[PATCH 1/4] arm/trusted-firmware-m: clean up configure/compile

[PATCH 1/4] arm/trusted-firmware-m: clean up configure/compile

[Ross Burton]

From: Ross Burton <ross.burton@arm.com>

Move B up a level so the build tree is entirely separate from the source
tree.

Use [cleandirs] to ensure that B is present and empty when rebuilding,
and remove now redundant code.

Finally add some comments to explain why trying to use cmake.bbclass is
pointless.

Change-Id: Ic8ddc08c46b9e945023e0b0a6e4ca1a6294b726b
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 .../trusted-firmware-m_1.0.bb                 | 30 +++++++++----------
 1 file changed, 14 insertions(+), 16 deletions(-)

diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb
index 3be1b33..814529a 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb
+++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb
@@ -30,6 +30,11 @@ SRCREV_mbed-crypto ?= "mbedcrypto-3.0.1"
 SRCREV_mbedtls ?= "mbedtls-2.7.14"
 SRCREV_cmsis ?= "5.5.0"
 
+# Note to future readers of this recipe: until the CMakeLists don't abuse
+# installation (see do_install) there is no point in trying to inherit
+# cmake here. You can easily short-circuit the toolchain but the install
+# is so convoluted there's no gain.
+
 inherit python3native deploy
 
 TFM_DEPENDS ?= ""
@@ -39,7 +44,7 @@ DEPENDS += "python3-cryptography-native python3-pyasn1-native"
 DEPENDS += "python3-jinja2-native python3-cbor-native python3-pyyaml-native"
 
 S = "${WORKDIR}/git/tfm"
-B = "${S}/build"
+B = "${WORKDIR}/build"
 
 COMPATIBLE_MACHINE ?= "invalid"
 
@@ -89,28 +94,21 @@ do_check_config() {
     fi
 }
 
+do_configure[cleandirs] = "${B}"
 do_configure() {
     cd ${S}
-    python3 "tools/tfm_parse_manifest_list.py"
-
-    if [ ! -d "${B}" ]
-    then
-        install -d ${B}
-    else
-        rm -f ${B}/CMakeCache.txt
-    fi
+    python3 tools/tfm_parse_manifest_list.py
+    cd -
 
-    cd ${B}
     cmake -G"Unix Makefiles" --build ${S} ${EXTRA_OECMAKE}
 }
 
+# Invoke install here as there's no point in splitting compile from install: the
+# first thing the build does is 'install' inside the build tree thus causing a
+# rebuild. It also overrides the install prefix to be in the build tree, so you
+# can't use the usual install prefix variables.
 do_compile() {
-    if [ -d "${B}" ]
-    then
-        oe_runmake -C ${B} install
-    else
-        bbfatal "TF-M CMake not generated!"
-    fi
+    oe_runmake install
 }
 
 do_install() {
-- 
2.26.2

[PATCH 2/4] arm/trusted-firmware-m: no need to run parse_manifest_list

[Ross Burton]

From: Ross Burton <ross.burton@arm.com>

This is part of the test instrumentation that we don't currently build.
A future recipe or patch can enable this properly and ensure it is
tested.

Change-Id: I02584920b00085dfe4efbff166684c5717f6cdf5
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 .../trusted-firmware-m/trusted-firmware-m_1.0.bb            | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb
index 814529a..f3a8724 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb
+++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb
@@ -41,7 +41,7 @@ TFM_DEPENDS ?= ""
 DEPENDS += "${TFM_DEPENDS}"
 DEPENDS += "cmake-native"
 DEPENDS += "python3-cryptography-native python3-pyasn1-native"
-DEPENDS += "python3-jinja2-native python3-cbor-native python3-pyyaml-native"
+DEPENDS += "python3-cbor-native"
 
 S = "${WORKDIR}/git/tfm"
 B = "${WORKDIR}/build"
@@ -96,10 +96,6 @@ do_check_config() {
 
 do_configure[cleandirs] = "${B}"
 do_configure() {
-    cd ${S}
-    python3 tools/tfm_parse_manifest_list.py
-    cd -
-
     cmake -G"Unix Makefiles" --build ${S} ${EXTRA_OECMAKE}
 }
 
-- 
2.26.2

[PATCH 3/4] arm/trusted-firmware-m: don't fetch mbedtls

[Ross Burton]

From: Ross Burton <ross.burton@arm.com>

The trusted-firmware-m build doesn't use mbedtls (just mbed-crypto), so
don't fetch it.

Change-Id: Idc7fe211a8a667262a59d1e8106e486fb96498bd
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 .../recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb
index f3a8724..db941b8 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb
+++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb
@@ -14,20 +14,17 @@ LICENSE = "BSD-3-Clause & Apachev2"
 
 LIC_FILES_CHKSUM ?= "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa"
 LIC_FILES_CHKSUM += "file://../mbed-crypto/LICENSE;md5=302d50a6369f5f22efdb674db908167a"
-LIC_FILES_CHKSUM += "file://../mbedtls/LICENSE;md5=302d50a6369f5f22efdb674db908167a"
 LIC_FILES_CHKSUM += "file://../CMSIS_5/LICENSE.txt;md5=c4082b6c254c9fb71136710391d9728b"
 
 SRC_URI  = "git://git.trustedfirmware.org/trusted-firmware-m.git;protocol=https;branch=master;name=tfm;destsuffix=${S}"
 SRC_URI += "git://github.com/ARMmbed/mbed-crypto.git;protocol=https;branch=development;name=mbed-crypto;destsuffix=${S}/../mbed-crypto"
-SRC_URI += "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=mbedtls-2.7;name=mbedtls;destsuffix=${S}/../mbedtls"
 SRC_URI += "https://github.com/ARM-software/CMSIS_5/releases/download/5.5.0/ARM.CMSIS.5.5.0.pack;name=cmsis;subdir=${S}/../CMSIS_5;downloadfilename=ARM.CMSIS.5.5.0.zip"
 
 SRC_URI[cmsis.md5sum] = "73b6cf6b4ab06ac099478e6cf983c08e"
 SRC_URI[cmsis.sha256sum] = "fc6e46c77de29ed05ef3bfd4846a2da49b024bc8854c876ac053aaa8d348ac52"
 
-SRCREV_FORMAT ?= "tfm_mbed-crypto_mbedtls_cmsis"
+SRCREV_FORMAT ?= "tfm_mbed-crypto_cmsis"
 SRCREV_mbed-crypto ?= "mbedcrypto-3.0.1"
-SRCREV_mbedtls ?= "mbedtls-2.7.14"
 SRCREV_cmsis ?= "5.5.0"
 
 # Note to future readers of this recipe: until the CMakeLists don't abuse
-- 
2.26.2

[PATCH 4/4] arm/trusted-firmware-m: use hashes not tag names

[Ross Burton]

From: Ross Burton <ross.burton@arm.com>

Using tag names in SRCREV means a network operation every build, and
loss of reproducible builds if the tag moves.

Change-Id: I583e723925314a4a36a9ac1b6c932dbcf99e7da4
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 .../trusted-firmware-m/trusted-firmware-m_1.0.bb      | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb
index db941b8..80df2f1 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb
+++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.0.bb
@@ -8,8 +8,6 @@ DESCRIPTION = "Trusted Firmware-M"
 HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git"
 PROVIDES = "virtual/trusted-firmware-m"
 
-# TF-Mv1.0
-SRCREV_tfm = "TF-Mv1.0"
 LICENSE = "BSD-3-Clause & Apachev2"
 
 LIC_FILES_CHKSUM ?= "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa"
@@ -23,9 +21,12 @@ SRC_URI += "https://github.com/ARM-software/CMSIS_5/releases/download/5.5.0/ARM.
 SRC_URI[cmsis.md5sum] = "73b6cf6b4ab06ac099478e6cf983c08e"
 SRC_URI[cmsis.sha256sum] = "fc6e46c77de29ed05ef3bfd4846a2da49b024bc8854c876ac053aaa8d348ac52"
 
-SRCREV_FORMAT ?= "tfm_mbed-crypto_cmsis"
-SRCREV_mbed-crypto ?= "mbedcrypto-3.0.1"
-SRCREV_cmsis ?= "5.5.0"
+SRCREV_FORMAT = "tfm_mbed-crypto_cmsis"
+# TF-Mv1.0
+SRCREV_tfm = "0768982ea41b5e7d207445f19ee23e5d67d9c89b"
+# mbedcrypto-3.0.1
+SRCREV_mbed-crypto = "1146b4e06011b69a6437e6b728f2af043a06ec19"
+SRCREV_cmsis = "5.5.0"
 
 # Note to future readers of this recipe: until the CMakeLists don't abuse
 # installation (see do_install) there is no point in trying to inherit
-- 
2.26.2