File arm-trusted-firmware.spec of Package arm-trusted-firmware
#
# spec file for package arm-trusted-firmware
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%global platform @BUILD_FLAVOR@%{nil}
%if "%{platform}" == "a3700" || "%{platform}" == "imx8mq"
# Debug build not supported for UART boot on a3700
# Debug build is too big on imx8mq, see: https://developer.trustedfirmware.org/T626
%global debug_build 0
%else
%global debug_build 1
%endif
# Patch151 fixes the build with GCC11 - https://github.com/MarvellEmbeddedProcessors/A3700-utils-marvell/issues/22
%bcond_without A3700_tools
%bcond_with atf_optee
%if %{with atf_optee}
%define use_optee 1
%if "%{platform}" == "" || "%{platform}" == "tegra186" || "%{platform}" == "tegra210" || "%{platform}" == "rk3328" || "%{platform}" == "rk3368" || "%{platform}" == "rk3399" || "%{platform}" == "rpi4"
# OP-TEE not available
%define use_optee 0
%endif
%if "%{platform}" == "a3700" || "%{platform}" == "a80x0_mcbin" || "%{platform}" == "imx8qm" || "%{platform}" == "imx8qx" || "%{platform}" == "imx8mq" || "%{platform}" == "imx8mm" || "%{platform}" == "sun50i_a64" || "%{platform}" == "sun50i_h6" || "%{platform}" == "zynqmp"
# TBD
%define use_optee 0
%endif
%else
%define use_optee 0
%endif
%if "%{platform}" == ""
Name: arm-trusted-firmware
%else
Name: arm-trusted-firmware-%{platform}
%endif
Version: 2.6
Release: 0
%define srcversion 2.6
%define mv_ddr_ver armada-atf-master
%define mv_bin_ver 10.0.1.0
%define a3700_utils_ver master
Summary: Arm Trusted Firmware-A
License: BSD-3-Clause
Group: System/Boot
URL: https://www.trustedfirmware.org/
Source: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot/trusted-firmware-a-%{srcversion}.tar.gz
Source1: mv-ddr-marvell-%{mv_ddr_ver}.tar.gz
Source2: A3700-utils-marvell-%{a3700_utils_ver}.tar.gz
Source3: binaries-marvell-%{mv_bin_ver}.tar.gz
Patch1: atf-allow-non-git-dir.patch
Patch2: 0001-docs-security-security-advisory-for-CVE-2022-23960.patch
Patch3: 0002-fix-security-workaround-for-CVE-2022-23960.patch
Patch4: 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch
Patch5: 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch
Patch6: 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch
Patch7: 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch
Patch150: A3700_utils-drop-git.patch
BuildRequires: fdupes
%if "%{platform}" != ""
#!BuildIgnore: gcc-PIE
%endif
%if "%{platform}" == "a3700"
BuildRequires: arm-trusted-firmware-tools
BuildRequires: cross-arm-none-newlib-devel
BuildRequires: gcc-c++
BuildRequires: libcryptopp-devel
%endif
%if "%{platform}" == "a3700" || "%{platform}" == "rk3399"
BuildRequires: cross-arm-none-gcc%{gcc_version}
%endif
%if "%{platform}" == "a80x0_mcbin" && 0
BuildRequires: edk2-Armada80x0McBin
%endif
%if "%{platform}" == "hikey"
BuildRequires: edk2-hikey
%endif
%if "%{platform}" == "hikey960"
BuildRequires: edk2-hikey960
%endif
%if "%{platform}" == ""
BuildRequires: gcc-c++
%endif
BuildRequires: git
%if "%{platform}" == ""
BuildRequires: libcryptopp-devel
%endif
BuildRequires: libopenssl-devel
%if %{use_optee}
%if "%{platform}" == "qemu_sbsa"
BuildRequires: optee-qemu-armv8a
%else
%if "%{platform}" == "a3700"
BuildRequires: optee-armada3700
%else
%if "%{platform}" == "a80x0_mcbin"
BuildRequires: optee-armada7k8k
%else
BuildRequires: optee-%{platform}
%endif
%endif
%endif
%endif
%if "%{platform}" == "qemu"
BuildRequires: qemu-uefi-aarch64
%endif
%if "%{platform}" == "rpi3" || "%{platform}" == "rpi4"
# For /boot/vc
BuildRequires: raspberrypi-firmware
%endif
%if "%{platform}" == "a3700"
BuildRequires: u-boot-mvebuespressobin-88f3720
%endif
%if "%{platform}" == "a80x0_mcbin" && 1
BuildRequires: u-boot-mvebumcbin-88f8040
%endif
%if "%{platform}" == "hikey"
BuildRequires: u-boot-hikey
%endif
%if "%{platform}" == "poplar"
BuildRequires: u-boot-poplar
%endif
%if "%{platform}" == "rpi3"
BuildRequires: u-boot-rpi3
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# Disable some targets on SLE15-SP4 because of missing deps
%if 0%{suse_version} < 1550
%if "%{platform}" == "a3700" || "%{platform}" == "hikey" || "%{platform}" == "hikey960" || "%{platform}" == "imx8qm" || "%{platform}" == "imx8qx" || "%{platform}" == "rk3399"
ExclusiveArch: do_not_build
%else
%if "%{platform}" != ""
BuildArch: noarch
ExclusiveArch: aarch64
%endif
%endif
%else
%if "%{platform}" != ""
BuildArch: noarch
ExclusiveArch: aarch64
%endif
%endif
%if "%{platform}" == "rpi4"
Supplements: modalias(of:N*T*Cbrcm%2Cbcm2711*C*)
%endif
%description
Trusted Firmware-A (TF-A) provides a reference implementation of secure world
software for Armv7-A and Armv8-A, including a Secure Monitor executing at
Exception Level 3 (EL3).
%if "%{platform}" == "poplar"
%package devel
Summary: ARM Trusted Firmware -- %{platform} development files
Group: System/Boot
Requires: %{name} = %{version}
%description devel
ARM Trusted Firmware provides a reference implementation of
secure world software for ARMv8-A, including a Secure Monitor executing at
Exception Level 3 (EL3). It implements various ARM interface standards,
such as the Power State Coordination Interface (PSCI),
Trusted Board Boot Requirements (TBBR, ARM DEN0006C-1) and
SMC Calling Convention. As far as possible the code is designed for reuse
or porting to other ARMv8-A model and hardware platforms.
This sub-package contains development files.
%endif
%if "%{platform}" == ""
%package tools
Summary: Tools for ARM Trusted Firmware-A
Group: System/Boot
%description tools
Trusted Firmware-A (TF-A) provides a reference implementation of
secure world software for ARMv8-A, including a Secure Monitor executing at
Exception Level 3 (EL3). It implements various ARM interface standards,
such as the Power State Coordination Interface (PSCI),
Trusted Board Boot Requirements (TBBR, ARM DEN0006C-1) and
SMC Calling Convention. As far as possible the code is designed for reuse
or porting to other ARMv8-A model and hardware platforms.
This package contains fiptool.
%endif
%prep
%if "%{platform}" == "a3700" || "%{platform}" == "a80x0_mcbin"
%if "%{platform}" == "a3700"
%setup -q -n trusted-firmware-a-%{srcversion} -a 1 -a 2
%else
%setup -q -n trusted-firmware-a-%{srcversion} -a 1 -a 3
%endif
# git repo or branch.txt file are expected
echo "%{mv_ddr_ver}" > mv-ddr-marvell-%{mv_ddr_ver}/branch.txt
%else
%if "%{platform}" == ""
%setup -q -n trusted-firmware-a-%{srcversion} -a 2
%else
%setup -q -n trusted-firmware-a-%{srcversion}
%endif
%endif
%if "%{platform}" == "" || "%{platform}" == "a3700"
pushd A3700-utils-marvell-%{a3700_utils_ver}
# git repo or branch.txt file are expected
echo "%{a3700_utils_ver}" > branch.txt
%if "%{platform}" != ""
install -D -m 0755 %{_bindir}/TBB wtptp/linux/tbb_linux
%endif
%patch150 -p1
popd
%endif
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%build
export BUILD_MESSAGE_TIMESTAMP="\"$(date -d "$(head -n 2 %{_sourcedir}/arm-trusted-firmware.changes | tail -n 1 | cut -d- -f1 )" -u "+%%H:%%M:%%S, %%b %%e %%Y")\""
%if "%{platform}" == "a3700"
export CRYPTOPP_LIBDIR=%{_libdir}
export CRYPTOPP_INCDIR=%{_includedir}/cryptopp
%endif
%if "%{platform}" == ""
make %{?_smp_mflags} V=1 fiptool
%if %{with A3700_tools}
pushd A3700-utils-marvell-%{a3700_utils_ver}
make %{?_smp_mflags} -C wtptp/src/TBB_Linux -f TBB_linux.mak INCDIR=%{_includedir}/cryptopp LIBDIR=%{_libdir}
make %{?_smp_mflags} -C wtptp/src/Wtpdownloader_Linux -f makefile.mk
popd
%endif
%else
%if "%{platform}" == "a3700"
export CROSS_CM3=arm-none-eabi-
%define variants ebin_512M_spinor ebin_v3_1G_spinor ebin_v5_2G_spinor ebin_v7_1G_spinor ebin_v7_2G_spinor ebin_512M_sata ebin_v3_1G_sata ebin_v5_2G_sata ebin_v7_1G_sata ebin_v7_2G_sata
for variant in %{variants}; do
partnum=0
case "${variant}" in
ebin_*)
clockspreset=CPU_1000_DDR_800
;;
esac
case "${variant}" in
ebin_512M_*)
ddr_topology=0
;;
ebin_v3_1G_*)
ddr_topology=2
;;
ebin_v5_2G_*)
ddr_topology=7
;;
ebin_v7_1G_*)
ddr_topology=5
;;
ebin_v7_2G_*)
ddr_topology=6
;;
esac
case "${variant}" in
*_emmc) bootdev=EMMCNORM ;;
*_sata) bootdev=SATA ;;
*_spinand) bootdev=SPINAND ;;
*_spinor) bootdev=SPINOR ;;
esac
make distclean
%endif
%if "%{platform}" == "poplar"
for dram_size in one_gig two_gig; do
%endif
make \
%if "%{platform}" != "a3700" && "%{platform}" != "a80x0_mcbin"
%{?_smp_mflags} \
%endif
V=1 DISABLE_PEDANTIC=1 DEBUG=%{debug_build} \
%if "%{platform}" == "tegra186" || "%{platform}" == "tegra210"
%if "%{platform}" == "tegra186"
%define target_soc t186
%endif
%if "%{platform}" == "tegra210"
%define target_soc t210
%endif
PLAT=tegra TARGET_SOC=%{target_soc} \
%else
PLAT=%{platform} \
%endif
%if %{use_optee}
SPD=opteed \
BL32=/boot/tee-header_v2.bin \
BL32_EXTRA1=/boot/tee-pager_v2.bin \
BL32_EXTRA2=/boot/tee-pageable_v2.bin \
%endif
%if "%{platform}" == "a3700" || "%{platform}" == "a80x0_mcbin"
LOG_LEVEL=30 \
MV_DDR_PATH=$(pwd)/mv-ddr-marvell-%{mv_ddr_ver} \
%if "%{platform}" == "a3700"
WTP=$(pwd)/A3700-utils-marvell-%{a3700_utils_ver} \
CLOCKSPRESET=${clockspreset} DDR_TOPOLOGY=${ddr_topology} \
USE_COHERENT_MEM=0 \
%if %{use_optee}
LLC_ENABLE=1 LLC_SRAM=1 \
%endif
BOOTDEV=${bootdev} PARTNUM=${partnum} \
MARVELL_SECURE_BOOT=0 \
%endif
%if "%{platform}" == "a80x0_mcbin"
SCP_BL2=$(pwd)/binaries-marvell-%{mv_bin_ver}/mrvl_scp_bl2.img \
%endif
%if "%{platform}" == "a80x0_mcbin" && 0
BL33=/boot/ARMADA_EFI.fd \
%else
BL33=/boot/u-boot.bin \
%endif
%if "%{platform}" == "a3700" || "%{platform}" == "a80x0_mcbin"
mrvl_flash \
%if "%{platform}" == "a3700"
mrvl_uart \
%endif
%endif
all fip
%if "%{platform}" == "a3700"
mv build build.${variant}
done
%endif
%else
%if "%{platform}" == "hikey"
SCP_BL2=/boot/mcuimage.bin \
BL33=/boot/u-boot.bin \
all fip
%else
%if "%{platform}" == "hikey960"
SCP_BL2=/boot/lpm3.img \
BL33=/boot/BL33_AP_UEFI.fd \
all fip
%else
%if "%{platform}" == "poplar"
BL33=/boot/u-boot.bin \
POPLAR_DRAM_SIZE=${dram_size} \
all fip
mv build build.${dram_size}
make %{?_smp_mflags} V=1 DISABLE_PEDANTIC=1 DEBUG=%{debug_build} \
PLAT=poplar POPLAR_RECOVERY=1 \
BL33=/boot/u-boot.bin \
POPLAR_DRAM_SIZE=${dram_size} \
all fip
mv build build.${dram_size}.recovery
done
%else
%if "%{platform}" == "rpi3"
BL33=/boot/vc/u-boot.bin \
RPI3_PRELOADED_DTB_BASE=0x01000000 \
RPI3_DIRECT_LINUX_BOOT=1 \
RPI3_RUNTIME_UART=1 \
all
%else
%if "%{platform}" == "qemu"
BL33=%{_datadir}/qemu/qemu-uefi-aarch64.bin \
all fip
%else
%if "%{platform}" == "qemu_sbsa"
all fip
%else
all
%endif
%endif
%endif
%endif
%endif
%endif
%endif
%endif
%install
%if "%{platform}" == ""
mkdir -p %{buildroot}%{_bindir}
install -m 755 tools/fiptool/fiptool %{buildroot}%{_bindir}/fiptool
%if %{with A3700_tools}
pushd A3700-utils-marvell-%{a3700_utils_ver}
# No need to have a _linux suffix on Linux
install -D -m 0755 wtptp/src/TBB_Linux/release/TBB_linux %{buildroot}%{_bindir}/TBB
install -D -m 0755 wtptp/src/Wtpdownloader_Linux/WtpDownload_linux %{buildroot}%{_bindir}/WtpDownload
popd
%endif
%else
export NO_BRP_STRIP_DEBUG=true
export NO_DEBUGINFO_STRIP_DEBUG=true
mkdir -p %{buildroot}%{_datadir}/%{name}
%if 0%{?debug_build}
%global dir debug
%else
%global dir release
%endif
%define outdir build/%{platform}/%{dir}
%if "%{platform}" == "tegra186" || "%{platform}" == "tegra210"
%define outdir build/tegra/%{target_soc}/%{dir}
%endif
%if "%{platform}" == "a3700"
for v in %{variants}; do
outdir=build.${v}/%{platform}/%{dir}
destdir=%{buildroot}%{_datadir}/%{name}/${v}
install -D -m 0644 ${outdir}/bl1.bin ${destdir}/bl1.bin
install -D -m 0644 ${outdir}/bl2.bin ${destdir}/bl2.bin
install -D -m 0644 ${outdir}/bl31.bin ${destdir}/bl31.bin
install -D -m 0644 ${outdir}/fip.bin ${destdir}/fip.bin
install -D -m 0644 ${outdir}/flash-image.bin ${destdir}/flash-image.bin
install -D -m 0644 ${outdir}/uart-images/TIM_ATF.bin ${destdir}/uart/TIM_ATF.bin
install -D -m 0644 ${outdir}/uart-images/boot-image_h.bin ${destdir}/uart/boot-image_h.bin
install -D -m 0644 ${outdir}/uart-images/wtmi_h.bin ${destdir}/uart/wtmi_h.bin
done
%else
%if "%{platform}" == "poplar"
for v in one_gig two_gig one_gig.recovery two_gig.recovery; do
outdir=build.${v}/%{platform}/%{dir}
destdir=%{buildroot}%{_datadir}/%{name}/${v}
install -D -m 0644 ${outdir}/bl1.bin ${destdir}/bl1.bin
install -D -m 0644 ${outdir}/fip.bin ${destdir}/fip.bin
done
mkdir -p %{buildroot}%{_includedir}/%{name}
install -D -m 0644 plat/hisilicon/poplar/include/poplar_layout.h %{buildroot}%{_includedir}/%{name}/
%else
# u-boot for rockchip requires bl31.elf file
%if "%{platform}" == "rk3328" || "%{platform}" == "rk3368" || "%{platform}" == "rk3399" || "%{platform}" == "zynqmp"
install -D -m 0644 %{outdir}/bl31/bl31.elf %{buildroot}%{_datadir}/%{name}/bl31.elf
%else
install -D -m 0644 %{outdir}/bl31.bin %{buildroot}%{_datadir}/%{name}/bl31.bin
%endif
%if "%{platform}" == "a80x0_mcbin" || "%{platform}" == "hikey" || "%{platform}" == "hikey960" || "%{platform}" == "qemu" || "%{platform}" == "qemu_sbsa" || "%{platform}" == "rpi3"
install -D -m 0644 %{outdir}/bl1.bin %{buildroot}%{_datadir}/%{name}/bl1.bin
install -D -m 0644 %{outdir}/fip.bin %{buildroot}%{_datadir}/%{name}/fip.bin
%endif
%if "%{platform}" == "a80x0_mcbin" || "%{platform}" == "hikey" || "%{platform}" == "hikey960" || "%{platform}" == "rpi3"
install -D -m 0644 %{outdir}/bl2.bin %{buildroot}%{_datadir}/%{name}/bl2.bin
%endif
%if "%{platform}" == "rpi3"
install -D -m 0644 %{outdir}/armstub8.bin %{buildroot}/boot/vc/armstub8.bin
%endif
%if "%{platform}" == "rpi4"
install -D -m 0644 %{outdir}/bl31.bin %{buildroot}/boot/vc/armstub8-rpi4.bin
%endif
%if "%{platform}" == "a80x0_mcbin"
install -D -m 0644 %{outdir}/ble.bin %{buildroot}%{_datadir}/%{name}/ble.bin
install -D -m 0644 %{outdir}/flash-image.bin %{buildroot}%{_datadir}/%{name}/flash-image.bin
%endif
%endif
%endif
%endif
%fdupes %{buildroot}%{_prefix}
%if "%{platform}" == "rpi3" || "%{platform}" == "rpi4"
%post
if mountpoint -q /boot/efi; then
if ! [[ "$(readlink -f /boot/efi)" -ef "$(readlink -f /boot/vc)" ]]; then
cp /boot/vc/armstub8* /boot/efi/
fi
fi
%endif
%files
%defattr(-,root,root)
%license license.rst
%doc docs/about/acknowledgements.rst docs/process/contributing.rst docs/about/maintainers.rst readme.rst dco.txt
%if "%{platform}" != ""
%{_datadir}/%{name}
%endif
%if "%{platform}" == "rpi3" || "%{platform}" == "rpi4"
/boot/vc/armstub8*
%endif
%if "%{platform}" == ""
%files tools
%defattr(-,root,root)
%{_bindir}/fiptool
%if %{with A3700_tools}
%{_bindir}/TBB
%{_bindir}/WtpDownload
%endif
%endif
%if "%{platform}" == "poplar"
%files devel
%defattr(-,root,root)
%{_includedir}/%{name}
%endif
%changelog