diff options
author | Maxim Uvarov <maxim.uvarov@linaro.org> | 2021-10-15 10:26:25 +0100 |
---|---|---|
committer | Maxim Uvarov <maxim.uvarov@linaro.org> | 2021-10-15 10:26:25 +0100 |
commit | 7c9b62f052e0d322bd4420a816c37747264bff1d (patch) | |
tree | c0ac02312fc8be4161d4e572676fe78277496b27 |
initial commit
Initial commit to split out meta-ledge-bsp from meta-ledge
repo.
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
39 files changed, 2653 insertions, 0 deletions
diff --git a/conf/layer.conf b/conf/layer.conf new file mode 100644 index 0000000..4bc70de --- /dev/null +++ b/conf/layer.conf @@ -0,0 +1,14 @@ +# We might have a conf and classes directory, append to BBPATH +BBPATH .= ":${LAYERDIR}" + +# We have a recipes directory, add to BBFILES +BBFILES += "${LAYERDIR}/recipes*/*/*.bb ${LAYERDIR}/recipes*/*/*.bbappend" + +BBFILE_COLLECTIONS += "meta-trusted-substrate" +BBFILE_PATTERN_meta-trusted-substrate := "^${LAYERDIR}/" +BBFILE_PRIORITY_meta-trusted-substrate = "9" + +# This should only be incremented on significant changes that will +# cause compatibility issues with other layers +LAYERVERSION_meta-trusted-substrate = "1" +LAYERSERIES_COMPAT_meta-trusted-substrate = "hardknott gatesgarth" diff --git a/conf/machine/ledge-qemuarm.conf b/conf/machine/ledge-qemuarm.conf new file mode 100644 index 0000000..2a9f884 --- /dev/null +++ b/conf/machine/ledge-qemuarm.conf @@ -0,0 +1,25 @@ +#@TYPE: Machine +#@NAME: generic armv7a machine +#@DESCRIPTION: Machine configuration for running a generic armv7 + +require conf/machine/include/arm/arch-armv7a.inc +require conf/machine/include/ledge-qemu-common.inc + +OPTEEMACHINE = "vexpress-qemu_virt" +OPTEEOUTPUTMACHINE = "vexpress" + +MACHINE_FEATURES += "optee" +MACHINE_FEATURES += "tpm2" +MACHINE_FEATURES += "ftpm" + +PREFERRED_PROVIDER_virtual/bootloader = "u-boot-ledge" +UBOOT_CONFIG = "basic" +UBOOT_DEVICETREE = "qemu_arm.dtb" +UBOOT_CONFIG[basic] = "ledge-qemuarm_defconfig,,u-boot.bin" +EXTRA_IMAGEDEPENDS_append = " virtual/bootloader " + +MACHINE_EXTRA_RDEPENDS += " \ + optee-os \ + trusted-firmware-a-ledge \ + edk2-efi-prebuild-fw \ + " diff --git a/conf/machine/ledge-qemuarm64.conf b/conf/machine/ledge-qemuarm64.conf new file mode 100644 index 0000000..792d54d --- /dev/null +++ b/conf/machine/ledge-qemuarm64.conf @@ -0,0 +1,25 @@ +#@TYPE: Machine +#@NAME: generic armv8 machine +#@DESCRIPTION: Machine configuration for running a generic armv8 + +require conf/machine/include/arm/arch-armv8a.inc +require conf/machine/include/qemu.inc + +OPTEEMACHINE = "vexpress-qemu_armv8a" +OPTEEOUTPUTMACHINE = "vexpress" + +MACHINE_FEATURES += "optee" +MACHINE_FEATURES += "tpm2" +MACHINE_FEATURES += "ftpm" + +PREFERRED_PROVIDER_virtual/bootloader = "u-boot-ledge" +UBOOT_CONFIG = "basic" +UBOOT_DEVICETREE = "qemu_arm64.dtb" +UBOOT_CONFIG[basic] = "ledge-qemuarm64_defconfig,,u-boot.bin" +EXTRA_IMAGEDEPENDS_append = " virtual/bootloader" + +MACHINE_EXTRA_RDEPENDS += " \ + optee-os \ + trusted-firmware-a-ledge \ + edk2-efi-prebuild-fw \ + " diff --git a/conf/machine/ledge-qemux86-64.conf b/conf/machine/ledge-qemux86-64.conf new file mode 100644 index 0000000..9f491e2 --- /dev/null +++ b/conf/machine/ledge-qemux86-64.conf @@ -0,0 +1,25 @@ +#@TYPE: Machine +#@NAME: common_pc +#@DESCRIPTION: Machine configuration for running a common x86 + +# Define specific familly common machine name +MACHINEOVERRIDES .= ":ledgecommon" + +require conf/machine/include/qemu.inc +DEFAULTTUNE ?= "core2-64" +require conf/machine/include/tune-core2.inc +require conf/machine/include/qemuboot-x86.inc + +UBOOT_MACHINE ?= "qemu-x86_64_defconfig" + +SERIAL_CONSOLES ?= "115200;ttyS0 115200;ttyS1" + + +MACHINE_FEATURES += "x86 pci" +MACHINE_FEATURES += "pcbios efi" + +MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "v86d" + +MACHINE_EXTRA_RDEPENDS += " \ + edk2-efi-prebuild-fw \ + " diff --git a/conf/machine/ledge-stm32mp157c-dk2.conf b/conf/machine/ledge-stm32mp157c-dk2.conf new file mode 100644 index 0000000..05a7e90 --- /dev/null +++ b/conf/machine/ledge-stm32mp157c-dk2.conf @@ -0,0 +1,23 @@ +include conf/machine/include/tune-cortexa7.inc + +DEFAULTTUNE = "cortexa7thf-neon-vfpv4" + +KERNEL_DEVICETREE = "stm32mp157c-dk2.dtb" +SERIAL_CONSOLE = "115200 ttySTM0" + +MACHINE_FEATURES += "tsn" +MACHINE_FEATURES += "optee" +MACHINE_FEATURES += "tpm2" +MACHINE_FEATURES += "ftpm" + +PREFERRED_PROVIDER_virtual/bootloader = "u-boot-ledge" +UBOOT_CONFIG = "trusted" +# Define u-boot defconfig and binary to use for each UBOOT_CONFIG +UBOOT_CONFIG[trusted] = "ledge_stm32mp157c_dk2_trusted_defconfig,,u-boot.stm32" + +MACHINE_EXTRA_RDEPENDS += " \ + optee-os \ + trusted-firmware-a-ledge \ + virtual/bootloader \ + edk2-efi-prebuild-fw \ + " diff --git a/conf/machine/ledge-synquacer.conf b/conf/machine/ledge-synquacer.conf new file mode 100644 index 0000000..e4a6473 --- /dev/null +++ b/conf/machine/ledge-synquacer.conf @@ -0,0 +1,9 @@ +require conf/machine/include/arm/arch-arm64.inc + +MACHINE_ENDIANNESS ?= "le" + +MACHINE_EXTRA_RDEPENDS += " \ + edk2-efi-prebuild-fw \ + " + +SERIAL_CONSOLE = "115200 ttyMV0" diff --git a/conf/machine/ledge-ti-am572x.conf b/conf/machine/ledge-ti-am572x.conf new file mode 100644 index 0000000..3f52530 --- /dev/null +++ b/conf/machine/ledge-ti-am572x.conf @@ -0,0 +1,20 @@ +require conf/machine/am57xx-evm.conf + +KERNEL_DEVICETREE = "am572x-idk.dtb" + +PREFERRED_PROVIDER_virtual/bootloader = "u-boot-ledge" +PREFERRED_PROVIDER_u-boot = "u-boot-ledge" +unset UBOOT_MACHINE +UBOOT_CONFIG = "trusted" +UBOOT_CONFIG[trusted] = "ledge-ti-am572x_defconfig,,u-boot.img" +EXTRA_IMAGEDEPENDS_remove = "u-boot" + +MACHINE_EXTRA_RRECOMMENDS = "prueth-fw" +MACHINE_FEATURES += "tsn" + +MACHINE_EXTRA_RDEPENDS += " \ + edk2-efi-prebuild-fw \ + " + +RDEPENDS_${KERNEL_PACKAGE_NAME}-base_append_ledge-ti-am572x = " prueth-fw" +FILES_${KERNEL_PACKAGE_NAME}-devicetree_append_ledge-ti-am572x += "/${KERNEL_IMAGEDEST}/*.itb" diff --git a/recipes-bsp/edk2-efi-prebuild-fw/edk2-efi-prebuild-fw.bb b/recipes-bsp/edk2-efi-prebuild-fw/edk2-efi-prebuild-fw.bb new file mode 100644 index 0000000..d293f30 --- /dev/null +++ b/recipes-bsp/edk2-efi-prebuild-fw/edk2-efi-prebuild-fw.bb @@ -0,0 +1,49 @@ +SUMMARY = "Prebuilt EDK2 Firmware" +DESCRIPTION = "Package provides prebuilt EDK2 frimware for LEDGE targets." +HOMEPAGE = "https://retrage.github.io/edk2-nightly/" + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +ALLOW_EMPTY_${PN} = "1" + +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/BSD;md5=3775480a712fc46a69647678acb234cb" + +# https://retrage.github.io/edk2-nightly/ +PV="edk2-stable202008" + +inherit deploy + +S = "${WORKDIR}/" + +SRC_URI = "\ + file://RELEASEAARCH64_QEMU_EFI.fd.gz \ + file://LEDGE_AARCH64_QEMU_VARS.fd.gz \ + file://RELEASEARM_QEMU_EFI.fd.gz \ + file://LEDGE_ARM_QEMU_VARS.fd.gz \ + file://LEDGE_RELEASEX64_OVMF.fd.gz \ + " + +do_deploy() { + mkdir -p ${D}/boot/EFI/BOOT +} + +do_deploy_append_ledge-qemuarm64() { + dd if=/dev/zero bs=1M count=64 of=${DEPLOYDIR}/firmware.uefi.edk2.bin + dd if=${B}/RELEASEAARCH64_QEMU_EFI.fd bs=1M of=${DEPLOYDIR}/firmware.uefi.edk2.bin conv=notrunc + install -m 0644 ${B}/LEDGE_AARCH64_QEMU_VARS.fd ${DEPLOYDIR}/LEDGE_AARCH64_QEMU_VARS.bin +} + +do_deploy_append_ledge-qemuarm() { + dd if=/dev/zero bs=1M count=64 of=${DEPLOYDIR}/firmware.uefi.edk2.bin + dd if=${B}/RELEASEARM_QEMU_EFI.fd bs=1M of=${DEPLOYDIR}/firmware.uefi.edk2.bin conv=notrunc + install -m 0644 ${B}/LEDGE_ARM_QEMU_VARS.fd ${DEPLOYDIR}/LEDGE_ARM_QEMU_VARS.bin +} + +do_deploy_append_ledge-qemux86-64() { + install -m 0644 ${B}/LEDGE_RELEASEX64_OVMF.fd ${DEPLOYDIR}/firmware.uefi.edk2.bin +} + +addtask deploy after do_install + +FILES_${PN} = "/boot/" diff --git a/recipes-bsp/edk2-efi-prebuild-fw/files/LEDGE_AARCH64_QEMU_VARS.fd.gz b/recipes-bsp/edk2-efi-prebuild-fw/files/LEDGE_AARCH64_QEMU_VARS.fd.gz Binary files differnew file mode 100644 index 0000000..bdc2df3 --- /dev/null +++ b/recipes-bsp/edk2-efi-prebuild-fw/files/LEDGE_AARCH64_QEMU_VARS.fd.gz diff --git a/recipes-bsp/edk2-efi-prebuild-fw/files/LEDGE_ARM_QEMU_VARS.fd.gz b/recipes-bsp/edk2-efi-prebuild-fw/files/LEDGE_ARM_QEMU_VARS.fd.gz Binary files differnew file mode 100644 index 0000000..67d3bdb --- /dev/null +++ b/recipes-bsp/edk2-efi-prebuild-fw/files/LEDGE_ARM_QEMU_VARS.fd.gz diff --git a/recipes-bsp/edk2-efi-prebuild-fw/files/LEDGE_RELEASEX64_OVMF.fd.gz b/recipes-bsp/edk2-efi-prebuild-fw/files/LEDGE_RELEASEX64_OVMF.fd.gz Binary files differnew file mode 100644 index 0000000..bece937 --- /dev/null +++ b/recipes-bsp/edk2-efi-prebuild-fw/files/LEDGE_RELEASEX64_OVMF.fd.gz diff --git a/recipes-bsp/edk2-efi-prebuild-fw/files/RELEASEAARCH64_QEMU_EFI.fd.gz b/recipes-bsp/edk2-efi-prebuild-fw/files/RELEASEAARCH64_QEMU_EFI.fd.gz Binary files differnew file mode 100644 index 0000000..30ebeeb --- /dev/null +++ b/recipes-bsp/edk2-efi-prebuild-fw/files/RELEASEAARCH64_QEMU_EFI.fd.gz diff --git a/recipes-bsp/edk2-efi-prebuild-fw/files/RELEASEARM_QEMU_EFI.fd.gz b/recipes-bsp/edk2-efi-prebuild-fw/files/RELEASEARM_QEMU_EFI.fd.gz Binary files differnew file mode 100644 index 0000000..3686daa --- /dev/null +++ b/recipes-bsp/edk2-efi-prebuild-fw/files/RELEASEARM_QEMU_EFI.fd.gz diff --git a/recipes-bsp/trusted-firmware-a/files/0001-plat-qemu-trigger-reboot-with-secure-pl061.patch b/recipes-bsp/trusted-firmware-a/files/0001-plat-qemu-trigger-reboot-with-secure-pl061.patch new file mode 100644 index 0000000..8a4eecd --- /dev/null +++ b/recipes-bsp/trusted-firmware-a/files/0001-plat-qemu-trigger-reboot-with-secure-pl061.patch @@ -0,0 +1,126 @@ +From 67f3b696dc8e36bad9c9f76edae23ad1f889ad5e Mon Sep 17 00:00:00 2001 +From: Maxim Uvarov <maxim.uvarov@linaro.org> +Date: Mon, 14 Dec 2020 10:17:44 +0000 +Subject: [PATCH] plat/qemu: trigger reboot with secure pl061 + +Secure pl061 qemu driver allows to rize the GPIO pin +from the secure world to reboot and power down +virtual machine. + +Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org> +Change-Id: I508d7c5cf4c75cb169b34b00682a76f6761d3869 +--- + plat/qemu/common/qemu_bl31_setup.c | 8 ++++++++ + plat/qemu/common/qemu_pm.c | 12 ++++++++++-- + plat/qemu/qemu/include/platform_def.h | 7 ++++++- + plat/qemu/qemu/platform.mk | 2 ++ + 4 files changed, 26 insertions(+), 3 deletions(-) + +diff --git a/plat/qemu/common/qemu_bl31_setup.c b/plat/qemu/common/qemu_bl31_setup.c +index 4d36b0391..24590f3d3 100644 +--- a/plat/qemu/common/qemu_bl31_setup.c ++++ b/plat/qemu/common/qemu_bl31_setup.c +@@ -8,6 +8,7 @@ + + #include <common/bl_common.h> + #include <plat/common/platform.h> ++#include <drivers/arm/pl061_gpio.h> + + #include "qemu_private.h" + +@@ -69,9 +70,16 @@ void bl31_plat_arch_setup(void) + BL_COHERENT_RAM_BASE, BL_COHERENT_RAM_END); + } + ++static void qemu_gpio_init(void) ++{ ++ pl061_gpio_init(); ++ pl061_gpio_register(SECURE_GPIO_BASE, 0); ++} ++ + void bl31_platform_setup(void) + { + plat_qemu_gic_init(); ++ qemu_gpio_init(); + } + + unsigned int plat_get_syscnt_freq2(void) +diff --git a/plat/qemu/common/qemu_pm.c b/plat/qemu/common/qemu_pm.c +index cf800096f..4411fcc3b 100644 +--- a/plat/qemu/common/qemu_pm.c ++++ b/plat/qemu/common/qemu_pm.c +@@ -12,6 +12,7 @@ + #include <lib/psci/psci.h> + #include <lib/semihosting.h> + #include <plat/common/platform.h> ++#include <drivers/gpio.h> + + #include "qemu_private.h" + +@@ -201,16 +202,23 @@ void qemu_pwr_domain_suspend_finish(const psci_power_state_t *target_state) + /******************************************************************************* + * Platform handlers to shutdown/reboot the system + ******************************************************************************/ ++ + static void __dead2 qemu_system_off(void) + { ++ ERROR("QEMU System Power off: with gpio.\n"); ++ gpio_set_direction(SECURE_GPIO_POWEROFF, GPIO_DIR_OUT); ++ gpio_set_value(SECURE_GPIO_POWEROFF, GPIO_LEVEL_HIGH); ++ gpio_set_value(SECURE_GPIO_POWEROFF, GPIO_LEVEL_LOW); + semihosting_exit(ADP_STOPPED_APPLICATION_EXIT, 0); +- ERROR("QEMU System Off: semihosting call unexpectedly returned.\n"); + panic(); + } + + static void __dead2 qemu_system_reset(void) + { +- ERROR("QEMU System Reset: operation not handled.\n"); ++ ERROR("QEMU System Reset: with gpio.\n"); ++ gpio_set_direction(SECURE_GPIO_RESET, GPIO_DIR_OUT); ++ gpio_set_value(SECURE_GPIO_RESET, GPIO_LEVEL_HIGH); ++ gpio_set_value(SECURE_GPIO_RESET, GPIO_LEVEL_LOW); + panic(); + } + +diff --git a/plat/qemu/qemu/include/platform_def.h b/plat/qemu/qemu/include/platform_def.h +index ed4b748af..c51668808 100644 +--- a/plat/qemu/qemu/include/platform_def.h ++++ b/plat/qemu/qemu/include/platform_def.h +@@ -81,6 +81,11 @@ + #define SEC_DRAM_BASE 0x0e100000 + #define SEC_DRAM_SIZE 0x00f00000 + ++#define SECURE_GPIO_BASE 0x090b0000 ++#define SECURE_GPIO_SIZE 0x00001000 ++#define SECURE_GPIO_POWEROFF 0 ++#define SECURE_GPIO_RESET 1 ++ + /* Load pageable part of OP-TEE 2MB above secure DRAM base */ + #define QEMU_OPTEE_PAGEABLE_LOAD_BASE (SEC_DRAM_BASE + 0x00200000) + #define QEMU_OPTEE_PAGEABLE_LOAD_SIZE 0x00400000 +@@ -202,7 +207,7 @@ + #define DEVICE0_BASE 0x08000000 + #define DEVICE0_SIZE 0x01000000 + #define DEVICE1_BASE 0x09000000 +-#define DEVICE1_SIZE 0x00041000 ++#define DEVICE1_SIZE 0x00c00000 + + /* + * GIC related constants +diff --git a/plat/qemu/qemu/platform.mk b/plat/qemu/qemu/platform.mk +index 14bf049be..88a95c800 100644 +--- a/plat/qemu/qemu/platform.mk ++++ b/plat/qemu/qemu/platform.mk +@@ -163,6 +163,8 @@ BL31_SOURCES += lib/cpus/aarch64/aem_generic.S \ + lib/semihosting/semihosting.c \ + lib/semihosting/${ARCH}/semihosting_call.S \ + plat/common/plat_psci_common.c \ ++ drivers/arm/pl061/pl061_gpio.c \ ++ drivers/gpio/gpio.c \ + ${PLAT_QEMU_COMMON_PATH}/qemu_pm.c \ + ${PLAT_QEMU_COMMON_PATH}/topology.c \ + ${PLAT_QEMU_COMMON_PATH}/aarch64/plat_helpers.S \ +-- +2.17.1 + diff --git a/recipes-bsp/trusted-firmware-a/trusted-firmware-a-ledge_git.bb b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-ledge_git.bb new file mode 100644 index 0000000..3bd3cc1 --- /dev/null +++ b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-ledge_git.bb @@ -0,0 +1,173 @@ +SUMMARY = "ARM Trusted Firmware" +DESCRIPTION = "ARM Trusted Firmware provides a reference implementation of \ +Secure World software for ARMv8-A, including Exception Level 3 (EL3) software. \ +It provides implementations of various ARM interface standards such as the \ +Power State Coordination Interface (PSCI), Trusted Board Boot Requirements \ +(TBBR) and Secure monitor code." +HOMEPAGE = "http://infocenter.arm.com/help/topic/com.arm.doc.dui0928e/CJHIDGJF.html" + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://license.rst;md5=1dd070c98a281d18d9eefd938729b031" + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +PV = "2.4" + +SRC_URI = "git://github.com/ARM-software/arm-trusted-firmware.git;protocol=https;nobranch=1" +SRCREV = "e2c509a39c6cc4dda8734e6509cdbe6e3603cdfc" + +SRC_URI += "file://0001-plat-qemu-trigger-reboot-with-secure-pl061.patch" + +ALLOW_EMPTY_${PN} = "1" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +inherit deploy + +DEPENDS += "dtc-native" +DEPENDS_ledge-qemuarm += " optee-os virtual/bootloader " +DEPENDS_ledge-qemuarm64 += " optee-os virtual/bootloader " + +# ledge-stm32mp157c-dk2 specific +TF_A_PLATFORM_ledge-stm32mp157c-dk2 = "stm32mp1" +TF_A_DEVICETREE_ledge-stm32mp157c-dk2 = "stm32mp157c-dk2" + +# ledge-qemuarm specific +TF_A_PLATFORM_ledge-qemuarm = "qemu" + +# ledge-qemuarm64 specific +TF_A_PLATFORM_ledge-qemuarm64 = "qemu" + +# Extra make settings +EXTRA_OEMAKE = ' CROSS_COMPILE=${TARGET_PREFIX} ' +EXTRA_OEMAKE += ' PLAT=${TF_A_PLATFORM} ' +EXTRA_OEMAKE_append_armv7a = ' ARCH=aarch32 ARM_ARCH_MAJOR=7 ' +EXTRA_OEMAKE_append_armv7ve = ' ARCH=aarch32 ARM_ARCH_MAJOR=7 ' +EXTRA_OEMAKE_append_ledge-stm32mp157c-dk2 = "AARCH32_SP=optee STM32MP_SDMMC=1 STM32MP_EMMC=1" +EXTRA_OEMAKE_append_ledge-qemuarm = ' AARCH32_SP=optee ARM_TSP_RAM_LOCATION=tdram BL32_RAM_LOCATION=tdram ' +EXTRA_OEMAKE_append_aarch64 = "${@bb.utils.contains('MACHINE_FEATURES', 'optee', ' SPD=opteed ', '', d)}" + +# FIP image +EXTRA_OEMAKE_append_ledge-qemuarm = 'BL32=${STAGING_DIR_TARGET}/lib/firmware/tee-header_v2.bin BL32_EXTRA1=${STAGING_DIR_TARGET}/lib/firmware/tee-pager_v2.bin BL32_EXTRA2=${STAGING_DIR_TARGET}/lib/firmware/tee-pageable_v2.bin BL33=${DEPLOY_DIR_IMAGE}/u-boot.bin fip GENERATE_COT=1 BL32_RAM_LOCATION=tdram ' +EXTRA_OEMAKE_append_ledge-qemuarm64 = 'BL32=${STAGING_DIR_TARGET}/lib/firmware/tee-header_v2.bin BL32_EXTRA1=${STAGING_DIR_TARGET}/lib/firmware/tee-pager_v2.bin BL32_EXTRA2=${STAGING_DIR_TARGET}/lib/firmware/tee-pageable_v2.bin BL33=${DEPLOY_DIR_IMAGE}/u-boot.bin fip GENERATE_COT=1 BL32_RAM_LOCATION=tdram ' + +# Debug support +EXTRA_OEMAKE += 'DEBUG=1' +EXTRA_OEMAKE += "LOG_LEVEL=40" + +CFLAGS[unexport] = "1" +LDFLAGS[unexport] = "1" +AS[unexport] = "1" +LD[unexport] = "1" + +do_configure[noexec] = "1" + +do_compile() { + oe_runmake -C ${S} BUILD_PLAT=${B}/${config} all +} +do_compile_ledge-stm32mp157c-dk2() { + if [ -n "${TF_A_DEVICETREE}" ]; then + for dt in ${TF_A_DEVICETREE}; do + oe_runmake -C ${S} DTB_FILE_NAME=${dt}.dtb BUILD_PLAT=${B} all + done + else + oe_runmake -C ${S} BUILD_PLAT=${B} all + fi +} + +do_install() { + install -d ${D}/boot + if [ -f ${B}/bl1.bin ] ; then + install -m 0644 ${B}/bl1.bin ${D}/boot/ + install -m 0644 ${B}/bl1/bl1.elf ${D}/boot/ + fi + if [ -f ${B}/bl2.bin ] ; then + install -m 0644 ${B}/bl2.bin ${D}/boot/ + install -m 0644 ${B}/bl2/bl2.elf ${D}/boot/ + fi + if [ -f ${B}/bl3.bin ] ; then + install -m 0644 ${B}/bl3.bin ${D}/boot/ + install -m 0644 ${B}/bl3/bl3.elf ${D}/boot/ + fi + if [ -f ${B}/bl31.bin ] ; then + install -m 0644 ${B}/bl31.bin ${D}/boot/ + install -m 0644 ${B}/bl31/bl31.elf ${D}/boot/ + fi + if [ -f ${B}/bl33.bin ] ; then + install -m 0644 ${B}/bl32.bin ${D}/boot/ + install -m 0644 ${B}/bl32/bl32.elf ${D}/boot/ + fi +} + +do_install_ledge-qemuarm() { + echo "nothing" +} + +do_install_ledge-qemuarm64() { + echo "nothing" +} + +do_deploy() { + install -d ${DEPLOYDIR}/arm-trusted-firmware + if [ -f ${B}/bl1.bin ] ; then + install -m 0644 ${B}/bl1.bin ${DEPLOYDIR}/arm-trusted-firmware/ + install -m 0644 ${B}/bl1/bl1.elf ${DEPLOYDIR}/arm-trusted-firmware/ + fi + if [ -f ${B}/bl2.bin ] ; then + install -m 0644 ${B}/bl2.bin ${DEPLOYDIR}/arm-trusted-firmware/ + install -m 0644 ${B}/bl2/bl2.elf ${DEPLOYDIR}/arm-trusted-firmware/ + fi + if [ -f ${B}/bl3.bin ] ; then + install -m 0644 ${B}/bl3.bin ${DEPLOYDIR}/arm-trusted-firmware/ + install -m 0644 ${B}/bl3/bl3.elf ${DEPLOYDIR}/arm-trusted-firmware/ + fi + if [ -f ${B}/bl31.bin ] ; then + install -m 0644 ${B}/bl31.bin ${DEPLOYDIR}/arm-trusted-firmware/ + install -m 0644 ${B}/bl31/bl31.elf ${DEPLOYDIR}/arm-trusted-firmware/ + fi + if [ -f ${B}/bl33.bin ] ; then + install -m 0644 ${B}/bl32.bin ${DEPLOYDIR}/arm-trusted-firmware/ + install -m 0644 ${B}/bl32/bl32.elf ${DEPLOYDIR}/arm-trusted-firmware/ + fi + + if [ -f ${B}/fip.bin ] ; then + install -m 0644 ${B}/fip.bin ${DEPLOYDIR}/ + dd if=/dev/zero of=${DEPLOYDIR}/firmware.uefi.uboot.bin count=131072 + dd if=${B}/bl1.bin of=${DEPLOYDIR}/firmware.uefi.uboot.bin bs=4096 conv=notrunc + dd if=${B}/fip.bin of=${DEPLOYDIR}/firmware.uefi.uboot.bin seek=64 bs=4096 conv=notrunc + ln -sf firmware.uefi.uboot.bin ${DEPLOYDIR}/firmware.bin + fi +} + +do_deploy_append_ledge-qemuarm() { + cd ${DEPLOYDIR} + ln -sf arm-trusted-firmware/bl1.bin bl1.bin + ln -sf arm-trusted-firmware/bl2.bin bl2.bin + cd - +} + +do_deploy_append_ledge-qemuarm64() { + cd ${DEPLOYDIR} + ln -sf arm-trusted-firmware/bl1.bin bl1.bin + ln -sf arm-trusted-firmware/bl2.bin bl2.bin + ln -sf arm-trusted-firmware/bl31.bin bl31.bin + cd - +} + +do_deploy_append_ledge-stm32mp157c-dk2() { + if [ -n "${TF_A_DEVICETREE}" ]; then + for dt in ${TF_A_DEVICETREE}; do + install -m 644 ${B}/tf-a-${dt}.stm32 ${DEPLOYDIR}/arm-trusted-firmware/ + done + else + # Get tf-a binary basename to copy + tf_a_binary_basename=$(find ${B}/ -name "tf-a-*.stm32" -exec basename {} \; | sed 's|\.stm32||g') + install -m 644 ${B}/${tf_a_binary_basename}.stm32 ${DEPLOYDIR}/arm-trusted-firmware/ + fi +} + +addtask deploy before do_build after do_compile + +FILES_${PN} = "/boot" + diff --git a/recipes-bsp/u-boot/u-boot-ledge.bb b/recipes-bsp/u-boot/u-boot-ledge.bb new file mode 100644 index 0000000..4e75333 --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge.bb @@ -0,0 +1,117 @@ +HOMEPAGE = "http://www.denx.de/wiki/U-Boot/WebHome" +SECTION = "bootloaders" +DEPENDS += "flex-native bison-native" + +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://Licenses/README;md5=5a7450c57ffe5ae63fd732446b988025" +PE = "1" + +# We use the revision in order to avoid having to fetch it from the +# repo during parse + +PV = "2021.01" + +SRC_URI = "git://git.denx.de/u-boot.git" +SRCREV = "c4fddedc48f336eabc4ce3f74940e6aa372de18c" + +SRC_URI += " \ + file://0000-ti-am572x-enable-boot_distrocmd.patch \ + file://0001-stm32mp-update-MMU-config-before-the-relocation.patch \ + file://0002-stm32mp-update-the-mmu-configuration-for-SPL-and-pre.patch \ + file://0003-arm-remove-TTB_SECT_XN_MASK-in-DCACHE_WRITETHROUGH.patch \ + file://0004-arm-cosmetic-align-TTB_SECT-define-value.patch \ + file://0005-arm-cp15-update-DACR-value-to-activate-access-contro.patch \ + file://0006-arm-omap2-remove-arm_init_domains.patch \ + file://0007-arm-cp15-remove-weak-function-arm_init_domains.patch \ + file://0008-arm-remove-set_dacr-get_dacr-functions.patch \ + file://0009-tpm2-Introduce-TIS-tpm-core.patch \ + file://0010-tpm2-Add-a-TPMv2-MMIO-TIS-driver.patch \ + file://ledge_stm32mp157c_dk2_trusted_defconfig \ + file://ubootefi.var \ + " + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +SRC_URI_append_ledge-qemuarm = " file://ledge-qemuarm_defconfig" +SRC_URI_append_ledge-qemuarm64 = " file://ledge-qemuarm64_defconfig" +SRC_URI_append_ledge-ti-am572x = " file://ledge-ti-am572x_defconfig" + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +require recipes-bsp/u-boot/u-boot.inc +PROVIDES += "u-boot virtual/bootloader" +RPROVIDES_${PN} += "u-boot virtual/bootloader" + +DEPENDS += "bc-native dtc-native" + +do_configure_prepend() { + for conf in ${UBOOT_MACHINE}; + do + if [ -f ${WORKDIR}/$conf ] ; + then + cp ${WORKDIR}/$conf ${S}/configs/ + fi + done + cp ${WORKDIR}/ubootefi.var ${S}/ +} + +# ----------------------------------------------------------------------------- +# Append deploy to handle specific device tree binary deployement +# +SPL_BINARY_LEDGE_ledge-stm32mp157c-dk2 = "spl/u-boot-spl.stm32" +do_deploy_append() { +if [ -n "${SPL_BINARY_LEDGE}" ]; then + # Clean deploydir from any available binary first + # This allows to only install the devicetree binary ones + rm -rf ${DEPLOYDIR} + + # Install destination folder + install -d ${DEPLOYDIR} + + if [ -n "${UBOOT_CONFIG}" ]; then + unset i j k + for config in ${UBOOT_MACHINE}; do + i=$(expr $i + 1); + for type in ${UBOOT_CONFIG}; do + j=$(expr $j + 1); + if [ $j -eq $i ]; then + for binary in ${UBOOT_BINARIES}; do + binarysuffix=$(echo ${binary} | cut -d'.' -f2) + k=$(expr $k + 1); + if [ $k -eq $i ]; then + if [ -f ${B}/${config}/${binary} ]; + then + install -m 644 ${B}/${config}/${binary} ${DEPLOYDIR}/u-boot-${type}.${binarysuffix} + fi + # As soon as SPL binary exists, install it + # This allow to mix u-boot configuration, with and without SPL + if [ -f ${B}/${config}/${SPL_BINARY_LEDGE} ]; then + install -d ${DEPLOYDIR}/spl + install -m 644 ${B}/${config}/${SPL_BINARY_LEDGE} ${DEPLOYDIR}/${SPL_BINARY_LEDGE}-${type} + fi + fi + done + unset k + fi + done + unset j + done + unset i + else + bbfatal "Wrong u-boot-ledge configuration: please make sure to use UBOOT_CONFIG through BOOTSCHEME_LABELS config" + fi +fi +} +do_deploy_append_ledge-qemuarm() { + cd ${DEPLOYDIR} + ln -sf u-boot-ledge-qemuarm.bin bl33.bin + cd - +} + +do_deploy_append_ledge-qemuarm64() { + cd ${DEPLOYDIR} + ln -sf u-boot-ledge-qemuarm64.bin bl33.bin + cd - +} + diff --git a/recipes-bsp/u-boot/u-boot-ledge/0000-ti-am572x-enable-boot_distrocmd.patch b/recipes-bsp/u-boot/u-boot-ledge/0000-ti-am572x-enable-boot_distrocmd.patch new file mode 100644 index 0000000..a79164b --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge/0000-ti-am572x-enable-boot_distrocmd.patch @@ -0,0 +1,73 @@ +From e4eeb6f219b54b5fab87eb61384154b5afb5034e Mon Sep 17 00:00:00 2001 +From: Christophe Priouzeau <christophe.priouzeau@st.com> +Date: Tue, 26 May 2020 14:42:17 +0200 +Subject: [PATCH 5/5] ti: am572x enable boot_distrocmd + +Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> +--- + include/configs/am57xx_evm.h | 9 +++++++++ + include/configs/ti_omap5_common.h | 1 + + include/environment/ti/boot.h | 8 ++++++++ + 3 files changed, 18 insertions(+) + +diff --git a/include/configs/am57xx_evm.h b/include/configs/am57xx_evm.h +index c47ffccff1..26a4438db7 100644 +--- a/include/configs/am57xx_evm.h ++++ b/include/configs/am57xx_evm.h +@@ -43,6 +43,15 @@ + #endif + #endif + ++#ifdef CONFIG_DISTRO_DEFAULTS ++#define BOOT_TARGET_DEVICES(func) \ ++ func(MMC, mmc, 0) \ ++ func(MMC, mmc, 1) \ ++ func(USB, usb, 0) ++ ++#include <config_distro_bootcmd.h> ++#endif ++ + #include <configs/ti_omap5_common.h> + + /* Enhance our eMMC support / experience. */ +diff --git a/include/configs/ti_omap5_common.h b/include/configs/ti_omap5_common.h +index de0a6af2fd..d44690fb3a 100644 +--- a/include/configs/ti_omap5_common.h ++++ b/include/configs/ti_omap5_common.h +@@ -67,6 +67,7 @@ + DFUARGS \ + NETARGS \ + NANDARGS \ ++ BOOTENV \ + + /* + * SPL related defines. The Public RAM memory map the ROM defines the +diff --git a/include/environment/ti/boot.h b/include/environment/ti/boot.h +index a9d8f28d46..0b9588e1dd 100644 +--- a/include/environment/ti/boot.h ++++ b/include/environment/ti/boot.h +@@ -222,6 +222,7 @@ + "if test $fdtfile = undefined; then " \ + "echo WARNING: Could not determine device tree to use; fi; \0" + ++#ifndef CONFIG_BOOTCOMMAND + #define CONFIG_BOOTCOMMAND \ + "if test ${dofastboot} -eq 1; then " \ + "echo Boot fastboot requested, resetting dofastboot ...;" \ +@@ -237,6 +238,13 @@ + "run emmc_linux_boot; " \ + "run emmc_android_boot; " \ + "" ++#else ++#undef CONFIG_BOOTCOMMAND ++/* hack, ideally we should configure the CONFIG_BOOTCOMMAND from .config */ ++#define CONFIG_BOOTCOMMAND \ ++ "run findfdt; " \ ++ "run distro_bootcmd" ++#endif + + #endif /* CONFIG_OMAP54XX */ + +-- +2.17.1 + diff --git a/recipes-bsp/u-boot/u-boot-ledge/0001-stm32mp-update-MMU-config-before-the-relocation.patch b/recipes-bsp/u-boot/u-boot-ledge/0001-stm32mp-update-MMU-config-before-the-relocation.patch new file mode 100644 index 0000000..6c312f5 --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge/0001-stm32mp-update-MMU-config-before-the-relocation.patch @@ -0,0 +1,61 @@ +From ab26c82c95f64bb7aeb31f90f9aa6a82f78e331f Mon Sep 17 00:00:00 2001 +From: Patrick Delaunay <patrick.delaunay@foss.st.com> +Date: Fri, 5 Feb 2021 13:53:32 +0100 +Subject: [PATCH 1/8] stm32mp: update MMU config before the relocation + +Mark the top of ram, used for relocated U-Boot as a normal memory +(cacheable and executable) to avoid permission access issue when +U-Boot jumps to this relocated code. + +When MMU is activated in pre-reloc stage; only the beginning of +DDR is marked executable. + +This patch avoids access issue when DACR is correctly managed. + +Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com> +Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> +--- + arch/arm/mach-stm32mp/dram_init.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/arch/arm/mach-stm32mp/dram_init.c b/arch/arm/mach-stm32mp/dram_init.c +index 0e8ce63f4a29..6fddde3738d7 100644 +--- a/arch/arm/mach-stm32mp/dram_init.c ++++ b/arch/arm/mach-stm32mp/dram_init.c +@@ -10,6 +10,7 @@ + #include <lmb.h> + #include <log.h> + #include <ram.h> ++#include <asm/system.h> + + DECLARE_GLOBAL_DATA_PTR; + +@@ -38,6 +39,7 @@ int dram_init(void) + + ulong board_get_usable_ram_top(ulong total_size) + { ++ phys_size_t size; + phys_addr_t reg; + struct lmb lmb; + +@@ -45,10 +47,13 @@ ulong board_get_usable_ram_top(ulong total_size) + lmb_init(&lmb); + lmb_add(&lmb, gd->ram_base, gd->ram_size); + boot_fdt_add_mem_rsv_regions(&lmb, (void *)gd->fdt_blob); +- reg = lmb_alloc(&lmb, CONFIG_SYS_MALLOC_LEN + total_size, SZ_4K); ++ size = ALIGN(CONFIG_SYS_MALLOC_LEN + total_size, MMU_SECTION_SIZE), ++ reg = lmb_alloc(&lmb, size, MMU_SECTION_SIZE); + +- if (reg) +- return ALIGN(reg + CONFIG_SYS_MALLOC_LEN + total_size, SZ_4K); ++ if (!reg) ++ reg = gd->ram_top - size; + +- return gd->ram_top; ++ mmu_set_region_dcache_behaviour(reg, size, DCACHE_DEFAULT_OPTION); ++ ++ return reg + size; + } +-- +2.30.1 + diff --git a/recipes-bsp/u-boot/u-boot-ledge/0002-stm32mp-update-the-mmu-configuration-for-SPL-and-pre.patch b/recipes-bsp/u-boot/u-boot-ledge/0002-stm32mp-update-the-mmu-configuration-for-SPL-and-pre.patch new file mode 100644 index 0000000..c654b73 --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge/0002-stm32mp-update-the-mmu-configuration-for-SPL-and-pre.patch @@ -0,0 +1,85 @@ +From da4ef041c103f507a02c86c371afcccddca17deb Mon Sep 17 00:00:00 2001 +From: Patrick Delaunay <patrick.delaunay@foss.st.com> +Date: Fri, 5 Feb 2021 13:53:33 +0100 +Subject: [PATCH 2/8] stm32mp: update the mmu configuration for SPL and + prereloc + +Overidde the weak function dram_bank_mmu_setup() to set the DDR +(preloc case) or the SYSRAM (in SPL case) executable before to enable +the MMU and configure DACR. + +This weak function is called in dcache_enable/mmu_setup. + +This patchs avoids a permission access issue when the DDR is marked +executable (by calling mmu_set_region_dcache_behaviour with +DCACHE_DEFAULT_OPTION) after MMU setup and domain access permission +activation with DACR in dcache_enable. + +Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com> +Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> +--- + arch/arm/mach-stm32mp/cpu.c | 40 +++++++++++++++++++++++++++---------- + 1 file changed, 30 insertions(+), 10 deletions(-) + +diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c +index 1520c6eaed6f..4b437dff9e7b 100644 +--- a/arch/arm/mach-stm32mp/cpu.c ++++ b/arch/arm/mach-stm32mp/cpu.c +@@ -207,6 +207,35 @@ u32 get_bootmode(void) + TAMP_BOOT_MODE_SHIFT; + } + ++/* ++ * weak function overidde: set the DDR/SYSRAM executable before to enable the ++ * MMU and configure DACR, for early early_enable_caches (SPL or pre-reloc) ++ */ ++void dram_bank_mmu_setup(int bank) ++{ ++ struct bd_info *bd = gd->bd; ++ int i; ++ phys_addr_t start; ++ phys_size_t size; ++ ++ if (IS_ENABLED(CONFIG_SPL_BUILD)) { ++ start = ALIGN_DOWN(STM32_SYSRAM_BASE, MMU_SECTION_SIZE); ++ size = ALIGN(STM32_SYSRAM_SIZE, MMU_SECTION_SIZE); ++ } else if (gd->flags & GD_FLG_RELOC) { ++ /* bd->bi_dram is available only after relocation */ ++ start = bd->bi_dram[bank].start; ++ size = bd->bi_dram[bank].size; ++ } else { ++ /* mark cacheable and executable the beggining of the DDR */ ++ start = STM32_DDR_BASE; ++ size = CONFIG_DDR_CACHEABLE_SIZE; ++ } ++ ++ for (i = start >> MMU_SECTION_SHIFT; ++ i < (start >> MMU_SECTION_SHIFT) + (size >> MMU_SECTION_SHIFT); ++ i++) ++ set_section_dcache(i, DCACHE_DEFAULT_OPTION); ++} + /* + * initialize the MMU and activate cache in SPL or in U-Boot pre-reloc stage + * MMU/TLB is updated in enable_caches() for U-Boot after relocation +@@ -222,17 +251,8 @@ static void early_enable_caches(void) + gd->arch.tlb_size = PGTABLE_SIZE; + gd->arch.tlb_addr = (unsigned long)&early_tlb; + ++ /* enable MMU (default configuration) */ + dcache_enable(); +- +- if (IS_ENABLED(CONFIG_SPL_BUILD)) +- mmu_set_region_dcache_behaviour( +- ALIGN_DOWN(STM32_SYSRAM_BASE, MMU_SECTION_SIZE), +- ALIGN(STM32_SYSRAM_SIZE, MMU_SECTION_SIZE), +- DCACHE_DEFAULT_OPTION); +- else +- mmu_set_region_dcache_behaviour(STM32_DDR_BASE, +- CONFIG_DDR_CACHEABLE_SIZE, +- DCACHE_DEFAULT_OPTION); + } + + /* +-- +2.30.1 + diff --git a/recipes-bsp/u-boot/u-boot-ledge/0003-arm-remove-TTB_SECT_XN_MASK-in-DCACHE_WRITETHROUGH.patch b/recipes-bsp/u-boot/u-boot-ledge/0003-arm-remove-TTB_SECT_XN_MASK-in-DCACHE_WRITETHROUGH.patch new file mode 100644 index 0000000..358f4d4 --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge/0003-arm-remove-TTB_SECT_XN_MASK-in-DCACHE_WRITETHROUGH.patch @@ -0,0 +1,31 @@ +From ed5bef4fd9e7ce29bd98e025fa05fd4d5d077879 Mon Sep 17 00:00:00 2001 +From: Patrick Delaunay <patrick.delaunay@foss.st.com> +Date: Fri, 5 Feb 2021 13:53:34 +0100 +Subject: [PATCH 3/8] arm: remove TTB_SECT_XN_MASK in DCACHE_WRITETHROUGH + +The normal memory (other that DCACHE_OFF) should be executable by default, +only the device memory (DCACHE_OFF) used for peripheral access should have +the bit execute never (TTB_SECT_XN_MASK). + +Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com> +Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> +--- + arch/arm/include/asm/system.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h +index ce552944b701..abe9244cd048 100644 +--- a/arch/arm/include/asm/system.h ++++ b/arch/arm/include/asm/system.h +@@ -489,7 +489,7 @@ enum dcache_option { + */ + enum dcache_option { + DCACHE_OFF = TTB_SECT_DOMAIN(0) | TTB_SECT_XN_MASK | TTB_SECT, +- DCACHE_WRITETHROUGH = DCACHE_OFF | TTB_SECT_C_MASK, ++ DCACHE_WRITETHROUGH = TTB_SECT_DOMAIN(0) | TTB_SECT | TTB_SECT_C_MASK, + DCACHE_WRITEBACK = DCACHE_WRITETHROUGH | TTB_SECT_B_MASK, + DCACHE_WRITEALLOC = DCACHE_WRITEBACK | TTB_SECT_TEX(1), + }; +-- +2.30.1 + diff --git a/recipes-bsp/u-boot/u-boot-ledge/0004-arm-cosmetic-align-TTB_SECT-define-value.patch b/recipes-bsp/u-boot/u-boot-ledge/0004-arm-cosmetic-align-TTB_SECT-define-value.patch new file mode 100644 index 0000000..34675c0 --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge/0004-arm-cosmetic-align-TTB_SECT-define-value.patch @@ -0,0 +1,29 @@ +From 6f15b5d39fa4dc9db6bce3aeb0dd74eb7bcfbf78 Mon Sep 17 00:00:00 2001 +From: Patrick Delaunay <patrick.delaunay@foss.st.com> +Date: Fri, 5 Feb 2021 13:53:35 +0100 +Subject: [PATCH 4/8] arm: cosmetic: align TTB_SECT define value + +Align TTB_SECT define value with previous value. + +Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com> +Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> +--- + arch/arm/include/asm/system.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h +index abe9244cd048..db5a19b17c19 100644 +--- a/arch/arm/include/asm/system.h ++++ b/arch/arm/include/asm/system.h +@@ -475,7 +475,7 @@ enum dcache_option { + #define TTB_SECT_XN_MASK (1 << 4) + #define TTB_SECT_C_MASK (1 << 3) + #define TTB_SECT_B_MASK (1 << 2) +-#define TTB_SECT (2 << 0) ++#define TTB_SECT (2 << 0) + + /* + * Short-descriptor format memory region attributes, without TEX remap +-- +2.30.1 + diff --git a/recipes-bsp/u-boot/u-boot-ledge/0005-arm-cp15-update-DACR-value-to-activate-access-contro.patch b/recipes-bsp/u-boot/u-boot-ledge/0005-arm-cp15-update-DACR-value-to-activate-access-contro.patch new file mode 100644 index 0000000..04f55e5 --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge/0005-arm-cp15-update-DACR-value-to-activate-access-contro.patch @@ -0,0 +1,52 @@ +From 8d0dfc60d6c9355c05864fda3e1403cf0c02e1d1 Mon Sep 17 00:00:00 2001 +From: Patrick Delaunay <patrick.delaunay@foss.st.com> +Date: Fri, 5 Feb 2021 13:53:36 +0100 +Subject: [PATCH 5/8] arm: cp15: update DACR value to activate access control + +Update the initial value of Domain Access Control Register (DACR) +and set by default the access permission to client (DACR_Dn_CLIENT = 1U) +for each of the 16 domains and no more to all-supervisor +(DACR_Dn_MANAGER = 3U). + +This patch allows to activate the domain checking in MMU against the +permission bits in the translation tables and avoids prefetching issue +on ARMv7 [1]. + +Today it was already done for OMAP2 architecture +./arch/arm/mach-omap2/omap-cache.c::arm_init_domains +introduced by commit de63ac278cba ("ARM: mmu: Set domain permissions +to client access") which fixes lot of speculative prefetch aborts seen +on OMAP5 secure devices. + +[1] https://developer.arm.com/documentation/ddi0406/b/System-Level-Architecture/Virtual-Memory-System-Architecture--VMSA-/Memory-access-control/The-Execute-Never--XN--attribute-and-instruction-prefetching + +Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> +Reported-by: Ard Biesheuvel <ardb@kernel.org> +Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com> +Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> +--- + arch/arm/lib/cache-cp15.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/arch/arm/lib/cache-cp15.c b/arch/arm/lib/cache-cp15.c +index abd81d21c73c..f78ce33b1845 100644 +--- a/arch/arm/lib/cache-cp15.c ++++ b/arch/arm/lib/cache-cp15.c +@@ -202,9 +202,12 @@ static inline void mmu_setup(void) + asm volatile("mcr p15, 0, %0, c2, c0, 0" + : : "r" (gd->arch.tlb_addr) : "memory"); + #endif +- /* Set the access control to all-supervisor */ ++ /* ++ * initial value of Domain Access Control Register (DACR) ++ * Set the access control to client (1U) for each of the 16 domains ++ */ + asm volatile("mcr p15, 0, %0, c3, c0, 0" +- : : "r" (~0)); ++ : : "r" (0x55555555)); printf("DACR SET CORRECTLY\n"); + + arm_init_domains(); + +-- +2.30.1 + diff --git a/recipes-bsp/u-boot/u-boot-ledge/0006-arm-omap2-remove-arm_init_domains.patch b/recipes-bsp/u-boot/u-boot-ledge/0006-arm-omap2-remove-arm_init_domains.patch new file mode 100644 index 0000000..55ccb15 --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge/0006-arm-omap2-remove-arm_init_domains.patch @@ -0,0 +1,49 @@ +From e24deaac3f92c5d147f3fa1fd772f92ab9e85cff Mon Sep 17 00:00:00 2001 +From: Patrick Delaunay <patrick.delaunay@foss.st.com> +Date: Fri, 5 Feb 2021 13:53:37 +0100 +Subject: [PATCH 6/8] arm: omap2: remove arm_init_domains + +Remove the arm_init_domains and the DACR update, as it is now done +in ARMv7 CP15 level. + +Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com> +Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> +--- + arch/arm/mach-omap2/omap-cache.c | 17 ----------------- + 1 file changed, 17 deletions(-) + +diff --git a/arch/arm/mach-omap2/omap-cache.c b/arch/arm/mach-omap2/omap-cache.c +index 502ea6987ab7..451d8e4542b5 100644 +--- a/arch/arm/mach-omap2/omap-cache.c ++++ b/arch/arm/mach-omap2/omap-cache.c +@@ -40,9 +40,6 @@ DECLARE_GLOBAL_DATA_PTR; + #define ARMV7_DCACHE_POLICY DCACHE_WRITEBACK & ~TTB_SECT_XN_MASK + #endif + +-#define ARMV7_DOMAIN_CLIENT 1 +-#define ARMV7_DOMAIN_MASK (0x3 << 0) +- + void enable_caches(void) + { + +@@ -66,17 +63,3 @@ void dram_bank_mmu_setup(int bank) + for (i = start; i < end; i++) + set_section_dcache(i, ARMV7_DCACHE_POLICY); + } +- +-void arm_init_domains(void) +-{ +- u32 reg; +- +- reg = get_dacr(); +- /* +- * Set DOMAIN to client access so that all permissions +- * set in pagetables are validated by the mmu. +- */ +- reg &= ~ARMV7_DOMAIN_MASK; +- reg |= ARMV7_DOMAIN_CLIENT; +- set_dacr(reg); +-} +-- +2.30.1 + diff --git a/recipes-bsp/u-boot/u-boot-ledge/0007-arm-cp15-remove-weak-function-arm_init_domains.patch b/recipes-bsp/u-boot/u-boot-ledge/0007-arm-cp15-remove-weak-function-arm_init_domains.patch new file mode 100644 index 0000000..3657e8f --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge/0007-arm-cp15-remove-weak-function-arm_init_domains.patch @@ -0,0 +1,69 @@ +From eb9e5de3acf92b04d27198a4c7cd24da46800001 Mon Sep 17 00:00:00 2001 +From: Patrick Delaunay <patrick.delaunay@foss.st.com> +Date: Fri, 5 Feb 2021 13:53:38 +0100 +Subject: [PATCH 7/8] arm: cp15: remove weak function arm_init_domains + +Remove the unused weak function arm_init_domains used to change the +DACR value. + +Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com> +Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> +--- + arch/arm/cpu/armv7/cache_v7.c | 3 --- + arch/arm/include/asm/cache.h | 1 - + arch/arm/lib/cache-cp15.c | 6 ------ + 3 files changed, 10 deletions(-) + +diff --git a/arch/arm/cpu/armv7/cache_v7.c b/arch/arm/cpu/armv7/cache_v7.c +index 146cf526089f..19ff4323528b 100644 +--- a/arch/arm/cpu/armv7/cache_v7.c ++++ b/arch/arm/cpu/armv7/cache_v7.c +@@ -176,9 +176,6 @@ void mmu_page_table_flush(unsigned long start, unsigned long stop) + { + } + +-void arm_init_domains(void) +-{ +-} + #endif /* #if !CONFIG_IS_ENABLED(SYS_DCACHE_OFF) */ + + #if !CONFIG_IS_ENABLED(SYS_ICACHE_OFF) +diff --git a/arch/arm/include/asm/cache.h b/arch/arm/include/asm/cache.h +index c20e05ec7fdb..b10edf805b93 100644 +--- a/arch/arm/include/asm/cache.h ++++ b/arch/arm/include/asm/cache.h +@@ -35,7 +35,6 @@ void l2_cache_disable(void); + void set_section_dcache(int section, enum dcache_option option); + + void arm_init_before_mmu(void); +-void arm_init_domains(void); + void cpu_cache_initialization(void); + void dram_bank_mmu_setup(int bank); + +diff --git a/arch/arm/lib/cache-cp15.c b/arch/arm/lib/cache-cp15.c +index f78ce33b1845..8a49e5217cc1 100644 +--- a/arch/arm/lib/cache-cp15.c ++++ b/arch/arm/lib/cache-cp15.c +@@ -21,10 +21,6 @@ __weak void arm_init_before_mmu(void) + { + } + +-__weak void arm_init_domains(void) +-{ +-} +- + static void set_section_phys(int section, phys_addr_t phys, + enum dcache_option option) + { +@@ -209,8 +205,6 @@ static inline void mmu_setup(void) + asm volatile("mcr p15, 0, %0, c3, c0, 0" + : : "r" (0x55555555)); + +- arm_init_domains(); +- + /* and enable the mmu */ + reg = get_cr(); /* get control reg. */ + set_cr(reg | CR_M); +-- +2.30.1 + diff --git a/recipes-bsp/u-boot/u-boot-ledge/0008-arm-remove-set_dacr-get_dacr-functions.patch b/recipes-bsp/u-boot/u-boot-ledge/0008-arm-remove-set_dacr-get_dacr-functions.patch new file mode 100644 index 0000000..40c8b06 --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge/0008-arm-remove-set_dacr-get_dacr-functions.patch @@ -0,0 +1,43 @@ +From a0384f55cdbef9175982e3e4ae94fe112aec1c99 Mon Sep 17 00:00:00 2001 +From: Patrick Delaunay <patrick.delaunay@foss.st.com> +Date: Fri, 5 Feb 2021 13:53:39 +0100 +Subject: [PATCH 8/8] arm: remove set_dacr/get_dacr functions + +Remove the unused function set_dacr/get_dacr + +Serie-cc: Ard Biesheuvel <ardb@kernel.org> +Serie-cc: R Sricharan <r.sricharan@ti.com> +Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com> +Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> +--- + arch/arm/include/asm/system.h | 14 -------------- + 1 file changed, 14 deletions(-) + +diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h +index db5a19b17c19..86ae4d3992f6 100644 +--- a/arch/arm/include/asm/system.h ++++ b/arch/arm/include/asm/system.h +@@ -397,20 +397,6 @@ static inline void set_cr(unsigned int val) + isb(); + } + +-static inline unsigned int get_dacr(void) +-{ +- unsigned int val; +- asm("mrc p15, 0, %0, c3, c0, 0 @ get DACR" : "=r" (val) : : "cc"); +- return val; +-} +- +-static inline void set_dacr(unsigned int val) +-{ +- asm volatile("mcr p15, 0, %0, c3, c0, 0 @ set DACR" +- : : "r" (val) : "cc"); +- isb(); +-} +- + #ifdef CONFIG_ARMV7_LPAE + /* Long-Descriptor Translation Table Level 1/2 Bits */ + #define TTB_SECT_XN_MASK (1ULL << 54) +-- +2.30.1 + diff --git a/recipes-bsp/u-boot/u-boot-ledge/0009-tpm2-Introduce-TIS-tpm-core.patch b/recipes-bsp/u-boot/u-boot-ledge/0009-tpm2-Introduce-TIS-tpm-core.patch new file mode 100644 index 0000000..ee8bc86 --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge/0009-tpm2-Introduce-TIS-tpm-core.patch @@ -0,0 +1,650 @@ +From a39b2b0a072caa42643e9434850f769c2ccd249b Mon Sep 17 00:00:00 2001 +From: Ilias Apalodimas <ilias.apalodimas@linaro.org> +Date: Wed, 7 Jul 2021 19:25:58 +0300 +Subject: [PATCH 1/2] tpm2: Introduce TIS tpm core + +There's a lot of code duplication in U-Boot right now. All the TPM TIS +compatible drivers we have at the moment have their own copy of a TIS +implementation. + +So let's create a common layer which implements the core TIS functions. +Any driver added from now own, which is compatible with the TIS spec, will +only have to provide the underlying bus communication mechanisms. + +Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> +--- + drivers/tpm/tpm2_tis_core.c | 545 ++++++++++++++++++++++++++++++++++++ + drivers/tpm/tpm_tis.h | 40 +++ + include/tpm-v2.h | 1 + + 3 files changed, 586 insertions(+) + create mode 100644 drivers/tpm/tpm2_tis_core.c + +diff --git a/drivers/tpm/tpm2_tis_core.c b/drivers/tpm/tpm2_tis_core.c +new file mode 100644 +index 0000000000..9860ce2379 +--- /dev/null ++++ b/drivers/tpm/tpm2_tis_core.c +@@ -0,0 +1,545 @@ ++// SPDX-License-Identifier: GPL-2.0 ++/* ++ * Copyright (c) 2020, Linaro Limited ++ * ++ * Based on the Linux TIS core interface ++ */ ++ ++#include <common.h> ++#include <dm.h> ++#include <tpm-v2.h> ++#include <linux/delay.h> ++#include <linux/unaligned/be_byteshift.h> ++#include "tpm_tis.h" ++ ++/** ++ * tpm_tis_get_desc - Get the TPM description ++ * ++ * @udev: udevice ++ * @buf: buffer to fill data ++ * @size: buffer size ++ * ++ * @Return: Number of characters written (or would have been written) in buffer ++ */ ++int tpm_tis_get_desc(struct udevice *udev, char *buf, int size) ++{ ++ struct tpm_chip *chip = dev_get_priv(udev); ++ ++ if (size < 80) ++ return -ENOSPC; ++ ++ return snprintf(buf, size, ++ "%s v2.0: VendorID 0x%04x, DeviceID 0x%04x, RevisionID 0x%02x [%s]", ++ udev->name, chip->vend_dev & 0xFFFF, ++ chip->vend_dev >> 16, chip->rid, ++ (chip->is_open ? "open" : "closed")); ++} ++ ++/** ++ * tpm_tis_check_locality - Check the current TPM locality ++ * ++ * @udev: udevice ++ * @loc: locality ++ * ++ * Return: True if the tested locality matches ++ */ ++static bool tpm_tis_check_locality(struct udevice *udev, int loc) ++{ ++ struct tpm_chip *chip = dev_get_priv(udev); ++ struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; ++ u8 locality; ++ ++ if (!phy_ops) ++ return false; ++ ++ phy_ops->read_bytes(udev, TPM_ACCESS(loc), 1, &locality); ++ if ((locality & (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID | ++ TPM_ACCESS_REQUEST_USE)) == ++ (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) { ++ chip->locality = loc; ++ return true; ++ } ++ ++ return false; ++} ++ ++/** ++ * tpm_tis_request_locality - Request a locality from the TPM ++ * ++ * @udev: udevce ++ * @loc: requested locality ++ * ++ * Return: 0 on success -1 on failure ++ */ ++int tpm_tis_request_locality(struct udevice *udev, int loc) ++{ ++ struct tpm_chip *chip = dev_get_priv(udev); ++ struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; ++ u8 buf = TPM_ACCESS_REQUEST_USE; ++ unsigned long start, stop; ++ ++ if (!phy_ops) ++ return -1; ++ ++ if (tpm_tis_check_locality(udev, loc)) ++ return 0; ++ ++ phy_ops->write_bytes(udev, TPM_ACCESS(loc), 1, &buf); ++ start = get_timer(0); ++ stop = chip->timeout_a; ++ do { ++ if (tpm_tis_check_locality(udev, loc)) ++ return 0; ++ mdelay(TPM_TIMEOUT_MS); ++ } while (get_timer(start) < stop); ++ ++ return -1; ++} ++ ++/** ++ * tpm_tis_status - Check the current device status ++ * ++ * @udev: udevice ++ * @status: return value of status ++ * ++ * Return: 0 on success, negative on failure ++ */ ++static int tpm_tis_status(struct udevice *udev, u8 *status) ++{ ++ struct tpm_chip *chip = dev_get_priv(udev); ++ struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; ++ ++ if (!phy_ops) ++ return -EINVAL; ++ ++ if (chip->locality < 0) ++ return -EINVAL; ++ ++ phy_ops->read_bytes(udev, TPM_STS(chip->locality), 1, status); ++ ++ if ((*status & TPM_STS_READ_ZERO)) { ++ log_err("TPM returned invalid status\n"); ++ return -EINVAL; ++ } ++ ++ return 0; ++} ++ ++/** ++ * tpm_tis_release_locality - Release the requested locality ++ * ++ * @udev: udevice ++ * @loc: requested locality ++ * ++ * Return: 0 on success, negative on failure ++ */ ++int tpm_tis_release_locality(struct udevice *udev, int loc) ++{ ++ struct tpm_chip *chip = dev_get_priv(udev); ++ struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; ++ u8 buf = TPM_ACCESS_ACTIVE_LOCALITY; ++ int ret; ++ ++ if (!phy_ops) ++ return -1; ++ ++ if (chip->locality < 0) ++ return 0; ++ ++ ret = phy_ops->write_bytes(udev, TPM_ACCESS(loc), 1, &buf); ++ if (!ret) ++ chip->locality = -1; ++ ++ return ret; ++} ++ ++/** ++ * tpm_tis_wait_for_stat - Wait for TPM to become ready ++ * ++ * @udev: udev ++ * @mask: mask to match ++ * @timeout: timeout for retries ++ * @status: current status ++ * ++ * Return: 0 on success, negative on failure ++ */ ++static int tpm_tis_wait_for_stat(struct udevice *udev, u8 mask, ++ unsigned long timeout, u8 *status) ++{ ++ unsigned long start = get_timer(0); ++ unsigned long stop = timeout; ++ int ret; ++ ++ do { ++ mdelay(TPM_TIMEOUT_MS); ++ ret = tpm_tis_status(udev, status); ++ if (ret) ++ return ret; ++ ++ if ((*status & mask) == mask) ++ return 0; ++ } while (get_timer(start) < stop); ++ ++ return -ETIMEDOUT; ++} ++ ++/** ++ * tpm_tis_get_burstcount - Get the burstcount for the data FIFO ++ * ++ * @udev: udevice ++ * @burstcount: current burstcount ++ * ++ * Return: 0 on success, negative on failure ++ */ ++static int tpm_tis_get_burstcount(struct udevice *udev, size_t *burstcount) ++{ ++ struct tpm_chip *chip = dev_get_priv(udev); ++ struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; ++ unsigned long start, stop; ++ u32 burst; ++ ++ if (!phy_ops) ++ return -EINVAL; ++ ++ if (chip->locality < 0) ++ return -EINVAL; ++ ++ /* wait for burstcount */ ++ start = get_timer(0); ++ /* ++ * This is the TPMv2 defined timeout. Change this in case you want to ++ * make the driver compatile to TPMv1 ++ */ ++ stop = chip->timeout_a; ++ do { ++ phy_ops->read32(udev, TPM_STS(chip->locality), &burst); ++ *burstcount = (burst >> 8) & 0xFFFF; ++ if (*burstcount) ++ return 0; ++ ++ mdelay(TPM_TIMEOUT_MS); ++ } while (get_timer(start) < stop); ++ ++ return -ETIMEDOUT; ++} ++ ++/** ++ * tpm_tis_ready - Cancel pending comands and get the device on a ready state ++ * ++ * @udev: udevcie ++ * ++ * Return: 0 on success, negative on failure ++ */ ++static int tpm_tis_ready(struct udevice *udev) ++{ ++ struct tpm_chip *chip = dev_get_priv(udev); ++ struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; ++ u8 data = TPM_STS_COMMAND_READY; ++ ++ if (!phy_ops) ++ return -1; ++ ++ /* This will cancel any pending commands */ ++ return phy_ops->write_bytes(udev, TPM_STS(chip->locality), 1, &data); ++} ++ ++/** ++ * tpm_tis_send - send data to the device ++ * ++ * @udev: udevice ++ * @buf: buffer to send ++ * @len: size of the buffer ++ * ++ * Return: number of bytes sent or negative on failure ++ */ ++int tpm_tis_send(struct udevice *udev, const u8 *buf, size_t len) ++{ ++ struct tpm_chip *chip = dev_get_priv(udev); ++ struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; ++ size_t burstcnt, wr_size, sent = 0; ++ u8 data = TPM_STS_GO; ++ u8 status; ++ int ret; ++ ++ if (!phy_ops) ++ return -EINVAL; ++ ++ if (!chip) ++ return -ENODEV; ++ ++ ret = tpm_tis_request_locality(udev, 0); ++ if (ret < 0) ++ return -EBUSY; ++ ++ ret = tpm_tis_status(udev, &status); ++ if (ret) ++ goto release_locality; ++ ++ if (!(status & TPM_STS_COMMAND_READY)) { ++ ret = tpm_tis_ready(udev); ++ if (ret) { ++ log_err("Can't cancel previous TPM operation\n"); ++ goto release_locality; ++ } ++ ret = tpm_tis_wait_for_stat(udev, TPM_STS_COMMAND_READY, ++ chip->timeout_b, &status); ++ if (ret) { ++ log_err("TPM not ready\n"); ++ goto release_locality; ++ } ++ } ++ ++ while (len > 0) { ++ ret = tpm_tis_get_burstcount(udev, &burstcnt); ++ if (ret) ++ goto release_locality; ++ ++ wr_size = min(len, burstcnt); ++ ret = phy_ops->write_bytes(udev, TPM_DATA_FIFO(chip->locality), ++ wr_size, buf + sent); ++ if (ret < 0) ++ goto release_locality; ++ ++ ret = tpm_tis_wait_for_stat(udev, TPM_STS_VALID, ++ chip->timeout_c, &status); ++ if (ret) ++ goto release_locality; ++ ++ sent += wr_size; ++ len -= wr_size; ++ /* make sure the TPM expects more data */ ++ if (len && !(status & TPM_STS_DATA_EXPECT)) { ++ ret = -EIO; ++ goto release_locality; ++ } ++ } ++ ++ /* ++ * Make a final check ensuring everything is ok and the TPM expects no ++ * more data ++ */ ++ ret = tpm_tis_wait_for_stat(udev, TPM_STS_VALID, chip->timeout_c, ++ &status); ++ if (ret) ++ goto release_locality; ++ ++ if (status & TPM_STS_DATA_EXPECT) { ++ ret = -EIO; ++ goto release_locality; ++ } ++ ++ ret = phy_ops->write_bytes(udev, TPM_STS(chip->locality), 1, &data); ++ if (ret) ++ goto release_locality; ++ ++ tpm_tis_release_locality(udev, chip->locality); ++ return sent; ++ ++release_locality: ++ tpm_tis_ready(udev); ++ tpm_tis_release_locality(udev, chip->locality); ++ ++ return ret; ++} ++ ++/** ++ * tpm_tis_recv_data - Receive data from a device. Wrapper for tpm_tis_recv ++ * ++ * @udev: udevice ++ * @buf: buffer to copy data ++ * @size: buffer size ++ * ++ * Return: bytes read or negative on failure ++ */ ++static int tpm_tis_recv_data(struct udevice *udev, u8 *buf, size_t count) ++{ ++ struct tpm_chip *chip = dev_get_priv(udev); ++ struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; ++ int size = 0, len, ret; ++ size_t burstcnt; ++ u8 status; ++ ++ if (!phy_ops) ++ return -EINVAL; ++ ++ while (size < count && ++ tpm_tis_wait_for_stat(udev, TPM_STS_DATA_AVAIL | TPM_STS_VALID, ++ chip->timeout_c, &status) == 0) { ++ ret = tpm_tis_get_burstcount(udev, &burstcnt); ++ if (ret) ++ return burstcnt; ++ ++ len = min_t(int, burstcnt, count - size); ++ ret = phy_ops->read_bytes(udev, TPM_DATA_FIFO(chip->locality), ++ len, buf + size); ++ if (ret < 0) ++ return ret; ++ ++ size += len; ++ } ++ ++ return size; ++} ++ ++/** ++ * tpm_tis_recv - Receive data from a device ++ * ++ * @udev: udevice ++ * @buf: buffer to copy data ++ * @size: buffer size ++ * ++ * Return: bytes read or negative on failure ++ */ ++int tpm_tis_recv(struct udevice *udev, u8 *buf, size_t count) ++{ ++ struct tpm_chip *chip = dev_get_priv(udev); ++ int ret; ++ int size, expected; ++ ++ if (!chip) ++ return -ENODEV; ++ ++ if (count < TPM_HEADER_SIZE) ++ return -E2BIG; ++ ++ ret = tpm_tis_request_locality(udev, 0); ++ if (ret < 0) ++ return -EBUSY; ++ ++ size = tpm_tis_recv_data(udev, buf, TPM_HEADER_SIZE); ++ if (size < TPM_HEADER_SIZE) { ++ log_err("TPM error, unable to read header\n"); ++ goto out; ++ } ++ ++ expected = get_unaligned_be32(buf + TPM_CMD_COUNT_OFFSET); ++ if (expected > count) { ++ size = -EIO; ++ log_warning("Too much data: %d > %zu\n", expected, count); ++ goto out; ++ } ++ ++ size += tpm_tis_recv_data(udev, &buf[TPM_HEADER_SIZE], ++ expected - TPM_HEADER_SIZE); ++ if (size < expected) { ++ log(LOGC_NONE, LOGL_ERR, ++ "TPM error, unable to read remaining bytes of result\n"); ++ size = -EIO; ++ goto out; ++ } ++ ++out: ++ tpm_tis_ready(udev); ++ tpm_tis_release_locality(udev, chip->locality); ++ ++ return size; ++} ++ ++/** tpm_tis_cleanup - Get the device in ready state and release locality ++ * ++ * @udev: udevice ++ * ++ * Return: always 0 ++ */ ++int tpm_tis_cleanup(struct udevice *udev) ++{ ++ struct tpm_chip *chip = dev_get_priv(udev); ++ ++ tpm_tis_ready(udev); ++ tpm_tis_release_locality(udev, chip->locality); ++ ++ return 0; ++} ++ ++/** ++ * tpm_tis_open - Open the device and request locality 0 ++ * ++ * @udev: udevice ++ * ++ * Return: 0 on success, negative on failure ++ */ ++int tpm_tis_open(struct udevice *udev) ++{ ++ struct tpm_chip *chip = dev_get_priv(udev); ++ int ret; ++ ++ if (chip->is_open) ++ return -EBUSY; ++ ++ ret = tpm_tis_request_locality(udev, 0); ++ if (!ret) ++ chip->is_open = 1; ++ ++ return ret; ++} ++ ++/** ++ * tpm_tis_ops_register - register the PHY ops for the device ++ * ++ * @udev: udevice ++ * @ops: bus ops for the device ++ */ ++void tpm_tis_ops_register(struct udevice *udev, struct tpm_tis_phy_ops *ops) ++{ ++ struct tpm_chip *chip = dev_get_priv(udev); ++ ++ chip->phy_ops = ops; ++} ++ ++/** ++ * tpm_tis_init - inititalize the device ++ * ++ * @udev: udevice ++ * ++ * Return: 0 on success, negative on failure ++ */ ++int tpm_tis_init(struct udevice *udev) ++{ ++ struct tpm_chip *chip = dev_get_priv(udev); ++ struct tpm_tis_phy_ops *phy_ops = chip->phy_ops; ++ int ret; ++ u32 tmp; ++ ++ if (!phy_ops) ++ return -1; ++ ret = tpm_tis_request_locality(udev, 0); ++ if (ret) ++ return ret; ++ ++ chip->timeout_a = TIS_SHORT_TIMEOUT_MS; ++ chip->timeout_b = TIS_LONG_TIMEOUT_MS; ++ chip->timeout_c = TIS_SHORT_TIMEOUT_MS; ++ chip->timeout_d = TIS_SHORT_TIMEOUT_MS; ++ ++ /* Disable interrupts */ ++ phy_ops->read32(udev, TPM_INT_ENABLE(chip->locality), &tmp); ++ tmp |= TPM_INTF_CMD_READY_INT | TPM_INTF_LOCALITY_CHANGE_INT | ++ TPM_INTF_DATA_AVAIL_INT | TPM_INTF_STS_VALID_INT; ++ tmp &= ~TPM_GLOBAL_INT_ENABLE; ++ phy_ops->write32(udev, TPM_INT_ENABLE(chip->locality), tmp); ++ ++ phy_ops->read_bytes(udev, TPM_RID(chip->locality), 1, &chip->rid); ++ phy_ops->read32(udev, TPM_DID_VID(chip->locality), &chip->vend_dev); ++ ++ return tpm_tis_release_locality(udev, chip->locality); ++} ++ ++/** ++ * tpm_tis_close - Close the device and release locality ++ * ++ * @udev: udevice ++ * ++ * Return: 0 on success, negative on failure ++ */ ++int tpm_tis_close(struct udevice *udev) ++{ ++ struct tpm_chip *chip = dev_get_priv(udev); ++ int ret = 0; ++ ++ if (chip->is_open) { ++ ret = tpm_tis_release_locality(udev, chip->locality); ++ chip->is_open = 0; ++ } ++ ++ return ret; ++} +diff --git a/drivers/tpm/tpm_tis.h b/drivers/tpm/tpm_tis.h +index 2a160fe05c..fde3bb71f7 100644 +--- a/drivers/tpm/tpm_tis.h ++++ b/drivers/tpm/tpm_tis.h +@@ -21,6 +21,37 @@ + #include <linux/compiler.h> + #include <linux/types.h> + ++struct tpm_tis_phy_ops { ++ int (*read_bytes)(struct udevice *udev, u32 addr, u16 len, ++ u8 *result); ++ int (*write_bytes)(struct udevice *udev, u32 addr, u16 len, ++ const u8 *value); ++ int (*read16)(struct udevice *udev, u32 addr, u16 *result); ++ int (*read32)(struct udevice *udev, u32 addr, u32 *result); ++ int (*write32)(struct udevice *udev, u32 addr, u32 src); ++}; ++ ++enum tis_int_flags { ++ TPM_GLOBAL_INT_ENABLE = 0x80000000, ++ TPM_INTF_BURST_COUNT_STATIC = 0x100, ++ TPM_INTF_CMD_READY_INT = 0x080, ++ TPM_INTF_INT_EDGE_FALLING = 0x040, ++ TPM_INTF_INT_EDGE_RISING = 0x020, ++ TPM_INTF_INT_LEVEL_LOW = 0x010, ++ TPM_INTF_INT_LEVEL_HIGH = 0x008, ++ TPM_INTF_LOCALITY_CHANGE_INT = 0x004, ++ TPM_INTF_STS_VALID_INT = 0x002, ++ TPM_INTF_DATA_AVAIL_INT = 0x001, ++}; ++ ++#define TPM_ACCESS(l) (0x0000 | ((l) << 12)) ++#define TPM_INT_ENABLE(l) (0x0008 | ((l) << 12)) ++#define TPM_STS(l) (0x0018 | ((l) << 12)) ++#define TPM_DATA_FIFO(l) (0x0024 | ((l) << 12)) ++#define TPM_DID_VID(l) (0x0F00 | ((l) << 12)) ++#define TPM_RID(l) (0x0F04 | ((l) << 12)) ++#define TPM_INTF_CAPS(l) (0x0014 | ((l) << 12)) ++ + enum tpm_timeout { + TPM_TIMEOUT_MS = 5, + TIS_SHORT_TIMEOUT_MS = 750, +@@ -43,6 +74,7 @@ struct tpm_chip { + u8 rid; + unsigned long timeout_a, timeout_b, timeout_c, timeout_d; /* msec */ + ulong chip_type; ++ struct tpm_tis_phy_ops *phy_ops; + }; + + struct tpm_input_header { +@@ -130,4 +162,12 @@ enum tis_status { + }; + #endif + ++int tpm_tis_open(struct udevice *udev); ++int tpm_tis_close(struct udevice *udev); ++int tpm_tis_cleanup(struct udevice *udev); ++int tpm_tis_send(struct udevice *udev, const u8 *buf, size_t len); ++int tpm_tis_recv(struct udevice *udev, u8 *buf, size_t count); ++int tpm_tis_get_desc(struct udevice *udev, char *buf, int size); ++int tpm_tis_init(struct udevice *udev); ++void tpm_tis_ops_register(struct udevice *udev, struct tpm_tis_phy_ops *ops); + #endif +diff --git a/include/tpm-v2.h b/include/tpm-v2.h +index f6c045d354..5b2adab138 100644 +--- a/include/tpm-v2.h ++++ b/include/tpm-v2.h +@@ -186,6 +186,7 @@ enum { + TPM_STS_DATA_EXPECT = 1 << 3, + TPM_STS_SELF_TEST_DONE = 1 << 2, + TPM_STS_RESPONSE_RETRY = 1 << 1, ++ TPM_STS_READ_ZERO = 0x23 + }; + + enum { +-- +2.17.1 + diff --git a/recipes-bsp/u-boot/u-boot-ledge/0010-tpm2-Add-a-TPMv2-MMIO-TIS-driver.patch b/recipes-bsp/u-boot/u-boot-ledge/0010-tpm2-Add-a-TPMv2-MMIO-TIS-driver.patch new file mode 100644 index 0000000..d7fc2e1 --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge/0010-tpm2-Add-a-TPMv2-MMIO-TIS-driver.patch @@ -0,0 +1,215 @@ +From cce27a974c08a0c6f463c404c003ca09b476ca5e Mon Sep 17 00:00:00 2001 +From: Ilias Apalodimas <ilias.apalodimas@linaro.org> +Date: Wed, 7 Jul 2021 19:25:59 +0300 +Subject: [PATCH 2/2] tpm2: Add a TPMv2 MMIO TIS driver + +Add support for devices that expose a TPMv2 though MMIO. +Apart from those devices, we can use the driver in our QEMU setups and +test TPM related code which is difficult to achieve using the sandbox +driver (e.g test the EFI TCG2 protocol). + +It's worth noting that a previous patch added TPMv2 TIS core functions, +which the current driver is consuming. + +Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> +--- + drivers/tpm/Kconfig | 9 +++ + drivers/tpm/Makefile | 1 + + drivers/tpm/tpm2_tis_mmio.c | 156 ++++++++++++++++++++++++++++++++++++ + 3 files changed, 166 insertions(+) + create mode 100644 drivers/tpm/tpm2_tis_mmio.c + +diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig +index 9eebab5cfd..406ee8716e 100644 +--- a/drivers/tpm/Kconfig ++++ b/drivers/tpm/Kconfig +@@ -161,6 +161,15 @@ config TPM2_FTPM_TEE + help + This driver supports firmware TPM running in TEE. + ++config TPM2_MMIO ++ bool "MMIO based TPM2 Interface" ++ depends on TPM_V2 ++ help ++ This driver supports firmware TPM2.0 MMIO interface. ++ The usual TPM operations and the 'tpm' command can be used to talk ++ to the device using the standard TPM Interface Specification (TIS) ++ protocol. ++ + endif # TPM_V2 + + endmenu +diff --git a/drivers/tpm/Makefile b/drivers/tpm/Makefile +index 8f075b9f45..caa027118f 100644 +--- a/drivers/tpm/Makefile ++++ b/drivers/tpm/Makefile +@@ -14,3 +14,4 @@ obj-$(CONFIG_TPM2_CR50_I2C) += cr50_i2c.o + obj-$(CONFIG_TPM2_TIS_SANDBOX) += tpm2_tis_sandbox.o + obj-$(CONFIG_TPM2_TIS_SPI) += tpm2_tis_spi.o + obj-$(CONFIG_TPM2_FTPM_TEE) += tpm2_ftpm_tee.o ++obj-$(CONFIG_TPM2_MMIO) += tpm2_tis_core.o tpm2_tis_mmio.o +diff --git a/drivers/tpm/tpm2_tis_mmio.c b/drivers/tpm/tpm2_tis_mmio.c +new file mode 100644 +index 0000000000..2183a28071 +--- /dev/null ++++ b/drivers/tpm/tpm2_tis_mmio.c +@@ -0,0 +1,156 @@ ++// SPDX-License-Identifier: GPL-2.0 ++/* ++ * driver for mmio TCG/TIS TPM (trusted platform module). ++ * ++ * Specifications at www.trustedcomputinggroup.org ++ */ ++ ++#include <common.h> ++#include <dm.h> ++#include <log.h> ++#include <tpm-v2.h> ++#include <linux/bitops.h> ++#include <linux/compiler.h> ++#include <linux/delay.h> ++#include <linux/errno.h> ++#include <linux/types.h> ++#include <linux/io.h> ++#include <linux/unaligned/be_byteshift.h> ++#include "tpm_tis.h" ++#include "tpm_internal.h" ++ ++struct tpm_tis_chip_data { ++ unsigned int pcr_count; ++ unsigned int pcr_select_min; ++ unsigned int time_before_first_cmd_ms; ++ void __iomem *iobase; ++}; ++ ++static int mmio_read_bytes(struct udevice *udev, u32 addr, u16 len, ++ u8 *result) ++{ ++ struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev); ++ ++ while (len--) ++ *result++ = ioread8(drv_data->iobase + addr); ++ return 0; ++} ++ ++static int mmio_write_bytes(struct udevice *udev, u32 addr, u16 len, ++ const u8 *value) ++{ ++ struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev); ++ ++ while (len--) ++ iowrite8(*value++, drv_data->iobase + addr); ++ return 0; ++} ++ ++static int mmio_read16(struct udevice *udev, u32 addr, u16 *result) ++{ ++ struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev); ++ ++ *result = ioread16(drv_data->iobase + addr); ++ return 0; ++} ++ ++static int mmio_read32(struct udevice *udev, u32 addr, u32 *result) ++{ ++ struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev); ++ ++ *result = ioread32(drv_data->iobase + addr); ++ return 0; ++} ++ ++static int mmio_write32(struct udevice *udev, u32 addr, u32 value) ++{ ++ struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev); ++ ++ iowrite32(value, drv_data->iobase + addr); ++ return 0; ++} ++ ++static struct tpm_tis_phy_ops phy_ops = { ++ .read_bytes = mmio_read_bytes, ++ .write_bytes = mmio_write_bytes, ++ .read16 = mmio_read16, ++ .read32 = mmio_read32, ++ .write32 = mmio_write32, ++}; ++ ++static int tpm_tis_probe(struct udevice *udev) ++{ ++ struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev); ++ struct tpm_chip_priv *priv = dev_get_uclass_priv(udev); ++ int ret = 0; ++ fdt_addr_t ioaddr; ++ u64 sz; ++ ++ ioaddr = dev_read_addr(udev); ++ if (ioaddr == FDT_ADDR_T_NONE) ++ return -EINVAL; ++ ++ ret = dev_read_u64(udev, "reg", &sz); ++ if (ret) ++ return -EINVAL; ++ ++ drv_data->iobase = ioremap(ioaddr, sz); ++ log_info("Remapped TPM2 base: 0x%llx size: 0x%llx\n", ioaddr, sz); ++ tpm_tis_ops_register(udev, &phy_ops); ++ ret = tpm_tis_init(udev); ++ if (ret) ++ goto iounmap; ++ ++ priv->pcr_count = drv_data->pcr_count; ++ priv->pcr_select_min = drv_data->pcr_select_min; ++ /* ++ * Although the driver probably works with a TPMv1 our Kconfig ++ * limits the driver to TPMv2 only ++ */ ++ priv->version = TPM_V2; ++ ++ return ret; ++iounmap: ++ iounmap(drv_data->iobase); ++ return -EINVAL; ++} ++ ++static int tpm_tis_remove(struct udevice *udev) ++{ ++ struct tpm_tis_chip_data *drv_data = (void *)dev_get_driver_data(udev); ++ ++ iounmap(drv_data->iobase); ++ return tpm_tis_cleanup(udev); ++} ++ ++static const struct tpm_ops tpm_tis_ops = { ++ .open = tpm_tis_open, ++ .close = tpm_tis_close, ++ .get_desc = tpm_tis_get_desc, ++ .send = tpm_tis_send, ++ .recv = tpm_tis_recv, ++ .cleanup = tpm_tis_cleanup, ++}; ++ ++static const struct tpm_tis_chip_data tpm_tis_std_chip_data = { ++ .pcr_count = 24, ++ .pcr_select_min = 3, ++}; ++ ++static const struct udevice_id tpm_tis_ids[] = { ++ { ++ .compatible = "tcg,tpm-tis-mmio", ++ .data = (ulong)&tpm_tis_std_chip_data, ++ }, ++ { } ++}; ++ ++U_BOOT_DRIVER(tpm_tis_mmio) = { ++ .name = "tpm_tis_mmio", ++ .id = UCLASS_TPM, ++ .of_match = tpm_tis_ids, ++ .ops = &tpm_tis_ops, ++ .probe = tpm_tis_probe, ++ .remove = tpm_tis_remove, ++ .priv_auto = sizeof(struct tpm_chip), ++}; +-- +2.17.1 + diff --git a/recipes-bsp/u-boot/u-boot-ledge/ledge-qemuarm64_defconfig b/recipes-bsp/u-boot/u-boot-ledge/ledge-qemuarm64_defconfig new file mode 100644 index 0000000..cf661df --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge/ledge-qemuarm64_defconfig @@ -0,0 +1,64 @@ +CONFIG_ARM=y +CONFIG_POSITION_INDEPENDENT=y +CONFIG_ARCH_QEMU=y +CONFIG_TFABOOT=y +CONFIG_NR_DRAM_BANKS=1 +CONFIG_ENV_SIZE=0x40000 +CONFIG_AHCI=y +CONFIG_DISTRO_DEFAULTS=y +CONFIG_FIT=y +CONFIG_FIT_SIGNATURE=y +CONFIG_FIT_VERBOSE=y +CONFIG_FIT_BEST_MATCH=y +CONFIG_LEGACY_IMAGE_FORMAT=y +CONFIG_BOOTDELAY=0 +CONFIG_BOOTCOMMAND="virtio scan; load virtio 0 0x70000000 PK.auth; setenv -e -nv -bs -rt -at -i 0x70000000:$filesize PK;load virtio 0 0x70000000 KEK.auth; setenv -e -nv -bs -rt -at -i 0x70000000:$filesize KEK; load virtio 0 0x70000000 db.auth; setenv -e -nv -bs -rt -at -i 0x70000000:$filesize db; setenv kernel_addr_r 0x60000000; setenv bootargs 'rootwait root=PARTLABEL=rootfs'; efidebug boot add 0000 'kernel' virtio 1:1 /efi/boot/bootaa64.efi; efidebug boot order 0000; bootefi bootmgr" +CONFIG_USE_PREBOOT=y +# CONFIG_DISPLAY_CPUINFO is not set +# CONFIG_DISPLAY_BOARDINFO is not set +CONFIG_PCI_INIT_R=y +CONFIG_CMD_BOOTEFI_SELFTEST=y +CONFIG_CMD_NVEDIT_EFI=y +CONFIG_CMD_DFU=y +CONFIG_CMD_MTD=y +CONFIG_CMD_PCI=y +CONFIG_CMD_USB=y +CONFIG_CMD_EFIDEBUG=y +CONFIG_CMD_MTDPARTS=y +CONFIG_OF_BOARD=y +CONFIG_SCSI_AHCI=y +CONFIG_AHCI_PCI=y +CONFIG_BLK=y +CONFIG_DFU_TFTP=y +CONFIG_DFU_RAM=y +CONFIG_DFU_MTD=y +# CONFIG_MMC is not set +CONFIG_MTD=y +CONFIG_DM_MTD=y +CONFIG_MTD_NOR_FLASH=y +CONFIG_FLASH_CFI_DRIVER=y +CONFIG_CFI_FLASH=y +CONFIG_SYS_FLASH_USE_BUFFER_WRITE=y +CONFIG_FLASH_CFI_MTD=y +CONFIG_SYS_FLASH_CFI=y +CONFIG_DM_ETH=y +CONFIG_E1000=y +CONFIG_NVME=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_PCIE_ECAM_GENERIC=y +CONFIG_SCSI=y +CONFIG_DM_SCSI=y +CONFIG_SYSRESET=y +CONFIG_SYSRESET_PSCI=y +CONFIG_TEE=y +CONFIG_OPTEE=y +# CONFIG_CHIMP_OPTEE is not set +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_USB_EHCI_HCD=y +CONFIG_USB_EHCI_PCI=y +CONFIG_EFI_MM_COMM_TEE=y +CONFIG_EFI_LOAD_FILE2_INITRD=y +CONFIG_EFI_INITRD_FILESPEC="virtio 1:1 ledge-initramfs.rootfs.cpio.gz" +CONFIG_EFI_SECURE_BOOT=y diff --git a/recipes-bsp/u-boot/u-boot-ledge/ledge-qemuarm_defconfig b/recipes-bsp/u-boot/u-boot-ledge/ledge-qemuarm_defconfig new file mode 100644 index 0000000..910d064 --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge/ledge-qemuarm_defconfig @@ -0,0 +1,64 @@ +CONFIG_ARM=y +CONFIG_ARM_SMCCC=y +CONFIG_ARCH_QEMU=y +CONFIG_TFABOOT=y +CONFIG_NR_DRAM_BANKS=1 +CONFIG_ENV_SIZE=0x40000 +CONFIG_TARGET_QEMU_ARM_32BIT=y +CONFIG_ARMV7_LPAE=y +CONFIG_AHCI=y +CONFIG_DISTRO_DEFAULTS=y +CONFIG_FIT=y +CONFIG_FIT_SIGNATURE=y +CONFIG_FIT_VERBOSE=y +CONFIG_FIT_BEST_MATCH=y +CONFIG_LEGACY_IMAGE_FORMAT=y +CONFIG_BOOTDELAY=0 +CONFIG_BOOTCOMMAND="virtio scan; load virtio 0 0x70000000 PK.auth; setenv -e -nv -bs -rt -at -i 0x70000000:$filesize PK; load virtio 0 0x70000000 KEK.auth; setenv -e -nv -bs -rt -at -i 0x70000000:$filesize KEK; load virtio 0 0x70000000 db.auth; setenv -e -nv -bs -rt -at -i 0x70000000:$filesize db; setenv kernel_addr_r 0x60000000; setenv bootargs 'rootwait root=PARTLABEL=rootfs console=ttyAMA0,115200 earlyprintk=serial,ttyAMA0,115200'; efidebug boot add 0000 'kernel' virtio 1:1 /efi/boot/bootarm.efi; efidebug boot order 0000; bootefi bootmgr" +CONFIG_USE_PREBOOT=y +# CONFIG_DISPLAY_CPUINFO is not set +# CONFIG_DISPLAY_BOARDINFO is not set +CONFIG_PCI_INIT_R=y +CONFIG_CMD_BOOTEFI_SELFTEST=y +CONFIG_CMD_NVEDIT_EFI=y +CONFIG_CMD_DFU=y +CONFIG_CMD_MTD=y +CONFIG_CMD_PCI=y +CONFIG_CMD_USB=y +CONFIG_CMD_EFIDEBUG=y +CONFIG_CMD_MTDPARTS=y +CONFIG_OF_BOARD=y +CONFIG_SCSI_AHCI=y +CONFIG_AHCI_PCI=y +CONFIG_BLK=y +CONFIG_DFU_TFTP=y +CONFIG_DFU_RAM=y +CONFIG_DFU_MTD=y +# CONFIG_MMC is not set +CONFIG_MTD=y +CONFIG_DM_MTD=y +CONFIG_MTD_NOR_FLASH=y +CONFIG_FLASH_CFI_DRIVER=y +CONFIG_CFI_FLASH=y +CONFIG_SYS_FLASH_USE_BUFFER_WRITE=y +CONFIG_FLASH_CFI_MTD=y +CONFIG_SYS_FLASH_CFI=y +CONFIG_DM_ETH=y +CONFIG_E1000=y +CONFIG_NVME=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_PCIE_ECAM_GENERIC=y +CONFIG_SCSI=y +CONFIG_DM_SCSI=y +CONFIG_SYSRESET=y +CONFIG_SYSRESET_PSCI=y +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_USB_EHCI_HCD=y +CONFIG_USB_EHCI_PCI=y +CONFIG_EFI_LOAD_FILE2_INITRD=y +CONFIG_EFI_INITRD_FILESPEC="virtio 1:1 ledge-initramfs.rootfs.cpio.gz" +CONFIG_EFI_SECURE_BOOT=y +CONFIG_SYS_TEXT_BASE=0x60000000 +CONFIG_HAVE_SYS_TEXT_BASE=y diff --git a/recipes-bsp/u-boot/u-boot-ledge/ledge-ti-am572x_defconfig b/recipes-bsp/u-boot/u-boot-ledge/ledge-ti-am572x_defconfig new file mode 100644 index 0000000..896a85a --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge/ledge-ti-am572x_defconfig @@ -0,0 +1,125 @@ +CONFIG_ARM=y +CONFIG_ARCH_OMAP2PLUS=y +CONFIG_TI_COMMON_CMD_OPTIONS=y +CONFIG_SYS_MALLOC_F_LEN=0x2000 +CONFIG_NR_DRAM_BANKS=2 +CONFIG_SYS_SPI_U_BOOT_OFFS=0x40000 +CONFIG_DM_GPIO=y +CONFIG_SPL_DM_SPI=y +CONFIG_SPL_TEXT_BASE=0x40300000 +CONFIG_OMAP54XX=y +CONFIG_TARGET_AM57XX_EVM=y +CONFIG_SPL=y +CONFIG_ENV_OFFSET_REDUND=0x280000 +CONFIG_SPL_SPI_FLASH_SUPPORT=y +CONFIG_SPL_SPI_SUPPORT=y +CONFIG_ARMV7_LPAE=y +CONFIG_DEFAULT_DEVICE_TREE="am572x-idk" +CONFIG_AHCI=y +CONFIG_DISTRO_DEFAULTS=y +CONFIG_SPL_LOAD_FIT=y +# CONFIG_USE_SPL_FIT_GENERATOR is not set +CONFIG_OF_BOARD_SETUP=y +CONFIG_SD_BOOT=y +CONFIG_USE_BOOTARGS=y +CONFIG_BOOTARGS="androidboot.serialno=${serial#} console=ttyS2,115200 androidboot.console=ttyS2 androidboot.hardware=beagle_x15board" +CONFIG_BOOTCOMMAND="efidebug boot add 0000 'kernel' mmc 0:2 /efi/boot/bootarm.efi; efidebug boot order 0000; bootefi bootmgr" +CONFIG_SYS_CONSOLE_INFO_QUIET=y +CONFIG_BOARD_EARLY_INIT_F=y +# CONFIG_MISC_INIT_R is not set +CONFIG_AVB_VERIFY=y +CONFIG_ANDROID_AB=y +CONFIG_SPL_SYS_MALLOC_SIMPLE=y +CONFIG_SPL_SEPARATE_BSS=y +CONFIG_SPL_DMA=y +# CONFIG_SPL_NAND_SUPPORT is not set +CONFIG_SPL_DM_SPI_FLASH=y +CONFIG_SPL_OS_BOOT=y +CONFIG_SPL_SPI_LOAD=y +CONFIG_SPL_YMODEM_SUPPORT=y +CONFIG_CMD_ADTIMG=y +CONFIG_CMD_ABOOTIMG=y +CONFIG_CMD_SPL=y +CONFIG_CMD_BCB=y +# CONFIG_CMD_FLASH is not set +# CONFIG_CMD_GPT is not set +CONFIG_RANDOM_UUID=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_AB_SELECT=y +CONFIG_BOOTP_DNS2=y +CONFIG_CMD_EFIDEBUG=y +# CONFIG_CMD_PMIC is not set +CONFIG_CMD_AVB=y +CONFIG_PARTITION_TYPE_GUID=y +CONFIG_OF_CONTROL=y +CONFIG_SPL_OF_CONTROL=y +CONFIG_OF_LIST="am57xx-beagle-x15 am57xx-beagle-x15-revb1 am57xx-beagle-x15-revc am5729-beagleboneai am572x-idk am571x-idk am574x-idk" +CONFIG_ENV_OVERWRITE=y +CONFIG_ENV_IS_IN_MMC=y +CONFIG_SYS_REDUNDAND_ENVIRONMENT=y +CONFIG_SYS_RELOC_GD_ENV_ADDR=y +CONFIG_SYS_MMC_ENV_DEV=1 +CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y +CONFIG_VERSION_VARIABLE=y +CONFIG_BOOTP_SEND_HOSTNAME=y +CONFIG_DM=y +CONFIG_SPL_DM=y +CONFIG_SPL_DM_SEQ_ALIAS=y +CONFIG_SPL_REGMAP=y +CONFIG_SPL_SYSCON=y +CONFIG_SPL_OF_TRANSLATE=y +CONFIG_DWC_AHCI=y +CONFIG_CLK=y +CONFIG_CLK_CDCE9XX=y +CONFIG_DFU_MMC=y +CONFIG_DFU_RAM=y +CONFIG_DFU_SF=y +CONFIG_USB_FUNCTION_FASTBOOT=y +CONFIG_FASTBOOT_BUF_ADDR=0x82000000 +CONFIG_FASTBOOT_BUF_SIZE=0x2F000000 +CONFIG_FASTBOOT_USB_DEV=1 +CONFIG_FASTBOOT_FLASH=y +CONFIG_FASTBOOT_FLASH_MMC_DEV=1 +CONFIG_DM_I2C=y +CONFIG_MISC=y +CONFIG_DM_MMC=y +CONFIG_SUPPORT_EMMC_BOOT=y +CONFIG_MMC_OMAP_HS=y +CONFIG_MTD=y +CONFIG_DM_SPI_FLASH=y +CONFIG_SF_DEFAULT_MODE=0 +CONFIG_SF_DEFAULT_SPEED=76800000 +CONFIG_SPI_FLASH_SPANSION=y +CONFIG_PHY_MICREL=y +CONFIG_PHY_MICREL_KSZ90X1=y +CONFIG_DM_ETH=y +CONFIG_MII=y +CONFIG_DRIVER_TI_CPSW=y +CONFIG_PIPE3_PHY=y +CONFIG_OMAP_USB2_PHY=y +CONFIG_DM_PMIC=y +CONFIG_PMIC_PALMAS=y +CONFIG_DM_REGULATOR=y +CONFIG_DM_REGULATOR_PALMAS=y +CONFIG_DM_SCSI=y +CONFIG_DM_SERIAL=y +CONFIG_SPI=y +CONFIG_DM_SPI=y +CONFIG_TI_QSPI=y +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_DM_USB_GADGET=y +CONFIG_SPL_DM_USB_GADGET=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_DWC3=y +CONFIG_USB_DWC3_GENERIC=y +CONFIG_USB_GADGET=y +CONFIG_USB_GADGET_MANUFACTURER="Texas Instruments" +CONFIG_USB_GADGET_VENDOR_NUM=0x0451 +CONFIG_USB_GADGET_PRODUCT_NUM=0xd022 +CONFIG_LIBAVB=y +CONFIG_EFI_VARIABLES_PRESEED=y +CONFIG_EFI_LOAD_FILE2_INITRD=y +CONFIG_EFI_INITRD_FILESPEC="mmc 0:2 ledge-initramfs.rootfs.cpio.gz" +CONFIG_EFI_SECURE_BOOT=y diff --git a/recipes-bsp/u-boot/u-boot-ledge/ledge_stm32mp157c_dk2_trusted_defconfig b/recipes-bsp/u-boot/u-boot-ledge/ledge_stm32mp157c_dk2_trusted_defconfig new file mode 100644 index 0000000..3b76319 --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge/ledge_stm32mp157c_dk2_trusted_defconfig @@ -0,0 +1,147 @@ +CONFIG_ARM=y +CONFIG_ARCH_STM32MP=y +CONFIG_TFABOOT=y +CONFIG_SYS_MALLOC_F_LEN=0x3000 +CONFIG_SYS_MEMTEST_START=0xc0000000 +CONFIG_SYS_MEMTEST_END=0xc4000000 +CONFIG_ENV_OFFSET=0x280000 +CONFIG_ENV_SECT_SIZE=0x40000 +CONFIG_TARGET_ST_STM32MP15x=y +CONFIG_CMD_STM32PROG=y +CONFIG_TYPEC_STUSB160X=y +CONFIG_ENV_OFFSET_REDUND=0x2C0000 +CONFIG_DEFAULT_DEVICE_TREE="stm32mp157c-dk2" +CONFIG_DISTRO_DEFAULTS=y +CONFIG_FIT=y +CONFIG_USE_BOOTARGS=y +CONFIG_BOOTARGS="console=ttySTM0,115200 rootwait root=PARTLABEL=rootfs" +CONFIG_BOOTCOMMAND="run distro_bootcmd" +CONFIG_SYS_PROMPT="STM32MP> " +CONFIG_CMD_ADTIMG=y +CONFIG_CMD_ERASEENV=y +CONFIG_CMD_NVEDIT_EFI=y +CONFIG_CMD_MEMINFO=y +CONFIG_CMD_MEMTEST=y +CONFIG_CMD_ADC=y +CONFIG_CMD_CLK=y +CONFIG_CMD_DFU=y +CONFIG_CMD_FUSE=y +CONFIG_CMD_GPIO=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MMC=y +CONFIG_CMD_REMOTEPROC=y +CONFIG_CMD_SPI=y +CONFIG_CMD_USB=y +CONFIG_CMD_USB_MASS_STORAGE=y +CONFIG_CMD_BMP=y +CONFIG_CMD_CACHE=y +CONFIG_CMD_EFIDEBUG=y +CONFIG_CMD_TIME=y +CONFIG_CMD_TIMER=y +CONFIG_CMD_PMIC=y +CONFIG_CMD_REGULATOR=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_MTDPARTS=y +CONFIG_CMD_UBI=y +CONFIG_ENV_IS_NOWHERE=y +CONFIG_ENV_IS_IN_MMC=y +CONFIG_ENV_IS_IN_SPI_FLASH=y +CONFIG_ENV_IS_IN_UBI=y +CONFIG_SYS_REDUNDAND_ENVIRONMENT=y +CONFIG_ENV_UBI_PART="UBI" +CONFIG_ENV_UBI_VOLUME="uboot_config" +CONFIG_ENV_UBI_VOLUME_REDUND="uboot_config_r" +CONFIG_SYS_RELOC_GD_ENV_ADDR=y +CONFIG_STM32_ADC=y +CONFIG_SET_DFU_ALT_INFO=y +CONFIG_USB_FUNCTION_FASTBOOT=y +CONFIG_FASTBOOT_BUF_ADDR=0xC0000000 +CONFIG_FASTBOOT_BUF_SIZE=0x02000000 +CONFIG_FASTBOOT_USB_DEV=1 +CONFIG_FASTBOOT_FLASH=y +CONFIG_FASTBOOT_FLASH_MMC_DEV=1 +CONFIG_GPIO_HOG=y +CONFIG_DM_HWSPINLOCK=y +CONFIG_HWSPINLOCK_STM32=y +CONFIG_DM_I2C=y +CONFIG_SYS_I2C_STM32F7=y +CONFIG_LED=y +CONFIG_LED_GPIO=y +CONFIG_DM_MAILBOX=y +CONFIG_STM32_IPCC=y +CONFIG_STM32_FMC2_EBI=y +CONFIG_DM_MMC=y +CONFIG_SUPPORT_EMMC_BOOT=y +CONFIG_STM32_SDMMC2=y +CONFIG_MTD=y +CONFIG_DM_MTD=y +CONFIG_SYS_MTDPARTS_RUNTIME=y +CONFIG_MTD_RAW_NAND=y +CONFIG_NAND_STM32_FMC2=y +CONFIG_MTD_SPI_NAND=y +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH_MACRONIX=y +CONFIG_SPI_FLASH_SPANSION=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_SPI_FLASH_WINBOND=y +# CONFIG_SPI_FLASH_USE_4K_SECTORS is not set +CONFIG_SPI_FLASH_MTD=y +CONFIG_PHY_REALTEK=y +CONFIG_DM_ETH=y +CONFIG_DWC_ETH_QOS=y +CONFIG_PHY=y +CONFIG_PHY_STM32_USBPHYC=y +CONFIG_PINCONF=y +CONFIG_PINCTRL_STMFX=y +CONFIG_DM_PMIC=y +CONFIG_PMIC_STPMIC1=y +CONFIG_DM_REGULATOR=y +CONFIG_DM_REGULATOR_FIXED=y +CONFIG_DM_REGULATOR_GPIO=y +CONFIG_DM_REGULATOR_STM32_VREFBUF=y +CONFIG_DM_REGULATOR_STPMIC1=y +CONFIG_REMOTEPROC_STM32_COPRO=y +CONFIG_DM_RNG=y +CONFIG_RNG_STM32MP1=y +CONFIG_DM_RTC=y +CONFIG_RTC_STM32=y +CONFIG_SERIAL_RX_BUFFER=y +CONFIG_SPI=y +CONFIG_DM_SPI=y +CONFIG_STM32_QSPI=y +CONFIG_STM32_SPI=y +CONFIG_TEE=y +CONFIG_OPTEE=y +# CONFIG_OPTEE_TA_AVB is not set +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_DM_USB_GADGET=y +CONFIG_USB_EHCI_HCD=y +CONFIG_USB_EHCI_GENERIC=y +CONFIG_USB_GADGET=y +CONFIG_USB_GADGET_MANUFACTURER="STMicroelectronics" +CONFIG_USB_GADGET_VENDOR_NUM=0x0483 +CONFIG_USB_GADGET_PRODUCT_NUM=0x5720 +CONFIG_USB_GADGET_DWC2_OTG=y +CONFIG_DM_VIDEO=y +CONFIG_BACKLIGHT_GPIO=y +CONFIG_VIDEO_LCD_ORISETECH_OTM8009A=y +CONFIG_VIDEO_LCD_RAYDIUM_RM68200=y +CONFIG_VIDEO_STM32=y +CONFIG_VIDEO_STM32_DSI=y +CONFIG_VIDEO_STM32_MAX_XRES=1280 +CONFIG_VIDEO_STM32_MAX_YRES=800 +CONFIG_VIDEO_BMP_RLE8=y +CONFIG_BMP_16BPP=y +CONFIG_BMP_24BPP=y +CONFIG_BMP_32BPP=y +CONFIG_WDT=y +CONFIG_WDT_STM32MP=y +CONFIG_ERRNO_STR=y +# CONFIG_HEXDUMP is not set +CONFIG_FDT_FIXUP_PARTITIONS=y +CONFIG_EFI_VARIABLES_PRESEED=y +CONFIG_EFI_SET_TIME=y +CONFIG_EFI_LOAD_FILE2_INITRD=y +CONFIG_EFI_INITRD_FILESPEC="mmc 0:7 ledge-initramfs.rootfs.cpio.gz" +CONFIG_EFI_SECURE_BOOT=y diff --git a/recipes-bsp/u-boot/u-boot-ledge/ubootefi.var b/recipes-bsp/u-boot/u-boot-ledge/ubootefi.var Binary files differnew file mode 100644 index 0000000..8cd5e18 --- /dev/null +++ b/recipes-bsp/u-boot/u-boot-ledge/ubootefi.var diff --git a/recipes-security/optee/optee-os/0001-HACK-enable-pl011-and-secure-flash.patch b/recipes-security/optee/optee-os/0001-HACK-enable-pl011-and-secure-flash.patch new file mode 100644 index 0000000..93fd55d --- /dev/null +++ b/recipes-security/optee/optee-os/0001-HACK-enable-pl011-and-secure-flash.patch @@ -0,0 +1,126 @@ +From f736ea3b9de7a82d0c6cbba2cc32bda0777c3d1b Mon Sep 17 00:00:00 2001 +From: Sughosh Ganu <sughosh.ganu@linaro.org> +Date: Wed, 20 Jan 2021 16:59:37 +0530 +Subject: [PATCH 1/2] HACK: enable pl011 and secure flash + +- the pl011 qemu device is mapped in the StMM S1 + - pa set to 0x9040000 + +- the secure flash device is mapped in the StMM S1 + - pa 0x500000 with size 0x200000 + +- Increase the heap size alloted to StandaloneMm to 698 pages. Memory + allocation with the current value fails + +Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> +--- + core/arch/arm/kernel/stmm_sp.c | 79 +++++++++++++++++++++++++++++++++- + 1 file changed, 78 insertions(+), 1 deletion(-) + +diff --git a/core/arch/arm/kernel/stmm_sp.c b/core/arch/arm/kernel/stmm_sp.c +index 895d7df2..5addf06a 100644 +--- a/core/arch/arm/kernel/stmm_sp.c ++++ b/core/arch/arm/kernel/stmm_sp.c +@@ -67,7 +67,7 @@ static const uint16_t mem_mgr_id = 3U; + static const uint16_t ffa_storage_id = 4U; + + static const unsigned int stmm_stack_size = 4 * SMALL_PAGE_SIZE; +-static const unsigned int stmm_heap_size = 398 * SMALL_PAGE_SIZE; ++static const unsigned int stmm_heap_size = 698 * SMALL_PAGE_SIZE; + static const unsigned int stmm_sec_buf_size = SMALL_PAGE_SIZE; + static const unsigned int stmm_ns_comm_buf_size = SMALL_PAGE_SIZE; + +@@ -214,6 +214,81 @@ static void uncompress_image(void *dst, size_t dst_size, void *src, + panic("inflateEnd"); + } + ++static TEE_Result alloc_and_map_io(struct stmm_ctx *spc, paddr_t pa, ++ size_t sz, uint32_t prot, vaddr_t *va, ++ size_t pad_begin, size_t pad_end) ++{ ++ struct mobj *mobj; ++ TEE_Result res = TEE_SUCCESS; ++ ++ sz = ROUNDUP(sz, SMALL_PAGE_SIZE); ++ mobj = mobj_phys_alloc(pa, sz, TEE_MATTR_CACHE_NONCACHE, ++ CORE_MEM_TA_RAM); ++ if (!mobj) ++ return TEE_ERROR_OUT_OF_MEMORY; ++ ++ res = vm_map_pad(&spc->uctx, va, sz, prot, 0, mobj, 0, pad_begin, ++ pad_end, 0); ++ if (res) ++ mobj_put(mobj); ++ ++ return res; ++} ++ ++static TEE_Result alloc_SDP_io(struct stmm_ctx *spc, paddr_t pa, ++ size_t sz, uint32_t prot, vaddr_t *va, ++ size_t pad_begin, size_t pad_end, ++ size_t align) ++{ ++ struct mobj *mobj; ++ TEE_Result res = TEE_SUCCESS; ++ *va = 0x0; ++ ++ sz = ROUNDUP(sz, SMALL_PAGE_SIZE); ++ mobj = mobj_phys_alloc(pa, sz, 0, CORE_MEM_SDP_MEM); ++ ++ if (!mobj) ++ return TEE_ERROR_OUT_OF_MEMORY; ++ ++ res = vm_map_pad(&spc->uctx, va, 0x200000, ++ TEE_MATTR_URW | TEE_MATTR_PRW, 0, mobj, ++ 0, pad_begin, pad_end, align); ++ ++ if (res != TEE_SUCCESS) { ++ EMSG("failed to set S1 mapping PA %#lX <-> VA %#lX \n",pa, *va); ++ return TEE_ERROR_OUT_OF_MEMORY; ++ } ++ ++ return TEE_SUCCESS; ++} ++ ++static TEE_Result hack_map_qemu_pl011(struct stmm_ctx *spc) ++{ ++ TEE_Result res; ++ vaddr_t uart_va = 0; ++ res = alloc_and_map_io(spc, 0x09040000, 0x00001000, ++ TEE_MATTR_URW | TEE_MATTR_PRW, ++ &uart_va, 0, 0); ++ if (res) { ++ EMSG("failed to alloc_and_map uart"); ++ return res; ++ } ++ EMSG("------------------------------uart va=%#"PRIxVA, uart_va); ++ ++ // start variable space at 0x500000 ++ res = alloc_SDP_io(spc, 0x500000, 0x200000, ++ TEE_MATTR_URW | TEE_MATTR_PRW, ++ &uart_va, 0, 0, 0x40000); ++ if (res) { ++ EMSG("failed to alloc_and_map secure flash"); ++ return res; ++ } ++ ++ EMSG("------------------------------secure flash va=%#"PRIxVA, uart_va); ++ ++ return res; ++} ++ + static TEE_Result load_stmm(struct stmm_ctx *spc) + { + struct stmm_boot_info *boot_info = NULL; +@@ -278,6 +353,8 @@ static TEE_Result load_stmm(struct stmm_ctx *spc) + + DMSG("stmm load address %#"PRIxVA, image_addr); + ++ hack_map_qemu_pl011(spc); ++ + boot_info = (struct stmm_boot_info *)sec_buf_addr; + mp_info = (struct stmm_mp_info *)(boot_info + 1); + *boot_info = (struct stmm_boot_info){ +-- +2.17.1 + diff --git a/recipes-security/optee/optee-os/0001-allow-setting-sysroot-for-libgcc-lookup.patch b/recipes-security/optee/optee-os/0001-allow-setting-sysroot-for-libgcc-lookup.patch new file mode 100644 index 0000000..28ef89f --- /dev/null +++ b/recipes-security/optee/optee-os/0001-allow-setting-sysroot-for-libgcc-lookup.patch @@ -0,0 +1,31 @@ +From 5cab209fc753311d5953c649d00c844191dd84bf Mon Sep 17 00:00:00 2001 +From: Christophe Priouzeau <christophe.priouzeau@st.com> +Date: Mon, 31 Aug 2020 16:48:44 +0200 +Subject: [PATCH] allow-setting-sysroot-for-libgcc-lookup + +--- + mk/gcc.mk | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/mk/gcc.mk b/mk/gcc.mk +index adc77a24..81bfa78a 100644 +--- a/mk/gcc.mk ++++ b/mk/gcc.mk +@@ -13,11 +13,11 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \ + -print-file-name=include 2> /dev/null) + + # Get location of libgcc from gcc +-libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \ ++libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \ + -print-libgcc-file-name 2> /dev/null) +-libstdc++$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ ++libstdc++$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ + -print-file-name=libstdc++.a 2> /dev/null) +-libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ ++libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ + -print-file-name=libgcc_eh.a 2> /dev/null) + + # Define these to something to discover accidental use +-- +2.17.1 + diff --git a/recipes-security/optee/optee-os/0002-core-Allow-mobj_phys-to-allocate-IO-regions.patch b/recipes-security/optee/optee-os/0002-core-Allow-mobj_phys-to-allocate-IO-regions.patch new file mode 100644 index 0000000..365caad --- /dev/null +++ b/recipes-security/optee/optee-os/0002-core-Allow-mobj_phys-to-allocate-IO-regions.patch @@ -0,0 +1,52 @@ +From 5f1dc306a77f8ed94ec4775c3d78fec743c9f185 Mon Sep 17 00:00:00 2001 +From: Pipat Methavanitpong <pipat.methavanitpong@linaro.org> +Date: Mon, 3 Feb 2020 15:25:09 +0900 +Subject: [PATCH 2/2] core: Allow mobj_phys to allocate IO regions + +This commit makes mobj_phys to allocate IO regions. +It distinguishes between memory and IO allocation requests by +using `battr` and `cattr` parameters. If `battr` is `CORE_MEM_TA_RAM` +and `cattr` is `TEE_NATTR_CACHE_NONCACHE`, then it is an IO allocation +request. + +Signed-off-by: Pipat Methavanitpong <pipat1010@gmail.com> +Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> +--- + core/arch/arm/mm/mobj.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/core/arch/arm/mm/mobj.c b/core/arch/arm/mm/mobj.c +index 7a129cf5..1ab96f3d 100644 +--- a/core/arch/arm/mm/mobj.c ++++ b/core/arch/arm/mm/mobj.c +@@ -147,7 +147,10 @@ struct mobj *mobj_phys_alloc(paddr_t pa, size_t size, uint32_t cattr, + area_type = MEM_AREA_TEE_RAM_RW_DATA; + break; + case CORE_MEM_TA_RAM: +- area_type = MEM_AREA_TA_RAM; ++ if (cattr == TEE_MATTR_CACHE_NONCACHE) ++ area_type = MEM_AREA_IO_NSEC; ++ else ++ area_type = MEM_AREA_TA_RAM; + break; + case CORE_MEM_NSEC_SHM: + area_type = MEM_AREA_NSEC_SHM; +@@ -161,9 +164,13 @@ struct mobj *mobj_phys_alloc(paddr_t pa, size_t size, uint32_t cattr, + } + + /* Only SDP memory may not have a virtual address */ +- va = phys_to_virt(pa, area_type); +- if (!va && battr != CORE_MEM_SDP_MEM) ++ if (area_type == MEM_AREA_IO_SEC || area_type == MEM_AREA_IO_NSEC) ++ va = phys_to_virt_io(pa); ++ else ++ va = phys_to_virt(pa, area_type); ++ if (!va && battr != CORE_MEM_SDP_MEM) { + return NULL; ++ } + + moph = calloc(1, sizeof(*moph)); + if (!moph) +-- +2.17.1 + diff --git a/recipes-security/optee/optee-os/3ffb8563-ee28-4047-a7cd-d0e038aa6230.fd b/recipes-security/optee/optee-os/3ffb8563-ee28-4047-a7cd-d0e038aa6230.fd Binary files differnew file mode 100644 index 0000000..f4e99ab --- /dev/null +++ b/recipes-security/optee/optee-os/3ffb8563-ee28-4047-a7cd-d0e038aa6230.fd diff --git a/recipes-security/optee/optee-os/arm32_bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf b/recipes-security/optee/optee-os/arm32_bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf Binary files differnew file mode 100755 index 0000000..f5353e3 --- /dev/null +++ b/recipes-security/optee/optee-os/arm32_bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf diff --git a/recipes-security/optee/optee-os/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf b/recipes-security/optee/optee-os/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf Binary files differnew file mode 100755 index 0000000..eac93b2 --- /dev/null +++ b/recipes-security/optee/optee-os/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf diff --git a/recipes-security/optee/optee-os_git.bbappend b/recipes-security/optee/optee-os_git.bbappend new file mode 100644 index 0000000..83981c8 --- /dev/null +++ b/recipes-security/optee/optee-os_git.bbappend @@ -0,0 +1,81 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +# 3.9 +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" +PV="3.12" +SRCREV = "3d47a131bca1d9ed511bfd516aa5e70269e12c1d" + +DEPENDS += "dtc-native" +DEPENDS += "python3-pyelftools-native dtc-native python3-pycryptodomex-native python3-pycrypto-native" + +SRC_URI_append_ledge-qemuarm = " file://arm32_bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf " + +SRC_URI_append_ledge-qemuarm64 = " file://bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf " +SRC_URI_append_ledge-qemuarm64 = " file://3ffb8563-ee28-4047-a7cd-d0e038aa6230.fd " +SRC_URI_append_ledge-qemuarm64 = " file://0001-HACK-enable-pl011-and-secure-flash.patch \ + file://0002-core-Allow-mobj_phys-to-allocate-IO-regions.patch \ + " + +inherit python3native + +# ledge-ti-am572x +OPTEEMACHINE_ledge-ti-am572x = "ti-am57xx" +OPTEEOUTPUTMACHINE_ledge-ti-am572x = "ti" + +EXTRA_OEMAKE_remove_ledge-ti-am572x = "CFG_ARM64_core=y" +EXTRA_OEMAKE_remove_ledge-ti-am572x = "ta-targets=ta_arm64" +EXTRA_OEMAKE_append_ledge-ti-am572x = " CFG_ARM32_core=y ta-targets=ta_arm32 " +EXTRA_OEMAKE_append_ledge-ti-am572x = " CROSS_COMPILE_ta_arm32=${HOST_PREFIX} CROSS_COMPILE=${CROSS_COMPILE} " + +EXTRA_OEMAKE_remove_armv7a = "CFG_ARM64_core=y" +EXTRA_OEMAKE_remove_armv7a = "ta-targets=ta_arm64" +EXTRA_OEMAKE_append_armv7a = " CFG_ARM32_core=y ta-targets=ta_arm32 " +EXTRA_OEMAKE_append_armv7a = " CROSS_COMPILE_ta_arm32=${HOST_PREFIX} CROSS_COMPILE=${CROSS_COMPILE} " + +# ledge-stm32mp157c-dk2 +OPTEEMACHINE_ledge-stm32mp157c-dk2 = "stm32mp1" +OPTEEOUTPUTMACHINE_ledge-stm32mp157c-dk2 = "stm32mp1" +EXTRA_OEMAKE_append_ledge-stm32mp157c-dk2 = " CFG_EMBED_DTB_SOURCE_FILE=stm32mp157c-dk2.dts " + +# add traces at startup +EXTRA_OEMAKE_append = " CFG_TEE_CORE_DEBUG=n CFG_TEE_CORE_LOG_LEVEL=2 " + +OPTEE_ARCH_armv7a = "arm32" +OPTEE_ARCH_armv7ve = "arm32" + +FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896" +STMM_UUID="3ffb8563-ee28-4047-a7cd-d0e038aa6230" +EXTRA_OEMAKE_append_ledge-qemuarm='CFG_EARLY_TA=y EARLY_TA_PATHS="./${FTPM_UUID}.stripped.elf"' + +EXTRA_OEMAKE_append_ledge-qemuarm64='CFG_EARLY_TA=y EARLY_TA_PATHS="../${FTPM_UUID}.stripped.elf"' +EXTRA_OEMAKE_append_ledge-qemuarm64=' CFG_STMM_PATH="../${STMM_UUID}.fd"' +EXTRA_OEMAKE_append_ledge-qemuarm64=' CFG_CORE_HEAP_SIZE=524288 CFG_TEE_CORE_LOG_LEVEL=3 DEBUG=1' + +do_configure_append_ledge-qemuarm() { + cp ../arm32_${FTPM_UUID}.stripped.elf ${FTPM_UUID}.stripped.elf +} + +do_configure_append_ledge-qemuarm64() { + cp ../${FTPM_UUID}.stripped.elf ${FTPM_UUID}.stripped.elf +} + +do_install_append_ledge-stm32mp157c-dk2() { + # install optee bianries with stm32 images + install -m 644 ${B}/out/arm-plat-${OPTEEOUTPUTMACHINE}/core/*.stm32 ${D}${nonarch_base_libdir}/firmware/ +} + +do_deploy_append_ledge-qemuarm() { + cd ${DEPLOYDIR} + ln -sf optee/tee-header_v2.bin bl32.bin + ln -sf optee/tee-pager_v2.bin bl32_extra1.bin + ln -sf optee/tee-pageable_v2.bin bl32_extra2.bin + cd - +} + +do_deploy_append_ledge-qemuarm64() { + cd ${DEPLOYDIR} + ln -sf optee/tee-header_v2.bin bl32.bin + ln -sf optee/tee-pager_v2.bin bl32_extra1.bin + ln -sf optee/tee-pageable_v2.bin bl32_extra2.bin + cd - +} |