm/kas/fvp-baser-aemv8r64-rt-bsp.yml
### Run
To run an image after the build is done with the standard Linux kernel:
kas shell --keep-config-unchanged \
meta-arm/kas/fvp-baser-aemv8r64-bsp.yml \
--command "../layers/meta-arm/scripts/runfvp \
--console "
To run an image after the build is done with the Real-Time Linux kernel
(PREEMPT\_RT):
kas shell --keep-config-unchanged \
meta-arm/kas/fvp-baser-aemv8r64-rt-bsp.yml \
--command "../layers/meta-arm/scripts/runfvp \
--console "
**Note:** The terminal console login is `root` without password.
To finish the fvp emulation, you need to close the telnet session:
- Escape to telnet console with ``ctrl+]``.
- Run ``quit`` to close the session.
### Networking
The FVP is configured by default to use "user-mode networking", which simulates
an IP router and DHCP server to avoid additional host dependencies and
networking configuration. Outbound connections work automatically, e.g. by
running:
wget www.arm.com
Inbound connections require an explicit port mapping from the host. By default,
port 8022 on the host is mapped to port 22 on the FVP, so that the following
command will connect to an ssh server running on the FVP:
ssh root@localhost -p 8022
Note that user-mode networking does not support ICMP, so `ping` will not work.
For more information about user-mode networking, please see
https://developer.arm.com/documentation/100964/1117/Introduction-to-Fast-Models/User-mode-networking?lang=en
### File sharing between host and fvp
It is possible to share a directory between the host machine and the fvp using
the virtio P9 device component included in the kernel. To do so, create a
directory to be mounted from the host machine:
mkdir /path/to/host-mount-dir
Then, add the following parameter containing the path to the directory when
launching the model:
--parameter 'bp.virtiop9device.root_path=/path/to/host-mount-dir'
e.g. for the standard Linux kernel:
kas shell --keep-config-unchanged \
meta-arm/kas/fvp-baser-aemv8r64-bsp.yml \
--command "../layers/meta-arm/scripts/runfvp \
--console -- --parameter \
'bp.virtiop9device.root_path=/path/to/host-mount-dir'"
Once you are logged into the fvp, the host directory can be mounted in a
directory on the model using the following command:
mount -t 9p -o trans=virtio,version=9p2000.L FM /path/to/fvp-mount-dir
Devices supported in the kernel
-------------------------------
- serial
- virtio 9p
- virtio disk
- virtio network
- virtio rng
- watchdog
- rtc
Known Issues and Limitations
----------------------------
- Only PSCI CPU\_ON and CPU\_OFF functions are supported
- Linux kernel does not support booting from secure EL2 on Armv8-R AArch64
- Linux KVM does not support Armv8-R AArch64
- Device DMA memory cache-coherence issue: the FVP `cache_state_modelled`
parameter will affect the cache coherence behavior of peripherals DMA. When
users set `cache_state_modelled=1`, they also have to set
`cci400.force_on_from_start=1` to force the FVP to enable snooping on upstream
ports.
Change Log
----------
- Enabled the ability for U-Boot to apply device tree overlays
- Fixed bug in U-Boot that caused changes to the `memory` node in the device
tree to be ignored.
- Added boot-wrapper-aarch64 support for booting SMP payloads at S-EL2.
- Enabled testimage support by default.
- Added virtio\_rng to improve random number generation.
- Added U-Boot v2022.01 for UEFI support.
- Updated Linux kernel version from 5.14 to 5.15 for both standard and
Real-Time (PREEMPT\_RT) builds.
- Updated boot-wrapper-aarch64 revision and added support for booting U-Boot.
- Included boot-wrapper-aarch64 PSCI services in `/memreserve/` region.
- Fixed the counter frequency initialization in boot-wrapper-aarch64.
- Configured the FVP to use the default RAM size of 4 Gb
- Fixed PL011 and SP805 register sizes in the device tree.
- Added virtio\_net User Networking mode by default and removed instructions
about tap networking setup.
- Updated Linux kernel version from 5.10 to 5.14 for both standard and
Real-Time (PREEMPT\_RT) builds.
- Enabled SMP support via boot-wrapper-aarch64 providing the PSCI CPU\_ON and
CPU\_OFF functions.
- Introduced Armv8-R64 compiler flags.
- Added Linux PREEMPT\_RT support via linux-yocto-rt-5.10.
- Added support for file sharing with the host machine using Virtio P9.
- Added support for runfvp.
- Added performance event support (PMU) in the Linux device tree.
- Introduced the fvp-baser-aemv8r64 machine and its BSP composed of
boot-wrapper-aarch64 and linux-yocto-5.10 supporting serial, virtio disk,
virtio network, watchdog and rtc.
meta-arm/meta-arm-bsp/documentation/juno.md
+75
View File
@@ -0,0 +1,75 @@
# Juno Development Platform Support in meta-arm-bsp
## Howto Build and Run
### Configuration:
In the local.conf file, MACHINE should be set as follow:
MACHINE ?= "juno"
Juno is using a USB hard drive for root filesystem by default. The distribution
used must have ```usbhost``` and ```usbgadget``` in DISTRO_FEATURES (this is
the case in poky distribution).
### Build:
```bash$ bitbake core-image-minimal```
### Update Juno SD card:
The SD card content is generated during the build here:
tmp/deploy/images/juno/firmware-image-juno.tar.gz
Its content must be written on the Juno firmware SD card.
To do this:
- insert the sdcard of the Juno in an SD card reader and mount it:
```bash$ sudo mount /dev/sdx1 /mnt```
(replace sdx by the device of the SD card)
- erase its content and put the new one:
```bash$ sudo rm -rf /mnt/*```
```bash$ sudo tar --no-same-owner -xzf tmp/deploy/images/juno/firmware-image-juno.tar.gz -C /mnt/```
```bash$ sudo umount /mnt```
- reinsert the SD card in the Juno board
### Create an USB hard drive:
Linux root file system should be stored on the second partition of an USB
drive that must be plugged on the Juno Platform.
This partition should be initialized with the content of the filesystem
generated by yocto that you can find here:
tmp/deploy/images/juno/core-image-minimal-juno.tar.bz2
To do this
- Format a USB disk, create two primary partitions (ext4).
- mount the secondary partition
- untar tmp/deploy/images/juno/core-image-minimal-juno.tar.bz2 on to the
secondary partition.
### Run:
You must insert the SD card and the USB drive and power-on the Juno board.
The console should be available on the second serial line:
screen -L /dev/tty.usbserial 115200
On the first boot the images will be flashed which can take some time.
## Devices supported in the kernel
- serial
- usb
- network
- watchdog
- rtc
- mmc
### Untested:
- i2c
- dma
- pci
- sata
- sound
## Devices not supported or not functional
- framebuffer: not functional
The HDMI is not properly detected.
- GPU (no user land libraries).
The mali-midgard-kernel can be used to have a kernel driver
meta-arm/meta-arm-bsp/documentation/musca-b1.md
+15
View File
@@ -0,0 +1,15 @@
# Musca B1
## Overview
For a description of the hardware, go to
https://developer.arm.com/tools-and-software/development-boards/iot-test-chips-and-boards/musca-b-test-chip-board
For emulated hardware, go to
https://www.qemu.org/docs/master/system/arm/musca.html
## Building
In the local.conf file, MACHINE should be set as follows:
MACHINE ?= "musca-b1"
To build the trusted firmware-m:
```bash$ bitbake trusted-firmware-m```
meta-arm/meta-arm-bsp/documentation/n1sdp.md
+78
View File
@@ -0,0 +1,78 @@
# N1SDP Development Platform Support in meta-arm-bsp
## Overview
The N1SDP provides access to the Arm Neoverse N1 SoC. The N1SDP enables software development for key enterprise technology
and general Arm software development. The N1SDP consists of the N1 board containing the N1 SoC.
The N1 SoC contains two dual-core Arm Neoverse N1 processor clusters.
The system demonstrates Arm technology in the context of Cache-Coherent Interconnect for Accelerators (CCIX) protocol by:
- Running coherent traffic between the N1 SoC and an accelerator card.
- Coherent communication between two N1 SoCs.
- Enabling development of CCIX-enabled FPGA accelerators.
Further information on N1SDP can be found at
https://community.arm.com/developer/tools-software/oss-platforms/w/docs/458/neoverse-n1-sdp
## Configuration:
In the local.conf file, MACHINE should be set as follow:
MACHINE ?= "n1sdp"
## Building
```bash$ bitbake core-image-minimal```
## Running
# Update Firmware on SD card:
(*) To use n1sdp board in single chip mode, flash:
n1sdp-board-firmware_primary.tar.gz firmware.
(*) To use n1sdp board in multi chip mode, flash:
n1sdp-board-firmware_primary.tar.gz firmware to primary board,
n1sdp-board-firmware_secondary.tar.gz firmware to secondary board.
The SD card content is generated during the build here:
tmp/deploy/images/n1sdp/n1sdp-board-firmware_primary.tar.gz
tmp/deploy/images/n1sdp/n1sdp-board-firmware_secondary.tar.gz
Its content must be written on the N1SDP firmware SD card.
To do this:
- insert the sdcard of the N1SDP in an SD card reader and mount it:
```bash$ sudo mount /dev/sdx1 /mnt```
(replace sdx by the device of the SD card)
- erase its content and put the new one:
```bash$ sudo rm -rf /mnt/*```
```bash$ sudo tar --no-same-owner -xzf tmp/deploy/images/n1sdp/n1sdp-board-firmware_primary.tar.gz -C /mnt/```
```bash$ sudo umount /mnt```
- reinsert the SD card in the N1SDP board
Firmware tarball contains iofpga configuration files, scp and uefi binaries.
**NOTE**:
If the N1SDP board was manufactured after November 2019 (Serial Number greater
than 36253xxx), a different PMIC firmware image must be used to prevent
potential damage to the board. More details can be found in [1].
The `MB/HBI0316A/io_v123f.txt` file located in the microSD needs to be updated.
To update it, set the PMIC image (300k_8c2.bin) to be used in the newer models
by running the following commands on your host PC:
$ sudo umount /dev/sdx1
$ sudo mount /dev/sdx1 /mnt
$ sudo sed -i '/^MBPMIC: pms_0V85.bin/s/^/;/g' /mnt/MB/HBI0316A/io_v123f.txt
$ sudo sed -i '/^;MBPMIC: 300k_8c2.bin/s/^;//g' /mnt/MB/HBI0316A/io_v123f.txt
$ sudo umount /mnt
# Prepare an USB hard drive:
Grub boot partition is placed on first partition of the *.wic image,
Linux root file system is placed on the second partition of the *.wic image:
tmp/deploy/images/n1sdp/core-image-minimal-n1sdp.wic
This *.wic image should be copied to USB stick with simple dd call.
[1]: https://community.arm.com/developer/tools-software/oss-platforms/w/docs/604/notice-potential-damage-to-n1sdp-boards-if-using-latest-firmware-release
meta-arm/meta-arm-bsp/documentation/requirements.txt
+12
View File
@@ -0,0 +1,12 @@
# Copyright (c) 2022, Arm Limited.
#
# SPDX-License-Identifier: MIT
# Read The Docs specific
jinja2==3.1.1
# Required to build the documentation
sphinx==4.5.0
sphinx_rtd_theme==1.0.0
sphinx-copybutton==0.5.0
docutils==0.17.1
meta-arm/meta-arm-bsp/documentation/tc1.md
+32
View File
@@ -0,0 +1,32 @@
# TC1 Platform Support in meta-arm-bsp
## Overview
The Total Compute platform provides an envelope for all of Arm's latest IP and
software solutions, optimised to work together. Further information can be
found on the Total Compute community page:
https://community.arm.com/developer/tools-software/oss-platforms/w/docs/606/total-compute
The user guide for TC1 platform with detailed instructions for
syncing and building the source code and running on TC1 Fixed Virtual Platform
for poky and android distributions is available at:
https://git.linaro.org/landing-teams/working/arm/arm-reference-platforms.git/tree/docs/tc1/user-guide.rst
## Building
In the local.conf file, MACHINE should be set as follows:
MACHINE = "tc1"
To build the required binaries for tc1, run the commmand:
```bash$ bitbake tc-artifacts-image```
Trusted-firmware-a is the final component to be built with the rest of the
components dependent of it, therefore building tc-artifacts-image which depends
on trusted-firmware-a will build all the required binaries.
## Running
To run the produced binaries in a TC1 Fixed Virtual Platform please get
the run scripts at:
https://git.linaro.org/landing-teams/working/arm/model-scripts.git/
and follow the instructions in the user-guide.rst available in:
https://git.linaro.org/landing-teams/working/arm/arm-reference-platforms.git/tree/docs/tc1/user-guide.rst
meta-arm/meta-arm-bsp/documentation/template.md
+19
View File
@@ -0,0 +1,19 @@
# *Hardware Name*
## Overview
*Brief summary of the hardware*
*Link to reference documentation*
## Building
*Any special steps required to build successfully beyond setting MACHINE*
*For example: corstone700 needs DISTRO=poky-tiny, musca only supports TF-M*
## Running
*A summary of how to deploy or execute the image*
*For example, an overview of the N1SDP SD structure, or FVP arguments*
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64-fvp-baser-aemv8r64.inc
+36
View File
@@ -0,0 +1,36 @@
COMPATIBLE_MACHINE = "fvp-baser-aemv8r64"
FILESEXTRAPATHS:prepend := "${THISDIR}/files/${MACHINE}:"
SRC_URI:append = " \
file://0001-aarch64-Rename-labels-and-prepare-for-lower-EL-booti.patch \
file://0002-aarch64-Prepare-for-EL1-booting.patch \
file://0003-aarch64-Prepare-for-lower-EL-booting.patch \
file://0004-gic-v3-Prepare-for-gicv3-with-EL2.patch \
file://0005-aarch64-Prepare-for-booting-with-EL2.patch \
file://0006-aarch64-Introduce-EL2-boot-code-for-Armv8-R-AArch64.patch \
file://0007-Allow-enable-psci-to-choose-between-smc-and-hvc.patch \
file://0008-aarch64-Disable-CNTPCT_EL0-trap-for-v8-R64.patch \
file://0009-lds-Mark-the-mem-range.patch \
file://0010-common-Introduce-the-libfdt.patch \
file://0011-common-Add-essential-libc-functions.patch \
file://0012-Makefile-Add-the-libfdt-to-the-Makefile-system.patch \
file://0013-platform-Add-print_hex-func.patch \
file://0014-common-Add-mem-usage-to-memreserve.patch \
file://0015-boot-Add-the-enable-keep-el-compile-option.patch \
file://0016-Makefile-Change-COUNTER_FREQ-to-100-MHz.patch \
file://0017-PSCI-Apply-flush-cache-after-setting-branch_data.patch \
file://0018-PSCI-Add-function-call-entry-point.patch \
file://0019-lds-Rearrange-and-mark-the-sections.patch \
file://0020-common-Provide-firmware-info-using-libfdt.patch \
file://0021-boot-Enable-firmware-node-initialization.patch \
"
BOOT_WRAPPER_AARCH64_CMDLINE = "\
earlycon console=ttyAMA0 loglevel=8 rootfstype=ext4 root=/dev/vda1 rw"
EXTRA_OECONF += "--enable-psci=hvc --enable-keep-el"
TUNE_CCARGS = ""
BOOT_WRAPPER_AARCH64_KERNEL = "u-boot.bin"
do_deploy[depends] += "u-boot:do_deploy"
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/boot-wrapper-aarch64_%.bbappend
+4
View File
@@ -0,0 +1,4 @@
MACHINE_BOOT_WRAPPER_AARCH64_REQUIRE ?= ""
MACHINE_BOOT_WRAPPER_AARCH64_REQUIRE:fvp-baser-aemv8r64 ?= "boot-wrapper-aarch64-fvp-baser-aemv8r64.inc"
require ${MACHINE_BOOT_WRAPPER_AARCH64_REQUIRE}
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0001-aarch64-Rename-labels-and-prepare-for-lower-EL-booti.patch
+135
View File
@@ -0,0 +1,135 @@
From 545f6950ae4dc55b4974986aa9629adb16eaf4e1 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 25 May 2021 07:25:00 +0100
Subject: [PATCH] aarch64: Rename labels and prepare for lower EL booting
Prepare for booting from lower EL. Rename *_el3 relavant labels with
*_el_max and *_no_el3 with *_keep_el. Since the original _no_el3 means
"We neither do init sequence at this highest EL nor drop to lower EL
when entering to kernel", we rename it with _keep_el to make it more
clear for lower EL initialisation.
Upstream-Status: Pending
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
---
arch/aarch64/boot.S | 28 ++++++++++++++++++++--------
arch/aarch64/psci.S | 9 +++++----
arch/aarch64/spin.S | 4 ++--
3 files changed, 27 insertions(+), 14 deletions(-)
diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S
index d682ba5..fab694e 100644
--- a/arch/aarch64/boot.S
+++ b/arch/aarch64/boot.S
@@ -34,18 +34,30 @@ ASM_FUNC(_start)
/*
* EL3 initialisation
+ * Boot sequence
+ * If CurrentEL == EL3, then goto EL3 initialisation and drop to
+ * lower EL before entering the kernel.
+ * Else, no initialisation and keep the current EL before
+ * entering the kernel.
*/
mrs x0, CurrentEL
cmp x0, #CURRENTEL_EL3
- b.eq 1f
+ b.eq el3_init
+ /*
+ * We stay in the current EL for entering the kernel
+ */
mov w0, #1
- ldr x1, =flag_no_el3
+ ldr x1, =flag_keep_el
str w0, [x1]
- b start_no_el3
+ b start_keep_el
-1: mov x0, #0x30 // RES1
+ /*
+ * EL3 initialisation
+ */
+el3_init:
+ mov x0, #0x30 // RES1
orr x0, x0, #(1 << 0) // Non-secure EL1
orr x0, x0, #(1 << 8) // HVC enable
@@ -145,7 +157,7 @@ ASM_FUNC(_start)
bl gic_secure_init
- b start_el3
+ b start_el_max
err_invalid_id:
b .
@@ -172,7 +184,7 @@ ASM_FUNC(jump_kernel)
bl find_logical_id
bl setup_stack // Reset stack pointer
- ldr w0, flag_no_el3
+ ldr w0, flag_keep_el
cmp w0, #0 // Prepare Z flag
mov x0, x20
@@ -181,7 +193,7 @@ ASM_FUNC(jump_kernel)
mov x3, x23
b.eq 1f
- br x19 // No EL3
+ br x19 // Keep current EL
1: mov x4, #SPSR_KERNEL
@@ -199,5 +211,5 @@ ASM_FUNC(jump_kernel)
.data
.align 3
-flag_no_el3:
+flag_keep_el:
.long 0
diff --git a/arch/aarch64/psci.S b/arch/aarch64/psci.S
index 8bd224b..7b8919a 100644
--- a/arch/aarch64/psci.S
+++ b/arch/aarch64/psci.S
@@ -79,7 +79,7 @@ smc_exit:
ldp x18, x19, [sp], #16
eret
-ASM_FUNC(start_el3)
+ASM_FUNC(start_el_max)
ldr x0, =vector
bl setup_vector
@@ -89,10 +89,11 @@ ASM_FUNC(start_el3)
b psci_first_spin
/*
- * This PSCI implementation requires EL3. Without EL3 we'll only boot the
- * primary cpu, all others will be trapped in an infinite loop.
+ * This PSCI implementation requires the highest EL(EL3 or Armv8-R EL2).
+ * Without the highest EL, we'll only boot the primary cpu, all othersr
+ * will be trapped in an infinite loop.
*/
-ASM_FUNC(start_no_el3)
+ASM_FUNC(start_keep_el)
cpuid x0, x1
bl find_logical_id
cbz x0, psci_first_spin
diff --git a/arch/aarch64/spin.S b/arch/aarch64/spin.S
index 1ea1c0b..bfb1d47 100644
--- a/arch/aarch64/spin.S
+++ b/arch/aarch64/spin.S
@@ -12,8 +12,8 @@
.text
-ASM_FUNC(start_el3)
-ASM_FUNC(start_no_el3)
+ASM_FUNC(start_el_max)
+ASM_FUNC(start_keep_el)
cpuid x0, x1
bl find_logical_id
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0002-aarch64-Prepare-for-EL1-booting.patch
+48
View File
@@ -0,0 +1,48 @@
From bad32d3fc127a421be416b17e4f7d6d514f06abb Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 25 May 2021 07:25:00 +0100
Subject: [PATCH] aarch64: Prepare for EL1 booting
When booting from EL1, add a check and skip the init of
sctlr_el2 in jump_kernel
Upstream-Status: Pending
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
---
arch/aarch64/boot.S | 6 +++++-
arch/aarch64/include/asm/cpu.h | 1 +
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S
index fab694e..5105b41 100644
--- a/arch/aarch64/boot.S
+++ b/arch/aarch64/boot.S
@@ -177,10 +177,14 @@ ASM_FUNC(jump_kernel)
ldr x0, =SCTLR_EL1_KERNEL
msr sctlr_el1, x0
+ mrs x0, CurrentEL
+ cmp x0, #CURRENTEL_EL2
+ b.lt 1f
+
ldr x0, =SCTLR_EL2_KERNEL
msr sctlr_el2, x0
- cpuid x0, x1
+1: cpuid x0, x1
bl find_logical_id
bl setup_stack // Reset stack pointer
diff --git a/arch/aarch64/include/asm/cpu.h b/arch/aarch64/include/asm/cpu.h
index 49d3f86..3767da3 100644
--- a/arch/aarch64/include/asm/cpu.h
+++ b/arch/aarch64/include/asm/cpu.h
@@ -11,6 +11,7 @@
#define MPIDR_ID_BITS 0xff00ffffff
+#define CURRENTEL_EL2 (2 << 2)
#define CURRENTEL_EL3 (3 << 2)
/*
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0003-aarch64-Prepare-for-lower-EL-booting.patch
+55
View File
@@ -0,0 +1,55 @@
From 252cbd36e51414b60ab68306f9c38e358709494d Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 25 May 2021 07:25:00 +0100
Subject: [PATCH] aarch64: Prepare for lower EL booting
Save SPSR_KERNEL into spsr_to_elx during el3_init.
The jump_kernel will load spsr_to_elx into spsr_el3.
This change will make it easier to control whether drop to lower EL
before jumping to the kernel.
Upstream-Status: Pending
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
---
arch/aarch64/boot.S | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S
index 5105b41..243198d 100644
--- a/arch/aarch64/boot.S
+++ b/arch/aarch64/boot.S
@@ -151,7 +151,16 @@ el3_init:
mov x0, #ZCR_EL3_LEN_MAX // SVE: Enable full vector len
msr ZCR_EL3, x0 // for EL2.
-1:
+ /*
+ * Save SPSR_KERNEL into spsr_to_elx.
+ * The jump_kernel will load spsr_to_elx into spsr_el3
+ */
+1: mov w0, #SPSR_KERNEL
+ ldr x1, =spsr_to_elx
+ str w0, [x1]
+ b el_max_init
+
+el_max_init:
ldr x0, =COUNTER_FREQ
msr cntfrq_el0, x0
@@ -199,7 +208,7 @@ ASM_FUNC(jump_kernel)
b.eq 1f
br x19 // Keep current EL
-1: mov x4, #SPSR_KERNEL
+1: ldr w4, spsr_to_elx
/*
* If bit 0 of the kernel address is set, we're entering in AArch32
@@ -217,3 +226,5 @@ ASM_FUNC(jump_kernel)
.align 3
flag_keep_el:
.long 0
+spsr_to_elx:
+ .long 0
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0004-gic-v3-Prepare-for-gicv3-with-EL2.patch
+105
View File
@@ -0,0 +1,105 @@
From bff110a95a5e4c9db2d61e629b4aa4b84530201e Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 25 May 2021 07:25:00 +0100
Subject: [PATCH] gic-v3: Prepare for gicv3 with EL2
This is a preparation for allowing boot-wrapper configuring the gicv3
with EL2.
When confiuring with EL2, since there is no ICC_CTLR_EL2, the
ICC_CTLR_EL3 cannot be replaced with ICC_CTLR_EL2 simply.
See [https://developer.arm.com/documentation/ihi0069/latest/].
As the caller, gic_secure_init expects the ICC_CTLR to be written,
we change the function into gic_init_icc_ctlr(). In the GIC spec,
the r/w bits in this register ([6:0]) either affect EL3 IRQ routing
(not applicable since no EL3), non-secure IRQ handling (not applicable
since only secure state in Armv8-R aarch64), or are aliased to
ICC_CTLR_EL1 bits.
So, based on this, the new gic_init_icc_ctlr() would be:
When currentEL is EL3, init ICC_CTLR_EL3 as before.
When currentEL is not EL3, init ICC_CTLR_EL1 with ICC_CTLR_EL1_RESET.
Upstream-Status: Pending
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
---
arch/aarch32/include/asm/gic-v3.h | 7 +++++++
arch/aarch64/include/asm/gic-v3.h | 23 ++++++++++++++++++++---
common/gic-v3.c | 2 +-
3 files changed, 28 insertions(+), 4 deletions(-)
diff --git a/arch/aarch32/include/asm/gic-v3.h b/arch/aarch32/include/asm/gic-v3.h
index 65f38de..11e7bc7 100644
--- a/arch/aarch32/include/asm/gic-v3.h
+++ b/arch/aarch32/include/asm/gic-v3.h
@@ -9,6 +9,8 @@
#ifndef __ASM_AARCH32_GICV3_H
#define __ASM_AARCH32_GICV3_H
+#define ICC_CTLR_RESET (0UL)
+
static inline void gic_write_icc_sre(uint32_t val)
{
asm volatile ("mcr p15, 6, %0, c12, c12, 5" : : "r" (val));
@@ -19,4 +21,9 @@ static inline void gic_write_icc_ctlr(uint32_t val)
asm volatile ("mcr p15, 6, %0, c12, c12, 4" : : "r" (val));
}
+static inline void gic_init_icc_ctlr()
+{
+ gic_write_icc_ctlr(ICC_CTLR_RESET);
+}
+
#endif
diff --git a/arch/aarch64/include/asm/gic-v3.h b/arch/aarch64/include/asm/gic-v3.h
index 5b32380..090ab0b 100644
--- a/arch/aarch64/include/asm/gic-v3.h
+++ b/arch/aarch64/include/asm/gic-v3.h
@@ -15,14 +15,31 @@
#define ICC_CTLR_EL3 "S3_6_C12_C12_4"
#define ICC_PMR_EL1 "S3_0_C4_C6_0"
+#define ICC_CTLR_EL3_RESET (0UL)
+#define ICC_CTLR_EL1_RESET (0UL)
+
+static inline uint32_t current_el(void)
+{
+ uint32_t val;
+
+ asm volatile ("mrs %0, CurrentEL" : "=r" (val));
+ return val;
+}
+
static inline void gic_write_icc_sre(uint32_t val)
{
- asm volatile ("msr " ICC_SRE_EL3 ", %0" : : "r" (val));
+ if (current_el() == CURRENTEL_EL3)
+ asm volatile ("msr " ICC_SRE_EL3 ", %0" : : "r" (val));
+ else
+ asm volatile ("msr " ICC_SRE_EL2 ", %0" : : "r" (val));
}
-static inline void gic_write_icc_ctlr(uint32_t val)
+static inline void gic_init_icc_ctlr()
{
- asm volatile ("msr " ICC_CTLR_EL3 ", %0" : : "r" (val));
+ if (current_el() == CURRENTEL_EL3)
+ asm volatile ("msr " ICC_CTLR_EL3 ", %0" : : "r" (ICC_CTLR_EL3_RESET));
+ else
+ asm volatile ("msr " ICC_CTLR_EL1 ", %0" : : "r" (ICC_CTLR_EL1_RESET));
}
#endif
diff --git a/common/gic-v3.c b/common/gic-v3.c
index 6207007..a0fe564 100644
--- a/common/gic-v3.c
+++ b/common/gic-v3.c
@@ -117,6 +117,6 @@ void gic_secure_init(void)
gic_write_icc_sre(ICC_SRE_Enable | ICC_SRE_DIB | ICC_SRE_DFB | ICC_SRE_SRE);
isb();
- gic_write_icc_ctlr(0);
+ gic_init_icc_ctlr();
isb();
}
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0005-aarch64-Prepare-for-booting-with-EL2.patch
+63
View File
@@ -0,0 +1,63 @@
From ba955efb35ce1d41b562190d7c2fbcbcf8ef97ff Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 25 May 2021 07:25:00 +0100
Subject: [PATCH] aarch64: Prepare for booting with EL2
Prepare for allowing boot-wrapper to be entered in EL2.
Detect current EL and set the corresponding EL registers.
Upstream-Status: Pending
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
---
arch/aarch64/boot.S | 8 ++++++++
arch/aarch64/utils.S | 10 +++++++++-
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S
index 243198d..3593ca5 100644
--- a/arch/aarch64/boot.S
+++ b/arch/aarch64/boot.S
@@ -216,10 +216,18 @@ ASM_FUNC(jump_kernel)
*/
bfi x4, x19, #5, #1
+ mrs x5, CurrentEL
+ cmp x5, #CURRENTEL_EL2
+ b.eq 1f
+
msr elr_el3, x19
msr spsr_el3, x4
eret
+1: msr elr_el2, x19
+ msr spsr_el2, x4
+ eret
+
.ltorg
.data
diff --git a/arch/aarch64/utils.S b/arch/aarch64/utils.S
index 85c7f8a..f02a249 100644
--- a/arch/aarch64/utils.S
+++ b/arch/aarch64/utils.S
@@ -34,10 +34,18 @@ ASM_FUNC(find_logical_id)
ret
/*
- * Setup EL3 vectors
+ * Setup EL3/EL2 vectors
* x0: vector address
*/
ASM_FUNC(setup_vector)
+ mrs x1, CurrentEL
+ cmp x1, #CURRENTEL_EL2
+ b.eq 1f
+
msr VBAR_EL3, x0
isb
ret
+
+1: msr VBAR_EL2, x0
+ isb
+ ret
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0006-aarch64-Introduce-EL2-boot-code-for-Armv8-R-AArch64.patch
+182
View File
@@ -0,0 +1,182 @@
From 8e44fac113d935affed1550480631f3fe7f30584 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 25 May 2021 07:25:00 +0100
Subject: [PATCH] aarch64: Introduce EL2 boot code for Armv8-R AArch64
The Armv8-R AArch64 profile does not support the EL3 exception level.
The Armv8-R AArch64 profile allows for an (optional) VMSAv8-64 MMU
at EL1, which allows to run off-the-shelf Linux. However EL2 only
supports a PMSA, which is not supported by Linux, so we need to drop
into EL1 before entering the kernel.
We add a new err_invalid_arch symbol as a dead loop. If we detect the
current Armv8-R aarch64 only supports with PMSA, meaning we cannot boot
Linux anymore, then we jump to err_invalid_arch.
During Armv8-R aarch64 init, to make sure nothing unexpected traps into
EL2, we auto-detect and config FIEN and EnSCXT in HCR_EL2.
The boot sequence is:
If CurrentEL == EL3, then goto EL3 initialisation and drop to lower EL
before entering the kernel.
If CurrentEL == EL2 && id_aa64mmfr0_el1.MSA == 0xf (Armv8-R aarch64),
if id_aa64mmfr0_el1.MSA_frac == 0x2,
then goto Armv8-R AArch64 initialisation and drop to EL1 before
entering the kernel.
else, which means VMSA unsupported and cannot boot Linux,
goto err_invalid_arch (dead loop).
Else, no initialisation and keep the current EL before entering the
kernel.
Upstream-Status: Pending
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
---
arch/aarch64/boot.S | 92 +++++++++++++++++++++++++++++++++-
arch/aarch64/include/asm/cpu.h | 2 +
2 files changed, 92 insertions(+), 2 deletions(-)
diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S
index 3593ca5..a219ea7 100644
--- a/arch/aarch64/boot.S
+++ b/arch/aarch64/boot.S
@@ -37,16 +37,24 @@ ASM_FUNC(_start)
* Boot sequence
* If CurrentEL == EL3, then goto EL3 initialisation and drop to
* lower EL before entering the kernel.
+ * If CurrentEL == EL2 && id_aa64mmfr0_el1.MSA == 0xf, then
+ * If id_aa64mmfr0_el1.MSA_frac == 0x2, then goto
+ * Armv8-R AArch64 initialisation and drop to EL1 before
+ * entering the kernel.
+ * Else, which means VMSA unsupported and cannot boot Linux,
+ * goto err_invalid_arch (dead loop).
* Else, no initialisation and keep the current EL before
* entering the kernel.
*/
mrs x0, CurrentEL
- cmp x0, #CURRENTEL_EL3
- b.eq el3_init
+ cmp x0, #CURRENTEL_EL2
+ bgt el3_init
+ beq el2_init
/*
* We stay in the current EL for entering the kernel
*/
+keep_el:
mov w0, #1
ldr x1, =flag_keep_el
str w0, [x1]
@@ -160,6 +168,85 @@ el3_init:
str w0, [x1]
b el_max_init
+ /*
+ * EL2 Armv8-R AArch64 initialisation
+ */
+el2_init:
+ /* Detect Armv8-R AArch64 */
+ mrs x1, id_aa64mmfr0_el1
+ /*
+ * Check MSA, bits [51:48]:
+ * 0xf means Armv8-R AArch64.
+ * If not 0xf, proceed in Armv8-A EL2.
+ */
+ ubfx x0, x1, #48, #4 // MSA
+ cmp x0, 0xf
+ bne keep_el
+ /*
+ * Check MSA_frac, bits [55:52]:
+ * 0x2 means EL1&0 translation regime also supports VMSAv8-64.
+ */
+ ubfx x0, x1, #52, #4 // MSA_frac
+ cmp x0, 0x2
+ /*
+ * If not 0x2, no VMSA, so cannot boot Linux and dead loop.
+ * Also, since the architecture guarantees that those CPUID
+ * fields never lose features when the value in a field
+ * increases, we use blt to cover it.
+ */
+ blt err_invalid_arch
+
+ mrs x0, midr_el1
+ msr vpidr_el2, x0
+
+ mrs x0, mpidr_el1
+ msr vmpidr_el2, x0
+
+ mov x0, #(1 << 31) // VTCR_MSA: VMSAv8-64 support
+ msr vtcr_el2, x0
+
+ /* Init HCR_EL2 */
+ mov x0, #(1 << 31) // RES1: Armv8-R aarch64 only
+
+ mrs x1, id_aa64pfr0_el1
+ ubfx x2, x1, #56, 4 // ID_AA64PFR0_EL1.CSV2
+ cmp x2, 0x2
+ b.lt 1f
+ /*
+ * Disable trap when accessing SCTXNUM_EL0 or SCTXNUM_EL1
+ * if FEAT_CSV2.
+ */
+ orr x0, x0, #(1 << 53) // HCR_EL2.EnSCXT
+
+1: ubfx x2, x1, #28, 4 // ID_AA64PFR0_EL1.RAS
+ cmp x2, 0x2
+ b.lt 1f
+ /* Disable trap when accessing ERXPFGCDN_EL1 if FEAT_RASv1p1. */
+ orr x0, x0, #(1 << 47) // HCR_EL2.FIEN
+
+ /* Enable pointer authentication if present */
+1: mrs x1, id_aa64isar1_el1
+ /*
+ * If ID_AA64ISAR1_EL1.{GPI, GPA, API, APA} == {0000, 0000, 0000, 0000}
+ * then HCR_EL2.APK and HCR_EL2.API are RES 0.
+ * Else
+ * set HCR_EL2.APK and HCR_EL2.API.
+ */
+ ldr x2, =(((0xff) << 24) | (0xff << 4))
+ and x1, x1, x2
+ cbz x1, 1f
+
+ orr x0, x0, #(1 << 40) // HCR_EL2.APK
+ orr x0, x0, #(1 << 41) // HCR_EL2.API
+
+1: msr hcr_el2, x0
+ isb
+
+ mov w0, #SPSR_KERNEL_EL1
+ ldr x1, =spsr_to_elx
+ str w0, [x1]
+ // fall through
+
el_max_init:
ldr x0, =COUNTER_FREQ
msr cntfrq_el0, x0
@@ -169,6 +256,7 @@ el_max_init:
b start_el_max
err_invalid_id:
+err_invalid_arch:
b .
/*
diff --git a/arch/aarch64/include/asm/cpu.h b/arch/aarch64/include/asm/cpu.h
index 3767da3..3c0e00d 100644
--- a/arch/aarch64/include/asm/cpu.h
+++ b/arch/aarch64/include/asm/cpu.h
@@ -25,6 +25,7 @@
#define SPSR_I (1 << 7) /* IRQ masked */
#define SPSR_F (1 << 6) /* FIQ masked */
#define SPSR_T (1 << 5) /* Thumb */
+#define SPSR_EL1H (5 << 0) /* EL1 Handler mode */
#define SPSR_EL2H (9 << 0) /* EL2 Handler mode */
#define SPSR_HYP (0x1a << 0) /* M[3:0] = hyp, M[4] = AArch32 */
@@ -50,6 +51,7 @@
#else
#define SCTLR_EL1_KERNEL SCTLR_EL1_RES1
#define SPSR_KERNEL (SPSR_A | SPSR_D | SPSR_I | SPSR_F | SPSR_EL2H)
+#define SPSR_KERNEL_EL1 (SPSR_A | SPSR_D | SPSR_I | SPSR_F | SPSR_EL1H)
#endif
#ifndef __ASSEMBLY__
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0007-Allow-enable-psci-to-choose-between-smc-and-hvc.patch
+89
View File
@@ -0,0 +1,89 @@
From 0b9a966b8a28961b078215ee7169e32a976d5e7d Mon Sep 17 00:00:00 2001
From: Qi Feng <qi.feng@arm.com>
Date: Wed, 26 May 2021 17:52:01 +0800
Subject: [PATCH] Allow --enable-psci to choose between smc and hvc
According to Armv8-R AArch64 manual [1], Armv8-R AArch64 does not
support smc:
- Pseudocode for AArch64.CheckForSMCUndefOrTrap has this snippet:
if !HaveEL(EL3) || PSTATE.EL == EL0 then
UNDEFINED;
And Armv8-R AArch64 does not have EL3.
- In the document of HCR_EL2 TSC bit:
If EL3 is not implemented and HCR_EL2.NV is 0, it is IMPLEMENTATION
DEFINED whether this bit is:
- RES0.
- Implemented with the functionality as described in HCR_EL2.TSC.
So hvc is needed in this situation. And due to the lack of libfdt, the
psci method cannot be modified at runtime.
To use smc, use --enable-psci or --enable-psci=smc.
To use hvc, use --enable-psci=hvc.
[1]: https://developer.arm.com/documentation/ddi0600/latest/
Issue-Id: SCM-2654
Upstream-Status: Pending
Signed-off-by: Qi Feng <qi.feng@arm.com>
Change-Id: Ib8afabdad2d98bc37371d165bbb6f1f9b88bfc87
Upstream-Status: Pending
Signed-off-by: Huifeng Zhang <Huifeng.Zhang@arm.com>
---
Makefile.am | 10 +++++-----
configure.ac | 14 +++++++++-----
2 files changed, 14 insertions(+), 10 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 5731a19..fc66662 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -50,11 +50,11 @@ endif
if PSCI
ARCH_OBJ += psci.o
COMMON_OBJ += psci.o
-PSCI_NODE := psci { \
- compatible = \"arm,psci\"; \
- method = \"smc\"; \
- cpu_on = <$(PSCI_CPU_ON)>; \
- cpu_off = <$(PSCI_CPU_OFF)>; \
+PSCI_NODE := psci { \
+ compatible = \"arm,psci\"; \
+ method = \"$(PSCI_METHOD)\"; \
+ cpu_on = <$(PSCI_CPU_ON)>; \
+ cpu_off = <$(PSCI_CPU_OFF)>; \
};
CPU_NODES := $(shell perl -I $(SCRIPT_DIR) $(SCRIPT_DIR)/addpsci.pl $(KERNEL_DTB))
else
diff --git a/configure.ac b/configure.ac
index 9e3b722..53e51be 100644
--- a/configure.ac
+++ b/configure.ac
@@ -83,13 +83,17 @@ AS_IF([test "x$X_IMAGE" != "x"],
# Allow a user to pass --enable-psci
AC_ARG_ENABLE([psci],
AS_HELP_STRING([--disable-psci], [disable the psci boot method]),
- [USE_PSCI=$enableval], [USE_PSCI="yes"])
-AM_CONDITIONAL([PSCI], [test "x$USE_PSCI" = "xyes"])
-AS_IF([test "x$USE_PSCI" = "xyes"], [], [USE_PSCI=no])
-
-AS_IF([test "x$USE_PSCI" != "xyes" -a "x$KERNEL_ES" = "x32"],
+ [case "${enableval}" in
+ yes|smc) USE_PSCI=smc ;;
+ hvc) USE_PSCI=hvc ;;
+ *) AC_MSG_ERROR([Bad value "${enableval}" for --enable-psci. Use "smc" or "hvc"]) ;;
+ esac], [USE_PSCI="yes"])
+AM_CONDITIONAL([PSCI], [test "x$USE_PSCI" = "xyes" -o "x$USE_PSCI" = "xsmc" -o "x$USE_PSCI" = "xhvc"])
+
+AS_IF([test "x$USE_PSCI" = "xno" -a "x$KERNEL_ES" = "x32"],
[AC_MSG_ERROR([With an AArch32 kernel, boot method must be PSCI.])]
)
+AC_SUBST([PSCI_METHOD], [$USE_PSCI])
# Allow a user to pass --with-initrd
AC_ARG_WITH([initrd],
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0008-aarch64-Disable-CNTPCT_EL0-trap-for-v8-R64.patch
+48
View File
@@ -0,0 +1,48 @@
From 521c121eccb386aca7c75d92528e495546adccec Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Mon, 25 Oct 2021 17:09:13 +0800
Subject: [PATCH] aarch64: Disable CNTPCT_EL0 trap for v8-R64
To allow EL1 to access CNTPCT_EL0 without traping into EL2, we need to
set CNTHCTL_EL2.EL1PCTEN to 1.
For v8-R64, the CNTHCTL_EL2 register follows the v8-A architecture.
However, as described in the v8-A architecture profile, the
CNTHCTL_EL2's bit assignments are different according to whether the
FEAT_VHE is implemented.
Since v8-R64 does not support FEAT_VHE, we do not need to detect
FEAT_VHE. We can simply set CNTHCTL_EL2.EL1PCTEN to 1.
Issue-ID: SCM-3508
Upstream-Status: Inappropriate [other]
Implementation pending further discussion
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Change-Id: I4147e66341c8153312021e6f2ab67d0037246da1
---
arch/aarch64/boot.S | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S
index a219ea7..27b1139 100644
--- a/arch/aarch64/boot.S
+++ b/arch/aarch64/boot.S
@@ -240,6 +240,18 @@ el2_init:
orr x0, x0, #(1 << 41) // HCR_EL2.API
1: msr hcr_el2, x0
+
+ /*
+ * To disable trap when accessing CNTPCT_EL0, we need to set
+ * CNTHCTL_EL2.EL1PCTEN to 1. However, the CNTHCTL_EL2 bit assignments
+ * are different according to whether the FEAT_VHE is implemented.
+ *
+ * For Armv8-R AArch64, FEAT_VHE is not supported, so we do not need to
+ * detect FEAT_VHE(ID_AA64MMFR1_EL1.VH) and simply set
+ * CNTHCTL_EL2.EL1PCTEN to 1.
+ */
+ mov x0, #1 // CNTHCTL_EL2.EL1PCTEN
+ msr cnthctl_el2, x0
isb
mov w0, #SPSR_KERNEL_EL1
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0009-lds-Mark-the-mem-range.patch
+38
View File
@@ -0,0 +1,38 @@
From 780df234d98db81485b1f351f902a68def35c9d4 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 2 Nov 2021 15:10:28 +0800
Subject: [PATCH] lds: Mark the mem range
Add firmware_start and firmware_end, so that we can use them to
calculate the mem range of boot-wrapper and then set the range to
/memreserve/ of dtb.
Issue-ID: SCM-3815
Upstream-Status: Inappropriate [other]
Implementation pending further discussion
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Change-Id: Idc5a2894e193c75381049a0f359b4b2a51c567ee
---
model.lds.S | 2 ++
1 file changed, 2 insertions(+)
diff --git a/model.lds.S b/model.lds.S
index d4e7e13..ab98ddf 100644
--- a/model.lds.S
+++ b/model.lds.S
@@ -64,6 +64,7 @@ SECTIONS
#endif
.boot PHYS_OFFSET: {
+ PROVIDE(firmware_start = .);
*(.init)
*(.text*)
*(.data* .rodata* .bss* COMMON)
@@ -76,6 +77,7 @@ SECTIONS
mbox = .;
QUAD(0x0)
}
+ PROVIDE(firmware_end = .);
ASSERT(etext <= (PHYS_OFFSET + TEXT_LIMIT), ".text overflow!")
}
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0010-common-Introduce-the-libfdt.patch
+6044
View File
File diff suppressed because it is too large Load Diff
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0011-common-Add-essential-libc-functions.patch
+101
View File
@@ -0,0 +1,101 @@
From e2eff4f80e65cb3fcbe6345b5376a6bf7de7e2cc Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 28 Dec 2021 17:28:25 +0800
Subject: [PATCH] common: Add essential libc functions
The libfdt uses some of the libc functions, e.g. memcmp, memmove,
strlen .etc. Add them in lib.c.
The code is copied from TF-A (v2.5) [1] project, which is under the
terms of BSD license. It is the same with boot-wrapper.
[1]: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git
Issue-Id: SCM-3814
Upstream-Status: Inappropriate [other]
Implementation pending further discussion
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Change-Id: If3b55b00afa8694c7522df989a41e0b38eda1d38
---
common/lib.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 70 insertions(+), 1 deletion(-)
diff --git a/common/lib.c b/common/lib.c
index fcf5f69..0be1c4a 100644
--- a/common/lib.c
+++ b/common/lib.c
@@ -32,4 +32,73 @@ void *memset(void *s, int c, size_t n)
return s;
}
-/* TODO: memmove and memcmp could also be called */
+int memcmp(const void *s1, const void *s2, size_t len)
+{
+ const unsigned char *s = s1;
+ const unsigned char *d = s2;
+ unsigned char sc;
+ unsigned char dc;
+
+ while (len--) {
+ sc = *s++;
+ dc = *d++;
+ if (sc - dc)
+ return (sc - dc);
+ }
+
+ return 0;
+}
+
+void *memmove(void *dst, const void *src, size_t len)
+{
+ if ((size_t)dst - (size_t)src >= len) {
+ /* destination not in source data, so can safely use memcpy */
+ return memcpy(dst, src, len);
+ } else {
+ /* copy backwards... */
+ const char *end = dst;
+ const char *s = (const char *)src + len;
+ char *d = (char *)dst + len;
+ while (d != end)
+ *--d = *--s;
+ }
+ return dst;
+}
+
+void *memchr(const void *src, int c, size_t len)
+{
+ const unsigned char *s = src;
+
+ while (len--) {
+ if (*s == (unsigned char)c)
+ return (void *) s;
+ s++;
+ }
+
+ return NULL;
+}
+
+char *strrchr(const char *p, int ch)
+{
+ char *save;
+ char c;
+
+ c = ch;
+ for (save = NULL;; ++p) {
+ if (*p == c)
+ save = (char *)p;
+ if (*p == '\0')
+ return (save);
+ }
+ /* NOTREACHED */
+}
+
+size_t strlen(const char *s)
+{
+ const char *cursor = s;
+
+ while (*cursor)
+ cursor++;
+
+ return cursor - s;
+}
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0012-Makefile-Add-the-libfdt-to-the-Makefile-system.patch
+61
View File
@@ -0,0 +1,61 @@
From f4d5cf4c3424598a2b3bb391717313b70c79ea28 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 28 Dec 2021 17:42:48 +0800
Subject: [PATCH] Makefile: Add the libfdt to the Makefile system
Add the libfdt into Makefile system. The libfdt uses const value and
thus gcc will enable the stack guard. The stack guard will fail the
compile. Add -fno-stack-protector to fix it.
Issue-Id: SCM-3814
Upstream-Status: Inappropriate [other]
Implementation pending further discussion
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Change-Id: I472bc28cdc5cde3b22461a4b7d7a3752ae382b4b
---
Makefile.am | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index fc66662..ab2c3a9 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -36,6 +36,9 @@ PSCI_CPU_OFF := 0x84000002
COMMON_SRC := common/
COMMON_OBJ := boot.o bakery_lock.o platform.o lib.o
+LIBFDT_SRC := common/libfdt/
+LIBFDT_OBJS := fdt.o fdt_ro.o fdt_rw.o
+
ARCH_OBJ := boot.o stack.o utils.o
if BOOTWRAPPER_32
@@ -127,11 +130,12 @@ CFLAGS += -I$(top_srcdir)/include/ -I$(top_srcdir)/$(ARCH_SRC)/include/
CFLAGS += -Wall -fomit-frame-pointer
CFLAGS += -ffreestanding -nostdlib
CFLAGS += -fno-stack-protector
+CFLAGS += -fno-stack-protector
CFLAGS += -ffunction-sections -fdata-sections
CFLAGS += -fno-pic -fno-pie
LDFLAGS += --gc-sections
-OBJ := $(addprefix $(ARCH_SRC),$(ARCH_OBJ)) $(addprefix $(COMMON_SRC),$(COMMON_OBJ))
+OBJ := $(addprefix $(ARCH_SRC),$(ARCH_OBJ)) $(addprefix $(COMMON_SRC),$(COMMON_OBJ)) $(addprefix $(LIBFDT_SRC),$(LIBFDT_OBJS))
# Don't lookup all prerequisites in $(top_srcdir), only the source files. When
# building outside the source tree $(ARCH_SRC) needs to be created.
@@ -152,10 +156,13 @@ $(ARCH_SRC):
$(COMMON_SRC):
$(MKDIR_P) $@
+$(LIBFDT_SRC):
+ $(MKDIR_P) $@
+
%.o: %.S Makefile | $(ARCH_SRC)
$(CC) $(CPPFLAGS) -D__ASSEMBLY__ $(CFLAGS) $(DEFINES) -c -o $@ $<
-%.o: %.c Makefile | $(COMMON_SRC)
+%.o: %.c Makefile | $(COMMON_SRC) $(LIBFDT_SRC)
$(CC) $(CPPFLAGS) $(CFLAGS) $(DEFINES) -c -o $@ $<
model.lds: $(LD_SCRIPT) Makefile
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0013-platform-Add-print_hex-func.patch
+67
View File
@@ -0,0 +1,67 @@
From f0ece5e8cac761a76a86df7204bae7c6ef09215f Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Wed, 29 Dec 2021 10:50:21 +0800
Subject: [PATCH] platform: Add print_hex func
Refine the print functions, and add a new print_hex func to print hex
numbers.
Issue-Id: SCM-3814
Upstream-Status: Inappropriate [other]
Implementation pending further discussion
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Change-Id: Ic960345d9ef0b41d81d30c4a4dbd9c31139907c4
---
common/platform.c | 33 +++++++++++++++++++++++++--------
1 file changed, 25 insertions(+), 8 deletions(-)
diff --git a/common/platform.c b/common/platform.c
index d11f568..8269392 100644
--- a/common/platform.c
+++ b/common/platform.c
@@ -30,20 +30,37 @@
#define V2M_SYS(reg) ((void *)SYSREGS_BASE + V2M_SYS_##reg)
#endif
-static void print_string(const char *str)
+static void print_char(const char c)
{
uint32_t flags;
+ do {
+ flags = raw_readl(PL011(UARTFR));
+ } while (flags & PL011_UARTFR_FIFO_FULL);
+ raw_writel(c, PL011(UARTDR));
+
+ do {
+ flags = raw_readl(PL011(UARTFR));
+ } while (flags & PL011_UARTFR_BUSY);
+}
+
+void print_string(const char *str)
+{
while (*str) {
- do
- flags = raw_readl(PL011(UARTFR));
- while (flags & PL011_UARTFR_FIFO_FULL);
+ print_char(*str++);
+ }
+}
- raw_writel(*str++, PL011(UARTDR));
+#define HEX_CHARS_PER_INT (2 * sizeof(int))
+
+void print_hex(unsigned int val)
+{
- do
- flags = raw_readl(PL011(UARTFR));
- while (flags & PL011_UARTFR_BUSY);
+ const char hex_chars[16] = "0123456789abcdef";
+ int i;
+ for (i = HEX_CHARS_PER_INT - 1; i >= 0; i--) {
+ int v = (val >> (4 * i)) & 0xf;
+ print_char(hex_chars[v]);
}
}
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0014-common-Add-mem-usage-to-memreserve.patch
+96
View File
@@ -0,0 +1,96 @@
From f4704146e1af9f6e0a2220db6b39a328c813fac1 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Wed, 19 Jan 2022 16:19:02 +0800
Subject: [PATCH] common: Add mem usage to /memreserve/
Set /memreserve/ to prevent next boot stages from overrding PSCI
services with libfdt.
Issue-Id: SCM-3815
Upstream-Status: Inappropriate [other]
Implementation pending further discussion
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Change-Id: I2ea80cdf736a910fa2c3deb622e21d50f04be960
---
Makefile.am | 2 +-
common/boot.c | 1 +
common/device_tree.c | 34 ++++++++++++++++++++++++++++++++++
include/boot.h | 1 +
4 files changed, 37 insertions(+), 1 deletion(-)
create mode 100644 common/device_tree.c
diff --git a/Makefile.am b/Makefile.am
index ab2c3a9..e905602 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -34,7 +34,7 @@ endif
PSCI_CPU_OFF := 0x84000002
COMMON_SRC := common/
-COMMON_OBJ := boot.o bakery_lock.o platform.o lib.o
+COMMON_OBJ := boot.o bakery_lock.o platform.o lib.o device_tree.o
LIBFDT_SRC := common/libfdt/
LIBFDT_OBJS := fdt.o fdt_ro.o fdt_rw.o
diff --git a/common/boot.c b/common/boot.c
index c74d34c..ee2bea0 100644
--- a/common/boot.c
+++ b/common/boot.c
@@ -63,6 +63,7 @@ void __noreturn first_spin(unsigned int cpu, unsigned long *mbox,
{
if (cpu == 0) {
init_platform();
+ dt_add_memreserve();
*mbox = (unsigned long)&entrypoint;
sevl();
diff --git a/common/device_tree.c b/common/device_tree.c
new file mode 100644
index 0000000..4d0876c
--- /dev/null
+++ b/common/device_tree.c
@@ -0,0 +1,34 @@
+/*
+ * device_tree.c - Basic device tree node handler
+ *
+ * Copyright (C) 2021 ARM Limited. All rights reserved.
+ *
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE.txt file.
+ */
+#include <libfdt.h>
+
+extern unsigned long dtb;
+extern char firmware_start[], firmware_end[];
+
+extern void print_string(const char *str);
+
+static void *blob;
+
+
+void dt_add_memreserve(void)
+{
+ int ret;
+
+ blob = (void*)&dtb;
+ print_string("Add /memreserve/\n\r");
+
+ fdt_open_into(blob, blob, fdt_totalsize(blob) +
+ sizeof(struct fdt_reserve_entry));
+ ret = fdt_add_mem_rsv(blob, (uint64_t)firmware_start,
+ (uint64_t)(firmware_end - firmware_start));
+
+ if(ret < 0) {
+ print_string("reserve mem add err\n\r");
+ }
+}
diff --git a/include/boot.h b/include/boot.h
index d75e013..c3e2ec1 100644
--- a/include/boot.h
+++ b/include/boot.h
@@ -16,4 +16,5 @@ void __noreturn spin(unsigned long *mbox, unsigned long invalid, int is_entry);
void __noreturn first_spin(unsigned int cpu, unsigned long *mbox,
unsigned long invalid_addr);
+void dt_add_memreserve(void);
#endif
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0015-boot-Add-the-enable-keep-el-compile-option.patch
+102
View File
@@ -0,0 +1,102 @@
From 5995f83592aea874f5b423538e36675e2204582b Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 4 Jan 2022 17:01:55 +0800
Subject: [PATCH] boot: Add the --enable-keep-el compile option
Add --enable-keep-el compile option to enable boot-wrapper booting next
stage at EL2.
The Armv8R AArch64 boots at EL2. If the next stage requires EL2 booting,
the boot-wrapper should not drop to EL1.
Currently, this option only works for Armv8R AArch64. Also, to work with
Linux PSCI, this option will cause secondary cores booting at EL1.
Issue-Id: SCM-3813
Upstream-Status: Inappropriate [other]
Implementation pending further discussion
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Change-Id: I3ba9c87cf0b59d163ca433f74c9e3a46e5ca2c63
---
Makefile.am | 4 ++++
arch/aarch64/boot.S | 6 +++++-
common/psci.c | 6 ++++++
configure.ac | 5 +++++
4 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index e905602..6604baa 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -33,6 +33,10 @@ PSCI_CPU_ON := 0xc4000003
endif
PSCI_CPU_OFF := 0x84000002
+if KEEP_EL
+DEFINES += -DKEEP_EL
+endif
+
COMMON_SRC := common/
COMMON_OBJ := boot.o bakery_lock.o platform.o lib.o device_tree.o
diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S
index 27b1139..c079d22 100644
--- a/arch/aarch64/boot.S
+++ b/arch/aarch64/boot.S
@@ -254,7 +254,11 @@ el2_init:
msr cnthctl_el2, x0
isb
+#ifdef KEEP_EL
+ mov w0, #SPSR_KERNEL
+#else
mov w0, #SPSR_KERNEL_EL1
+#endif
ldr x1, =spsr_to_elx
str w0, [x1]
// fall through
@@ -334,5 +338,5 @@ ASM_FUNC(jump_kernel)
.align 3
flag_keep_el:
.long 0
-spsr_to_elx:
+ASM_DATA(spsr_to_elx)
.long 0
diff --git a/common/psci.c b/common/psci.c
index a0e8700..945780b 100644
--- a/common/psci.c
+++ b/common/psci.c
@@ -18,6 +18,8 @@
#error "No MPIDRs provided"
#endif
+extern unsigned int spsr_to_elx;
+
static unsigned long branch_table[NR_CPUS];
bakery_ticket_t branch_table_lock[NR_CPUS];
@@ -44,6 +46,10 @@ static int psci_cpu_on(unsigned long target_mpidr, unsigned long address)
ret = psci_store_address(cpu, address);
bakery_unlock(branch_table_lock, this_cpu);
+#ifdef KEEP_EL
+ spsr_to_elx = SPSR_KERNEL_EL1;
+#endif
+
return ret;
}
diff --git a/configure.ac b/configure.ac
index 53e51be..0e07db3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -25,6 +25,11 @@ AS_IF([test "x$BOOTWRAPPER_ES" = x32 -a "x$KERNEL_ES" != x32],
[AC_MSG_ERROR([a 32-bit boot-wrapper cannot launch a 64-bit kernel])]
)
+AC_ARG_ENABLE([keep-el],
+ AC_HELP_STRING([--enable-keep-el], [keep exception level when start kernel]),
+ [KEEP_EL=yes], [KEEP_EL=no])
+AM_CONDITIONAL([KEEP_EL], [test "x$KEEP_EL" = xyes])
+
# Allow a user to pass --with-kernel-dir
AC_ARG_WITH([kernel-dir],
AS_HELP_STRING([--with-kernel-dir], [specify the root Linux kernel build directory (required)]),
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0016-Makefile-Change-COUNTER_FREQ-to-100-MHz.patch
+31
View File
@@ -0,0 +1,31 @@
From 0c0695cd3160ccdb95bae29b7668918015c0b6aa Mon Sep 17 00:00:00 2001
From: Peter Hoyes <Peter.Hoyes@arm.com>
Date: Tue, 1 Feb 2022 11:28:46 +0000
Subject: [PATCH] Makefile: Change COUNTER_FREQ to 100 MHz
Older Arm Fast Models (AEM < RevC) had a base frequency of 24 MHz. but
the RevC base models use 100 MHz. There is not a robust method of
determining the configured base frequency at runtime, so update
COUNTER_FREQ to be 100 MHz.
Issue-Id: SCM-3871
Upstream-Status: Pending
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Change-Id: Ia9ad0f8ee488d1a887791f1fa1d8f3bf9c5887fd
---
Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index 6604baa..cc6504e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -13,7 +13,7 @@ SCRIPT_DIR := $(top_srcdir)/scripts
PHYS_OFFSET := $(shell perl -I $(SCRIPT_DIR) $(SCRIPT_DIR)/findmem.pl $(KERNEL_DTB))
UART_BASE := $(shell perl -I $(SCRIPT_DIR) $(SCRIPT_DIR)/findbase.pl $(KERNEL_DTB) 0 'arm,pl011')
SYSREGS_BASE := $(shell perl -I $(SCRIPT_DIR) $(SCRIPT_DIR)/findbase.pl $(KERNEL_DTB) 0 'arm,vexpress-sysreg' 2> /dev/null)
-COUNTER_FREQ := 24000000
+COUNTER_FREQ := 100000000
CPU_IDS := $(shell perl -I $(SCRIPT_DIR) $(SCRIPT_DIR)/findcpuids.pl $(KERNEL_DTB))
NR_CPUS := $(shell echo $(CPU_IDS) | tr ',' ' ' | wc -w)
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0017-PSCI-Apply-flush-cache-after-setting-branch_data.patch
+49
View File
@@ -0,0 +1,49 @@
From fa73d885be85eee4369b292ec601e7b024a68807 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 2 Nov 2021 10:48:39 +0800
Subject: [PATCH] PSCI: Apply flush cache after setting branch_data
For v8-R64, Hypervisor calls boot-wrapper's PSCI service using simple
function call (instead of hvc).
In this case, hypervisor's main core has enabled MPU and cache, but
the secondary cores which are spinning have not enabled cache.
That means if the main core set the branch_data to 1 to boot other
cores, the secondary cores cannot see the change of branch_data and
also cannot break the spin.
Thus, the PSCI service in boot-wrapper needs a cache flush after
setting branch_data in order to let other cores see the change.
Issue-ID: SCM-3816
Upstream-Status: Inappropriate [other]
Implementation pending further discussion
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Change-Id: Ifc282091c54d8fb2ffdb8cfa7fd3ffc1f4be717e
---
common/psci.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/common/psci.c b/common/psci.c
index 945780b..6efc695 100644
--- a/common/psci.c
+++ b/common/psci.c
@@ -24,12 +24,18 @@ static unsigned long branch_table[NR_CPUS];
bakery_ticket_t branch_table_lock[NR_CPUS];
+static inline void flush_per_cpu_data(void *data)
+{
+ asm volatile ("dc cvac, %0" : : "r" (data));
+}
+
static int psci_store_address(unsigned int cpu, unsigned long address)
{
if (branch_table[cpu] != PSCI_ADDR_INVALID)
return PSCI_RET_ALREADY_ON;
branch_table[cpu] = address;
+ flush_per_cpu_data((void*)&(branch_table[cpu]));
return PSCI_RET_SUCCESS;
}
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0018-PSCI-Add-function-call-entry-point.patch
+71
View File
@@ -0,0 +1,71 @@
From 9da48e3433b919868650cd60e28827273a42c63b Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 25 Jan 2022 14:56:36 +0800
Subject: [PATCH] PSCI: Add function call entry point
The max exception level of Armv8R AArch64 is EL2, which means it has no
exclusive EL for firmware. That is, firmware and hypervisors have to share
the EL2. Also, hypervisors cannot call firmware services via a 'smc'
instruction. Thus, boot-wrapper has to provide a function entry point
for Armv8R AArch64.
Issue-Id: SCM-3816
Upstream-Status: Inappropriate [other]
Implementation pending further discussion
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Change-Id: I06ec8e50298603155c6d8ae2330e71db2f111182
---
common/psci.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/common/psci.c b/common/psci.c
index 6efc695..8fdefb5 100644
--- a/common/psci.c
+++ b/common/psci.c
@@ -20,6 +20,8 @@
extern unsigned int spsr_to_elx;
+unsigned long flag_from_smc_fn[NR_CPUS];
+
static unsigned long branch_table[NR_CPUS];
bakery_ticket_t branch_table_lock[NR_CPUS];
@@ -49,12 +51,14 @@ static int psci_cpu_on(unsigned long target_mpidr, unsigned long address)
return PSCI_RET_INVALID_PARAMETERS;
bakery_lock(branch_table_lock, this_cpu);
- ret = psci_store_address(cpu, address);
- bakery_unlock(branch_table_lock, this_cpu);
-
#ifdef KEEP_EL
- spsr_to_elx = SPSR_KERNEL_EL1;
+ if (!flag_from_smc_fn[this_cpu]) {
+ spsr_to_elx = SPSR_KERNEL_EL1;
+ flush_per_cpu_data((void*)&(spsr_to_elx));
+ }
#endif
+ ret = psci_store_address(cpu, address);
+ bakery_unlock(branch_table_lock, this_cpu);
return ret;
}
@@ -90,6 +94,18 @@ long psci_call(unsigned long fid, unsigned long arg1, unsigned long arg2)
}
}
+long smc_fn_entry(unsigned long fid, unsigned long arg1, unsigned long arg2)
+{
+ long ret;
+ unsigned int this_cpu = this_cpu_logical_id();
+
+ flag_from_smc_fn[this_cpu] = 1;
+ ret = psci_call(fid, arg1, arg2);
+ flag_from_smc_fn[this_cpu] = 0;
+
+ return ret;
+}
+
void __noreturn psci_first_spin(unsigned int cpu)
{
if (cpu == MPIDR_INVALID)
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0019-lds-Rearrange-and-mark-the-sections.patch
+58
View File
@@ -0,0 +1,58 @@
From 7c5e40d9f8699a55ac2187c035429c643e6d0ef0 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Tue, 2 Nov 2021 15:10:28 +0800
Subject: [PATCH] lds: Rearrange and mark the sections
To make it possible for the next stage to protect sections with MPU,
boot-wrapper needs to provide the text and data section information.
By rearranging the .data .rodata and .vector sections, all sections
can be split into 2 big sections:
- RO and Executable
- RW and Non-Executable
Add firmware_data to mark the boundry, thus:
firmware_start to firmware_data - 1 indicates RO and Executable section,
firmware_data to firmware_end - 1 indicates RW and Non-Executable
section.
Also, the firmware_data and firmware_end should align with 64 bytes,
since Armv8R AArch64 MPU requires it.
Issue-ID: SCM-3816
Upstream-Status: Inappropriate [other]
Implementation pending further discussion
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Change-Id: I55342aa7492f2c7b5c16ab9a6472c8cb45cff8fd
---
model.lds.S | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/model.lds.S b/model.lds.S
index ab98ddf..85451f9 100644
--- a/model.lds.S
+++ b/model.lds.S
@@ -63,12 +63,16 @@ SECTIONS
}
#endif
+#define FIRMWARE_ALIGN . = ALIGN(1 << 6)
.boot PHYS_OFFSET: {
PROVIDE(firmware_start = .);
*(.init)
*(.text*)
- *(.data* .rodata* .bss* COMMON)
*(.vectors)
+ *(.rodata*)
+ FIRMWARE_ALIGN;
+ PROVIDE(firmware_data = .);
+ *(.data* .bss* COMMON)
*(.stack)
PROVIDE(etext = .);
}
@@ -77,6 +81,7 @@ SECTIONS
mbox = .;
QUAD(0x0)
}
+ FIRMWARE_ALIGN;
PROVIDE(firmware_end = .);
ASSERT(etext <= (PHYS_OFFSET + TEXT_LIMIT), ".text overflow!")
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0020-common-Provide-firmware-info-using-libfdt.patch
+342
View File
@@ -0,0 +1,342 @@
From 3c1140c29c39561848056fb4b9a03042b00279f3 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Wed, 29 Dec 2021 15:17:38 +0800
Subject: [PATCH] common: Provide firmware info using libfdt
Boot-wrapper uses libfdt to provide more info in device tree.
We add a new node to include those new firmware relevant infomation.
The new node defined as follows:
fw-shared-info {
compatible = "firmware,shared_info";
#address-cells = <0x02>;
#size-cells = <0x02>;
version = "1.0";
regions = <START_ADDR_HIGH START_ADDR_LOW SIZE_HIGH SIZE_LOW
0x0 0x80000000 0x0 0x400000
0x0 0x90000000 0x0 0x400000
0x0 0xA0000000 0x0 0x400000>;
regions-permission = "RX", "R", "RWX", "RW";
regions-cache = "Cache", "NCache", "Cache", "Device"
function_entry = <ENTRY_ADDR_HIGH ENRTY_ADDR_LOW>;
};
The node path is /fw-shared-info.
For boot-wrapper, in real case, it will be:
fw-shared-info {
compatible = "firmware,shared_info";
#address-cells = <0x02>;
#size-cells = <0x02>;
version = "1.0";
regions = <0x0 firmware_start 0x0 firmware_code_size
0x0 firmware_data 0x0 firmware_data_size>;
regions-permission = "RX", "RW";
regions-cache = "Cache", "Cache";
function_entry = <0x0 smc_fn_entry>;
};
Issue-Id: SCM-3816
Upstream-Status: Inappropriate [other]
Implementation pending further discussion
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Change-Id: I6ebc59ce2bd3939b0fe066720d57821eaa1bed27
---
common/device_tree.c | 271 ++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 270 insertions(+), 1 deletion(-)
diff --git a/common/device_tree.c b/common/device_tree.c
index 4d0876c..7f7befc 100644
--- a/common/device_tree.c
+++ b/common/device_tree.c
@@ -8,13 +8,225 @@
*/
#include <libfdt.h>
+#define DEVICE_TREE_DEBUG 1
+
+#define FW_NODE_NAME "/fw-shared-info"
+#define FW_COMPAT "firmware,shared_info"
+#define FW_INFO_VER "1.0"
+
+#ifdef BOOTWRAPPER_32
+#define CELL_NUM 1
+#define VAL_TYPE uint32_t
+#else
+#define CELL_NUM 2
+#define VAL_TYPE uint64_t
+#endif
+
+#define ALIGN(x) (((x) + (FDT_TAGSIZE) - 1) & ~((FDT_TAGSIZE) - 1))
+
extern unsigned long dtb;
-extern char firmware_start[], firmware_end[];
+extern char firmware_start[], firmware_data[], firmware_end[];
+
+extern long smc_fn_entry(unsigned long, unsigned long, unsigned long);
extern void print_string(const char *str);
+extern void print_hex(unsigned int val);
static void *blob;
+static char *realloc_node(char *fdt, const char *name)
+{
+ int delta;
+ int new_sz;
+ /* FDT_BEGIN_NODE, node name in off_struct and FDT_END_NODE */
+ delta = sizeof(struct fdt_node_header) + ALIGN(strlen(name) + 1)
+ + FDT_TAGSIZE;
+ new_sz = fdt_totalsize(fdt) + delta;
+ fdt_open_into(fdt, fdt, new_sz);
+ return fdt;
+}
+
+static int create_node(const char *node_name)
+{
+ int node = 0;
+ char *p;
+
+ p = strrchr(node_name, '/');
+ if (!p) {
+ print_string("node name without '/'\r\n");
+ return -1;
+ }
+ *p = '\0';
+
+ blob = realloc_node(blob, p + 1);
+
+ if (p > node_name) {
+ node = fdt_path_offset(blob, node_name);
+ if (node < 0) {
+ print_string("no node name\r\n");
+ return -1;
+ }
+ }
+
+ node = fdt_add_subnode(blob, node, p + 1);
+ if (node < 0) {
+ print_string("add subnode err\r\n");
+ return -1;
+ }
+
+ return node;
+}
+
+static int dt_create_fw_node(void) {
+ int fw_node;
+
+ fw_node = fdt_path_offset(blob, FW_NODE_NAME);
+
+ if(fw_node < 0) {
+ fw_node = create_node(FW_NODE_NAME);
+ }
+
+ return fw_node;
+}
+
+static char *realloc_property(char *fdt, int nodeoffset, const char *name,
+ int newlen)
+{
+ int delta = 0;
+ int oldlen = 0;
+ int new_sz;
+
+ if (!fdt_get_property(fdt, nodeoffset, name, &oldlen))
+ delta = sizeof(struct fdt_property) + strlen(name) + 1;
+
+ if (newlen > oldlen)
+ delta += ALIGN(newlen) - ALIGN(oldlen);
+
+ new_sz = fdt_totalsize(fdt) + delta;
+ fdt_open_into(fdt, fdt, new_sz);
+ return fdt;
+}
+
+static void dt_set_prop(int node, char *property, void *buf, int len)
+{
+ int err;
+
+ err = fdt_setprop(blob, node, property, buf, len);
+ if (err == -FDT_ERR_NOSPACE) {
+ blob = realloc_property(blob, node, property, len);
+ err = fdt_setprop(blob, node, property, buf, len);
+ }
+ if (err) {
+ print_string("fdt error\n\r");
+ }
+}
+
+static void dt_set_prop_u32(int node, char *property, uint32_t val)
+{
+ fdt32_t fdt_val = cpu_to_fdt32(val);
+ int len = sizeof(fdt32_t);
+
+ dt_set_prop(node, property, (void*)&fdt_val, len);
+}
+
+static void dt_set_prop_u64(int node, char *property, uint64_t val)
+{
+ fdt64_t fdt_val = cpu_to_fdt64(val);
+ int len = sizeof(fdt64_t);
+
+ dt_set_prop(node, property, (void*)&fdt_val, len);
+}
+
+/* This dt_set_prop_u32_array maybe unused according to the BOOTWRAPPER_32 */
+__attribute__((unused))
+static void dt_set_prop_u32_array(int node, char *property, uint32_t *vals,
+ int size)
+{
+ fdt32_t *fdt_vals = (fdt32_t*)vals;
+ int len = sizeof(fdt32_t) * size;
+
+ for (int i = 0; i < size; i++) {
+ fdt_vals[i] = cpu_to_fdt32(vals[i]);
+ }
+
+ dt_set_prop(node, property, (void*)fdt_vals, len);
+}
+
+static void dt_set_prop_u64_array(int node, char *property, uint64_t *vals,
+ int size)
+{
+ fdt64_t *fdt_vals = (fdt64_t*)vals;
+ int len = sizeof(fdt64_t) * size;
+
+ for (int i = 0; i < size; i++) {
+ fdt_vals[i] = cpu_to_fdt64(vals[i]);
+ }
+
+ dt_set_prop(node, property, (void*)fdt_vals, len);
+}
+
+#if DEVICE_TREE_DEBUG
+static void dt_dump_string(const void *s, int len)
+{
+ char *sub = (char*)s;
+ int sublen;
+ while(*sub && ((uint64_t)sub - (uint64_t)s) < len) {
+ sublen = strlen(sub) + 1;
+ print_string(sub);
+ print_string(" ");
+ sub += sublen;
+ }
+ print_string("\n\r");
+}
+
+static void dt_dump_fdt32_array(const void *vals, int len)
+{
+ fdt32_t *fdt_vals = (fdt32_t*)vals;
+ len = len / sizeof(fdt32_t);
+ for (int i = 0; i < len; i++) {
+ print_hex(fdt32_to_cpu(fdt_vals[i]));
+ print_string(" ");
+ }
+ print_string("\n\r");
+}
+
+static void dt_dump(int node, char *property, char type)
+{
+ const void *val;
+ int len;
+
+ val = fdt_getprop(blob, node, property, &len);
+ print_string(property);
+ print_string(": ");
+
+ if (type == 's') {
+ /* string type */
+ dt_dump_string(val, len);
+ return;
+ }
+
+ /* uint type */
+ dt_dump_fdt32_array(val, len);
+}
+
+void dt_dump_all(int node)
+{
+ if (node >= 0) {
+ print_string(FW_NODE_NAME" info:\r\n");
+ dt_dump(node, "compatible", 's');
+ dt_dump(node, "version", 's');
+ dt_dump(node, "function_entry", 'i');
+ dt_dump(node, "address-cells", 'i');
+ dt_dump(node, "size-cells", 'i');
+ dt_dump(node, "regions", 'i');
+ dt_dump(node, "regions-permission", 's');
+ dt_dump(node, "regions-cache", 's');
+ print_string("\r\n");
+ }
+}
+#else
+void dt_dump_all(int node) { (void*)node; return; }
+#endif
void dt_add_memreserve(void)
{
@@ -32,3 +244,60 @@ void dt_add_memreserve(void)
print_string("reserve mem add err\n\r");
}
}
+
+void dt_fw_node_init(int enable)
+{
+ int fw_node;
+
+ VAL_TYPE regions[] = {
+ /* code region: start, end, ro, x, cachable */
+ (VAL_TYPE)firmware_start,
+ (VAL_TYPE)(firmware_data - firmware_start),
+ /* data region: start, end, rw, xn, cachable */
+ (VAL_TYPE)firmware_data,
+ (VAL_TYPE)(firmware_end - firmware_data),
+ };
+ int regions_num = sizeof(regions) / sizeof(VAL_TYPE);
+ char regions_permission[] = "RX\0RW";
+ char regions_cache[] = "Cache\0Cache";
+
+ if (!enable)
+ return;
+
+ print_string("Prepare "FW_NODE_NAME" node\n\r");
+
+ blob = (void*)&dtb;
+
+ if(fdt_path_offset(blob, "/psci") < 0) {
+ print_string("/psci node not found\n\r");
+ return;
+ }
+
+ fw_node = dt_create_fw_node();
+
+ if(fw_node < 0) {
+ print_string(FW_NODE_NAME" node create err\n\r");
+ }
+
+ dt_set_prop(fw_node, "compatible", FW_COMPAT, sizeof(FW_COMPAT));
+ dt_set_prop(fw_node, "version", FW_INFO_VER, sizeof(FW_INFO_VER));
+
+ dt_set_prop_u32(fw_node, "address-cells", CELL_NUM);
+ dt_set_prop_u32(fw_node, "size-cells", CELL_NUM);
+ dt_set_prop(fw_node, "regions-permission", regions_permission,
+ sizeof(regions_permission));
+ dt_set_prop(fw_node, "regions-cache", regions_cache,
+ sizeof(regions_cache));
+
+#ifdef BOOTWRAPPER_32
+ dt_set_prop_u32_array(fw_node, "regions", regions, regions_num);
+ dt_set_prop_u32(fw_node, "function_entry", (VAL_TYPE)smc_fn_entry);
+#else
+ dt_set_prop_u64_array(fw_node, "regions", regions, regions_num);
+ dt_set_prop_u64(fw_node, "function_entry", (VAL_TYPE)smc_fn_entry);
+#endif
+
+ fdt_pack(blob);
+
+ dt_dump_all(fw_node);
+}
meta-arm/meta-arm-bsp/recipes-bsp/boot-wrapper-aarch64/files/fvp-baser-aemv8r64/0021-boot-Enable-firmware-node-initialization.patch
+95
View File
@@ -0,0 +1,95 @@
From b1105e862e8f770fc195bc20e9c64d231dd32f66 Mon Sep 17 00:00:00 2001
From: Jaxson Han <jaxson.han@arm.com>
Date: Wed, 29 Dec 2021 15:33:17 +0800
Subject: [PATCH] boot: Enable firmware node initialization
Enable the firmware node initialization, so that the next stage
(hypervisor) could share the EL2 with firmware (boot-wrapper). The next
stage (hypervisor) get the smccc entry point, code/data sections, the
sections attrs and firmware node version and so on.
It is worth noting that this EL2 sharing mechanism is only for Armv8R
AArch64, thus add flag_v8r to record if the arch is Armv8R AArch64.
Enable the firmware node initialization only if it is Armv8R AArch64.
Also, we increase the stack size to 1024 to fix the stack overflow issue
when using the libfdt.
Add -fno-builtin options to CFLAGS to avoid the issue that the 'memset'
in common/lib.c conflicts with builtin 'memset' function. GCC version
>= 10 will have an incorrect compilation without -fno-builtin;
Issue-Id: SCM-3816
Upstream-Status: Inappropriate [other]
Implementation pending further discussion
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Change-Id: Ib274485a34d26215595fd0cd737be86610289817
---
Makefile.am | 4 ++--
arch/aarch64/boot.S | 6 ++++++
common/boot.c | 4 ++++
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index cc6504e..fbe6b81 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -23,7 +23,7 @@ DEFINES += -DCPU_IDS=$(CPU_IDS)
DEFINES += -DNR_CPUS=$(NR_CPUS)
DEFINES += $(if $(SYSREGS_BASE), -DSYSREGS_BASE=$(SYSREGS_BASE), )
DEFINES += -DUART_BASE=$(UART_BASE)
-DEFINES += -DSTACK_SIZE=256
+DEFINES += -DSTACK_SIZE=1024
if KERNEL_32
DEFINES += -DKERNEL_32
@@ -134,7 +134,7 @@ CFLAGS += -I$(top_srcdir)/include/ -I$(top_srcdir)/$(ARCH_SRC)/include/
CFLAGS += -Wall -fomit-frame-pointer
CFLAGS += -ffreestanding -nostdlib
CFLAGS += -fno-stack-protector
-CFLAGS += -fno-stack-protector
+CFLAGS += -fno-stack-protector -fno-builtin
CFLAGS += -ffunction-sections -fdata-sections
CFLAGS += -fno-pic -fno-pie
LDFLAGS += --gc-sections
diff --git a/arch/aarch64/boot.S b/arch/aarch64/boot.S
index c079d22..daaa674 100644
--- a/arch/aarch64/boot.S
+++ b/arch/aarch64/boot.S
@@ -261,6 +261,10 @@ el2_init:
#endif
ldr x1, =spsr_to_elx
str w0, [x1]
+
+ mov w0, #1
+ ldr x1, =flag_v8r
+ str w0, [x1]
// fall through
el_max_init:
@@ -340,3 +344,5 @@ flag_keep_el:
.long 0
ASM_DATA(spsr_to_elx)
.long 0
+ASM_DATA(flag_v8r)
+ .long 0
diff --git a/common/boot.c b/common/boot.c
index ee2bea0..38b2dca 100644
--- a/common/boot.c
+++ b/common/boot.c
@@ -11,6 +11,9 @@
extern unsigned long entrypoint;
extern unsigned long dtb;
+extern unsigned int flag_v8r;
+
+extern void dt_fw_node_init(int enable);
void init_platform(void);
@@ -64,6 +67,7 @@ void __noreturn first_spin(unsigned int cpu, unsigned long *mbox,
if (cpu == 0) {
init_platform();
dt_add_memreserve();
+ dt_fw_node_init(flag_v8r == 1);
*mbox = (unsigned long)&entrypoint;
sevl();
meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb
+51
View File
@@ -0,0 +1,51 @@
SUMMARY = "External system Cortex-M3 Firmware"
DESCRIPTION = "Firmware to be loaded and run in External System Harness in\
support to the main application CPU."
HOMEPAGE = "https://git.linaro.org/landing-teams/working/arm/external-system.git"
DEPENDS = "gcc-arm-none-eabi-native"
INHIBIT_DEFAULT_DEPS="1"
LICENSE = "BSD-3-Clause & Apache-2.0"
LIC_FILES_CHKSUM = "file://license.md;md5=e44b2531cd6ffe9dece394dbe988d9a0 \
file://cmsis/LICENSE.txt;md5=e3fc50a88d0a364313df4b21ef20c29e"
SRC_URI = "gitsm://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx.git;protocol=https;branch=master \
file://race.patch"
SRCREV = "8c9dca74b104ff6c9722fb0738ba93dd3719c080"
PV .= "+git${SRCPV}"
COMPATIBLE_MACHINE = "(corstone1000)"
# PRODUCT is passed to the Makefile to specify the platform to be used.
PRODUCT = "corstone-1000"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build"
# remove once arm-none-eabi-gcc updates to 13 or newer like poky
DEBUG_PREFIX_MAP:remove = "-fcanon-prefix-map"
LDFLAGS[unexport] = "1"
do_compile() {
oe_runmake -C ${S} V=y \
BUILD_PATH=${B} \
PRODUCT=${PRODUCT} \
CROSS_COMPILE=arm-none-eabi- \
all
}
do_compile[cleandirs] = "${B}"
do_install() {
install -D -p -m 0644 ${B}/product/${PRODUCT}/firmware/release/bin/firmware.bin ${D}/firmware/es_flashfw.bin
}
FILES:${PN} = "/firmware"
SYSROOT_DIRS += "/firmware"
inherit deploy
do_deploy() {
cp -rf ${D}/firmware/* ${DEPLOYDIR}/
}
addtask deploy after do_install
meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/race.patch
+66
View File
@@ -0,0 +1,66 @@
Upstream-Status: Submitted [https://gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx/-/issues/1]
Signed-off-by: Ross Burton <ross.burton@arm.com>
From 34e1c04534607f5605255f39fb46e26261fc9c4e Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Tue, 8 Sep 2020 11:49:08 +0100
Subject: [PATCH] tools/gen_module_code: atomically rewrite the generated files
The gen_module rule in rules.mk is marked as .PHONY, so make will
execute it whenever it is mentioned. This results in gen_module_code
being executed 64 times for a Juno build.
However in heavily parallel builds there's a good chance that
gen_module_code is writing a file whilst the compiler is reading it
because make also doesn't know what files are generated by
gen_module_code.
The correct fix is to adjust the Makefiles so that the dependencies are
correct but this isn't trivial, so band-aid the problem by atomically
writing the generated files.
Change-Id: I82d44f9ea6537a91002e1f80de8861d208571630
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
tools/gen_module_code.py | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/tools/gen_module_code.py b/tools/gen_module_code.py
index 7b3953845..ee099b713 100755
--- a/tools/gen_module_code.py
+++ b/tools/gen_module_code.py
@@ -17,6 +17,7 @@
import argparse
import os
import sys
+import tempfile
DEFAULT_PATH = 'build/'
@@ -53,13 +54,21 @@
def generate_file(path, filename, content):
full_filename = os.path.join(path, filename)
- with open(full_filename, 'a+') as f:
- f.seek(0)
- if f.read() != content:
+
+ try:
+ with open(full_filename) as f:
+ rewrite = f.read() != content
+ except FileNotFoundError:
+ rewrite = True
+
+ if rewrite:
+ with tempfile.NamedTemporaryFile(prefix="gen-module-code",
+ dir=path,
+ delete=False,
+ mode="wt") as f:
print("[GEN] {}...".format(full_filename))
- f.seek(0)
- f.truncate()
f.write(content)
+ os.replace(f.name, full_filename)
def generate_header(path, modules):
meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch
+250
View File
@@ -0,0 +1,250 @@
From f526797b83113cc64e3e658c22d8a5d269896a2a Mon Sep 17 00:00:00 2001
From: Ben Horgan <ben.horgan@arm.com>
Date: Fri, 4 Mar 2022 16:48:14 +0000
Subject: [PATCH] feat: emulate cntp timer register accesses using cnthps
Upstream-Status: Inappropriate [Experimental feature]
Signed-off-by: Ben Horgan <ben.horgan@arm.com>
Change-Id: I67508203273baf3bd8e6be2d99717028db945715
---
Makefile | 3 +-
src/arch/aarch64/hypervisor/BUILD.gn | 1 +
src/arch/aarch64/hypervisor/cpu.c | 11 ++-
src/arch/aarch64/hypervisor/handler.c | 6 ++
src/arch/aarch64/hypervisor/timer_el1.c | 104 ++++++++++++++++++++++++
src/arch/aarch64/hypervisor/timer_el1.h | 20 +++++
src/arch/aarch64/msr.h | 8 ++
7 files changed, 150 insertions(+), 3 deletions(-)
create mode 100644 src/arch/aarch64/hypervisor/timer_el1.c
create mode 100644 src/arch/aarch64/hypervisor/timer_el1.h
diff --git a/Makefile b/Makefile
index 95cab9a5..21cca938 100644
--- a/Makefile
+++ b/Makefile
@@ -60,7 +60,8 @@ CHECKPATCH := $(CURDIR)/third_party/linux/scripts/checkpatch.pl \
# debug_el1.c : uses XMACROS, which checkpatch doesn't understand.
# perfmon.c : uses XMACROS, which checkpatch doesn't understand.
# feature_id.c : uses XMACROS, which checkpatch doesn't understand.
-CHECKPATCH_IGNORE := "src/arch/aarch64/hypervisor/debug_el1.c\|src/arch/aarch64/hypervisor/perfmon.c\|src/arch/aarch64/hypervisor/feature_id.c"
+# timer_el1.c : uses XMACROS, which checkpatch doesn't understand.
+CHECKPATCH_IGNORE := "src/arch/aarch64/hypervisor/debug_el1.c\|src/arch/aarch64/hypervisor/perfmon.c\|src/arch/aarch64/hypervisor/feature_id.c\|src/arch/aarch64/hypervisor/timer_el1.c"
OUT ?= out/$(PROJECT)
OUT_DIR = out/$(PROJECT)
diff --git a/src/arch/aarch64/hypervisor/BUILD.gn b/src/arch/aarch64/hypervisor/BUILD.gn
index 6068d1e8..de1a414d 100644
--- a/src/arch/aarch64/hypervisor/BUILD.gn
+++ b/src/arch/aarch64/hypervisor/BUILD.gn
@@ -45,6 +45,7 @@ source_set("hypervisor") {
"handler.c",
"perfmon.c",
"psci_handler.c",
+ "timer_el1.c",
"vm.c",
]
diff --git a/src/arch/aarch64/hypervisor/cpu.c b/src/arch/aarch64/hypervisor/cpu.c
index bcf5ffce..d2df77d8 100644
--- a/src/arch/aarch64/hypervisor/cpu.c
+++ b/src/arch/aarch64/hypervisor/cpu.c
@@ -98,13 +98,20 @@ void arch_regs_reset(struct vcpu *vcpu)
if (is_primary) {
/*
* cnthctl_el2 is redefined when VHE is enabled.
- * EL1PCTEN, don't trap phys cnt access.
- * EL1PCEN, don't trap phys timer access.
+ * EL1PCTEN, don't trap phys cnt access. Except when in
+ * secure world without vhe.
+ * EL1PCEN, don't trap phys timer access. Except when in
+ * secure world without vhe.
*/
if (has_vhe_support()) {
cnthctl |= (1U << 10) | (1U << 11);
} else {
+#if SECURE_WORLD == 1
+ cnthctl &= ~(1U << 0);
+ cnthctl &= ~(1U << 1);
+#else
cnthctl |= (1U << 0) | (1U << 1);
+#endif
}
}
diff --git a/src/arch/aarch64/hypervisor/handler.c b/src/arch/aarch64/hypervisor/handler.c
index 4bd8a3b4..4c1b6e48 100644
--- a/src/arch/aarch64/hypervisor/handler.c
+++ b/src/arch/aarch64/hypervisor/handler.c
@@ -34,6 +34,7 @@
#include "psci_handler.h"
#include "smc.h"
#include "sysregs.h"
+#include "timer_el1.h"
/**
* Hypervisor Fault Address Register Non-Secure.
@@ -1277,6 +1278,11 @@ void handle_system_register_access(uintreg_t esr_el2)
inject_el1_unknown_exception(vcpu, esr_el2);
return;
}
+ } else if (timer_el1_is_register_access(esr_el2)) {
+ if (!timer_el1_process_access(vcpu, vm_id, esr_el2)) {
+ inject_el1_unknown_exception(vcpu, esr_el2);
+ return;
+ }
} else {
inject_el1_unknown_exception(vcpu, esr_el2);
return;
diff --git a/src/arch/aarch64/hypervisor/timer_el1.c b/src/arch/aarch64/hypervisor/timer_el1.c
new file mode 100644
index 00000000..c30e5543
--- /dev/null
+++ b/src/arch/aarch64/hypervisor/timer_el1.c
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2022 The Hafnium Authors.
+ *
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file or at
+ * https://opensource.org/licenses/BSD-3-Clause.
+ */
+
+#include "timer_el1.h"
+
+#include "hf/dlog.h"
+
+#include "msr.h"
+#include "sysregs.h"
+
+/*
+ * Physical timer (CNTP) register encodings as defined in
+ * table D13-8 of the ARMv8 ARM (DDI0487F).
+ * TYPE, op0, op1, crn, crm, op2
+ * The register names are the concatenation of
+ * "CNTP_", TYPE and "_EL2".
+ */
+#define CNTP_REGISTERS \
+ X(CTL, 3, 3, 14, 2, 1) \
+ X(CVAL, 3, 3, 14, 2, 2) \
+ X(TVAL, 3, 3, 14, 2, 0) \
+
+bool timer_el1_is_register_access(uintreg_t esr)
+{
+ uintreg_t sys_register = GET_ISS_SYSREG(esr);
+ bool is_timer_access;
+ switch (sys_register) {
+#define X(type, op0, op1, crn, crm, op2) \
+ case (GET_ISS_ENCODING(op0, op1, crn, crm, op2)): \
+ is_timer_access = true; \
+ break;
+ CNTP_REGISTERS
+#undef X
+ case (GET_ISS_ENCODING(3, 3, 14, 0, 1)):
+ is_timer_access = true;
+ break;
+ default:
+ is_timer_access = false;
+ }
+
+ return is_timer_access;
+}
+
+/* Accesses to CNTP timer emulated with CNTHPS */
+bool timer_el1_process_access(struct vcpu *vcpu, ffa_vm_id_t vm_id,
+ uintreg_t esr)
+{
+ uintreg_t sys_register = GET_ISS_SYSREG(esr);
+ uintreg_t rt_register = GET_ISS_RT(esr);
+ uintreg_t value;
+
+ if (ISS_IS_READ(esr)) {
+ switch (sys_register) {
+#define X(type, op0, op1, crn, crm, op2) \
+ case (GET_ISS_ENCODING(op0, op1, crn, crm, op2)): \
+ value = read_msr(MSR_CNTHPS_##type##_EL2); \
+ vcpu->regs.r[rt_register] = value; \
+ break;
+ CNTP_REGISTERS
+#undef X
+ case (GET_ISS_ENCODING(3, 3, 14, 0, 1)):
+ value = read_msr(cntpct_el0);
+ vcpu->regs.r[rt_register] = value;
+ break;
+ default:
+ dlog_notice(
+ "Unsupported timer register "
+ "read: "
+ "op0=%d, op1=%d, crn=%d, crm=%d, op2=%d, "
+ "rt=%d.\n",
+ GET_ISS_OP0(esr), GET_ISS_OP1(esr),
+ GET_ISS_CRN(esr), GET_ISS_CRM(esr),
+ GET_ISS_OP2(esr), GET_ISS_RT(esr));
+ break;
+ }
+ } else {
+ value = vcpu->regs.r[rt_register];
+ switch (sys_register) {
+#define X(type, op0, op1, crn, crm, op2) \
+ case (GET_ISS_ENCODING(op0, op1, crn, crm, op2)): \
+ write_msr(MSR_CNTHPS_##type##_EL2, value); \
+ break;
+ CNTP_REGISTERS
+#undef X
+ default:
+ dlog_notice(
+ "Unsupported timer register "
+ "write: "
+ "op0=%d, op1=%d, crn=%d, crm=%d, op2=%d, "
+ "rt=%d, value=%d.\n",
+ GET_ISS_OP0(esr), GET_ISS_OP1(esr),
+ GET_ISS_CRN(esr), GET_ISS_CRM(esr),
+ GET_ISS_OP2(esr), GET_ISS_RT(esr), value);
+ break;
+ }
+ }
+
+ return true;
+}
diff --git a/src/arch/aarch64/hypervisor/timer_el1.h b/src/arch/aarch64/hypervisor/timer_el1.h
new file mode 100644
index 00000000..04a43b6c
--- /dev/null
+++ b/src/arch/aarch64/hypervisor/timer_el1.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2022 The Hafnium Authors.
+ *
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file or at
+ * https://opensource.org/licenses/BSD-3-Clause.
+ */
+
+#pragma once
+
+#include "hf/arch/types.h"
+
+#include "hf/cpu.h"
+
+#include "vmapi/hf/ffa.h"
+
+bool timer_el1_is_register_access(uintreg_t esr);
+
+bool timer_el1_process_access(struct vcpu *vcpu, ffa_vm_id_t vm_id,
+ uintreg_t esr);
diff --git a/src/arch/aarch64/msr.h b/src/arch/aarch64/msr.h
index cd6778b4..55e78330 100644
--- a/src/arch/aarch64/msr.h
+++ b/src/arch/aarch64/msr.h
@@ -126,3 +126,11 @@
#define MSR_ELR_EL12 S3_5_C4_C0_1
#endif
+
+/*
+ * Secure EL2 Physical timer (CNTHPS) register encodings as defined in
+ * table D13-8 of the ARMv8 ARM (DDI0487F).
+ */
+#define MSR_CNTHPS_CTL_EL2 S3_4_C14_C5_1
+#define MSR_CNTHPS_CVAL_EL2 S3_4_C14_C5_2
+#define MSR_CNTHPS_TVAL_EL2 S3_4_C14_C5_0
meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-tc-increase-heap-pages.patch
+27
View File
@@ -0,0 +1,27 @@
From 613dea068fa546956717ce0b60328e39d451f661 Mon Sep 17 00:00:00 2001
From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Date: Fri, 29 Apr 2022 20:07:50 +0100
Subject: [PATCH] tc: increase heap pages
Upstream-Status: Pending
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
---
BUILD.gn | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BUILD.gn b/BUILD.gn
index 6b9b383..62ba763 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -235,7 +235,7 @@ aarch64_toolchains("secure_tc") {
gicd_base_address = "0x30000000"
gicr_base_address = "0x30080000"
gicr_frames = 8
- heap_pages = 60
+ heap_pages = 120
max_cpus = 8
max_vms = 16
branch_protection = "standard"
--
2.30.2
meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-emulate-interrupt-controller-register-access.patch
+157
View File
@@ -0,0 +1,157 @@
From 97a8ca1835f5d9512dacda497540d5523e56c7dd Mon Sep 17 00:00:00 2001
From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Date: Tue, 26 Apr 2022 14:43:58 +0100
Subject: [PATCH] feat: emulate interrupt controller register access
This emulates ICC_SGI1R_EL1 and ICC_IGRPEN1_EL1 register
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I0c11f034f3676067597461a183a341c809adcaa4
Upstream-Status: Inappropriate [Experimental feature]
---
src/arch/aarch64/hypervisor/handler.c | 5 ++
src/arch/aarch64/hypervisor/perfmon.c | 84 +++++++++++++++++++++++++++
src/arch/aarch64/hypervisor/perfmon.h | 5 ++
src/arch/aarch64/msr.h | 3 +
4 files changed, 97 insertions(+)
diff --git a/src/arch/aarch64/hypervisor/handler.c b/src/arch/aarch64/hypervisor/handler.c
index 4c1b6e48..cd5146bd 100644
--- a/src/arch/aarch64/hypervisor/handler.c
+++ b/src/arch/aarch64/hypervisor/handler.c
@@ -1283,6 +1283,11 @@ void handle_system_register_access(uintreg_t esr_el2)
inject_el1_unknown_exception(vcpu, esr_el2);
return;
}
+ } else if (intr_ctrl_is_register_access(esr_el2)) {
+ if (!intr_ctrl_el1_process_access(vcpu, vm_id, esr_el2)) {
+ inject_el1_unknown_exception(vcpu, esr_el2);
+ return;
+ }
} else {
inject_el1_unknown_exception(vcpu, esr_el2);
return;
diff --git a/src/arch/aarch64/hypervisor/perfmon.c b/src/arch/aarch64/hypervisor/perfmon.c
index f13b0354..05e216c8 100644
--- a/src/arch/aarch64/hypervisor/perfmon.c
+++ b/src/arch/aarch64/hypervisor/perfmon.c
@@ -116,6 +116,10 @@
X(PMEVTYPER30_EL0 , 3, 3, 14, 15, 6) \
X(PMCCFILTR_EL0 , 3, 3, 14, 15, 7)
+#define INTR_CTRL_REGISTERS \
+ X(ICC_IGRPEN1_EL1 , 3, 0, 12, 12, 7) \
+ X(ICC_SGI1R_EL1 , 3, 0, 12, 11, 5) \
+
/* clang-format on */
/**
@@ -232,3 +236,83 @@ uintreg_t perfmon_get_pmccfiltr_el0_init_value(ffa_vm_id_t vm_id)
return 0;
}
+
+bool intr_ctrl_is_register_access(uintreg_t esr)
+{
+ uintreg_t op0 = GET_ISS_OP0(esr);
+ uintreg_t op1 = GET_ISS_OP1(esr);
+ uintreg_t crn = GET_ISS_CRN(esr);
+ uintreg_t crm = GET_ISS_CRM(esr);
+
+ if (op0 == 3 && op1 == 0 && crn == 12 && crm == 12) {
+ return true;
+ }
+
+ if (op0 == 3 && op1 == 0 && crn == 12 && crm == 11) {
+ return true;
+ }
+
+ return false;
+}
+
+bool intr_ctrl_el1_process_access(struct vcpu *vcpu, ffa_vm_id_t vm_id,
+ uintreg_t esr)
+{
+ uintreg_t sys_register = GET_ISS_SYSREG(esr);
+ uintreg_t rt_register = GET_ISS_RT(esr);
+ uintreg_t value;
+
+ /* +1 because Rt can access register XZR */
+ CHECK(rt_register < NUM_GP_REGS + 1);
+
+ if (ISS_IS_READ(esr)) {
+ switch (sys_register) {
+#define X(reg_name, op0, op1, crn, crm, op2) \
+ case (GET_ISS_ENCODING(op0, op1, crn, crm, op2)): \
+ value = read_msr(reg_name); \
+ break;
+ INTR_CTRL_REGISTERS
+#undef X
+ default:
+ value = vcpu->regs.r[rt_register];
+ dlog_notice(
+ "Unsupported interrupt control register "
+ "read: "
+ "op0=%d, op1=%d, crn=%d, crm=%d, op2=%d, "
+ "rt=%d.\n",
+ GET_ISS_OP0(esr), GET_ISS_OP1(esr),
+ GET_ISS_CRN(esr), GET_ISS_CRM(esr),
+ GET_ISS_OP2(esr), GET_ISS_RT(esr));
+ break;
+ }
+ if (rt_register != RT_REG_XZR) {
+ vcpu->regs.r[rt_register] = value;
+ }
+ } else {
+ if (rt_register != RT_REG_XZR) {
+ value = vcpu->regs.r[rt_register];
+ } else {
+ value = 0;
+ }
+ switch (sys_register) {
+#define X(reg_name, op0, op1, crn, crm, op2) \
+ case (GET_ISS_ENCODING(op0, op1, crn, crm, op2)): \
+ write_msr(reg_name, value); \
+ break;
+ INTR_CTRL_REGISTERS
+#undef X
+ default:
+ dlog_notice(
+ "Unsupported interrupt control register "
+ "write: "
+ "op0=%d, op1=%d, crn=%d, crm=%d, op2=%d, "
+ "rt=%d.\n",
+ GET_ISS_OP0(esr), GET_ISS_OP1(esr),
+ GET_ISS_CRN(esr), GET_ISS_CRM(esr),
+ GET_ISS_OP2(esr), GET_ISS_RT(esr));
+ break;
+ }
+ }
+
+ return true;
+}
diff --git a/src/arch/aarch64/hypervisor/perfmon.h b/src/arch/aarch64/hypervisor/perfmon.h
index 81669ba1..c90d45bf 100644
--- a/src/arch/aarch64/hypervisor/perfmon.h
+++ b/src/arch/aarch64/hypervisor/perfmon.h
@@ -70,3 +70,8 @@ bool perfmon_process_access(struct vcpu *vcpu, ffa_vm_id_t vm_id,
uintreg_t esr_el2);
uintreg_t perfmon_get_pmccfiltr_el0_init_value(ffa_vm_id_t vm_id);
+
+bool intr_ctrl_is_register_access(uintreg_t esr);
+
+bool intr_ctrl_el1_process_access(struct vcpu *vcpu, ffa_vm_id_t vm_id,
+ uintreg_t esr);
diff --git a/src/arch/aarch64/msr.h b/src/arch/aarch64/msr.h
index 55e78330..82aa8846 100644
--- a/src/arch/aarch64/msr.h
+++ b/src/arch/aarch64/msr.h
@@ -134,3 +134,6 @@
#define MSR_CNTHPS_CTL_EL2 S3_4_C14_C5_1
#define MSR_CNTHPS_CVAL_EL2 S3_4_C14_C5_2
#define MSR_CNTHPS_TVAL_EL2 S3_4_C14_C5_0
+
+#define ICC_IGRPEN1_EL1 S3_0_C12_C12_7
+#define ICC_SGI1R_EL1 S3_0_C12_C11_5
meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch
+31
View File
@@ -0,0 +1,31 @@
From 1fef5bd2504ce3a203c56a3b66dba773cd4893c6 Mon Sep 17 00:00:00 2001
From: Davidson K <davidson.kumaresan@arm.com>
Date: Thu, 8 Sep 2022 10:47:10 +0530
Subject: [PATCH] feat(vhe): enable vhe and disable branch protection for TC
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Change-Id: I60cd607d9f2bf0114b482980e7ca68e24aaf4d1f
Upstream-Status: Pending [Not submitted to upstream yet]
---
BUILD.gn | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BUILD.gn b/BUILD.gn
index 62ba763..f26ce03 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -238,7 +238,6 @@ aarch64_toolchains("secure_tc") {
heap_pages = 120
max_cpus = 8
max_vms = 16
- branch_protection = "standard"
toolchain_args = {
plat_ffa = "//src/arch/aarch64/plat/ffa:spmc"
plat_psci = "//src/arch/aarch64/plat/psci:spmc"
@@ -247,5 +246,6 @@ aarch64_toolchains("secure_tc") {
secure_world = "1"
pl011_base_address = "0x7ff80000"
enable_mte = "1"
+ enable_vhe = "1"
}
}
meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-feat-disable-alignment-check-for-EL0-partitions.patch
+318
View File
@@ -0,0 +1,318 @@
From 1c4d28493faed6cf189c75fa91d19131e6a34e04 Mon Sep 17 00:00:00 2001
From: Olivier Deprez <olivier.deprez@arm.com>
Date: Mon, 8 Aug 2022 19:14:23 +0200
Subject: [PATCH] feat: disable alignment check for EL0 partitions
Relax hw alignment check specifically for (S-)EL0 partitions when
Hafnium runs with VHE enabled. EL1 partitions have a specific control
for EL1 and EL0 with respect to alignment check.
Create a hyp_state structure (from already defined flying registers)
within the vCPU context to hold the Hypervisor EL2 static configuration
applied when a vCPU runs. This state is switched back and forth when
running the Hypervisor or the VM.
Add SCTLR_EL2 to this context. An EL0 partition context is initialized
with SCTLR_EL2.A=0 such that alignment check is disabled when EL0 runs
in the EL2&0 translation regime. SCTLR_EL2.A is set back when returning
to the Hypervisor such that Hypervisor execution runs with aligment
check enabled at EL2.
Remove HCR_EL2 saving from vCPU exit path provided this register state
is static and doesn't change while a vCPU runs.
The rationale for such change is to permit running upstream SW stacks
such as the EDKII/StandaloneMm [1] for which default build assumes
unaligned accesses are permitted. Similar query exists for running
Trusted Services on top of Hafnium [2].
[1] https://github.com/tianocore/edk2/tree/master/StandaloneMmPkg
[2] https://trusted-services.readthedocs.io/en/integration/
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2906f4c712425fcfb31adbf89e2e3b9ca293f181
Upstream-Status: Submitted [https://review.trustedfirmware.org/c/hafnium/hafnium/+/16195]
---
src/arch/aarch64/hypervisor/cpu.c | 9 ++++---
src/arch/aarch64/hypervisor/exceptions.S | 32 ++++++++++++++++--------
src/arch/aarch64/hypervisor/feature_id.c | 6 ++---
src/arch/aarch64/hypervisor/handler.c | 18 +++++++------
src/arch/aarch64/inc/hf/arch/types.h | 9 +++++--
src/arch/aarch64/mm.c | 2 +-
src/arch/aarch64/sysregs.c | 11 ++++++--
src/arch/aarch64/sysregs.h | 2 +-
8 files changed, 59 insertions(+), 30 deletions(-)
diff --git a/src/arch/aarch64/hypervisor/cpu.c b/src/arch/aarch64/hypervisor/cpu.c
index d2df77d8..a000159b 100644
--- a/src/arch/aarch64/hypervisor/cpu.c
+++ b/src/arch/aarch64/hypervisor/cpu.c
@@ -115,7 +115,9 @@ void arch_regs_reset(struct vcpu *vcpu)
}
}
- r->hcr_el2 = get_hcr_el2_value(vm_id, vcpu->vm->el0_partition);
+ r->hyp_state.hcr_el2 =
+ get_hcr_el2_value(vm_id, vcpu->vm->el0_partition);
+ r->hyp_state.sctlr_el2 = get_sctlr_el2_value(vcpu->vm->el0_partition);
r->lazy.cnthctl_el2 = cnthctl;
if (vcpu->vm->el0_partition) {
CHECK(has_vhe_support());
@@ -125,10 +127,11 @@ void arch_regs_reset(struct vcpu *vcpu)
* are ignored and treated as 0. There is no need to mask the
* VMID (used as asid) to only 8 bits.
*/
- r->ttbr0_el2 = pa_addr(table) | ((uint64_t)vm_id << 48);
+ r->hyp_state.ttbr0_el2 =
+ pa_addr(table) | ((uint64_t)vm_id << 48);
r->spsr = PSR_PE_MODE_EL0T;
} else {
- r->ttbr0_el2 = read_msr(ttbr0_el2);
+ r->hyp_state.ttbr0_el2 = read_msr(ttbr0_el2);
r->lazy.vtcr_el2 = arch_mm_get_vtcr_el2();
r->lazy.vttbr_el2 = pa_addr(table) | ((uint64_t)vm_id << 48);
#if SECURE_WORLD == 1
diff --git a/src/arch/aarch64/hypervisor/exceptions.S b/src/arch/aarch64/hypervisor/exceptions.S
index 539e196d..d3732f86 100644
--- a/src/arch/aarch64/hypervisor/exceptions.S
+++ b/src/arch/aarch64/hypervisor/exceptions.S
@@ -20,6 +20,9 @@
#define ID_AA64PFR0_SVE_SHIFT (32)
#define ID_AA64PFR0_SVE_LENGTH (4)
+#define SCTLR_EL2_A_SHIFT (1)
+#define HCR_EL2_TGE_SHIFT (27)
+
/**
* Saves the volatile registers into the register buffer of the current vCPU.
*/
@@ -51,8 +54,6 @@
mrs x1, elr_el2
mrs x2, spsr_el2
stp x1, x2, [x18, #VCPU_REGS + 8 * 31]
- mrs x1, hcr_el2
- str x1, [x18, #VCPU_REGS + 8 * 33]
.endm
/**
@@ -871,12 +872,13 @@ vcpu_restore_volatile_and_run:
msr elr_el2, x1
msr spsr_el2, x2
- ldr x1, [x0, #VCPU_REGS + 8 * 33]
+ ldp x1, x2, [x0, #VCPU_REGS + 8 * 33]
msr hcr_el2, x1
+ msr ttbr0_el2, x2
isb
- ldr x1, [x0, #VCPU_REGS + 8 * 34]
- msr ttbr0_el2, x1
+ ldr x1, [x0, #VCPU_REGS + 8 * 35]
+ msr sctlr_el2, x1
isb
/* Restore x0..x3, which we have used as scratch before. */
@@ -886,15 +888,17 @@ vcpu_restore_volatile_and_run:
#if ENABLE_VHE
enable_vhe_tge:
+ mrs x0, id_aa64mmfr1_el1
+ tst x0, #0xf00
+ b.eq 1f
+
/**
* Switch to host mode ({E2H, TGE} = {1,1}) when VHE is enabled.
* Note that E2H is always set when VHE is enabled.
*/
- mrs x0, id_aa64mmfr1_el1
- tst x0, #0xf00
- b.eq 1f
- orr x1, x1, #(1 << 27)
- msr hcr_el2, x1
+ mrs x0, hcr_el2
+ orr x0, x0, #(1 << HCR_EL2_TGE_SHIFT)
+ msr hcr_el2, x0
isb
/**
@@ -905,6 +909,14 @@ enable_vhe_tge:
ldr x0, [x0]
msr ttbr0_el2, x0
isb
+
+ /**
+ * Enable alignment check while Hypervisor runs.
+ */
+ mrs x0, sctlr_el2
+ orr x0, x0, #(1 << SCTLR_EL2_A_SHIFT)
+ msr sctlr_el2, x0
+ isb
1:
ret
#endif
diff --git a/src/arch/aarch64/hypervisor/feature_id.c b/src/arch/aarch64/hypervisor/feature_id.c
index ed3bf8f1..57f32627 100644
--- a/src/arch/aarch64/hypervisor/feature_id.c
+++ b/src/arch/aarch64/hypervisor/feature_id.c
@@ -175,7 +175,7 @@ void feature_set_traps(struct vm *vm, struct arch_regs *regs)
~(ID_AA64MMFR1_EL1_VH_MASK << ID_AA64MMFR1_EL1_VH_SHIFT);
if (features & HF_FEATURE_RAS) {
- regs->hcr_el2 |= HCR_EL2_TERR;
+ regs->hyp_state.hcr_el2 |= HCR_EL2_TERR;
vm->arch.tid3_masks.id_aa64mmfr1_el1 &=
~ID_AA64MMFR1_EL1_SPEC_SEI;
vm->arch.tid3_masks.id_aa64pfr0_el1 &= ~ID_AA64PFR0_EL1_RAS;
@@ -221,14 +221,14 @@ void feature_set_traps(struct vm *vm, struct arch_regs *regs)
}
if (features & HF_FEATURE_LOR) {
- regs->hcr_el2 |= HCR_EL2_TLOR;
+ regs->hyp_state.hcr_el2 |= HCR_EL2_TLOR;
vm->arch.tid3_masks.id_aa64mmfr1_el1 &= ~ID_AA64MMFR1_EL1_LO;
}
if (features & HF_FEATURE_PAUTH) {
/* APK and API bits *enable* trapping when cleared. */
- regs->hcr_el2 &= ~(HCR_EL2_APK | HCR_EL2_API);
+ regs->hyp_state.hcr_el2 &= ~(HCR_EL2_APK | HCR_EL2_API);
vm->arch.tid3_masks.id_aa64isar1_el1 &= ~ID_AA64ISAR1_EL1_GPI;
vm->arch.tid3_masks.id_aa64isar1_el1 &= ~ID_AA64ISAR1_EL1_GPA;
diff --git a/src/arch/aarch64/hypervisor/handler.c b/src/arch/aarch64/hypervisor/handler.c
index cd5146bd..8a3d6289 100644
--- a/src/arch/aarch64/hypervisor/handler.c
+++ b/src/arch/aarch64/hypervisor/handler.c
@@ -272,9 +272,9 @@ noreturn void sync_current_exception_noreturn(uintreg_t elr, uintreg_t spsr)
static void set_virtual_irq(struct arch_regs *r, bool enable)
{
if (enable) {
- r->hcr_el2 |= HCR_EL2_VI;
+ r->hyp_state.hcr_el2 |= HCR_EL2_VI;
} else {
- r->hcr_el2 &= ~HCR_EL2_VI;
+ r->hyp_state.hcr_el2 &= ~HCR_EL2_VI;
}
}
@@ -283,14 +283,15 @@ static void set_virtual_irq(struct arch_regs *r, bool enable)
*/
static void set_virtual_irq_current(bool enable)
{
- uintreg_t hcr_el2 = current()->regs.hcr_el2;
+ struct vcpu *vcpu = current();
+ uintreg_t hcr_el2 = vcpu->regs.hyp_state.hcr_el2;
if (enable) {
hcr_el2 |= HCR_EL2_VI;
} else {
hcr_el2 &= ~HCR_EL2_VI;
}
- current()->regs.hcr_el2 = hcr_el2;
+ vcpu->regs.hyp_state.hcr_el2 = hcr_el2;
}
/**
@@ -300,9 +301,9 @@ static void set_virtual_irq_current(bool enable)
static void set_virtual_fiq(struct arch_regs *r, bool enable)
{
if (enable) {
- r->hcr_el2 |= HCR_EL2_VF;
+ r->hyp_state.hcr_el2 |= HCR_EL2_VF;
} else {
- r->hcr_el2 &= ~HCR_EL2_VF;
+ r->hyp_state.hcr_el2 &= ~HCR_EL2_VF;
}
}
@@ -311,14 +312,15 @@ static void set_virtual_fiq(struct arch_regs *r, bool enable)
*/
static void set_virtual_fiq_current(bool enable)
{
- uintreg_t hcr_el2 = current()->regs.hcr_el2;
+ struct vcpu *vcpu = current();
+ uintreg_t hcr_el2 = vcpu->regs.hyp_state.hcr_el2;
if (enable) {
hcr_el2 |= HCR_EL2_VF;
} else {
hcr_el2 &= ~HCR_EL2_VF;
}
- current()->regs.hcr_el2 = hcr_el2;
+ vcpu->regs.hyp_state.hcr_el2 = hcr_el2;
}
#if SECURE_WORLD == 1
diff --git a/src/arch/aarch64/inc/hf/arch/types.h b/src/arch/aarch64/inc/hf/arch/types.h
index 6379d73e..6b8b24f1 100644
--- a/src/arch/aarch64/inc/hf/arch/types.h
+++ b/src/arch/aarch64/inc/hf/arch/types.h
@@ -79,8 +79,13 @@ struct arch_regs {
uintreg_t r[NUM_GP_REGS];
uintreg_t pc;
uintreg_t spsr;
- uintreg_t hcr_el2;
- uintreg_t ttbr0_el2;
+
+ /* Hypervisor configuration while a vCPU runs. */
+ struct {
+ uintreg_t hcr_el2;
+ uintreg_t ttbr0_el2;
+ uintreg_t sctlr_el2;
+ } hyp_state;
/*
* System registers.
diff --git a/src/arch/aarch64/mm.c b/src/arch/aarch64/mm.c
index 8ee65ca0..487ae353 100644
--- a/src/arch/aarch64/mm.c
+++ b/src/arch/aarch64/mm.c
@@ -886,7 +886,7 @@ bool arch_mm_init(paddr_t table)
#endif
(0xff << (8 * STAGE1_NORMALINDX)),
- .sctlr_el2 = get_sctlr_el2_value(),
+ .sctlr_el2 = get_sctlr_el2_value(false),
.vstcr_el2 = (1U << 31) | /* RES1. */
(0 << 30) | /* SA. */
(0 << 29) | /* SW. */
diff --git a/src/arch/aarch64/sysregs.c b/src/arch/aarch64/sysregs.c
index e8c154b1..087ba4ed 100644
--- a/src/arch/aarch64/sysregs.c
+++ b/src/arch/aarch64/sysregs.c
@@ -159,7 +159,7 @@ uintreg_t get_cptr_el2_value(void)
/**
* Returns the value for SCTLR_EL2 for the CPU.
*/
-uintreg_t get_sctlr_el2_value(void)
+uintreg_t get_sctlr_el2_value(bool is_el0_partition)
{
uintreg_t sctlr_el2_value = 0;
@@ -173,7 +173,14 @@ uintreg_t get_sctlr_el2_value(void)
/* MMU-related bits. */
sctlr_el2_value |= SCTLR_EL2_M;
- sctlr_el2_value |= SCTLR_EL2_A;
+
+ /*
+ * Alignment check enabled, but in the case of an EL0 partition
+ * with VHE enabled.
+ */
+ if (!(has_vhe_support() && is_el0_partition)) {
+ sctlr_el2_value |= SCTLR_EL2_A;
+ }
sctlr_el2_value |= SCTLR_EL2_C;
sctlr_el2_value |= SCTLR_EL2_SA;
sctlr_el2_value |= SCTLR_EL2_I;
diff --git a/src/arch/aarch64/sysregs.h b/src/arch/aarch64/sysregs.h
index babd2375..6fdab58e 100644
--- a/src/arch/aarch64/sysregs.h
+++ b/src/arch/aarch64/sysregs.h
@@ -668,7 +668,7 @@ uintreg_t get_mdcr_el2_value(void);
uintreg_t get_cptr_el2_value(void);
-uintreg_t get_sctlr_el2_value(void);
+uintreg_t get_sctlr_el2_value(bool is_el0_partition);
/**
* Branch Target Identification mechanism support in AArch64 state.
meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch
+41
View File
@@ -0,0 +1,41 @@
From 4b59905d2fec01cc17038b1c167b4e57e7835adf Mon Sep 17 00:00:00 2001
From: Davidson K <davidson.kumaresan@arm.com>
Date: Thu, 7 Oct 2021 12:20:08 +0530
Subject: [PATCH] feat(vhe): set STAGE1_NS while mapping memory from NWd to SWd
If the memory is shared by a VM executing in non secure world, attribute
MM_MODE_NS had to be set while mapping that in a S-EL0 SP executing in
secure world. It will not be needed for a S-EL1 SP since the NS bit is
available only for the stage 1 translations and the stage 1 translations
for a S-EL1 SP will be handled by a trusted OS running in S-EL1.
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Change-Id: I074e2d5a50a659bd3c097d797c4901f08d210b1b
Upstream-Status: Pending [Not submitted to upstream yet]
---
src/ffa_memory.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/ffa_memory.c b/src/ffa_memory.c
index 048cca9c..8910cc79 100644
--- a/src/ffa_memory.c
+++ b/src/ffa_memory.c
@@ -2483,6 +2483,18 @@ struct ffa_value ffa_memory_retrieve(struct vm_locked to_locked,
memory_to_attributes = ffa_memory_permissions_to_mode(
permissions, share_state->sender_orig_mode);
+
+ if (to_locked.vm->el0_partition) {
+ /*
+ * Get extra mapping attributes for the given VM ID.
+ * If the memory is shared by a VM executing in non secure
+ * world, attribute MM_MODE_NS had to be set while mapping
+ * that in a SP executing in secure world.
+ */
+ memory_to_attributes |= arch_mm_extra_attributes_from_vm(
+ retrieve_request->sender);
+ }
+
ret = ffa_retrieve_check_update(
to_locked, memory_region->sender, share_state->fragments,
share_state->fragment_constituent_counts,
meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc
+25
View File
@@ -0,0 +1,25 @@
# TC specific configuration
COMPATIBLE_MACHINE = "(tc?)"
HAFNIUM_PLATFORM = "secure_tc"
# Intermediate SHA with 2.7 baseline version
SRCREV = "dd0561820946fe23bcd57cc129140437f72102a5"
PV = "2.7+git${SRCPV}"
FILESEXTRAPATHS:prepend:tc := "${THISDIR}/files/tc:"
SRC_URI:remove = "file://0003-Fix-build-with-clang-15.patch"
SRC_URI:append = " \
file://0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch \
file://0002-feat-emulate-interrupt-controller-register-access.patch \
file://0003-feat-disable-alignment-check-for-EL0-partitions.patch \
file://0004-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch \
file://0001-tc-increase-heap-pages.patch;patchdir=project/reference \
file://0002-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch;patchdir=project/reference \
"
do_compile() {
PATH="${S}/prebuilts/linux-x64/clang/bin:$PATH" oe_runmake -C ${S}
}
meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium_%.bbappend
+6
View File
@@ -0,0 +1,6 @@
# Machine specific configurations
MACHINE_HAFNIUM_REQUIRE ?= ""
MACHINE_HAFNIUM_REQUIRE:tc = "hafnium-tc.inc"
require ${MACHINE_HAFNIUM_REQUIRE}
meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
+38
View File
@@ -0,0 +1,38 @@
SUMARY = "Corstone1000 platform Image"
DESCRIPTION = "This is the main image which is the container of all the binaries \
generated for the Corstone1000 platform."
LICENSE = "MIT"
COMPATIBLE_MACHINE = "corstone1000"
inherit image
inherit tfm_sign_image
inherit uefi_capsule
PACKAGE_INSTALL = ""
IMAGE_FSTYPES += "wic uefi_capsule"
UEFI_FIRMWARE_BINARY = "${PN}-${MACHINE}.${CAPSULE_IMGTYPE}"
UEFI_CAPSULE_CONFIG = "${THISDIR}/files/${PN}-capsule-update-image.json"
CAPSULE_IMGTYPE = "wic"
do_sign_images() {
# Sign TF-A BL2
sign_host_image ${RECIPE_SYSROOT}/firmware/${TFA_BL2_BINARY} \
${TFA_BL2_RE_IMAGE_LOAD_ADDRESS} ${TFA_BL2_RE_SIGN_BIN_SIZE}
# Update BL2 in the FIP image
cp ${RECIPE_SYSROOT}/firmware/${TFA_FIP_BINARY} .
fiptool update --tb-fw \
${TFM_IMAGE_SIGN_DEPLOY_DIR}/signed_${TFA_BL2_BINARY} \
${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY}
# Sign the FIP image
sign_host_image ${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY} \
${TFA_FIP_RE_IMAGE_LOAD_ADDRESS} ${TFA_FIP_RE_SIGN_BIN_SIZE}
}
do_sign_images[depends] = "\
trusted-firmware-a:do_populate_sysroot \
fiptool-native:do_populate_sysroot \
"
meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb
+28
View File
@@ -0,0 +1,28 @@
SUMARY = "Corstone1000 platform Initramfs Image"
DESCRIPTION = "This is the main Linux image which includes an initramfs kernel/rootfs bundle."
LICENSE = "MIT"
COMPATIBLE_MACHINE = "corstone1000"
IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}"
inherit core-image
# By default all basic packages required for a bootable system are installed
# by core-image . These packages are: packagegroup-core-boot and
# packagegroup-base-extended
inherit image-buildinfo
#package management is not supported in corstone1000
IMAGE_FEATURES:remove = "package-management"
# all optee packages
IMAGE_INSTALL += "optee-client"
# external system linux userspace test application
IMAGE_INSTALL += "corstone1000-external-sys-tests"
# TS PSA API tests commands for crypto, its, ps and iat
IMAGE_INSTALL += "packagegroup-ts-tests-psa"
meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-image-capsule-update-image.json
+11
View File
@@ -0,0 +1,11 @@
{
"Payloads": [
{
"FwVersion": "5",
"Guid": "e2bb9c06-70e9-4b14-97a3-5a7913176e3f",
"LowestSupportedVersion": "1",
"Payload": "$UEFI_FIRMWARE_BINARY",
"UpdateImageIndex": "0"
}
]
}
meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb
+79
View File
@@ -0,0 +1,79 @@
DESCRIPTION = "Firmware Image for Juno to be copied to the Configuration \
microSD card"
LICENSE = "BSD-3-Clause"
SECTION = "firmware"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9"
INHIBIT_DEFAULT_DEPS = "1"
DEPENDS = "trusted-firmware-a virtual/kernel virtual/control-processor-firmware"
PACKAGE_ARCH = "${MACHINE_ARCH}"
COMPATIBLE_MACHINE = "juno"
LINARO_RELEASE = "19.06"
SRC_URI = "http://releases.linaro.org/members/arm/platforms/${LINARO_RELEASE}/juno-latest-oe-uboot.zip;subdir=${UNPACK_DIR} \
file://images-r0.txt \
file://images-r1.txt \
file://images-r2.txt \
file://uEnv.txt \
"
SRC_URI[md5sum] = "01b662b81fa409d55ff298238ad24003"
SRC_URI[sha256sum] = "b8a3909bb3bc4350a8771b863193a3e33b358e2a727624a77c9ecf13516cec82"
UNPACK_DIR = "juno-firmware-${LINARO_RELEASE}"
inherit deploy nopackages
do_configure[noexec] = "1"
do_compile[noexec] = "1"
# The ${D} is used as a temporary directory and we don't generate any
# packages for this recipe.
do_install() {
cp -a ${WORKDIR}/${UNPACK_DIR} ${D}
cp -f ${RECIPE_SYSROOT}/firmware/bl1-juno.bin \
${D}/${UNPACK_DIR}/SOFTWARE/bl1.bin
cp -f ${RECIPE_SYSROOT}/firmware/fip-juno.bin \
${D}/${UNPACK_DIR}/SOFTWARE/fip.bin
cp -f ${RECIPE_SYSROOT}/firmware/scp_romfw_bypass.bin \
${D}/${UNPACK_DIR}/SOFTWARE/scp_bl1.bin
# u-boot environment file
cp -f ${WORKDIR}/uEnv.txt ${D}/${UNPACK_DIR}/SOFTWARE/
# Juno images list file
cp -f ${WORKDIR}/images-r0.txt ${D}/${UNPACK_DIR}/SITE1/HBI0262B/images.txt
cp -f ${WORKDIR}/images-r1.txt ${D}/${UNPACK_DIR}/SITE1/HBI0262C/images.txt
cp -f ${WORKDIR}/images-r2.txt ${D}/${UNPACK_DIR}/SITE1/HBI0262D/images.txt
}
do_deploy() {
# To avoid dependency loop between firmware-image-juno:do_install
# and virtual/kernel:do_deploy when INITRAMFS_IMAGE_BUNDLE = "1",
# we need to handle the kernel binaries copying in the do_deploy
# task.
for f in ${KERNEL_DEVICETREE}; do
install -m 755 -c ${DEPLOY_DIR_IMAGE}/$(basename $f) \
${D}/${UNPACK_DIR}/SOFTWARE/.
done
if [ "${INITRAMFS_IMAGE_BUNDLE}" -eq 1 ]; then
cp -L -f ${DEPLOY_DIR_IMAGE}/Image.gz-initramfs-juno.bin \
${D}/${UNPACK_DIR}/SOFTWARE/Image
else
cp -L -f ${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE} ${D}/${UNPACK_DIR}/SOFTWARE/
fi
# Compress the files
tar -C ${D}/${UNPACK_DIR} -zcvf ${WORKDIR}/${PN}.tar.gz ./
# Deploy the compressed archive to the deploy folder
install -D -p -m0644 ${WORKDIR}/${PN}.tar.gz ${DEPLOYDIR}/${PN}.tar.gz
}
do_deploy[depends] += "virtual/kernel:do_deploy"
addtask deploy after do_install
meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno/images-r0.txt
+71
View File
@@ -0,0 +1,71 @@
TITLE: Versatile Express Images Configuration File
[IMAGES]
TOTALIMAGES: 10 ;Number of Images (Max: 32)
NOR0UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR0ADDRESS: 0x00000000 ;Image Flash Address
NOR0FILE: \SOFTWARE\fip.bin ;Image File Name
NOR0LOAD: 00000000 ;Image Load Address
NOR0ENTRY: 00000000 ;Image Entry Point
NOR1UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR1ADDRESS: 0x03EC0000 ;Image Flash Address
NOR1FILE: \SOFTWARE\bl1.bin ;Image File Name
NOR1LOAD: 00000000 ;Image Load Address
NOR1ENTRY: 00000000 ;Image Entry Point
NOR2UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR2ADDRESS: 0x00500000 ;Image Flash Address
NOR2FILE: \SOFTWARE\Image ;Image File Name
NOR2NAME: norkern ;Rename kernel to norkern
NOR2LOAD: 00000000 ;Image Load Address
NOR2ENTRY: 00000000 ;Image Entry Point
NOR3UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR3ADDRESS: 0x03000000 ;Image Flash Address
NOR3FILE: \SOFTWARE\juno.dtb ;Image File Name
NOR3NAME: board.dtb ;Specify target filename to preserve file extension
NOR3LOAD: 00000000 ;Image Load Address
NOR3ENTRY: 00000000 ;Image Entry Point
NOR4UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR4ADDRESS: 0x030C0000 ;Image Flash Address
NOR4FILE: \SOFTWARE\hdlcdclk.dat ;Image File Name
NOR4LOAD: 00000000 ;Image Load Address
NOR4ENTRY: 00000000 ;Image Entry Point
NOR5UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR5ADDRESS: 0x03E40000 ;Image Flash Address
NOR5FILE: \SOFTWARE\scp_bl1.bin ;Image File Name
NOR5LOAD: 00000000 ;Image Load Address
NOR5ENTRY: 00000000 ;Image Entry Point
NOR6UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR6ADDRESS: 0x0BF00000 ;Image Flash Address
NOR6FILE: \SOFTWARE\startup.nsh ;Image File Name
NOR6NAME: startup.nsh
NOR6LOAD: 00000000 ;Image Load Address
NOR6ENTRY: 00000000 ;Image Entry Point
NOR7UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR7ADDRESS: 0x0BFC0000 ;Image Flash Address
NOR7FILE: \SOFTWARE\blank.img ;Image File Name
NOR7NAME: BOOTENV
NOR7LOAD: 00000000 ;Image Load Address
NOR7ENTRY: 00000000 ;Image Entry Point
NOR8UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR8ADDRESS: 0x03100000 ;Image Flash Address
NOR8FILE: \SOFTWARE\selftest ;Image File Name
NOR8LOAD: 00000000 ;Image Load Address
NOR8ENTRY: 00000000 ;Image Entry Point
NOR9UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR9ADDRESS: 0x03180000 ;Image Flash Address
NOR9NAME: uEnv.txt
NOR9FILE: \SOFTWARE\uEnv.txt ;Image File Name
NOR9LOAD: 00000000 ;Image Load Address
NOR9ENTRY: 00000000 ;Image Entry Point
meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno/images-r1.txt
+71
View File
@@ -0,0 +1,71 @@
TITLE: Versatile Express Images Configuration File
[IMAGES]
TOTALIMAGES: 10 ;Number of Images (Max: 32)
NOR0UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR0ADDRESS: 0x00000000 ;Image Flash Address
NOR0FILE: \SOFTWARE\fip.bin ;Image File Name
NOR0LOAD: 00000000 ;Image Load Address
NOR0ENTRY: 00000000 ;Image Entry Point
NOR1UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR1ADDRESS: 0x03EC0000 ;Image Flash Address
NOR1FILE: \SOFTWARE\bl1.bin ;Image File Name
NOR1LOAD: 00000000 ;Image Load Address
NOR1ENTRY: 00000000 ;Image Entry Point
NOR2UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR2ADDRESS: 0x00500000 ;Image Flash Address
NOR2FILE: \SOFTWARE\Image ;Image File Name
NOR2NAME: norkern ;Rename kernel to norkern
NOR2LOAD: 00000000 ;Image Load Address
NOR2ENTRY: 00000000 ;Image Entry Point
NOR3UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR3ADDRESS: 0x03000000 ;Image Flash Address
NOR3FILE: \SOFTWARE\juno-r1.dtb ;Image File Name
NOR3NAME: board.dtb ;Specify target filename to preserve file extension
NOR3LOAD: 00000000 ;Image Load Address
NOR3ENTRY: 00000000 ;Image Entry Point
NOR4UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR4ADDRESS: 0x030C0000 ;Image Flash Address
NOR4FILE: \SOFTWARE\hdlcdclk.dat ;Image File Name
NOR4LOAD: 00000000 ;Image Load Address
NOR4ENTRY: 00000000 ;Image Entry Point
NOR5UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR5ADDRESS: 0x03E40000 ;Image Flash Address
NOR5FILE: \SOFTWARE\scp_bl1.bin ;Image File Name
NOR5LOAD: 00000000 ;Image Load Address
NOR5ENTRY: 00000000 ;Image Entry Point
NOR6UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR6ADDRESS: 0x0BF00000 ;Image Flash Address
NOR6FILE: \SOFTWARE\startup.nsh ;Image File Name
NOR6NAME: startup.nsh
NOR6LOAD: 00000000 ;Image Load Address
NOR6ENTRY: 00000000 ;Image Entry Point
NOR7UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR7ADDRESS: 0x0BFC0000 ;Image Flash Address
NOR7FILE: \SOFTWARE\blank.img ;Image File Name
NOR7NAME: BOOTENV
NOR7LOAD: 00000000 ;Image Load Address
NOR7ENTRY: 00000000 ;Image Entry Point
NOR8UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR8ADDRESS: 0x03100000 ;Image Flash Address
NOR8FILE: \SOFTWARE\selftest ;Image File Name
NOR8LOAD: 00000000 ;Image Load Address
NOR8ENTRY: 00000000 ;Image Entry Point
NOR9UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR9ADDRESS: 0x03180000 ;Image Flash Address
NOR9NAME: uEnv.txt
NOR9FILE: \SOFTWARE\uEnv.txt ;Image File Name
NOR9LOAD: 00000000 ;Image Load Address
NOR9ENTRY: 00000000 ;Image Entry Point
meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno/images-r2.txt
+71
View File
@@ -0,0 +1,71 @@
TITLE: Versatile Express Images Configuration File
[IMAGES]
TOTALIMAGES: 10 ;Number of Images (Max: 32)
NOR0UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR0ADDRESS: 0x00000000 ;Image Flash Address
NOR0FILE: \SOFTWARE\fip.bin ;Image File Name
NOR0LOAD: 00000000 ;Image Load Address
NOR0ENTRY: 00000000 ;Image Entry Point
NOR1UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR1ADDRESS: 0x03EC0000 ;Image Flash Address
NOR1FILE: \SOFTWARE\bl1.bin ;Image File Name
NOR1LOAD: 00000000 ;Image Load Address
NOR1ENTRY: 00000000 ;Image Entry Point
NOR2UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR2ADDRESS: 0x00500000 ;Image Flash Address
NOR2FILE: \SOFTWARE\Image ;Image File Name
NOR2NAME: norkern ;Rename kernel to norkern
NOR2LOAD: 00000000 ;Image Load Address
NOR2ENTRY: 00000000 ;Image Entry Point
NOR3UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR3ADDRESS: 0x03000000 ;Image Flash Address
NOR3FILE: \SOFTWARE\juno-r2.dtb ;Image File Name
NOR3NAME: board.dtb ;Specify target filename to preserve file extension
NOR3LOAD: 00000000 ;Image Load Address
NOR3ENTRY: 00000000 ;Image Entry Point
NOR4UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR4ADDRESS: 0x030C0000 ;Image Flash Address
NOR4FILE: \SOFTWARE\hdlcdclk.dat ;Image File Name
NOR4LOAD: 00000000 ;Image Load Address
NOR4ENTRY: 00000000 ;Image Entry Point
NOR5UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR5ADDRESS: 0x03E40000 ;Image Flash Address
NOR5FILE: \SOFTWARE\scp_bl1.bin ;Image File Name
NOR5LOAD: 00000000 ;Image Load Address
NOR5ENTRY: 00000000 ;Image Entry Point
NOR6UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR6ADDRESS: 0x0BF00000 ;Image Flash Address
NOR6FILE: \SOFTWARE\startup.nsh ;Image File Name
NOR6NAME: startup.nsh
NOR6LOAD: 00000000 ;Image Load Address
NOR6ENTRY: 00000000 ;Image Entry Point
NOR7UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR7ADDRESS: 0x0BFC0000 ;Image Flash Address
NOR7FILE: \SOFTWARE\blank.img ;Image File Name
NOR7NAME: BOOTENV
NOR7LOAD: 00000000 ;Image Load Address
NOR7ENTRY: 00000000 ;Image Entry Point
NOR8UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR8ADDRESS: 0x03100000 ;Image Flash Address
NOR8FILE: \SOFTWARE\selftest ;Image File Name
NOR8LOAD: 00000000 ;Image Load Address
NOR8ENTRY: 00000000 ;Image Entry Point
NOR9UPDATE: AUTO ;Image Update:NONE/AUTO/FORCE
NOR9ADDRESS: 0x03180000 ;Image Flash Address
NOR9NAME: uEnv.txt
NOR9FILE: \SOFTWARE\uEnv.txt ;Image File Name
NOR9LOAD: 00000000 ;Image Load Address
NOR9ENTRY: 00000000 ;Image Entry Point
meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno/uEnv.txt
+11
View File
@@ -0,0 +1,11 @@
uenvcmd=run mybootcmd
mybootcmd=echo Loading custom boot command; \
echo Loading kernel; \
afs load ${kernel_name} ${kernel_addr_r} ; \
if test $? -eq 1; then echo Loading ${kernel_alt_name} instead of ${kernel_name}; afs load ${kernel_alt_name} ${kernel_addr_r}; fi; \
echo Loading device tree; \
afs load ${fdtfile} ${fdt_addr_r}; \
if test $? -eq 1; then echo Loading ${fdt_alt_name} instead of ${fdtfile}; \
afs load ${fdt_alt_name} ${fdt_addr_r}; fi; fdt addr ${fdt_addr_r}; fdt resize; \
booti ${kernel_addr_r} - ${fdt_addr_r};
meta-arm/meta-arm-bsp/recipes-bsp/images/n1sdp-board-firmware_2022.06.22.bb
+37
View File
@@ -0,0 +1,37 @@
SUMMARY = "Board Firmware binaries for N1SDP"
SECTION = "firmware"
LICENSE = "STM-SLA0044-Rev5"
LIC_FILES_CHKSUM = "file://LICENSES/MB/STM.TXT;md5=1b74d8c842307d03c116f2d71cbf868a"
inherit deploy
INHIBIT_DEFAULT_DEPS = "1"
PACKAGE_ARCH = "${MACHINE_ARCH}"
COMPATIBLE_MACHINE = "n1sdp"
SRC_URI = "git://git.gitlab.arm.com/arm-reference-solutions/board-firmware.git;protocol=https;branch=n1sdp"
SRCREV = "70ba494265eee76747faff38264860c19e214540"
PV .= "+git${SRCPV}"
S = "${WORKDIR}/git"
INSTALL_DIR = "/n1sdp-board-firmware_source"
do_install() {
rm -rf ${S}/SOFTWARE
install -d ${D}${INSTALL_DIR}
cp -Rp --no-preserve=ownership ${S}/* ${D}${INSTALL_DIR}
}
FILES:${PN}-staticdev += " ${INSTALL_DIR}/LIB/sensor.a"
FILES:${PN} = "${INSTALL_DIR}"
SYSROOT_DIRS += "${INSTALL_DIR}"
do_deploy() {
install -d ${DEPLOYDIR}${INSTALL_DIR}
cp -Rp --no-preserve=ownership ${S}/* ${DEPLOYDIR}${INSTALL_DIR}
}
addtask deploy after do_install before do_build
meta-arm/meta-arm-bsp/recipes-bsp/images/sdcard-image-n1sdp_0.1.bb
+85
View File
@@ -0,0 +1,85 @@
SUMMARY = "Firmware image recipe for generating SD-Card artifacts."
inherit deploy nopackages
DEPENDS = "trusted-firmware-a \
virtual/control-processor-firmware \
n1sdp-board-firmware"
LICENSE = "MIT"
PACKAGE_ARCH = "${MACHINE_ARCH}"
COMPATIBLE_MACHINE = "n1sdp"
RM_WORK_EXCLUDE += "${PN}"
do_configure[noexec] = "1"
do_compile[noexec] = "1"
do_install[noexec] = "1"
FIRMWARE_DIR = "n1sdp-board-firmware_source"
PRIMARY_DIR = "${WORKDIR}/n1sdp-board-firmware_primary"
SECONDARY_DIR = "${WORKDIR}/n1sdp-board-firmware_secondary"
SOC_BINARIES = "mcp_fw.bin scp_fw.bin mcp_rom.bin scp_rom.bin"
prepare_package() {
cd ${WORKDIR}
# Master/Primary
cp -av ${RECIPE_SYSROOT}/${FIRMWARE_DIR}/* ${PRIMARY_DIR}
mkdir -p ${PRIMARY_DIR}/SOFTWARE/
# Copy FIP binary
cp -v ${RECIPE_SYSROOT}/firmware/fip.bin ${PRIMARY_DIR}/SOFTWARE/
# Copy SOC binaries
for f in ${SOC_BINARIES}; do
cp -v ${RECIPE_SYSROOT}/firmware/${f} ${PRIMARY_DIR}/SOFTWARE/
done
sed -i -e 's|^C2C_ENABLE.*|C2C_ENABLE: TRUE ;C2C enable TRUE/FALSE|' \
${PRIMARY_DIR}/MB/HBI0316A/io_v123f.txt
sed -i -e 's|^C2C_SIDE.*|C2C_SIDE: MASTER ;C2C side SLAVE/MASTER|' \
${PRIMARY_DIR}/MB/HBI0316A/io_v123f.txt
sed -i -e 's|.*SOCCON: 0x1170.*PLATFORM_CTRL.*|SOCCON: 0x1170 0x00000100 ;SoC SCC PLATFORM_CTRL|' \
${PRIMARY_DIR}/MB/HBI0316A/io_v123f.txt
# Update load address for trusted boot
sed -i -e '/^IMAGE4ADDRESS:/ s|0x60200000|0x64200000|' ${PRIMARY_DIR}/MB/HBI0316A/images.txt
sed -i -e '/^IMAGE4UPDATE:/ s|FORCE |SCP_AUTO|' ${PRIMARY_DIR}/MB/HBI0316A/images.txt
sed -i -e '/^IMAGE4FILE: \\SOFTWARE\\/s|uefi.bin|fip.bin |' ${PRIMARY_DIR}/MB/HBI0316A/images.txt
# Slave/Secondary
cp -av ${RECIPE_SYSROOT}/${FIRMWARE_DIR}/* ${SECONDARY_DIR}
mkdir -p ${SECONDARY_DIR}/SOFTWARE/
# Copy SOC binaries
for f in ${SOC_BINARIES}; do
cp -v ${RECIPE_SYSROOT}/firmware/${f} ${SECONDARY_DIR}/SOFTWARE/
done
sed -i -e 's|^C2C_ENABLE.*|C2C_ENABLE: TRUE ;C2C enable TRUE/FALSE|' \
${SECONDARY_DIR}/MB/HBI0316A/io_v123f.txt
sed -i -e 's|^C2C_SIDE.*|C2C_SIDE: SLAVE ;C2C side SLAVE/MASTER|' \
${SECONDARY_DIR}/MB/HBI0316A/io_v123f.txt
sed -i -e 's|.*SOCCON: 0x1170.*PLATFORM_CTRL.*|SOCCON: 0x1170 0x00000101 ;SoC SCC PLATFORM_CTRL|' \
${SECONDARY_DIR}/MB/HBI0316A/io_v123f.txt
sed -i -e '/^TOTALIMAGES:/ s|5|4|' ${SECONDARY_DIR}/MB/HBI0316A/images.txt
sed -i -e 's|^IMAGE4|;&|' ${SECONDARY_DIR}/MB/HBI0316A/images.txt
}
do_deploy() {
# prepare Master & Slave packages
prepare_package
for dir in ${PRIMARY_DIR} ${SECONDARY_DIR}; do
dir_name=$(basename ${dir})
mkdir -p ${D}/${dir_name}
cp -av ${dir} ${D}
# Compress the files
tar -C ${D}/${dir_name} -zcvf ${DEPLOYDIR}/${dir_name}.tar.gz ./
done
}
do_deploy[dirs] += "${PRIMARY_DIR} ${SECONDARY_DIR}"
do_deploy[cleandirs] += "${PRIMARY_DIR} ${SECONDARY_DIR}"
do_deploy[umask] = "022"
addtask deploy after do_prepare_recipe_sysroot
meta-arm/meta-arm-bsp/recipes-bsp/images/tc-artifacts-image.bb
+14
View File
@@ -0,0 +1,14 @@
# SPDX-License-Identifier: Apache-2.0
#
# Copyright (c) 2020 Arm Limited
#
SUMMARY = "Total Compute Images"
DESCRIPTION = "Build all the images required for Total Compute platform"
LICENSE = "Apache-2.0"
COMPATIBLE_MACHINE = "(tc?)"
inherit nopackages
# The last image to be built is trusted-firmware-a
DEPENDS += " trusted-firmware-a"
meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-juno.inc
+15
View File
@@ -0,0 +1,15 @@
# juno specific SCP configuration
COMPATIBLE_MACHINE = "juno"
FW_TARGETS = "scp"
FW_INSTALL:append = " romfw_bypass"
do_install:append() {
for TYPE in ${FW_INSTALL}; do
if [ "$TYPE" = "romfw_bypass" ]; then
install -D "${B}/${TYPE}/${FW_TARGETS}/bin/${SCP_PLATFORM}-bl1-bypass.bin" "${D}/firmware/${FW}_${TYPE}.bin"
install -D "${B}/${TYPE}/${FW_TARGETS}/bin/${SCP_PLATFORM}-bl1-bypass.elf" "${D}/firmware/${FW}_${TYPE}.elf"
fi
done
}
meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc
+35
View File
@@ -0,0 +1,35 @@
# N1SDP specific SCP configurations and build instructions
COMPATIBLE_MACHINE:n1sdp = "n1sdp"
SCP_LOG_LEVEL = "INFO"
DEPENDS += "fiptool-native"
DEPENDS += "trusted-firmware-a"
DEPENDS += "n1sdp-board-firmware"
# The n1sdp sensor library is needed for building SCP N1SDP Platform
# https://github.com/ARM-software/SCP-firmware/tree/master/product/n1sdp
EXTRA_OECMAKE:append = " \
-DSCP_N1SDP_SENSOR_LIB_PATH=${RECIPE_SYSROOT}/n1sdp-board-firmware_source/LIB/sensor.a \
"
do_install:append() {
fiptool \
create \
--scp-fw "${D}/firmware/scp_ramfw.bin" \
--blob uuid=cfacc2c4-15e8-4668-82be-430a38fad705,file="${RECIPE_SYSROOT}/firmware/bl1.bin" \
"scp_fw.bin"
# This UUID is FIP_UUID_MCP_BL2 in SCP-Firmware.
fiptool \
create \
--blob uuid=54464222-a4cf-4bf8-b1b6-cee7dade539e,file="${D}/firmware/mcp_ramfw.bin" \
"mcp_fw.bin"
install "scp_fw.bin" "${D}/firmware/scp_fw.bin"
install "mcp_fw.bin" "${D}/firmware/mcp_fw.bin"
ln -sf "scp_romfw.bin" "${D}/firmware/scp_rom.bin"
ln -sf "mcp_romfw.bin" "${D}/firmware/mcp_rom.bin"
}
meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc
+5
View File
@@ -0,0 +1,5 @@
# SGI575 specific SCP configurations and build instructions
COMPATIBLE_MACHINE:sgi575 = "sgi575"
SCP_LOG_LEVEL = "INFO"
meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc
+5
View File
@@ -0,0 +1,5 @@
# TC specific SCP configuration
COMPATIBLE_MACHINE = "(tc1)"
FW_TARGETS = "scp"
meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware_%.bbappend
+10
View File
@@ -0,0 +1,10 @@
# Include machine specific SCP configurations
MACHINE_SCP_REQUIRE ?= ""
MACHINE_SCP_REQUIRE:juno = "scp-firmware-juno.inc"
MACHINE_SCP_REQUIRE:n1sdp = "scp-firmware-n1sdp.inc"
MACHINE_SCP_REQUIRE:sgi575 = "scp-firmware-sgi575.inc"
MACHINE_SCP_REQUIRE:tc = "scp-firmware-tc.inc"
require ${MACHINE_SCP_REQUIRE}
meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch
+34
View File
@@ -0,0 +1,34 @@
Upstream-Status: Inappropriate
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
From a31aee0988ef64724ec5866f10709f51f8cb3237 Mon Sep 17 00:00:00 2001
From: emeara01 <emekcan.aras@arm.com>
Date: Wed, 11 May 2022 14:37:06 +0100
Subject: [PATCH] Fix FF-A version in SPMC manifest
OPTEE does not support FF-A version 1.1 in SPMC at the moment.
This commit corrects the FF-A version in corstone1000_spmc_manifest.dts.
This patch will not be upstreamed and will be dropped once
OPTEE version is updated for Corstone1000.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
---
.../corstone1000/common/fdts/corstone1000_spmc_manifest.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts b/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts
index 8e49ab83f..5baa1b115 100644
--- a/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts
+++ b/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts
@@ -20,7 +20,7 @@
attribute {
spmc_id = <0x8000>;
maj_ver = <0x1>;
- min_ver = <0x1>;
+ min_ver = <0x0>;
exec_state = <0x0>;
load_address = <0x0 0x2002000>;
entrypoint = <0x0 0x2002000>;
--
2.17.1
meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch
+167
View File
@@ -0,0 +1,167 @@
From 360aa32846a97e775750e06865d462c6258179fa Mon Sep 17 00:00:00 2001
From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Date: Mon, 9 Jan 2023 13:59:06 +0000
Subject: [PATCH] feat(corstone1000): bl2 loads fip based on metadata
Previously bl2 was reading the boot_index directly with a hard coded
address and then set the fip image spec with fip offsets base based on
the boot_index value.
This commit removes this logic and rely on PSA_FWU_SUPPORT
which reads the fip partition based on the active firmware bank written in
metadata.
Note: fip partition contains signature area at the begining. Hence, the fip
image starts at fip partition + fip signature area size.
Upstream-Status: Pending
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
%% original patch: 0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch
---
bl2/bl2_main.c | 4 +++
.../corstone1000/common/corstone1000_plat.c | 32 ++++++-------------
.../common/include/platform_def.h | 12 +++----
tools/cert_create/Makefile | 4 +--
tools/fiptool/Makefile | 4 +--
5 files changed, 24 insertions(+), 32 deletions(-)
diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c
index 5da803795..f25dc3029 100644
--- a/bl2/bl2_main.c
+++ b/bl2/bl2_main.c
@@ -86,6 +86,10 @@ void bl2_main(void)
/* Perform remaining generic architectural setup in S-EL1 */
bl2_arch_setup();
+#if ARM_GPT_SUPPORT
+ partition_init(GPT_IMAGE_ID);
+#endif
+
#if PSA_FWU_SUPPORT
fwu_init();
#endif /* PSA_FWU_SUPPORT */
diff --git a/plat/arm/board/corstone1000/common/corstone1000_plat.c b/plat/arm/board/corstone1000/common/corstone1000_plat.c
index 0235f8b84..7f9708a82 100644
--- a/plat/arm/board/corstone1000/common/corstone1000_plat.c
+++ b/plat/arm/board/corstone1000/common/corstone1000_plat.c
@@ -33,36 +33,17 @@ const mmap_region_t plat_arm_mmap[] = {
static void set_fip_image_source(void)
{
const struct plat_io_policy *policy;
- /*
- * metadata for firmware update is written at 0x0000 offset of the flash.
- * PLAT_ARM_BOOT_BANK_FLAG contains the boot bank that TF-M is booted.
- * As per firmware update spec, at a given point of time, only one bank
- * is active. This means, TF-A should boot from the same bank as TF-M.
- */
- volatile uint32_t *boot_bank_flag = (uint32_t *)(PLAT_ARM_BOOT_BANK_FLAG);
-
- if (*boot_bank_flag > 1) {
- VERBOSE("Boot_bank is set higher than possible values");
- }
-
- VERBOSE("Boot bank flag = %u.\n\r", *boot_bank_flag);
policy = FCONF_GET_PROPERTY(arm, io_policies, FIP_IMAGE_ID);
assert(policy != NULL);
assert(policy->image_spec != 0UL);
+ /* FIP Partition contains Signature area at the begining which TF-A doesn't expect */
io_block_spec_t *spec = (io_block_spec_t *)policy->image_spec;
+ spec->offset += FIP_SIGNATURE_AREA_SIZE;
+ spec->length -= FIP_SIGNATURE_AREA_SIZE;
- if ((*boot_bank_flag) == 0) {
- VERBOSE("Booting from bank 0: fip offset = 0x%lx\n\r",
- PLAT_ARM_FIP_BASE_BANK0);
- spec->offset = PLAT_ARM_FIP_BASE_BANK0;
- } else {
- VERBOSE("Booting from bank 1: fip offset = 0x%lx\n\r",
- PLAT_ARM_FIP_BASE_BANK1);
- spec->offset = PLAT_ARM_FIP_BASE_BANK1;
- }
}
void bl2_platform_setup(void)
@@ -75,6 +56,13 @@ void bl2_platform_setup(void)
set_fip_image_source();
}
+void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1,
+ u_register_t arg2, u_register_t arg3)
+{
+ arm_bl2_early_platform_setup((uintptr_t)arg0, (meminfo_t *)arg1);
+ NOTICE("CS1k: early at bl2_platform_setup\n");
+}
+
/* corstone1000 only has one always-on power domain and there
* is no power control present
*/
diff --git a/plat/arm/board/corstone1000/common/include/platform_def.h b/plat/arm/board/corstone1000/common/include/platform_def.h
index 584d485f3..0bfab05a4 100644
--- a/plat/arm/board/corstone1000/common/include/platform_def.h
+++ b/plat/arm/board/corstone1000/common/include/platform_def.h
@@ -173,16 +173,16 @@
/* NOR Flash */
-#define PLAT_ARM_BOOT_BANK_FLAG UL(0x08002000)
-#define PLAT_ARM_FIP_BASE_BANK0 UL(0x081EF000)
-#define PLAT_ARM_FIP_BASE_BANK1 UL(0x0916F000)
-#define PLAT_ARM_FIP_MAX_SIZE UL(0x1ff000) /* 1.996 MB */
-
#define PLAT_ARM_NVM_BASE V2M_FLASH0_BASE
#define PLAT_ARM_NVM_SIZE (SZ_32M) /* 32 MB */
+#define PLAT_ARM_FIP_MAX_SIZE UL(0x1ff000) /* 1.996 MB */
-#define PLAT_ARM_FLASH_IMAGE_BASE PLAT_ARM_FIP_BASE_BANK0
+#define PLAT_ARM_FLASH_IMAGE_BASE UL(0x08000000)
#define PLAT_ARM_FLASH_IMAGE_MAX_SIZE PLAT_ARM_FIP_MAX_SIZE
+#define PLAT_ARM_FIP_OFFSET_IN_GPT (0x86000)
+
+/* FIP Information */
+#define FIP_SIGNATURE_AREA_SIZE (0x1000) /* 4 KB */
/*
* Some data must be aligned on the biggest cache line size in the platform.
diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
index ca548b836..32b5486a0 100644
--- a/tools/cert_create/Makefile
+++ b/tools/cert_create/Makefile
@@ -69,8 +69,8 @@ INC_DIR += -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include
# directory. However, for a local build of OpenSSL, the built binaries are
# located under the main project directory (i.e.: ${OPENSSL_DIR}, not
# ${OPENSSL_DIR}/lib/).
-LIB_DIR := -L ${OPENSSL_DIR}/lib -L ${OPENSSL_DIR}
-LIB := -lssl -lcrypto
+LIB_DIR := -L ${OPENSSL_DIR}/lib -L ${OPENSSL_DIR} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS}
+LIB := -lssl -lcrypto ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS}
HOSTCC ?= gcc
diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
index e6aeba95b..7c047479e 100644
--- a/tools/fiptool/Makefile
+++ b/tools/fiptool/Makefile
@@ -29,7 +29,7 @@ endif
# directory. However, for a local build of OpenSSL, the built binaries are
# located under the main project directory (i.e.: ${OPENSSL_DIR}, not
# ${OPENSSL_DIR}/lib/).
-LDLIBS := -L${OPENSSL_DIR}/lib -L${OPENSSL_DIR} -lcrypto
+LDLIBS := -L${OPENSSL_DIR}/lib -L${OPENSSL_DIR} -lcrypto ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS}
ifeq (${V},0)
Q := @
@@ -37,7 +37,7 @@ else
Q :=
endif
-INCLUDE_PATHS := -I../../include/tools_share -I${OPENSSL_DIR}/include
+INCLUDE_PATHS := -I../../include/tools_share -I${OPENSSL_DIR}/include ${BUILD_CFLAGS} ${BUILD_CFLAGS} ${BUILD_CFLAGS} ${BUILD_CFLAGS} ${BUILD_CFLAGS} ${BUILD_CFLAGS}
HOSTCC ?= gcc
--
2.25.1
meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/generate_metadata.py
+63
View File
@@ -0,0 +1,63 @@
#!/usr/bin/env python3
# Copyright (c) 2021, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
import argparse
import uuid
import zlib
def main(metadata_file, img_type_uuids, location_uuids, img_uuids):
def add_field_to_metadata(value):
# Write the integer values to file in little endian representation
with open(metadata_file, "ab") as fp:
fp.write(value.to_bytes(4, byteorder='little'))
def add_uuid_to_metadata(uuid_str):
# Validate UUID string and write to file in little endian representation
uuid_val = uuid.UUID(uuid_str)
with open(metadata_file, "ab") as fp:
fp.write(uuid_val.bytes_le)
# Fill metadata preamble
add_field_to_metadata(1) #version=1
add_field_to_metadata(0) #active_index=0
add_field_to_metadata(0) #previous_active_index=0
for img_type_uuid, location_uuid in zip(img_type_uuids, location_uuids):
# Fill metadata image entry
add_uuid_to_metadata(img_type_uuid) # img_type_uuid
add_uuid_to_metadata(location_uuid) # location_uuid
for img_uuid in img_uuids:
# Fill metadata bank image info
add_uuid_to_metadata(img_uuid) # image unique bank_uuid
add_field_to_metadata(1) # accepted=1
add_field_to_metadata(0) # reserved (MBZ)
# Prepend CRC32
with open(metadata_file, 'rb+') as fp:
content = fp.read()
crc = zlib.crc32(content)
fp.seek(0)
fp.write(crc.to_bytes(4, byteorder='little') + content)
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument('--metadata_file', required=True,
help='Output binary file to store the metadata')
parser.add_argument('--img_type_uuids', type=str, nargs='+', required=True,
help='A list of UUIDs identifying the image types')
parser.add_argument('--location_uuids', type=str, nargs='+', required=True,
help='A list of UUIDs of the storage volumes where the images are located. '
'Must have the same length as img_type_uuids.')
parser.add_argument('--img_uuids', type=str, nargs='+', required=True,
help='A list UUIDs of the images in a firmware bank')
args = parser.parse_args()
if len(args.img_type_uuids) != len(args.location_uuids):
parser.print_help()
raise argparse.ArgumentError(None, 'Arguments img_type_uuids and location_uuids must have the same length.')
main(args.metadata_file, args.img_type_uuids, args.location_uuids, args.img_uuids)
meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bbappend
+4
View File
@@ -0,0 +1,4 @@
# Machine specific TFAs
COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
SRCREV:corstone1000 = "5f591f67738a1bbe6b262c53d9dad46ed8bbcd67"
meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
+47
View File
@@ -0,0 +1,47 @@
# Corstone1000 64-bit machines specific TFA support
COMPATIBLE_MACHINE = "(corstone1000)"
FILESEXTRAPATHS:prepend := "${THISDIR}/files/corstone1000:"
SRC_URI:append = " \
file://0001-Fix-FF-A-version-in-SPMC-manifest.patch \
file://0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch \
"
#Sets TF-A version to 2.8.0
SRCREV_tfa = "9881bb93a3bc0a3ea37e9f093e09ab4b360a9e48"
PV = "2.8.0"
TFA_DEBUG = "1"
TFA_UBOOT ?= "1"
TFA_MBEDTLS = "1"
TFA_BUILD_TARGET = "bl2 bl31 fip"
# Enabling Secure-EL1 Payload Dispatcher (SPD)
TFA_SPD = "spmd"
# Cortex-A35 supports Armv8.0-A (no S-EL2 execution state).
# So, the SPD SPMC component should run at the S-EL1 execution state
TFA_SPMD_SPM_AT_SEL2 = "0"
# BL2 loads BL32 (optee). So, optee needs to be built first:
DEPENDS += "optee-os"
EXTRA_OEMAKE:append = " \
ARCH=aarch64 \
TARGET_PLATFORM=${TFA_TARGET_PLATFORM} \
ENABLE_STACK_PROTECTOR=strong \
ENABLE_PIE=1 \
BL2_AT_EL3=1 \
CREATE_KEYS=1 \
GENERATE_COT=1 \
TRUSTED_BOARD_BOOT=1 \
ARM_GPT_SUPPORT=1 \
PSA_FWU_SUPPORT=1 \
NR_OF_IMAGES_IN_FW_BANK=4 \
COT=tbbr \
ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
BL32=${RECIPE_SYSROOT}/lib/firmware/tee-pager_v2.bin \
LOG_LEVEL=50 \
"
meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone500.inc
+17
View File
@@ -0,0 +1,17 @@
# Corstone-500 specific TFA support
COMPATIBLE_MACHINE = "corstone500"
TFA_PLATFORM = "a5ds"
TFA_DEBUG = "1"
TFA_UBOOT = "1"
TFA_BUILD_TARGET = "all fip"
TFA_INSTALL_TARGET = "bl1.bin fip.bin"
EXTRA_OEMAKE:append = " \
ARCH=aarch32 \
FVP_HW_CONFIG_DTS=fdts/a5ds.dts \
ARM_ARCH_MAJOR=7 \
AARCH32_SP=sp_min \
ARM_CORTEX_A5=yes \
ARM_XLAT_TABLES_LIB_V1=1 \
"
meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp.inc
+12
View File
@@ -0,0 +1,12 @@
# FVP specific TFA parameters
#
# Armv8-A Base Platform FVP
#
COMPATIBLE_MACHINE = "fvp-base"
TFA_PLATFORM = "fvp"
TFA_DEBUG = "1"
TFA_MBEDTLS = "1"
TFA_UBOOT ?= "1"
TFA_BUILD_TARGET = "bl1 bl2 bl31 dtbs fip"
meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-juno.inc
+13
View File
@@ -0,0 +1,13 @@
# Juno specific TFA support
COMPATIBLE_MACHINE = "juno"
TFA_PLATFORM = "juno"
TFA_DEBUG = "1"
TFA_MBEDTLS = "1"
TFA_UBOOT ?= "1"
TFA_BUILD_TARGET = "bl1 bl2 bl31 dtbs fip"
# Juno needs the System Control Processor Firmware
DEPENDS += "virtual/control-processor-firmware"
EXTRA_OEMAKE:append = " SCP_BL2=${RECIPE_SYSROOT}/firmware/scp_ramfw.bin"
meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc
+31
View File
@@ -0,0 +1,31 @@
# N1SDP specific TFA support
COMPATIBLE_MACHINE = "n1sdp"
TFA_PLATFORM = "n1sdp"
TFA_BUILD_TARGET = "all fip"
TFA_INSTALL_TARGET = "bl1 bl2 bl31 n1sdp-multi-chip n1sdp-single-chip n1sdp_fw_config n1sdp_tb_fw_config fip"
TFA_DEBUG = "1"
TFA_MBEDTLS = "1"
TFA_UBOOT = "0"
TFA_UEFI = "1"
TFA_ROT_KEY= "plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem"
# Enabling Secure-EL1 Payload Dispatcher (SPD)
TFA_SPD = "spmd"
# Cortex-A35 supports Armv8.0-A (no S-EL2 execution state).
# So, the SPD SPMC component should run at the S-EL1 execution state
TFA_SPMD_SPM_AT_SEL2 = "0"
# BL2 loads BL32 (optee). So, optee needs to be built first:
DEPENDS += "optee-os"
EXTRA_OEMAKE:append = "\
TRUSTED_BOARD_BOOT=1 \
GENERATE_COT=1 \
CREATE_KEYS=1 \
ARM_ROTPK_LOCATION="devel_rsa" \
ROT_KEY="${TFA_ROT_KEY}" \
BL32=${RECIPE_SYSROOT}/lib/firmware/tee-pager_v2.bin \
BL33=${RECIPE_SYSROOT}/firmware/uefi.bin \
"
meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-sgi575.inc
+13
View File
@@ -0,0 +1,13 @@
# SGI575 specific TFA support
COMPATIBLE_MACHINE = "sgi575"
TFA_PLATFORM = "sgi575"
TFA_BUILD_TARGET = "all fip"
TFA_INSTALL_TARGET = "bl1 fip"
TFA_DEBUG = "1"
TFA_MBEDTLS = "1"
TFA_UBOOT = "0"
TFA_UEFI = "1"
EXTRA_OEMAKE += "TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem"
meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-tc.inc
+134
View File
@@ -0,0 +1,134 @@
# TC0 specific TFA configuration
DEPENDS += "scp-firmware util-linux-native gptfdisk-native"
FILESEXTRAPATHS:prepend := "${THISDIR}/files/tc:"
SRC_URI:append = " \
file://generate_metadata.py \
"
COMPATIBLE_MACHINE = "(tc?)"
TFA_PLATFORM = "tc"
TFA_BUILD_TARGET = "all fip"
TFA_UBOOT = "1"
TFA_INSTALL_TARGET = "bl1 fip"
TFA_MBEDTLS = "1"
TFA_DEBUG = "1"
TFA_SPD = "spmd"
TFA_SPMD_SPM_AT_SEL2 = "1"
TFA_TARGET_PLATFORM:tc0 = "0"
TFA_TARGET_PLATFORM:tc1 = "1"
EXTRA_OEMAKE += "TARGET_PLATFORM=${TFA_TARGET_PLATFORM}"
# Set optee as SP. Set spmc manifest and sp layout file to optee
DEPENDS += "optee-os"
TFA_SP_LAYOUT_FILE = "${RECIPE_SYSROOT}/lib/firmware/sp_layout.json"
TFA_ARM_SPMC_MANIFEST_DTS = "plat/arm/board/tc/fdts/tc_spmc_optee_sp_manifest.dts"
EXTRA_OEMAKE += "SCP_BL2=${RECIPE_SYSROOT}/firmware/scp_ramfw.bin"
EXTRA_OEMAKE += "TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem"
EXTRA_OEMAKE += "PSA_FWU_SUPPORT=1 ARM_GPT_SUPPORT=1"
EXTRA_OEMAKE += "CTX_INCLUDE_MTE_REGS=1"
do_generate_gpt() {
gpt_image="${BUILD_DIR}/fip_gpt.bin"
fip_bin="${BUILD_DIR}/fip.bin"
# the FIP partition type is not standardized, so generate one
fip_type_uuid=`uuidgen --sha1 --namespace @dns --name "fip_type_uuid"`
# metadata partition type UUID, specified by the document:
# Platform Security Firmware Update for the A-profile Arm Architecture
# version: 1.0BET0
metadata_type_uuid="8a7a84a0-8387-40f6-ab41-a8b9a5a60d23"
location_uuid=`uuidgen`
FIP_A_uuid=`uuidgen`
FIP_B_uuid=`uuidgen`
# maximum FIP size 4MB. This is the current size of the FIP rounded up to an integer number of MB.
fip_max_size=4194304
fip_bin_size=$(stat -c %s $fip_bin)
if [ $fip_max_size -lt $fip_bin_size ]; then
bberror "FIP binary ($fip_bin_size bytes) is larger than the GPT partition ($fip_max_size bytes)"
fi
# maximum metadata size 512B. This is the current size of the metadata rounded up to an integer number of sectors.
metadata_max_size=512
metadata_file="${BUILD_DIR}/metadata.bin"
python3 ${WORKDIR}/generate_metadata.py --metadata_file $metadata_file \
--img_type_uuids $fip_type_uuid \
--location_uuids $location_uuid \
--img_uuids $FIP_A_uuid $FIP_B_uuid
# create GPT image. The GPT contains 2 FIP partitions: FIP_A and FIP_B, and 2 metadata partitions: FWU-Metadata and Bkup-FWU-Metadata.
# the GPT layout is the following:
# -----------------------
# Protective MBR
# -----------------------
# Primary GPT Header
# -----------------------
# FIP_A
# -----------------------
# FIP_B
# -----------------------
# FWU-Metadata
# -----------------------
# Bkup-FWU-Metadata
# -----------------------
# Secondary GPT Header
# -----------------------
sector_size=512
gpt_header_size=33 # valid only for 512-byte sectors
num_sectors_fip=`expr $fip_max_size / $sector_size`
num_sectors_metadata=`expr $metadata_max_size / $sector_size`
start_sector_1=`expr 1 + $gpt_header_size` # size of MBR is 1 sector
start_sector_2=`expr $start_sector_1 + $num_sectors_fip`
start_sector_3=`expr $start_sector_2 + $num_sectors_fip`
start_sector_4=`expr $start_sector_3 + $num_sectors_metadata`
num_sectors_gpt=`expr $start_sector_4 + $num_sectors_metadata + $gpt_header_size`
gpt_size=`expr $num_sectors_gpt \* $sector_size`
# create raw image
dd if=/dev/zero of=$gpt_image bs=$gpt_size count=1
# create the GPT layout
sgdisk $gpt_image \
--set-alignment 1 \
--disk-guid $location_uuid \
\
--new 1:$start_sector_1:+$num_sectors_fip \
--change-name 1:FIP_A \
--typecode 1:$fip_type_uuid \
--partition-guid 1:$FIP_A_uuid \
\
--new 2:$start_sector_2:+$num_sectors_fip \
--change-name 2:FIP_B \
--typecode 2:$fip_type_uuid \
--partition-guid 2:$FIP_B_uuid \
\
--new 3:$start_sector_3:+$num_sectors_metadata \
--change-name 3:FWU-Metadata \
--typecode 3:$metadata_type_uuid \
\
--new 4:$start_sector_4:+$num_sectors_metadata \
--change-name 4:Bkup-FWU-Metadata \
--typecode 4:$metadata_type_uuid
# populate the GPT partitions
dd if=$fip_bin of=$gpt_image bs=$sector_size seek=$start_sector_1 count=$num_sectors_fip conv=notrunc
dd if=$fip_bin of=$gpt_image bs=$sector_size seek=$start_sector_2 count=$num_sectors_fip conv=notrunc
dd if=$metadata_file of=$gpt_image bs=$sector_size seek=$start_sector_3 count=$num_sectors_metadata conv=notrunc
dd if=$metadata_file of=$gpt_image bs=$sector_size seek=$start_sector_4 count=$num_sectors_metadata conv=notrunc
}
addtask do_generate_gpt after do_compile before do_install
do_install:append() {
install -m 0644 ${BUILD_DIR}/fip_gpt.bin ${D}/firmware/fip_gpt-tc.bin
ln -sf fip_gpt-tc.bin ${D}/firmware/fip_gpt.bin
}
meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend
+14
View File
@@ -0,0 +1,14 @@
FILESEXTRAPATHS:prepend := "${THISDIR}/files/:"
# Machine specific TFAs
MACHINE_TFA_REQUIRE ?= ""
MACHINE_TFA_REQUIRE:corstone500 = "trusted-firmware-a-corstone500.inc"
MACHINE_TFA_REQUIRE:corstone1000 = "trusted-firmware-a-corstone1000.inc"
MACHINE_TFA_REQUIRE:fvp-base = "trusted-firmware-a-fvp.inc"
MACHINE_TFA_REQUIRE:juno = "trusted-firmware-a-juno.inc"
MACHINE_TFA_REQUIRE:n1sdp = "trusted-firmware-a-n1sdp.inc"
MACHINE_TFA_REQUIRE:sgi575 = "trusted-firmware-a-sgi575.inc"
MACHINE_TFA_REQUIRE:tc = "trusted-firmware-a-tc.inc"
require ${MACHINE_TFA_REQUIRE}

Some files were not shown because too many files have changed in this diff Show More