5 files changed, 314 insertions, 0 deletions

diff --git a/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
new file mode 100644
index 00000000..fe9a4e09
--- /dev/null
+++ b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
@@ -0,0 +1,169 @@
+DESCRIPTION = "Trusted Firmware-A"
+LICENSE = "BSD & Apache-2.0"
+
+PROVIDES = "virtual/trusted-firmware-a"
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+inherit deploy
+
+COMPATIBLE_MACHINE ?= "invalid"
+
+# Platform must be set for each machine
+TFA_PLATFORM ?= "invalid"
+
+# Some platforms can have multiple board configurations
+# Leave empty for default behavior
+TFA_BOARD ?= ""
+
+# Some platforms use SPD (Secure Payload Dispatcher) services
+# Few options are "opteed", "tlkd", "trusty", "tspd"...
+# Leave empty to not use SPD
+TFA_SPD ?= ""
+
+# Build for debug (set TFA_DEBUG to 1 to activate)
+TFA_DEBUG ?= "0"
+
+B = "${WORKDIR}/build"
+
+# mbed TLS support (set TFA_MBEDTLS to 1 to activate)
+TFA_MBEDTLS ?= "0"
+# sub-directory in which mbedtls will be downloaded
+TFA_MBEDTLS_DIR ?= "mbedtls"
+# This should be set to MBEDTLS download URL if MBEDTLS is needed
+SRC_URI_MBEDTLS ??= ""
+# This should be set to MBEDTLS LIC FILES checksum
+LIC_FILES_CHKSUM_MBEDTLS ??= ""
+# add MBEDTLS to our sources if activated
+SRC_URI += "${@bb.utils.contains('TFA_MBEDTLS', '1', '${SRC_URI_MBEDTLS}', '', d)}"
+# add mbed TLS chksum
+LIC_FILES_CHKSUM += "${@bb.utils.contains('TFA_MBEDTLS', '1', '${LIC_FILES_CHKSUM_MBEDTLS}', '', d)}"
+# add mbed TLS to version
+SRCREV_FORMAT_append = "${@bb.utils.contains('TFA_MBEDTLS', '1', '_mbedtls', '', d)}"
+
+# U-boot support (set TFA_UBOOT to 1 to activate)
+# When U-Boot support is activated BL33 is activated with u-boot.bin file
+TFA_UBOOT ?= "0"
+
+# What to build
+# By default we only build bl1, do_deploy will copy
+# everything listed in this variable (by default bl1.bin)
+TFA_BUILD_TARGET ?= "bl1"
+
+# What to install
+# do_install and do_deploy will install everything listed in this
+# variable. It is set by default to TFA_BUILD_TARGET
+TFA_INSTALL_TARGET ?= "${TFA_BUILD_TARGET}"
+
+# Requires CROSS_COMPILE set by hand as there is no configure script
+export CROSS_COMPILE="${TARGET_PREFIX}"
+
+# Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application
+CFLAGS[unexport] = "1"
+LDFLAGS[unexport] = "1"
+AS[unexport] = "1"
+LD[unexport] = "1"
+
+# No configure
+do_configure[noexec] = "1"
+
+# We need dtc for dtbs compilation
+# We need openssl for fiptool
+DEPENDS_append = " dtc-native openssl-native"
+
+# Add platform parameter
+EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}"
+
+# Handle TFA_BOARD parameter
+EXTRA_OEMAKE += "${@'TARGET_BOARD=${TFA_BOARD}' if d.getVar('TFA_BOARD') else ''}"
+BUILD_DIR = "${TFA_PLATFORM}${@'/${TFA_BOARD}' if d.getVar('TFA_BOARD') else ''}"
+
+# Handle TFA_SPD parameter
+EXTRA_OEMAKE += "${@'SPD=${TFA_SPD}' if d.getVar('TFA_SPD') else ''}"
+
+# Handle TFA_DEBUG parameter
+EXTRA_OEMAKE += "${@bb.utils.contains('TFA_DEBUG', '1', 'DEBUG=${TFA_DEBUG}', '', d)}"
+
+# Handle MBEDTLS
+EXTRA_OEMAKE += "${@bb.utils.contains('TFA_MBEDTLS', '1', 'MBEDTLS_DIR=${TFA_MBEDTLS_DIR}', '', d)}"
+
+# Uboot support
+DEPENDS += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot', '', d)}"
+do_compile[depends] += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot:do_deploy', '', d)}"
+EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UBOOT', '1', 'BL33=${DEPLOY_DIR_IMAGE}/u-boot.bin', '',d)}"
+
+# The following hack is needed to fit properly in yocto build environment
+# TFA is forcing the host compiler and its flags in the Makefile using :=
+# assignment for GCC and CFLAGS.
+do_compile() {
+    cd ${S}
+
+    # These changes are needed to have the fiptool compiling and executing properly
+    sed -i '/^LDLIBS/ s,$, \-L${RECIPE_SYSROOT_NATIVE}${libdir},' ${S}/tools/fiptool/Makefile
+    sed -i '/^INCLUDE_PATHS/ s,$, \-I${RECIPE_SYSROOT_NATIVE}${includedir},' ${S}/tools/fiptool/Makefile
+    export LD_LIBRARY_PATH=${STAGING_DIR_NATIVE}${libdir}:$LD_LIBRARY_PATH
+
+    oe_runmake ${TFA_BUILD_TARGET}
+}
+do_compile[cleandirs] = "${B}"
+
+do_install() {
+    if ${@"true" if d.getVar('TFA_DEBUG') == '1' else "false"}; then
+        BUILD_PLAT=${B}/${BUILD_DIR}/debug/
+    else
+        BUILD_PLAT=${B}/${BUILD_DIR}/release/
+    fi
+
+    install -d -m 755 ${D}/firmware
+    for atfbin in ${TFA_INSTALL_TARGET}; do
+        processes="0"
+        if [ "$atfbin" = "all" ]; then
+            # Target all is not handled by default
+            bberror "all as TFA_INSTALL_TARGET is not handled by do_install"
+            bberror "Please specify valid targets in TFA_INSTALL_TARGET or"
+            bberror "rewrite or turn off do_install"
+            exit 1
+        fi
+
+        if [ -f $BUILD_PLAT/$atfbin.bin ]; then
+            echo "Install $atfbin.bin"
+            install -m 0644 $BUILD_PLAT/$atfbin.bin \
+                ${D}/firmware/$atfbin-${TFA_PLATFORM}.bin
+            ln -sf $atfbin-${TFA_PLATFORM}.bin ${D}/firmware/$atfbin.bin
+            processes="1"
+        fi
+        if [ -f $BUILD_PLAT/$atfbin/$atfbin.elf ]; then
+            echo "Install $atfbin.elf"
+            install -m 0644 $BUILD_PLAT/$atfbin/$atfbin.elf \
+                ${D}/firmware/$atfbin-${TFA_PLATFORM}.elf
+            ln -sf $atfbin-${TFA_PLATFORM}.elf ${D}/firmware/$atfbin.elf
+            processes="1"
+        fi
+        if [ -f $BUILD_PLAT/$atfbin ]; then
+            echo "Install $atfbin"
+            install -m 0644 $BUILD_PLAT/$atfbin \
+                ${D}/firmware/$atfbin-${TFA_PLATFORM}
+            ln -sf $atfbin-${TFA_PLATFORM} ${D}/firmware/$atfbin
+            processes="1"
+        fi
+
+        if [ "$atfbin" = "dtbs" ]; then
+            echo "dtbs install, skipped"
+        elif [ -f ${B}/tools/$atfbin/$atfbin ]; then
+            echo "Tools $atfbin install, skipped"
+        elif [ "$processed" = "0" ]; then
+            bberror "Unsupported TFA_INSTALL_TARGET target $atfbin"
+            exit 1
+        fi
+    done
+}
+
+FILES_${PN} = "/firmware"
+SYSROOT_DIRS += "/firmware"
+# Skip QA check for relocations in .text of elf binaries
+INSANE_SKIP_${PN} = "textrel"
+
+do_deploy() {
+    cp -rf ${D}/firmware/* ${DEPLOYDIR}/
+}
+addtask deploy after do_install
diff --git a/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.1.bb b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.1.bb
new file mode 100644
index 00000000..4d412027
--- /dev/null
+++ b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.1.bb
@@ -0,0 +1,38 @@
+#
+# Trusted firmware-A 2.1
+#
+
+require trusted-firmware-a.inc
+
+SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https;name=tfa"
+
+# Use TF-A for version
+SRCREV_FORMAT = "tfa"
+
+# TF-A v2.1
+SRCREV_tfa = "e1286bdb968ee74fc52f96cf303a4218e1ae2950"
+
+S = "${WORKDIR}/git"
+
+LIC_FILES_CHKSUM = "file://license.rst;md5=c709b197e22b81ede21109dbffd5f363"
+
+SRC_URI[tfa.md5sum] = "75c8f4958fb493d9bd7a8e5a9636ec18"
+SRC_URI[tfa.sha256sum] = "7c4c00a4f28d3cfbb235fd1a1fb28c4d2fc1d657c9301686e7d8824ef575d059"
+
+#
+# mbed TLS source
+# Those are used in trusted-firmware-a.inc if TFA_MBEDTLS is set to 1
+#
+
+SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls"
+
+# mbed TLS v2.16.2
+SRCREV_mbedtls = "d81c11b8ab61fd5b2da8133aa73c5fe33a0633eb"
+
+LIC_FILES_CHKSUM_MBEDTLS += " \
+    file://mbedtls/apache-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57 \
+    file://mbedtls/LICENSE;md5=302d50a6369f5f22efdb674db908167a \
+    "
+
+SRC_URI[mbedtls.md5sum] = "37cdec398ae9ebdd4640df74af893c95"
+SRC_URI[mbedtls.sha256sum] = "a6834fcd7b7e64b83dfaaa6ee695198cb5019a929b2806cb0162e049f98206a4"
diff --git a/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.2.bb b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.2.bb
new file mode 100644
index 00000000..4d5316ea
--- /dev/null
+++ b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.2.bb
@@ -0,0 +1,38 @@
+#
+# Trusted firmware-A 2.2
+#
+
+require trusted-firmware-a.inc
+
+SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https;name=tfa"
+
+# Use TF-A for version
+SRCREV_FORMAT = "tfa"
+
+# TF-A v2.2
+SRCREV_tfa = "7192b956bde11652a835eee0724dca0e403fee90"
+
+S = "${WORKDIR}/git"
+
+LIC_FILES_CHKSUM = "file://docs/license.rst;md5=189505435dbcdcc8caa63c46fe93fa89"
+
+SRC_URI[tfa.md5sum] = "75c8f4958fb493d9bd7a8e5a9636ec18"
+SRC_URI[tfa.sha256sum] = "7c4c00a4f28d3cfbb235fd1a1fb28c4d2fc1d657c9301686e7d8824ef575d059"
+
+#
+# mbed TLS source
+# Those are used in trusted-firmware-a.inc if TFA_MBEDTLS is set to 1
+#
+
+SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls"
+
+# mbed TLS v2.16.2
+SRCREV_mbedtls = "d81c11b8ab61fd5b2da8133aa73c5fe33a0633eb"
+
+LIC_FILES_CHKSUM_MBEDTLS += " \
+    file://mbedtls/apache-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57 \
+    file://mbedtls/LICENSE;md5=302d50a6369f5f22efdb674db908167a \
+    "
+
+SRC_URI[mbedtls.md5sum] = "37cdec398ae9ebdd4640df74af893c95"
+SRC_URI[mbedtls.sha256sum] = "a6834fcd7b7e64b83dfaaa6ee695198cb5019a929b2806cb0162e049f98206a4"
diff --git a/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.3.bb b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.3.bb
new file mode 100644
index 00000000..bfda87bc
--- /dev/null
+++ b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.3.bb
@@ -0,0 +1,38 @@
+#
+# Trusted firmware-A 2.3
+#
+
+require trusted-firmware-a.inc
+
+SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https;name=tfa"
+
+# Use TF-A for version
+SRCREV_FORMAT = "tfa"
+
+# TF-A v2.3
+SRCREV_tfa = "ecd27ad85f1eba29f6bf92c39dc002c85b07dad5"
+
+S = "${WORKDIR}/git"
+
+LIC_FILES_CHKSUM = "file://docs/license.rst;md5=189505435dbcdcc8caa63c46fe93fa89"
+
+SRC_URI[tfa.md5sum] = "75c8f4958fb493d9bd7a8e5a9636ec18"
+SRC_URI[tfa.sha256sum] = "7c4c00a4f28d3cfbb235fd1a1fb28c4d2fc1d657c9301686e7d8824ef575d059"
+
+#
+# mbed TLS source
+# Those are used in trusted-firmware-a.inc if TFA_MBEDTLS is set to 1
+#
+
+SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls"
+
+# mbed TLS v2.18.1
+SRCREV_mbedtls = "ca933c7e0c9e84738b168b6b0feb89af4183a60a"
+
+LIC_FILES_CHKSUM_MBEDTLS += " \
+    file://mbedtls/apache-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57 \
+    file://mbedtls/LICENSE;md5=302d50a6369f5f22efdb674db908167a \
+    "
+
+SRC_URI[mbedtls.md5sum] = "37cdec398ae9ebdd4640df74af893c95"
+SRC_URI[mbedtls.sha256sum] = "a6834fcd7b7e64b83dfaaa6ee695198cb5019a929b2806cb0162e049f98206a4"
diff --git a/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_git.bb b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_git.bb
new file mode 100644
index 00000000..c443ecd6
--- /dev/null
+++ b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_git.bb
@@ -0,0 +1,31 @@
+# Trusted firmware-A points a commit rather a tag
+#
+# This is only a base receipt and should be bbextended with suitable SRCREV_tfa
+# and SRCREV_MBEDTLS and target TFA_* variables
+
+# Never select this if another version is available
+DEFAULT_PREFERENCE = "-1"
+
+require trusted-firmware-a.inc
+
+SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https;name=tfa"
+
+# Use TF-A for version
+SRCREV_FORMAT = "tfa"
+
+S = "${WORKDIR}/git"
+
+LIC_FILES_CHKSUM = "file://docs/license.rst;md5=189505435dbcdcc8caa63c46fe93fa89"
+
+#
+# mbed TLS source
+# Those are used in trusted-firmware-a.inc if TFA_MBEDTLS is set to 1
+#
+
+SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls"
+
+LIC_FILES_CHKSUM_MBEDTLS += " \
+    file://mbedtls/apache-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57 \
+    file://mbedtls/LICENSE;md5=302d50a6369f5f22efdb674db908167a \
+    "
+