Install generated trusted shared libraries in the target file
system next to the trusted applications.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This change fixes the TA binary files install sequence that were
previously install in target filesystem though
OPTEE_OS_INSTALL_IMAGES_CMDS instead of expected
OPTEE_OS_INSTALL_TARGET_CMDS.
This change removes useless mkdir prior call to $(INSTALL) that
already handles parent directory creation when needed.
This change conditions the .ta files installation upon their
availability as they may exist or not depending on the exact OPTEE
version/configuration selected.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Rockchip rk3399 SOC based boards require python pyelftools library for
parsing dtb files, so lets add it as uboot dependency.
This commit introduces a new config option
BR2_TARGET_UBOOT_NEEDS_PYELFTOOLS to achieve this.
Signed-off-by: Shyam Saini <shyam.saini@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
All downloads performed by buildroot should be integrity-checked if
possible. Enable integrity-checking for the RISC-V OpenSBI sources by
adding a corresponding hash file.
Signed-off-by: Karsten Merker <merker@debian.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following check-package warning:
boot/barebox/barebox.hash:5: missing newline at end of file
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes#11756
This fixes the following build error with newer binutils:
objcopy -O binary mbr.elf mbr.bin
perl /build/syslinux/src/syslinux/mbr/checksize.pl mbr.bin
mbr.bin: too big (452 > 440)
Corresponding bug reports:
- https://bugs.archlinux.org/task/60405
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906414
Strip the .note.gnu.property in the linker scripts for the MBRs.
Signed-off-by: Christian Stewart <christian@paral.in>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenSBI is a much improved alternative to BBL (riscv-pk). Add OpenSBI
support to buildroot.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
[Thomas:
- disable target installation, as we install nothing
- enable staging installation
- enable images installation only when needed
- improve the comment about the staging installation]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When the trusted firmware is built with debug support (DEBUG defined),
the generated images are located in a different path compared to a
build without debug support. The non debug images are located in
generated directory build/<platform>/release/ while the debug images
are located in generated directory build/<platform>/debug/.
This change introduces the boolean option
BR2_TARGET_ARM_TRUSTED_FIRMWARE_DEBUG to define whether the release or
debug configuration is used to build trusted firmware.
Note that enabling trusted firmware debug support using
BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES="... DEBUG=1 ..."
would not work since Buildroot will try to copy the generated files
from the wrong path.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This change allows one to build trusted firmware (TF-A) with OP-TEE as
BL32 secure payload.
When BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_DEFAULT is enabled TF-A
builds a BL32 stage according the TF-A configuration directive. If
these specify no BL32 stage then TF-A will build without BL32
support. This is the default configuration and reflects TF-A legacy
integration in BR.
When BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE is enabled TF-A builds
with support for the OP-TEE OS as BL32.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas: rename config options, simplify option prompts, and rework
option description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This change allows one to build the TF-A (Trusted Firmware A) for
32bit architectures Armv7 and Armv8 platforms. TF-A supports these
configuration since release v1.5.
Change dependency on BR2_aarch64 into a dependency on either
BR2_ARM_CPU_ARMV8A/BR2_ARM_CPU_ARMV7A to better define
the target architectures supported by the package.
Set package configuration directive ARM_ARCH_MAJOR according to
BR2_ARM_CPU_ARMV8A/BR2_ARM_CPU_ARMV7A. Set package configuration
directive ARCH based on BR2_aarch64/BR2_arm.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This upgrades to version 48 plus the last commits done after that.
Note, that after that, gummiboot is officially dead, so there will
be no more upstream commits after this.
For various reasons, there are still users of gummiboot, so let's base our
work on the latest gummiboot "version".
Signed-off-by: Esben Haabendal <esben@haabendal.dk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a new variable OPTEE_OS_SDK, define by the optee-os
package, which points to the OPTEE SDK installed in STAGING_DIR. This
will allow other pakage to find this SDK more easily.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas: improve commit log, rename variable to just OPTEE_OS_SDK]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 1a437fd22f bumped gnu-efi to version 3.0.9. This breaks the build
of syslinux with EFI support due to multiple definitions of 'memset' and
'memcpy'. Backport a patch already applied upstream to fix the problem.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OP-TEE OS is maintained by the OP-TEE project. It provides an
open source solution for development and integration of secure
services for Armv7-A and Armv8-A CPU based platforms supporting
the TrustZone technology. This technology enables CPUs to
concurrently host a secure world as the OP-TEE OS and a non-secure
world as a Linux based OS.
The OP-TEE project maintains other packages to leverage OP-TEE on
Linux kernel based OSes. An OP-TEE interface driver is available
in the Linux kernel since 4.12 upon CONFIG_OPTEE.
This change references in Buildroot the today's latest OP-TEE
revision release tagged 3.4.0.
https://www.op-tee.org/https://github.com/OP-TEE/optee_os
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas:
- pass CFG_ARM32_core=y when building for ARMv7, otherwise the build
fails
- add a check that verifies that BR2_TARGET_OPTEE_OS_PLATFORM is not
empty
- minor formatting fixes/adjustements.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following check-package warning:
boot/uboot/Config.in:185: attributes order: type, default, depends on, select, help (http://nightly.buildroot.org/#_config_files)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Rockchip's rk3328 encapsulates the BL31 part of ATP but it needs
image in ELF format. This is extension to
2c4809e608
This commit introduces a BR2_TARGET_UBOOT_NEEDS_ATF_BL31_ELF variable
to achieve this.
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Allow user to choose specific, stable version from official ATF
repository
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
At kconfig time, dependencies are not built, and therefore host-ccache
is not ready. Due to this, using $(HOSTCC) as the host compiler in
KCONFIG_OPTS does not work: a "make uboot-menuconfig" invocation from
a clean tree with ccache enabled fails.
This commit fixes this by using $(HOSTCC_NOCCACHE). We cannot rely on
the default value of HOSTCC passed by the kconfig-package
infrastructure, because $(UBOOT_MAKE_OPTS) also contains a HOSTCC
definition that would override the one passed by the kconfig-package
infrastructure.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a package for 'shim', an EFI bootloader for secure
boot chain loading.
While gnu-efi supports 32bit ARM, this is currently broken in shim.
Patches to fix this have been submitted upstream but are not included
here for now.
https://github.com/rhboot/shim/pull/162
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Thomas: use BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS, add separate depends
on to exclude ARM32 build.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This will be used in packages that depend on gnu-efi, and we take this
opportunity to propagate this dependency where it was missing in
gummiboot and syslinux. In practice, it was not a problem because
gummiboot and syslinux are only available on i386 and x86-64, which is
a subset of the architectures supported by gnu-efi.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Following d0f4f95e39 ("Makefile: rework
main directory creation logic"), BINARIES_DIR is not implicitly
created by the main Makefile at the beginning of the build, leaving
that up to whatever piece of code needs to install something in
$(BINARIES_DIR).
The afboot-stm32 package didn't pay attention to this, which this
commit fixes.
While at it, we move the afboot-stm32 installation into
<pkg>_INSTALL_IMAGES_CMDS, because using <pkg>_INSTALL_TARGET_CMDS to
install only files to BINARIES_DIR is a bit strange.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/131217111
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add notes to test grub2 running on ARM using qemu. The arm section
describes how to run it using u-boot and aarch64 shows how to do it
using efi, which is similar to what has to be done for x86_64.
The source for OVMF builds is also changed to
https://www.kraxel.org/repos/jenkins/edk2/ which is the source for
nightly builds (as rpms but which can be extracted in any distribution),
as the sourceforge link provided only very old builds.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
[Thomas:
- formatting fixes
- simplify the AArch64/EFI example by using the aarch64_efi_defconfig]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit enables the arm-uboot, arm-efi and aarch64-efi grub2
platforms in Buildroot.
With the uboot platform, the grub2 image gets built as a u-boot image
and is loaded from u-boot through a regular "bootm". The only
requirement from the u-boot side in order to allow this is that u-boot
is built with CONFIG_API enabled. CONFIG_API seems to not be enabled
by default in most in-tree configurations, however, it seems to be
available for quite some time now. So it might be possible to use this
even on older u-boot versions. This is available only for arm
(32-bit).
With the efi platform, grub2 gets built as an EFI executable. This
allows EFI firmware to find and load it similarly as it can be done
for x86_64. Also, since u-boot v2016.05, u-boot is able to load and
boot an EFI executable, so the uboot efi platform can also be used
from u-boot in recent versions. This has been enabled (mostly) by
default for ARM u-boot. efi platform is available for both arm and
aarch64.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
[Thomas: move the BR2_USE_MMU dependency in
BR2_TARGET_GRUB2_ARCH_SUPPORTS]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an option to install grub2 support tools to the target.
In the context of Buildroot, some useful target tools provided are
grub2-editenv, grub2-reboot, which provide means to manage the grub2,
environment, boot order, and others.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
grub2 requires the host grub2-mkimage tool to build some of its target
images. The current way of building this tool in the grub2 package is
to perform a simultaneous host-tools/target-bootloader build during
the grub2 build step.
This method makes the recipe complex to understand, and proved to be a
complication during the work to enable grub2 support for architectures
other than x86.
This patch tries to do a better separation between the build of grub2
host tools and target boot loader image, as a partial step to enable
grub2 to build for other architectures.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When building with glibc 2.28+, the "major", "minor" and "makedev"
functions are defined in "sys/sysmacros.h". This commit backports
upstream commit 1a74985b2a404639b08882c57f3147229605dfd5 to fix the
build with glibc 2.28.
Link: https://www.syslinux.org/wiki/index.php?title=Building
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We already use $(MKIMAGE_ARCH) in lots of places; use it here too.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We already use $(MKIMAGE) instead of $(HOST_DIR)/bin/mkimage in xvisor, linux,
and cpio; use it here too.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We already use $(MKIMAGE) instead of $(HOST_DIR)/bin/mkimage in xvisor, linux,
and cpio; use it here too.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
U-boot has provided SPL support as a viable replacement for the
2nd stage bootloader on TI platforms. The X-loader project
hasn't had a commit in the log since 12-05-2011.
(https://gitorious.org/x-loader/x-loader)
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As reported by Jeff Wittrock in bug #11396, the U-Boot environment
image checksum is invalid for big endian targets, because the test on
the BR2_ENDIAN Config.in option doesn't take into account that it is
double quoted.
The fix was provided by Jeff himself on bugzilla.
Fixes bug #11396.
Reported-by: Jeff Wittrock <jwittrock@faultrecorder.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Passing CFLAGS/CPPFLAGS in the environment confuses the ATF version
provided by Marvell, and we in fact only need to pass CROSS_COMPILE,
which is already in ARM_TRUSTED_FIRMWARE_MAKE_OPTS.
We however keep TARGET_MAKE_ENV so that the PATH with $(HOST_DIR) is
kept.
This change has been tested with all current defconfigs that build
ATF:
- arm_juno
- bananapi_m64
- freescale_imx8mqevk
- friendlyarm_nanopi_a64
- friendlyarm_nanopi_neo2
- nitrogen8m
- olimex_a64_olinuxino
- orangepi_pc2
- orangepi_prime
- orangepi_win
- orangepi_zero_plus2
- pine64
- pine64_sopine
- solidrun_macchiatobin_mainline
- solidrun_macchiatobin_marvell
- zynqmp_zcu106
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Note that the license file has been entirely rewritten (hence the
change in the hash), but it is still GPL-2.0 with FreeRTOS exception.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is necessary to be able to bump the ARM Trusted Firmware version
used on Marvell platforms.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add the RISC-V Proxy Kernel (pk) package which provides the Berkeley
Boot Loader for booting RISC-V kernel images.
Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
[Thomas:
- fix prompt of option to be just "riscv-pk"
- add blank line between help text and upstream URL in Config.in file
- use $(INSTALL) instead of cp to install the generated image]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>