Commit Graph

32 Commits

Author SHA1 Message Date
D. Olsson
d8705587dc boot/arm-trusted-firmware: Bump to version 2.4
Required in order to build properly with the latest stable release of
EDK2 UEFI firmware.

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-12-30 10:29:05 +01:00
Christoph Müllner
7b3fcbcdaa boot/arm-trusted-firmware: Forward stack protection configuration
TF-A supports stack smashing protection (-fstack-protector-*).
However, that feature is currently silently disabled because
ENABLE_STACK_PROTECTOR is not set during build time.

As documented in the TF-A user guide, the flag ENABLE_STACK_PROTECTOR
is required to enable stack protection support. When enabled the symbols
for the stack protector (e.g. __stack_chk_guard) are built.
This needs to be done because TF-A does not link against an external
library that provides that symbols (e.g. libc).

So in case we see that BR2_SSP_* is enabled, let's enable the corresponding
ENABLE_STACK_PROTECTOR build flag for TF-A as documented in the TF-A user guide.

This patch also fixes a the following linker errors with older TF-A versions
if BR2_SSP_* is enabled (i.e. -fstack-protector-* is used as compiler flag)
and ENABLE_STACK_PROTECTOR is not set, which are caused by the missing
stack protector symbols:

  [...]
  params_setup.c:(.text.params_early_setup+0xc): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x14): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x104): undefined reference to `__stack_chk_guard'
  aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x118): undefined reference to `__stack_chk_fail'
  aarch64-none-linux-gnu-ld: ./build/px30/release/bl31/pmu.o: in function `rockchip_soc_sys_pwr_dm_suspend':
  pmu.c:(.text.rockchip_soc_sys_pwr_dm_suspend+0xc): undefined reference to `__stack_chk_guard'
  [...]

TF-A releases after Nov 2019, that include 7af195e29a4, will circumvent
these issue by explicitliy and silently disabling the stack protector
by appending '-fno-stack-protector' to the compiler flags in case
ENABLE_STACK_PROTECTOR is not set.

Tested on a Rockchip PX30 based system (TF-A v2.2 and upstream/master).

Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2020-12-15 21:24:48 +01:00
Dick Olsson
a757d173f1 boot/arm-trusted-firmware: bump to version 2.2
Release notes:
https://trustedfirmware-a.readthedocs.io/en/latest/change-log.html#version-2-2

Take this opportunity to fix the hash file spacing.

Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-07-20 22:29:17 +02:00
Romain Naour
36c0a0c656 boot/arm-trusted-firmware: ignore licencing check for user defined official version
The commit [1] "licensing info is only valid for v1.4" fixed the legal-info
issues when a custom ATF tarball or a version from git is used.
But we need to ignore licencing for a used defined official ATF version.

Althougt the ATF version are licensed under BSD-3-Clause, the license
file can be updated between version (for example between v1.4 and v2.0).

Ignore the licencing check if the user provide a custom official version.

[1] d1a61703f7

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
[yann.morin.1998@free.fr: use positive logic with the _LATEST option]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-05-30 23:21:07 +02:00
Suniel Mahesh
fbed118ed2 boot/arm-trusted-firmware: add optional host-arm-gnu-a-toolchain dependency
Some ATF configurations, require a pre-built bare metal toolchain to
build some platforms which host cortex-m series core, for instance
rockchip rk3399 has a cortex-m0 core. Without a pre-built bare metal
toolchain, the build fails:

make[3]: arm-none-eabi-gcc: Command not found

To solve this, this commit implements a
BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN
option. Platforms which have such requirement should enable this
config option.

Signed-off-by: Suniel Mahesh <sunil@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-03-29 15:08:23 +02:00
Thomas Petazzoni
ddbb5dbd83 boot/arm-trusted-firmware: add optional host-dtc dependency
Some ATF configurations, such as the ones for the STM32MP1 processor
family, require DTC during the build as Device Tree files are
used. Without dtc, the build fails:

/bin/sh: 1: dtc: not found
dtc version too old (), you need at least version 1.4.4
plat/st/stm32mp1/platform.mk:239: recipe for target 'check_dtc_version' failed
make[1]: *** [check_dtc_version] Error 1

To solve this, this commit implements a
BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_DTC option, in a way that mimics
the BR2_TARGET_UBOOT_NEEDS_DTC option we already have for the U-Boot
package.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-03-18 22:24:56 +01:00
Gervais, Francois
a621c9b6c8 boot/arm-trusted-firmware: add missing qstrip
Add missing qstrip wrapping to the new
BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_TARGETS option.

Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-11 23:37:31 +01:00
Gervais, Francois
05b8c7da6d boot/arm-trusted-firmware: allow additional make targets
Allow specifying additional build targets for ATF.

This might be more useful when using a custom git repository.

For example, when using with the ATF repository from NXP QorIQ,
there is a new build target 'pbl' which is used to build the
pbl binary image. Note that in the specific case of the 'pbl'
target, additional build variables also need to be specified
through BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES.

Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-01 23:15:41 +01:00
Jerry Huang
8ef18c3b81 boot/arm-trusted-firmware: add option BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_BL33_IMAGE
Currently, when BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33 is
enabled, the arm-trusted-firmware package assumes that the BL33 image
provided by U-Boot is u-boot.bin. However for some platforms, the name
may be different (for example u-boot-dtb.bin). To support such use
cases, this commit adds a string option
BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_BL33_IMAGE to configure the
U-Boot image name, which defaults to u-boot.bin to preserve backward
compatibility.

Signed-off-by: Jerry Huang <jerry.huang@nxp.com>
Reviewed-by: Sergey Matyukevich <geomatsi@mail.com>
[Thomas: rewrite commit log and Config.in help text]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-11-25 22:57:13 +01:00
Schenk Michael
e4d276c357 boot/arm-trusted-firmware: add pattern based image copy for ATF
This adds support for different platforms where the binaries have
different extensions.

Signed-off-by: Michael Schenk <michael.schenk@noser.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-11-15 21:29:54 +01:00
Yann E. MORIN
d1a61703f7 boot/arm-trusted-firmware: licensing info is only valid for v1.4
The licensing information, and especially the name of the license file,
is known only for the official v1.4 version. For example, in later
versions, the license file has been renamed.

Since we can't be sure of the licensing information for custom versions,
or for versions from git, define that only for the known v1.4 version.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-21 15:39:21 +02:00
Etienne Carriere
afd6ee3fb1 boot/arm-trusted-firmware: support debug mode
When the trusted firmware is built with debug support (DEBUG defined),
the generated images are located in a different path compared to a
build without debug support. The non debug images are located in
generated directory build/<platform>/release/ while the debug images
are located in generated directory build/<platform>/debug/.

This change introduces the boolean option
BR2_TARGET_ARM_TRUSTED_FIRMWARE_DEBUG to define whether the release or
debug configuration is used to build trusted firmware.

Note that enabling trusted firmware debug support using
BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES="... DEBUG=1 ..."
would not work since Buildroot will try to copy the generated files
from the wrong path.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-20 22:57:12 +01:00
Etienne Carriere
6959d628d4 boot/arm-trusted-firmware: add support for using OP-TEE as BL32
This change allows one to build trusted firmware (TF-A) with OP-TEE as
BL32 secure payload.

When BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_DEFAULT is enabled TF-A
builds a BL32 stage according the TF-A configuration directive.  If
these specify no BL32 stage then TF-A will build without BL32
support. This is the default configuration and reflects TF-A legacy
integration in BR.

When BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE is enabled TF-A builds
with support for the OP-TEE OS as BL32.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[Thomas: rename config options, simplify option prompts, and rework
option description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-20 22:49:14 +01:00
Etienne Carriere
9dbc934217 boot/arm-trusted-firmware: support 32bit Arm targets
This change allows one to build the TF-A (Trusted Firmware A) for
32bit architectures Armv7 and Armv8 platforms. TF-A supports these
configuration since release v1.5.

Change dependency on BR2_aarch64 into a dependency on either
BR2_ARM_CPU_ARMV8A/BR2_ARM_CPU_ARMV7A to better define
the target architectures supported by the package.

Set package configuration directive ARM_ARCH_MAJOR according to
BR2_ARM_CPU_ARMV8A/BR2_ARM_CPU_ARMV7A. Set package configuration
directive ARCH based on BR2_aarch64/BR2_arm.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-20 22:33:30 +01:00
Michał Łyszczek
cab8bd3b46 boot/uboot: add support for bundling ATF BL31 in ELF format into U-Boot
Rockchip's rk3328 encapsulates the BL31 part of ATP but it needs
image in ELF format. This is extension to
2c4809e608

This commit introduces a BR2_TARGET_UBOOT_NEEDS_ATF_BL31_ELF variable
to achieve this.

Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-02-06 16:51:23 +01:00
Michał Łyszczek
f6a6eca432 boot/arm-trusted-firmware: add option to choose custom version
Allow user to choose specific, stable version from official ATF
repository

Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-02-06 16:37:20 +01:00
Danomi Manchego
a216a344c4 arm-trusted-firmware: replace hard-coded arm64 with MKIMAGE_ARCH
We already use $(MKIMAGE_ARCH) in lots of places; use it here too.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-26 21:26:33 +02:00
Danomi Manchego
22ea9d5a87 arm-trusted-firmware: replace mkimage invocation with MKIMAGE
We already use $(MKIMAGE) instead of $(HOST_DIR)/bin/mkimage in xvisor, linux,
and cpio; use it here too.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-26 21:26:27 +02:00
Thomas Petazzoni
baa450e036 boot/arm-trusted-firmware: don't pass TARGET_CONFIGURE_OPTS when building
Passing CFLAGS/CPPFLAGS in the environment confuses the ATF version
provided by Marvell, and we in fact only need to pass CROSS_COMPILE,
which is already in ARM_TRUSTED_FIRMWARE_MAKE_OPTS.

We however keep TARGET_MAKE_ENV so that the PATH with $(HOST_DIR) is
kept.

This change has been tested with all current defconfigs that build
ATF:

 - arm_juno
 - bananapi_m64
 - freescale_imx8mqevk
 - friendlyarm_nanopi_a64
 - friendlyarm_nanopi_neo2
 - nitrogen8m
 - olimex_a64_olinuxino
 - orangepi_pc2
 - orangepi_prime
 - orangepi_win
 - orangepi_zero_plus2
 - pine64
 - pine64_sopine
 - solidrun_macchiatobin_mainline
 - solidrun_macchiatobin_marvell
 - zynqmp_zcu106

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-11 09:28:54 +02:00
Luca Ceresoli
61447331bd arm-trusted-firmware: generate atf-uboot.ub image of bl31.bin
U-Boot SPL for the Xilinx ZynqMP SoCs needs ATF in this format to load
it.

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-28 22:41:59 +02:00
Luca Ceresoli
895f04ebff arm-trusted-firmware: simplify release dir path
The path to the binary images is very long. Since we are about to make
a larger use of it, let's use a variable to make it somewhat shorter.

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-28 22:34:21 +02:00
Thomas Petazzoni
a957d9a90a boot/arm-trusted-firmware: build fiptool separately with dependency on host-openssl
ATF >= 1.3 builds a host program called fiptool which uses
OpenSSL, so we need to build host-openssl. We could have made it an
optional dependency like U-Boot does, but since most ATF versions are
going to be >= 1.3 in the near future, we simply make host-openssl a
mandatory dependency.

However, the ATF build system is not very good, and you can't easily
pass flags that will affect the build of host programs. Therefore, we
take the approach of building fiptool separately before triggering the
real build process.

It would obviously be better to fix ATF itself, but as usual with
those bootloader packages, we fetch different versions depending on
the platform/configuration, making it difficult to use patches.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/44868961

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-18 23:09:39 +01:00
Sergey Matyukevich
7212316926 atf: add support for Marvell Armada SoCs
Add Marvell Armada 7k/8k SoCs support to arm-trusted-firmware package.
Marvell ATF needs two additional dependencies:
DDR training code and SCP_BL2 image.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[Thomas: adjust to previous ATF changes.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 19:00:53 +01:00
Thomas Petazzoni
9684459113 arm-trusted-firmware: allow to generate the BL31 image
Some platforms (e.g Allwinner ARM64) don't build a FIP image out of
ATF, but only a BL31 image, which is then encapsulated in U-Boot. This
commit adds an ATF option to build such an image.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 12:27:36 +01:00
Thomas Petazzoni
3f64b08ff0 arm-trusted-firmware: add BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
ATF can be used in different ways:

 - ATF encapsulates U-Boot as the BL33, which is what is done on ARM
   Juno (currently supported in Buildroot) and Marvell platforms (soon
   to be supported)

 - U-Boot encapsulates ATF's BL31, which is what is done on Allwinner
   ARM64 platforms.

Until now we were assumming the former was always the case, but
obviously it isn't. Therefore, this patch adds an option that allows
to explicitly tell ATF that it encapsulates U-Boot as its BL33.

We adapt the only defconfig that uses ATF so that it enables this
option as appropriate.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 12:15:00 +01:00
Thomas Petazzoni
543dbf2d01 arm-trusted-firmware: add option to enable/disable building FIP image
Currently, our arm-trusted-firmware unconditionally builds a FIP
(Firmware Image Package). While this is often needed on platforms
where ATF encapsulates U-Boot, it is not the case on some other
platforms where it's U-Boot that encapsulates parts of ATF.

In order to prepare the support for the later platforms, we make
building the FIP image optional, and update the only defconfig we have
that uses ARM Trusted Firmware.

Note: we considered adding a "default y" here to preserve backward
compatibility, but there really isn't any default that is sane:
whether a FIP image needs to be built or not is purely platform
specific.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 12:14:42 +01:00
Peter Korsgaard
08aa81768e arm-trusted-firmware: bump to version 1.4
The license file got reformatted as reStructuredText, but the license itself
didn't change.

Drop unneeded md5sum and add license hash.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-12 22:03:47 +02:00
Peter Korsgaard
6d245fee1e arm-trusted-firmware: fix comment typo
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-12 22:03:28 +02:00
Luca Ceresoli
6b683515bc arm-trusted-firmware: cleanup make target handling
ARM_TRUSTED_FIRMWARE_MAKE_TARGET is expanded, but it's never assigned
so it is always empty. On the other hand the make targets are defined
in ARM_TRUSTED_FIRMWARE_MAKE_OPTS, which should contain options, not
targets.

Clean it all up by moving the targets in the proper place, replacing
the useless $(ARM_TRUSTED_FIRMWARE_MAKE_TARGET).

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-15 22:38:32 +02:00
Arnout Vandecappelle
c7010ae3ad arm-trusted-firmware: exclude from hash when downloading from git
Since we will enable hash checks for git downloads soon, the hash check
for the custom git download should be disabled.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-11 14:28:02 +02:00
Rahul Bedarkar
9f59b378a3 boot, package: use SPDX short identifier for BSD-3c
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for BSD-3c is BSD-3-Clause.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:26:57 +02:00
Joao Pinto
b5a6299042 arm-trusted-firmware: new package
Signed-off-by: Joao Pinto <jpinto@synopsys.com>
[Thomas:
 - Rename the package from atfirmware to arm-trusted-firmware, in order
   to match upstream.
 - Remove option to apply custom patches. We no longer add such options,
   and use the global patch directory instead.
 - Rename the repo URL/version options, in order to not be Git specific,
   in case support for fetching from other VCS is added later. This is
   consistent with how other bootloaders handle this.
 - Add license information.
 - Do not add a weird dependency on the vexpress-firmware package in
   Config.in. Instead, simply use it if it's available. Of course, some
   configurations (such as the juno configuration) will fail to build if
   vexpress-image is not enabled, but it's the responsibility of the
   user to create a config that builds.
 - Simplify misc aspects in the .mk file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-10-15 14:13:34 +02:00