diff --git a/.github/actions/compile/action.yml b/.github/actions/compile/action.yml index 57a663b8f..674d51a0a 100644 --- a/.github/actions/compile/action.yml +++ b/.github/actions/compile/action.yml @@ -10,6 +10,8 @@ inputs: required: true kernel_dirname: required: true + firmware_dirname: + required: true cache_dir: required: true kas: @@ -61,14 +63,14 @@ runs: - uses: actions/upload-artifact@v4 with: - name: buildchart-${{ inputs.distro_name }}${{ inputs.kernel_dirname }}-${{ inputs.machine }} + name: buildchart-${{ inputs.distro_name }}${{ inputs.kernel_dirname }}${{ inputs.firmware_dirname }}-${{ inputs.machine }} path: | buildchart.svg buildchart-world.svg - uses: actions/upload-artifact@v4 with: - name: kas-build-${{ inputs.distro_name }}${{ inputs.kernel_dirname }}-${{ inputs.machine }} + name: kas-build-${{ inputs.distro_name }}${{ inputs.kernel_dirname }}${{ inputs.firmware_dirname }}-${{ inputs.machine }} path: kas-build.yml - name: Stage build artifacts for publishing @@ -78,7 +80,7 @@ runs: # expects file to be relative to our PWD. deploy_dir is outside # that, so we move things around: deploy_dir=../kas/build/tmp/deploy/images/${{inputs.machine}} - uploads_dir=./uploads/${{ inputs.distro_name }}${{ inputs.kernel_dirname }}/${{ inputs.machine }} + uploads_dir=./uploads/${{ inputs.distro_name }}${{ inputs.kernel_dirname }}${{ inputs.firmware_dirname }}/${{ inputs.machine }} mkdir -p $uploads_dir find $deploy_dir/ -maxdepth 1 -type f -exec cp {} $uploads_dir/ \; find $deploy_dir/ -maxdepth 1 -type l \( -name boot-*.img -o -name *.rootfs.ext4.gz -o -name *.rootfs.qcomflash.tar.gz \) -exec cp -d {} $uploads_dir/ \; @@ -105,7 +107,11 @@ runs: if [ -n "${KERNEL_DIRNAME}" ]; then KERNEL_DIRNAME="_${KERNEL_DIRNAME}" fi - BUILDNAME="${{ inputs.machine }}_${{ inputs.distro_name }}${KERNEL_DIRNAME}" + FIRMWARE_DIRNAME="${{ inputs.firmware_dirname }}" + if [ -n "${FIRMWARE_DIRNAME}" ]; then + FIRMWARE_DIRNAME="_${FIRMWARE_DIRNAME}" + fi + BUILDNAME="${{ inputs.machine }}_${{ inputs.distro_name }}${KERNEL_DIRNAME}${FIRMWARE_DIRNAME}" FILENAME="build-url_${BUILDNAME}" echo "${{ steps.upload_artifacts.outputs.url }}" > "${FILENAME}" echo "filename=${FILENAME}" >> $GITHUB_OUTPUT diff --git a/.github/workflows/build-yocto.yml b/.github/workflows/build-yocto.yml index 3c6514810..372b35817 100644 --- a/.github/workflows/build-yocto.yml +++ b/.github/workflows/build-yocto.yml @@ -94,6 +94,7 @@ jobs: distro_name: ${{matrix.distro.name}} kernel_yaml: ${{matrix.kernel.yamlfile}} kernel_dirname: ${{matrix.kernel.dirname}} + firmware_dirname: ${{matrix.firmware.dirname}} cache_dir: ${CACHE_DIR} kas: ${KAS_CONTAINER} @@ -144,6 +145,14 @@ jobs: type: additional dirname: "+linux-yocto-lts" yamlfile: ":ci/linux-yocto-lts.yml" + - machine: qcs6490-rb3gen2-core-kit + distro: + name: qcom-distro + yamlfile: ':ci/qcom-distro.yml' + firmware: + type: additional + dirname: "+open-boot-firmware" + yamlfile: ":ci/open-boot-firmware.yml" exclude: # Incompatible builds - machine: qcom-armv7a @@ -162,6 +171,7 @@ jobs: distro_name: ${{matrix.distro.name}} kernel_yaml: ${{matrix.kernel.yamlfile}} kernel_dirname: ${{matrix.kernel.dirname}} + firmware_dirname: ${{matrix.firmware.dirname}} cache_dir: ${CACHE_DIR} kas: ${KAS_CONTAINER} diff --git a/ci/base.yml b/ci/base.yml index c5f14317a..cd4b47337 100644 --- a/ci/base.yml +++ b/ci/base.yml @@ -27,6 +27,12 @@ repos: layers: meta-poky: + meta-arm: + url: https://git.yoctoproject.org/meta-arm + layers: + meta-arm: + meta-arm-toolchain: + local_conf_header: base: | CONF_VERSION = "2" diff --git a/ci/open-boot-firmware.yml b/ci/open-boot-firmware.yml new file mode 100644 index 000000000..47235592f --- /dev/null +++ b/ci/open-boot-firmware.yml @@ -0,0 +1,8 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/siemens/kas/master/kas/schema-kas.json + +header: + version: 14 + +local_conf_header: + firmware: | + MACHINE_FEATURES:qcm6490:append = " tfa optee u-boot" diff --git a/ci/yocto-check-layer.sh b/ci/yocto-check-layer.sh index 617772992..cae833064 100755 --- a/ci/yocto-check-layer.sh +++ b/ci/yocto-check-layer.sh @@ -34,7 +34,10 @@ CMD="$CMD meta-qcom" # Disable auto layer discovery CMD="$CMD --no-auto" # Layers to process for dependencies -CMD="$CMD --dependency $WORK_DIR/oe-core/meta" +CMD="$CMD --dependency \ + $WORK_DIR/oe-core/meta \ + $WORK_DIR/meta-arm/meta-arm \ + $WORK_DIR/meta-arm/meta-arm-toolchain" # Disable automatic testing of dependencies CMD="$CMD --no-auto-dependency" # Set machines to all machines defined in this BSP layer diff --git a/conf/layer.conf b/conf/layer.conf index 339abe873..98433a181 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -9,7 +9,7 @@ BBFILE_COLLECTIONS += "qcom" BBFILE_PATTERN_qcom := "^${LAYERDIR}/" BBFILE_PRIORITY_qcom = "6" -LAYERDEPENDS_qcom = "core" +LAYERDEPENDS_qcom = "core meta-arm" LAYERRECOMMENDS_qcom = "openembedded-layer" LAYERSERIES_COMPAT_qcom = "whinlatter" diff --git a/conf/machine/qcs6490-rb3gen2-core-kit.conf b/conf/machine/qcs6490-rb3gen2-core-kit.conf index f72e38e34..e3dbeea8c 100644 --- a/conf/machine/qcs6490-rb3gen2-core-kit.conf +++ b/conf/machine/qcs6490-rb3gen2-core-kit.conf @@ -13,9 +13,14 @@ KERNEL_DEVICETREE ?= " \ qcom/qcs6490-rb3gen2-vision-mezzanine.dtb \ " +EXTRA_IMAGEDEPENDS += "${@bb.utils.contains('MACHINE_FEATURES', 'tfa', 'trusted-firmware-a', '', d)}" +PREFERRED_PROVIDER_virtual/bootloader = "${@bb.utils.contains('MACHINE_FEATURES','u-boot','u-boot','',d)}" +TFA_UBOOT:pn-trusted-firmware-a = "${@bb.utils.contains('MACHINE_FEATURES','u-boot','1','0',d)}" + MACHINE_ESSENTIAL_EXTRA_RRECOMMENDS += " \ packagegroup-rb3gen2-firmware \ packagegroup-rb3gen2-hexagon-dsp-binaries \ + packagegroup-optee \ " QCOM_CDT_FILE = "cdt_core_kit" @@ -23,3 +28,4 @@ QCOM_BOOT_FILES_SUBDIR = "qcm6490" QCOM_PARTITION_FILES_SUBDIR ?= "partitions/qcs6490-rb3gen2/ufs" QCOM_BOOT_FIRMWARE = "firmware-qcom-boot-qcs6490" +UBOOT_MACHINE = "qcm6490_defconfig" diff --git a/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qcm6490.inc b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qcm6490.inc new file mode 100644 index 000000000..933393c69 --- /dev/null +++ b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qcm6490.inc @@ -0,0 +1,13 @@ +SRC_URI += "https://github.com/coreboot/qc_blobs/raw/refs/heads/master/sc7280/qtiseclib/libqtisec.a;name=qtiseclib" +SRC_URI[qtiseclib.sha256sum] = "6860dda0701c8709530608cc0e5a61b76484ae16cb673ba9a23510cf4b3d57bf" + +DEPENDS += "optee-os" + +COMPATIBLE_MACHINE = "qcm6490" +TFA_PLATFORM = "rb3gen2" +TFA_BUILD_TARGET = "bl2 fip" +TFA_SPD = "opteed" +EXTRA_OEMAKE:append = " \ + QTISECLIB_PATH=${UNPACKDIR}/libqtisec.a \ + BL32=${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-raw.bin \ + " diff --git a/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qcom.inc b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qcom.inc new file mode 100644 index 000000000..bb025d1ff --- /dev/null +++ b/recipes-bsp/trusted-firmware-a/trusted-firmware-a-qcom.inc @@ -0,0 +1,22 @@ +SRCBRANCH = "qcom-next" +SRC_URI = "git://github.com/qualcomm-linux/trusted-firmware-a.git;protocol=https;name=tfa;branch=${SRCBRANCH}" +SRCREV_tfa = "164d443c8e92c18fd2cca03661dd1a2b9ac37848" +LIC_FILES_CHKSUM = "file://docs/license.rst;md5=6ed7bace7b0bc63021c6eba7b524039e" + +DEPENDS += "qtestsign-native" + +MACHINE_TFA_QCOM_REQUIRE ?= "" +MACHINE_TFA_QCOM_REQUIRE:qcm6490 = "trusted-firmware-a-qcm6490.inc" + +require ${MACHINE_TFA_QCOM_REQUIRE} + +do_install:append:qcm6490() { + export CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 + + ${OBJCOPY} -I binary -B aarch64 -O elf64-littleaarch64 ${D}/firmware/fip.bin ${D}/firmware/fip.o + ${LD} ${D}/firmware/fip.o -o ${D}/firmware/fip_unsigned.elf -EL -T ${S}/tools/qti/fip-elf.lds --defsym=ELFENTRY=0x9fc00000 -Ttext=0x9fc00000 + rm -f ${D}/firmware/fip.o + + qtestsign -v6 aboot -o ${D}/firmware/fip.elf ${D}/firmware/fip_unsigned.elf + rm -f ${D}/firmware/fip_unsigned.elf +} diff --git a/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend new file mode 100644 index 000000000..b973f4915 --- /dev/null +++ b/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend @@ -0,0 +1,4 @@ +MACHINE_TFA_REQUIRE ?= "" +MACHINE_TFA_REQUIRE:qcom = "trusted-firmware-a-qcom.inc" + +require ${MACHINE_TFA_REQUIRE} diff --git a/recipes-bsp/u-boot/files/0001-dts-qcs6490-rb3gen2-u-boot-Add-OP-TEE-node.patch b/recipes-bsp/u-boot/files/0001-dts-qcs6490-rb3gen2-u-boot-Add-OP-TEE-node.patch new file mode 100644 index 000000000..5b287ef57 --- /dev/null +++ b/recipes-bsp/u-boot/files/0001-dts-qcs6490-rb3gen2-u-boot-Add-OP-TEE-node.patch @@ -0,0 +1,36 @@ +From d71a6fdb741455cf669f31fd4596f2ec4c757ebe Mon Sep 17 00:00:00 2001 +From: Sumit Garg +Date: Fri, 31 Oct 2025 11:10:19 +0530 +Subject: [PATCH] dts: qcs6490-rb3gen2-u-boot: Add OP-TEE node + +Since we currently only support DT based OP-TEE driver probe, lets add the +OP-TEE node here for the time being. In future we want to migrate OP-TEE +probing over to FF-A bus and then we can drop this DT node. + +Signed-off-by: Sumit Garg +Upstream-Status: Inappropriate [temporary workaround] +--- + arch/arm/dts/qcs6490-rb3gen2-u-boot.dtsi | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/arch/arm/dts/qcs6490-rb3gen2-u-boot.dtsi b/arch/arm/dts/qcs6490-rb3gen2-u-boot.dtsi +index fbe72595f5a..e60905cb6a2 100644 +--- a/arch/arm/dts/qcs6490-rb3gen2-u-boot.dtsi ++++ b/arch/arm/dts/qcs6490-rb3gen2-u-boot.dtsi +@@ -15,6 +15,13 @@ + <0 0xC3400000 0 0x3CC00000>, + <1 0x00000000 1 0x00000000>; + }; ++ ++ firmware { ++ optee { ++ compatible = "linaro,optee-tz"; ++ method = "smc"; ++ }; ++ }; + }; + + &usb_1_dwc3 { +-- +2.48.1 + diff --git a/recipes-bsp/u-boot/u-boot_%.bbappend b/recipes-bsp/u-boot/u-boot_%.bbappend index f01277d65..2c547572f 100644 --- a/recipes-bsp/u-boot/u-boot_%.bbappend +++ b/recipes-bsp/u-boot/u-boot_%.bbappend @@ -1,13 +1,19 @@ # This is a bbappend to add support for generating Android style boot images for chainloading u-boot from ABL -DEPENDS:append:qcom = " skales-native xxd-native" +FILESEXTRAPATHS:prepend:qcm6490 := "${THISDIR}/files:" +SRC_URI:append:qcm6490 = " \ + file://0001-dts-qcs6490-rb3gen2-u-boot-Add-OP-TEE-node.patch \ +" + +DEPENDS:append:qcom = " xxd-native" +DEPENDS:append:qcm2290 = " skales-native" # Don't add extra dependencies for non-qcom machines and layers COMPILE_EXTRA_DEPENDS = "" -COMPILE_EXTRA_DEPENDS:qcom = "virtual/kernel:do_deploy" +COMPILE_EXTRA_DEPENDS:qcm2290 = "virtual/kernel:do_deploy" do_compile[depends] += "${COMPILE_EXTRA_DEPENDS}" -uboot_compile_config:append:qcom() { +uboot_compile_config:append:qcm2290() { cd ${B}/${builddir} touch empty-file rm -f u-boot-nodtb.bin.gz @@ -17,6 +23,6 @@ uboot_compile_config:append:qcom() { } # Symlink the 'main' u-boot.bin to boot.img so the qcom image bbclass pick it up -uboot_deploy_config:append:qcom() { +uboot_deploy_config:append:qcm2290() { cd ${DEPLOYDIR} && ln -sf u-boot-${type}-${PV}-${PR}.bin boot-${MACHINE}.img } diff --git a/recipes-security/optee/optee-os-qcm6490.inc b/recipes-security/optee/optee-os-qcm6490.inc new file mode 100644 index 000000000..fe0c405c9 --- /dev/null +++ b/recipes-security/optee/optee-os-qcm6490.inc @@ -0,0 +1,6 @@ +# RB3Gen2 specific OP-TEE support + +require optee-os-qcom.inc + +COMPATIBLE_MACHINE = "qcm6490" +OPTEEMACHINE = "qcom-kodiak" diff --git a/recipes-security/optee/optee-os-qcom.inc b/recipes-security/optee/optee-os-qcom.inc new file mode 100644 index 000000000..5a205185a --- /dev/null +++ b/recipes-security/optee/optee-os-qcom.inc @@ -0,0 +1,3 @@ +SRCBRANCH = "qcom-next" +SRC_URI = "git://github.com/qualcomm-linux/optee_os.git;protocol=https;name=optee;branch=${SRCBRANCH}" +SRCREV_optee = "a427f12bc60e74ccdd2ae771b50ed237397a0782" diff --git a/recipes-security/optee/optee-os-tadevkit_%.bbappend b/recipes-security/optee/optee-os-tadevkit_%.bbappend new file mode 100644 index 000000000..c8c85d79a --- /dev/null +++ b/recipes-security/optee/optee-os-tadevkit_%.bbappend @@ -0,0 +1,4 @@ +MACHINE_OPTEE_OS_TADEVKIT_REQUIRE ?= "" +MACHINE_OPTEE_OS_TADEVKIT_REQUIRE:qcm6490 = "optee-os-qcm6490.inc" + +require ${MACHINE_OPTEE_OS_TADEVKIT_REQUIRE} diff --git a/recipes-security/optee/optee-os_%.bbappend b/recipes-security/optee/optee-os_%.bbappend new file mode 100644 index 000000000..d1ebd9f2d --- /dev/null +++ b/recipes-security/optee/optee-os_%.bbappend @@ -0,0 +1,4 @@ +MACHINE_OPTEE_OS_REQUIRE ?= "" +MACHINE_OPTEE_OS_REQUIRE:qcm6490 = "optee-os-qcm6490.inc" + +require ${MACHINE_OPTEE_OS_REQUIRE} diff --git a/recipes-security/optee/optee-test-qcm6490.inc b/recipes-security/optee/optee-test-qcm6490.inc new file mode 100644 index 000000000..7c252d059 --- /dev/null +++ b/recipes-security/optee/optee-test-qcm6490.inc @@ -0,0 +1,3 @@ +# qcm6490 specific configuration + +COMPATIBLE_MACHINE = "qcm6490" diff --git a/recipes-security/optee/optee-test_%.bbappend b/recipes-security/optee/optee-test_%.bbappend new file mode 100644 index 000000000..f1aceb1bb --- /dev/null +++ b/recipes-security/optee/optee-test_%.bbappend @@ -0,0 +1,6 @@ +# Machine specific configurations + +MACHINE_OPTEE_TEST_REQUIRE ?= "" +MACHINE_OPTEE_TEST_REQUIRE:qcm6490 = "optee-test-qcm6490.inc" + +require ${MACHINE_OPTEE_TEST_REQUIRE} diff --git a/recipes-security/packagegroups/packagegroup-optee.bb b/recipes-security/packagegroups/packagegroup-optee.bb new file mode 100644 index 000000000..d40f6e134 --- /dev/null +++ b/recipes-security/packagegroups/packagegroup-optee.bb @@ -0,0 +1,9 @@ +SUMMARY = "Packages for the OP-TEE support" + +inherit packagegroup + +RRECOMMENDS:${PN} = " \ + ${@bb.utils.contains('MACHINE_FEATURES', 'optee', 'optee-client', '', d)} \ + ${@bb.utils.contains('MACHINE_FEATURES', 'optee', 'optee-test', '', d)} \ + ${@bb.utils.contains('MACHINE_FEATURES', 'optee', 'optee-os-ta', '', d)} \ +"