mbox series

[v4,00/11] Support for building TF-A and OP-TEE, add STM32MP15x board

Message ID cover.1606118039.git.jan.kiszka@siemens.com
Headers show
Series Support for building TF-A and OP-TEE, add STM32MP15x board | expand

Message

Jan Kiszka Nov. 22, 2020, 9:53 p.m. UTC 
Changes in v4:
 - fix up OP-TEE version reporting for STM32MP15x
 - update to TF-A 2.4 and OP-TEE 3.11.0

Changes in v3 (sent as partial updates before):
 - more flexible TF_A_BINARIES definition, supporting also platforms
   with custom BUILD_PLAT definitions (k3, rk3399, tegra)
 - account for platform flavors in OPTEE_PLATFORM

This adds include files for building custom Trusted Firmware A and Open
Portable Trusted Execution Environment, similar to U-Boot. As a
demonstration target, support for the STM32MP15x board is added, and its
boot is enabled for both TF-a and OP-TEE.

Note that the kernel is intentionally kept at 5.4.70 due to
https://lkml.org/lkml/2020/11/22/126.

Jan


CC: vijaikumar.kanagarajan@gmail.com

Jan Kiszka (11):
  meta-isar: Lift de0-nano-soc build to buster
  meta-isar: linux-mainline: Update to latest 5.4.70
  meta-isar: u-boot: Update to 2020.10
  meta-isar: u-boot: Factor our de0-nano-soc recipe
  meta-isar: example-raw: Purge securetty from target image
  Add STM32MP15x eval board
  Add recipe include for building custom Trusted Firmware A
  stm32mp15x: Switch to TF-A based boot
  Add recipe include for building custom OP-TEE
  meta-isar: u-boot-stm32mp15x: Add patches needed for OP-TEE usage
  meta-isar: Add OP-TEE to STM32MP15x board

 meta-isar/conf/local.conf.sample              |   3 +-
 meta-isar/conf/machine/de0-nano-soc.conf      |   1 +
 meta-isar/conf/machine/stm32mp15x.conf        |  19 +++
 .../conf/multiconfig/de0-nano-soc-buster.conf |   7 +
 .../multiconfig/de0-nano-soc-stretch.conf     |   7 -
 .../conf/multiconfig/stm32mp15x-buster.conf   |   7 +
 .../recipes-app/example-raw/files/postinst    |   3 +
 .../optee-os/optee-os-stm32mp15x_3.10.0.bb    |  19 +++
 .../trusted-firmware-a-stm32mp15x_2.3.bb      |  21 +++
 ...y-add-property-no-map-to-created-res.patch | 151 ++++++++++++++++++
 ...rty-no-map-to-secure-reserved-memory.patch |  33 ++++
 .../recipes-bsp/u-boot/u-boot-2020.10.inc     |  13 ++
 .../u-boot/u-boot-de0-nano-soc_2020.10.bb     |   9 ++
 .../u-boot/u-boot-stm32mp15x_2020.10.bb       |  10 ++
 .../recipes-bsp/u-boot/u-boot_2018.09.bb      |  14 --
 ...ine_5.4.10.bb => linux-mainline_5.4.70.bb} |   4 +-
 .../lib/wic/canned-wks/stm32mp15x.wks.in      |  16 ++
 meta/recipes-bsp/optee-os/files/debian/compat |   1 +
 .../optee-os/files/debian/control.tmpl        |  10 ++
 meta/recipes-bsp/optee-os/files/debian/rules  |  19 +++
 meta/recipes-bsp/optee-os/optee-os-custom.inc |  46 ++++++
 .../trusted-firmware-a/files/debian/compat    |   1 +
 .../files/debian/control.tmpl                 |  10 ++
 .../trusted-firmware-a/files/debian/rules     |  19 +++
 .../trusted-firmware-a-custom.inc             |  43 +++++
 scripts/ci_build.sh                           |   5 +-
 26 files changed, 465 insertions(+), 26 deletions(-)
 create mode 100644 meta-isar/conf/machine/stm32mp15x.conf
 create mode 100644 meta-isar/conf/multiconfig/de0-nano-soc-buster.conf
 delete mode 100644 meta-isar/conf/multiconfig/de0-nano-soc-stretch.conf
 create mode 100644 meta-isar/conf/multiconfig/stm32mp15x-buster.conf
 create mode 100644 meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.10.0.bb
 create mode 100644 meta-isar/recipes-bsp/trusted-firmware-a/trusted-firmware-a-stm32mp15x_2.3.bb
 create mode 100644 meta-isar/recipes-bsp/u-boot/files/0001-fdtdec-optionally-add-property-no-map-to-created-res.patch
 create mode 100644 meta-isar/recipes-bsp/u-boot/files/0002-optee-add-property-no-map-to-secure-reserved-memory.patch
 create mode 100644 meta-isar/recipes-bsp/u-boot/u-boot-2020.10.inc
 create mode 100644 meta-isar/recipes-bsp/u-boot/u-boot-de0-nano-soc_2020.10.bb
 create mode 100644 meta-isar/recipes-bsp/u-boot/u-boot-stm32mp15x_2020.10.bb
 delete mode 100644 meta-isar/recipes-bsp/u-boot/u-boot_2018.09.bb
 rename meta-isar/recipes-kernel/linux/{linux-mainline_5.4.10.bb => linux-mainline_5.4.70.bb} (89%)
 create mode 100644 meta-isar/scripts/lib/wic/canned-wks/stm32mp15x.wks.in
 create mode 100644 meta/recipes-bsp/optee-os/files/debian/compat
 create mode 100644 meta/recipes-bsp/optee-os/files/debian/control.tmpl
 create mode 100755 meta/recipes-bsp/optee-os/files/debian/rules
 create mode 100644 meta/recipes-bsp/optee-os/optee-os-custom.inc
 create mode 100644 meta/recipes-bsp/trusted-firmware-a/files/debian/compat
 create mode 100644 meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
 create mode 100755 meta/recipes-bsp/trusted-firmware-a/files/debian/rules
 create mode 100644 meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc

Comments

Baurzhan Ismagulov Nov. 24, 2020, 6:52 a.m. UTC | #1 
On Mon, Nov 23, 2020 at 08:53:48AM +0100, Jan Kiszka wrote:
> Changes in v4:
>  - fix up OP-TEE version reporting for STM32MP15x
>  - update to TF-A 2.4 and OP-TEE 3.11.0

Looks good to me, has just failed on CI due to python3. I'll test on top of the
python3 fix and let you know.

With kind regards,
Baurzhan.
Jan Kiszka Nov. 24, 2020, 7:47 p.m. UTC | #2 
On 24.11.20 17:52, Baurzhan Ismagulov wrote:
> On Mon, Nov 23, 2020 at 08:53:48AM +0100, Jan Kiszka wrote:
>> Changes in v4:
>>  - fix up OP-TEE version reporting for STM32MP15x
>>  - update to TF-A 2.4 and OP-TEE 3.11.0
> 
> Looks good to me, has just failed on CI due to python3. I'll test on top of the
> python3 fix and let you know.

How comes that? The new python bits of this series should only be
executed inside the buildchroot. Do you have a pointer to the failing build?

Jan
Baurzhan Ismagulov Nov. 25, 2020, 8:58 a.m. UTC | #3 
On Wed, Nov 25, 2020 at 06:47:50AM +0100, Jan Kiszka wrote:
> > Looks good to me, has just failed on CI due to python3. I'll test on top of the
> > python3 fix and let you know.
> 
> How comes that? The new python bits of this series should only be
> executed inside the buildchroot. Do you have a pointer to the failing build?

http://ci.isar-build.org:8080/job/isar_am_devel_fast/28/consoleFull

ERROR: mc:stm32mp15x-buster:isar-image-base-1.0-r0 do_wic_image: Execution of '/workspace/build/isar_am_devel_fast/28/build/tmp/work/debian-buster-armhf/isar-image-base-stm32mp15x-wic-img/1.0-r0/temp/run.do_wic_image.27755' failed with exit code 1:
/usr/bin/ln: failed to create symbolic link '/usr/bin/python3-native/python3': File exists
INFO: Creating image(s)...

ERROR: A native program /usr/bin/python3-native/python3 required to build the image was not found (see details above).

Wic failed to find a recipe to build native /usr/bin/python3-native/python3. Please file a bug against wic.

mv: cannot stat '/workspace/build/isar_am_devel_fast/28/build/tmp/deploy/buildchroot-target/debian-buster-armhf/tmp/tmp.W51km1H9Cv/isar-image-base-debian-buster-stm32mp15x.wic/stm32mp15x-202011231326-sda.direct.bmap': No such file or directory
WARNING: exit code 1 from a shell command.

ERROR: Logfile of failure stored in: /workspace/build/isar_am_devel_fast/28/build/tmp/work/debian-buster-armhf/isar-image-base-stm32mp15x-wic-img/1.0-r0/temp/log.do_wic_image.27755


If that is a race, then it could be triggered by any irrelevant change. With
the python3 patch applied, the CI has passed. I'm ready to apply the series,
please let me know whether you see any issues.


With kind regards,
Baurzhan.
Jan Kiszka Nov. 25, 2020, 10:30 a.m. UTC | #4 
On 25.11.20 19:58, Baurzhan Ismagulov wrote:
> On Wed, Nov 25, 2020 at 06:47:50AM +0100, Jan Kiszka wrote:
>>> Looks good to me, has just failed on CI due to python3. I'll test on top of the
>>> python3 fix and let you know.
>>
>> How comes that? The new python bits of this series should only be
>> executed inside the buildchroot. Do you have a pointer to the failing build?
> 
> http://ci.isar-build.org:8080/job/isar_am_devel_fast/28/consoleFull
> 
> ERROR: mc:stm32mp15x-buster:isar-image-base-1.0-r0 do_wic_image: Execution of '/workspace/build/isar_am_devel_fast/28/build/tmp/work/debian-buster-armhf/isar-image-base-stm32mp15x-wic-img/1.0-r0/temp/run.do_wic_image.27755' failed with exit code 1:
> /usr/bin/ln: failed to create symbolic link '/usr/bin/python3-native/python3': File exists
> INFO: Creating image(s)...
> 
> ERROR: A native program /usr/bin/python3-native/python3 required to build the image was not found (see details above).
> 
> Wic failed to find a recipe to build native /usr/bin/python3-native/python3. Please file a bug against wic.
> 
> mv: cannot stat '/workspace/build/isar_am_devel_fast/28/build/tmp/deploy/buildchroot-target/debian-buster-armhf/tmp/tmp.W51km1H9Cv/isar-image-base-debian-buster-stm32mp15x.wic/stm32mp15x-202011231326-sda.direct.bmap': No such file or directory
> WARNING: exit code 1 from a shell command.
> 
> ERROR: Logfile of failure stored in: /workspace/build/isar_am_devel_fast/28/build/tmp/work/debian-buster-armhf/isar-image-base-stm32mp15x-wic-img/1.0-r0/temp/log.do_wic_image.27755
> 
> 
> If that is a race, then it could be triggered by any irrelevant change. With
> the python3 patch applied, the CI has passed. I'm ready to apply the series,
> please let me know whether you see any issues.
> 

It's the race for which you just merged the fix.

Jan
Anton Mikanovich Nov. 26, 2020, 5:54 a.m. UTC | #5 
23.11.2020 10:53, Jan Kiszka wrote:
> Changes in v4:
>   - fix up OP-TEE version reporting for STM32MP15x
>   - update to TF-A 2.4 and OP-TEE 3.11.0
>
> Changes in v3 (sent as partial updates before):
>   - more flexible TF_A_BINARIES definition, supporting also platforms
>     with custom BUILD_PLAT definitions (k3, rk3399, tegra)
>   - account for platform flavors in OPTEE_PLATFORM
>
> This adds include files for building custom Trusted Firmware A and Open
> Portable Trusted Execution Environment, similar to U-Boot. As a
> demonstration target, support for the STM32MP15x board is added, and its
> boot is enabled for both TF-a and OP-TEE.
>
> Note that the kernel is intentionally kept at 5.4.70 due to
> https://lkml.org/lkml/2020/11/22/126.

Applied to next, thanks.