[PATCH 0/5] introducing corstone1000-mps3 platform

[PATCH 0/5] introducing corstone1000-mps3 platform

[abdellatif.elkhlifi]

From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>

This patchset provides an initial support for Corstone1000 platform on
the MPS3 FPGA board.

Abdellatif El Khlifi (3):
  arm/optee-spdevkit: introducing the recipe
  arm/secure-partitions: introducing the recipe
  meta-arm-bsp/security: corstone1000: add trusted services support

Arpita S.K (2):
  arm-bsp/machine: introducing corstone1000 MPS3 machine
  arm-bsp/u-boot: introducing corstone1000 MPS3 machine

 .gitlab-ci.yml                                |   3 +
 ci/corstone1000-mps3.yml                      |  12 ++
 kas/corstone1000-base.yml                     |   5 +-
 kas/corstone1000-mps3.yml                     |   6 +
 meta-arm-bsp/conf/layer.conf                  |   2 +-
 .../conf/machine/corstone1000-mps3.conf       |   9 ++
 .../conf/machine/include/corstone1000.inc     |   3 +
 .../trusted-firmware-m-corstone1000.inc       |   4 +-
 ...initial-devicetree-corstone1000-mps3.patch |  64 ++++++++++
 ...one1000-adding-PSCI-device-tree-node.patch |  34 ++++++
 ...-amend-kernel-bootargs-with-ip-dhcp-.patch |  32 +++++
 .../recipes-bsp/u-boot/u-boot_%.bbappend      |   5 +-
 .../optee/optee-os_corstone1000.inc           |  32 ++---
 .../optee/optee-os_corstone1000_common.inc    |  27 +++++
 .../optee/optee-spdevkit_corstone1000.inc     |   1 +
 .../optee/optee-spdevkit_git.bbappend         |   6 +
 ...pplying-lowercase-project-convention.patch |  33 ++++++
 ...0002-fix-EARLY_TA_PATHS-env-variable.patch |  31 +++++
 ...proxy-dts-add-se-proxy-as-child-node.patch |  45 +++++++
 .../secure-partitions_%.bbappend              |   4 +
 .../trusted-services/ts-corstone1000.inc      |  17 +++
 .../optee/optee-spdevkit_git.bb               | 111 ++++++++++++++++++
 .../trusted-services/secure-partitions_git.bb |  91 ++++++++++++++
 23 files changed, 547 insertions(+), 30 deletions(-)
 create mode 100644 ci/corstone1000-mps3.yml
 create mode 100644 kas/corstone1000-mps3.yml
 create mode 100644 meta-arm-bsp/conf/machine/corstone1000-mps3.conf
 create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-arm-dts-add-initial-devicetree-corstone1000-mps3.patch
 create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-arm-corstone1000-adding-PSCI-device-tree-node.patch
 create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-arm-corstone1000-amend-kernel-bootargs-with-ip-dhcp-.patch
 create mode 100644 meta-arm-bsp/recipes-security/optee/optee-os_corstone1000_common.inc
 create mode 100644 meta-arm-bsp/recipes-security/optee/optee-spdevkit_corstone1000.inc
 create mode 100644 meta-arm-bsp/recipes-security/optee/optee-spdevkit_git.bbappend
 create mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0001-tools-cmake-common-applying-lowercase-project-convention.patch
 create mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0002-fix-EARLY_TA_PATHS-env-variable.patch
 create mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0003-se-proxy-dts-add-se-proxy-as-child-node.patch
 create mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions_%.bbappend
 create mode 100644 meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
 create mode 100644 meta-arm/recipes-security/optee/optee-spdevkit_git.bb
 create mode 100644 meta-arm/recipes-security/trusted-services/secure-partitions_git.bb

-- 
2.17.1

[PATCH 1/5] arm-bsp/machine: introducing corstone1000 MPS3 machine

[abdellatif.elkhlifi]

From: "Arpita S.K" <Arpita.S.K@arm.com>

This commit adds the corstone1000-mps3 machine.

Change-Id: I99f657574a693527d7763cb4cc9b0b05218bb316
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
---
 .gitlab-ci.yml                                   |  3 +++
 ci/corstone1000-mps3.yml                         | 12 ++++++++++++
 kas/corstone1000-base.yml                        |  5 ++---
 kas/corstone1000-mps3.yml                        |  6 ++++++
 meta-arm-bsp/conf/layer.conf                     |  2 +-
 meta-arm-bsp/conf/machine/corstone1000-mps3.conf |  9 +++++++++
 6 files changed, 33 insertions(+), 4 deletions(-)
 create mode 100644 ci/corstone1000-mps3.yml
 create mode 100644 kas/corstone1000-mps3.yml
 create mode 100644 meta-arm-bsp/conf/machine/corstone1000-mps3.conf

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e2d000a..be522fc 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -102,6 +102,9 @@ corstone700-mps3:
 corstone1000-fvp:
   extends: .build
 
+corstone1000-mps3:
+  extends: .build
+
 fvp-base:
   extends: .build
   parallel:
diff --git a/ci/corstone1000-mps3.yml b/ci/corstone1000-mps3.yml
new file mode 100644
index 0000000..fc06440
--- /dev/null
+++ b/ci/corstone1000-mps3.yml
@@ -0,0 +1,12 @@
+header:
+  version: 9
+  includes:
+    - base.yml
+    - meta-openembedded.yml
+
+local_conf_header:
+    custom-local-conf: |
+        INITRAMFS_IMAGE_BUNDLE = "0"
+        INITRAMFS_IMAGE:remove = "corstone1000-initramfs-image"
+
+machine: corstone1000-mps3
diff --git a/kas/corstone1000-base.yml b/kas/corstone1000-base.yml
index 0cf9401..36b08e7 100644
--- a/kas/corstone1000-base.yml
+++ b/kas/corstone1000-base.yml
@@ -16,7 +16,7 @@ repos:
 
   poky:
     url: https://git.yoctoproject.org/git/poky
-    refspec: honister
+    refspec: master
     layers:
       meta:
       meta-poky:
@@ -24,7 +24,7 @@ repos:
 
   meta-openembedded:
     url: https://git.openembedded.org/meta-openembedded
-    refspec: f16efc00b7fcdbfa8c53e35c1fcebed5c06d975e
+    refspec: master
     layers:
       meta-oe:
       meta-python:
@@ -40,7 +40,6 @@ local_conf_header:
     LICENSE_FLAGS_WHITELIST += "armcompiler"
     BB_NUMBER_THREADS ?= "16"
     PARALLEL_MAKE ?= "-j16"
-    INHERIT += "rm_work"
     PACKAGECONFIG:append:pn-perf = " coresight"
 
 machine: unset
diff --git a/kas/corstone1000-mps3.yml b/kas/corstone1000-mps3.yml
new file mode 100644
index 0000000..06e5962
--- /dev/null
+++ b/kas/corstone1000-mps3.yml
@@ -0,0 +1,6 @@
+header:
+  version: 9
+  includes:
+    - corstone1000-base.yml
+
+machine: corstone1000-mps3
diff --git a/meta-arm-bsp/conf/layer.conf b/meta-arm-bsp/conf/layer.conf
index 954e5d8..7af156e 100644
--- a/meta-arm-bsp/conf/layer.conf
+++ b/meta-arm-bsp/conf/layer.conf
@@ -13,7 +13,7 @@ LAYERSERIES_COMPAT_meta-arm-bsp = "honister"
 
 LAYERDEPENDS_meta-arm-bsp = "core meta-arm"
 # This won't be used by layerindex-fetch, but works everywhere else
-LAYERDEPENDS_meta-arm-bsp:append:corstone1000 = " meta-python"
+LAYERDEPENDS_meta-arm-bsp:append:corstone1000 = " meta-python openembedded-layer"
 LAYERDEPENDS_meta-arm-bsp:append:musca-b1 = " meta-python"
 LAYERDEPENDS_meta-arm-bsp:append:musca-s1 = " meta-python"
 
diff --git a/meta-arm-bsp/conf/machine/corstone1000-mps3.conf b/meta-arm-bsp/conf/machine/corstone1000-mps3.conf
new file mode 100644
index 0000000..88f3d9d
--- /dev/null
+++ b/meta-arm-bsp/conf/machine/corstone1000-mps3.conf
@@ -0,0 +1,9 @@
+#@TYPE: Machine
+#@NAME: corstone1000-mps3 machine
+#@DESCRIPTION: Machine configuration for Corstone1000 64-bit MPS3 FPGA board
+
+require conf/machine/include/corstone1000.inc
+
+TFA_TARGET_PLATFORM = "fpga"
+
+PLATFORM_IS_FVP = "FALSE"
-- 
2.17.1

[PATCH 2/5] arm-bsp/u-boot: introducing corstone1000 MPS3 machine

[abdellatif.elkhlifi]

From: "Arpita S.K" <Arpita.S.K@arm.com>

Add support for corstone1000-mps3 machine which have a cortex-a35
aarch64, this will boot till u-boot prompt.

Change-Id: Ifdd81d35a5409cdd1563388a841885c14b748cad
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
---
 ...initial-devicetree-corstone1000-mps3.patch | 64 +++++++++++++++++++
 ...one1000-adding-PSCI-device-tree-node.patch | 34 ++++++++++
 ...-amend-kernel-bootargs-with-ip-dhcp-.patch | 32 ++++++++++
 .../recipes-bsp/u-boot/u-boot_%.bbappend      |  5 +-
 4 files changed, 134 insertions(+), 1 deletion(-)
 create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-arm-dts-add-initial-devicetree-corstone1000-mps3.patch
 create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-arm-corstone1000-adding-PSCI-device-tree-node.patch
 create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-arm-corstone1000-amend-kernel-bootargs-with-ip-dhcp-.patch

diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-arm-dts-add-initial-devicetree-corstone1000-mps3.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-arm-dts-add-initial-devicetree-corstone1000-mps3.patch
new file mode 100644
index 0000000..cb48478
--- /dev/null
+++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-arm-dts-add-initial-devicetree-corstone1000-mps3.patch
@@ -0,0 +1,64 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Arpita S.K <arpita.s.k@arm.com>
+
+From a3b3ff8fc2d4e52748989aa61f155fc92a63261a Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Tue, 22 Jun 2021 11:35:10 +0100
+Subject: [PATCH 15/16] arm: dts: add initial devicetree corstone1000 mps3
+
+Corstone1000 is a platform enabled on MPS3 FPGA Arm board. It is a cortex-a35
+with with 8MB of CVM and 32MB of QSPI, with the peripherals USB,
+ethernet and others available on the MPS3 board.
+
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ arch/arm/dts/corstone1000-mps3.dts | 37 ++++++++++++++++++++++++++++++
+ 1 file changed, 37 insertions(+)
+ create mode 100644 arch/arm/dts/corstone1000-mps3.dts
+
+diff --git a/arch/arm/dts/corstone1000-mps3.dts b/arch/arm/dts/corstone1000-mps3.dts
+new file mode 100644
+index 0000000000..d93915dbb7
+--- /dev/null
++++ b/arch/arm/dts/corstone1000-mps3.dts
+@@ -0,0 +1,37 @@
++/*
++ * Copyright (c) 2021, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++/dts-v1/;
++
++#include "corstone1000.dtsi"
++
++/ {
++	model = "corstone1000-mps3";
++
++	ethernet: eth@4010000 {
++		compatible = "smsc,lan9220", "smsc,lan9115";
++		reg = <0x40100000 0x10000>;
++		phy-mode = "mii";
++		interrupt-parent = <&gic>;
++		interrupts = <GIC_SPI 116 IRQ_TYPE_LEVEL_HIGH>;
++		reg-io-width = <2>;
++		smsc,irq-push-pull;
++	};
++
++	usb: usb@40200000 {
++		compatible = "nxp,usb-isp1763";
++		reg = <0x40200000 0x100000>;
++		interrupts-parent = <&gic>;
++		interrupts = <GIC_SPI 114 IRQ_TYPE_LEVEL_HIGH>;
++		bus-width = <16>;
++		dr_mode = "host";
++	};
++
++};
++
++&refclk {
++	clock-frequency = <50000000>;
++};
+-- 
+2.33.0
+
diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-arm-corstone1000-adding-PSCI-device-tree-node.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-arm-corstone1000-adding-PSCI-device-tree-node.patch
new file mode 100644
index 0000000..4faa883
--- /dev/null
+++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-arm-corstone1000-adding-PSCI-device-tree-node.patch
@@ -0,0 +1,34 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Arpita S.K <arpita.s.k@arm.com>
+
+From b5ec956659c3e419fd2e95431d9359db497e4afb Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Thu, 22 Jul 2021 18:11:33 +0100
+Subject: [PATCH 16/16] arm: corstone1000: adding PSCI device tree node
+
+At this level of development PSCI is needed to initialize the SMCCC.
+
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+---
+ arch/arm/dts/corstone1000-mps3.dts | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/arch/arm/dts/corstone1000-mps3.dts b/arch/arm/dts/corstone1000-mps3.dts
+index d93915dbb7..a3726f1e1f 100644
+--- a/arch/arm/dts/corstone1000-mps3.dts
++++ b/arch/arm/dts/corstone1000-mps3.dts
+@@ -30,6 +30,11 @@
+ 		dr_mode = "host";
+ 	};
+ 
++	psci {
++		compatible = "arm,psci-1.0", "arm,psci-0.2";
++		method = "smc";
++	};
++
+ };
+ 
+ &refclk {
+-- 
+2.33.0
+
diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-arm-corstone1000-amend-kernel-bootargs-with-ip-dhcp-.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-arm-corstone1000-amend-kernel-bootargs-with-ip-dhcp-.patch
new file mode 100644
index 0000000..022fee9
--- /dev/null
+++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-arm-corstone1000-amend-kernel-bootargs-with-ip-dhcp-.patch
@@ -0,0 +1,32 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+
+From 3ee38ef07bd82c843497dc4e69a4d4c5f21dbbf7 Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Tue, 26 Oct 2021 18:29:05 +0100
+Subject: [PATCH] arm: corstone1000: amend kernel bootargs with ip=dhcp
+ earlyprintk
+
+This change is to
+* pass ip=dhcp required for ethernet to get and ip
+* enable earlyprintk to print kernel logs before the actual
+kernel driver comes up
+
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index cfe80cf5f4..7574553e83 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -8,7 +8,7 @@ CONFIG_IDENT_STRING=" corstone1000 aarch64 "
+ CONFIG_FIT=y
+ CONFIG_BOOTDELAY=3
+ CONFIG_USE_BOOTARGS=y
+-CONFIG_BOOTARGS="console=ttyAMA0 loglevel=9"
++CONFIG_BOOTARGS="console=ttyAMA0 loglevel=9 ip=dhcp earlyprintk"
+ # CONFIG_DISPLAY_CPUINFO is not set
+ # CONFIG_DISPLAY_BOARDINFO is not set
+ CONFIG_HUSH_PARSER=y
+-- 
+2.17.1
+
diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
index 864a568..c75eec3 100644
--- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
+++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
@@ -3,7 +3,7 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
 #
 # Corstone1000 64-bit machines
 #
-
+CORSTONE1000_DEVICE_TREE:corstone1000-mps3 = "corstone1000-mps3"
 CORSTONE1000_DEVICE_TREE:corstone1000-fvp = "corstone1000-fvp"
 EXTRA_OEMAKE:append:corstone1000 = ' DEVICE_TREE=${CORSTONE1000_DEVICE_TREE}'
 
@@ -24,6 +24,9 @@ SRC_URI:append:corstone1000 = " \
       file://0012-arm-corstone1000-enable-uefi-secure-boot.patch \
       file://0013-arm-corstone1000-enable-handlers-for-uefi-variables.patch \
       file://0014-arm-corstone1000-enable-efi-capsule-options.patch \
+      file://0015-arm-dts-add-initial-devicetree-corstone1000-mps3.patch \
+      file://0016-arm-corstone1000-adding-PSCI-device-tree-node.patch \
+      file://0017-arm-corstone1000-amend-kernel-bootargs-with-ip-dhcp-.patch \
       "
 
 #
-- 
2.17.1

[PATCH 3/5] arm/optee-spdevkit: introducing the recipe

[abdellatif.elkhlifi]

From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>

Adding optee-spdevkit recipe.

Change-Id: Ib31d7f0a9fa2f72b71c2057f2752b1c52be6f890
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
---
 .../optee/optee-spdevkit_git.bb               | 111 ++++++++++++++++++
 1 file changed, 111 insertions(+)
 create mode 100644 meta-arm/recipes-security/optee/optee-spdevkit_git.bb

diff --git a/meta-arm/recipes-security/optee/optee-spdevkit_git.bb b/meta-arm/recipes-security/optee/optee-spdevkit_git.bb
new file mode 100644
index 0000000..a9c696d
--- /dev/null
+++ b/meta-arm/recipes-security/optee/optee-spdevkit_git.bb
@@ -0,0 +1,111 @@
+SUMMARY = "OP-TEE Secure Partion Development Kit"
+DESCRIPTION = "Open Portable Trusted Execution Environment - Development Kit to run secure partitions"
+HOMEPAGE = "https://www.op-tee.org/"
+
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173"
+
+inherit deploy python3native
+require optee.inc
+
+CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os"
+
+DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native"
+
+DEPENDS:append:toolchain-clang = " compiler-rt"
+
+SRC_URI = "git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https"
+
+S = "${WORKDIR}/git"
+B = "${WORKDIR}/build"
+
+EXTRA_OEMAKE += " \
+    PLATFORM=${OPTEEMACHINE} \
+    CFG_${OPTEE_CORE}_core=y \
+    CROSS_COMPILE_core=${HOST_PREFIX} \
+    CROSS_COMPILE_sp_${OPTEE_ARCH}=${HOST_PREFIX} \
+    CFG_CORE_FFA=y \
+    CFG_WITH_SP=y \
+    O=${B} \
+"
+
+CFLAGS[unexport] = "1"
+LDFLAGS[unexport] = "1"
+CPPFLAGS[unexport] = "1"
+AS[unexport] = "1"
+LD[unexport] = "1"
+
+do_configure[noexec] = "1"
+
+do_compile() {
+    oe_runmake -C ${S} sp_dev_kit
+}
+do_compile[cleandirs] = "${B}"
+
+do_install() {
+    #install SP devkit
+    install -d ${D}${includedir}/optee/export-user_sp/
+    for f in ${B}/export-sp_${OPTEE_ARCH}/* ; do
+        cp -aR $f ${D}${includedir}/optee/export-user_sp/
+    done
+    cat > ${D}${includedir}/optee/export-user_sp/include/stddef.h <<'EOF'
+#ifndef STDDEF_H
+#define STDDEF_H
+
+#include <stddef_.h>
+
+#ifndef _PTRDIFF_T
+typedef long ptrdiff_t;
+#define _PTRDIFF_T
+#endif
+
+#ifndef NULL
+#define NULL ((void *) 0)
+#endif
+
+#define offsetof(st, m) __builtin_offsetof(st, m)
+
+#endif /* STDDEF_H */
+EOF
+    cat > ${D}${includedir}/optee/export-user_sp/include/stddef_.h <<'EOF'
+#ifndef STDDEF__H
+#define STDDEF__H
+
+#ifndef SIZET_
+typedef unsigned long size_t;
+#define SIZET_
+#endif
+
+#endif /* STDDEF__H */
+EOF
+    cat > ${D}${includedir}/optee/export-user_sp/include/stdarg.h <<'EOF'
+#ifndef STDARG_H
+#define STDARG_H
+
+#define va_list __builtin_va_list
+#define va_start(ap, last) __builtin_va_start(ap, last)
+#define va_end(ap) __builtin_va_end(ap)
+#define va_copy(to, from) __builtin_va_copy(to, from)
+#define va_arg(to, type) __builtin_va_arg(to, type)
+
+#endif /* STDARG_H */
+EOF
+    cat > ${D}${includedir}/optee/export-user_sp/include/stdbool.h <<'EOF'
+#ifndef STDBOOL_H
+#define STDBOOL_H
+
+#define bool	_Bool
+
+#define true	1
+#define false	0
+
+#define __bool_true_false_are_defined	1
+
+#endif /* STDBOOL_H */
+EOF
+}
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+# optee-spdevkit static library is part of optee-os image. No need to package this library in a staticdev package
+INSANE_SKIP:${PN}-dev = "staticdev"
-- 
2.17.1

[PATCH 4/5] arm/secure-partitions: introducing the recipe

[abdellatif.elkhlifi]

From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>

Adding secure-partitions recipe.

Change-Id: I4320fb7087157a7c0f9305ce1d8f8574d4500fd0
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
---
 .../trusted-services/secure-partitions_git.bb | 91 +++++++++++++++++++
 1 file changed, 91 insertions(+)
 create mode 100644 meta-arm/recipes-security/trusted-services/secure-partitions_git.bb

diff --git a/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb b/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb
new file mode 100644
index 0000000..0c825e6
--- /dev/null
+++ b/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb
@@ -0,0 +1,91 @@
+SUMMARY = "Trusted Services secure partitions"
+HOMEPAGE = "https://trusted-services.readthedocs.io/en/latest/index.html"
+
+COMPATIBLE_MACHINE ?= "invalid"
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+LICENSE = "Apache-2.0 & BSD-3-Clause & Zlib"
+LIC_FILES_CHKSUM = "file://license.rst;md5=ea160bac7f690a069c608516b17997f4 \
+                    file://../mbedcrypto/LICENSE;md5=302d50a6369f5f22efdb674db908167a \
+                    file://../nanopb/LICENSE.txt;md5=9db4b73a55a3994384112efcdb37c01f"
+
+SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=integration;name=ts;destsuffix=git/ts ${SRC_URI_MBED} ${SRC_URI_NANOPB}"
+
+SRC_URI_MBED = "git://github.com/ARMmbed/mbed-crypto.git;protocol=https;branch=development;name=mbed;destsuffix=git/mbedcrypto"
+SRC_URI_NANOPB = "git://github.com/nanopb/nanopb.git;name=nanopb;protocol=https;branch=master;destsuffix=git/nanopb"
+
+SRCREV_FORMAT = "ts"
+SRCREV_ts = "c52807cfea6edab5d5c9cc0cfdb18ffe12cfdb0c"
+SRCREV_mbed = "cf4a40ba0a3086cabb5a8227245191161fd26383"
+SRCREV_nanopb = "df0e92f474f9cca704fe2b31483f0b4d1b1715a4"
+PV = "0.0+git${SRCPV}"
+
+# Which environment to create the secure partions for (opteesp or shim)
+TS_ENVIRONMENT ?= "opteesp"
+S = "${WORKDIR}/git/ts"
+B = "${WORKDIR}/build"
+
+inherit deploy python3native
+
+DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native \
+           python3-pyelftools-native python3-grpcio-tools-native \
+           python3-protobuf-native protobuf-native cmake-native \
+           "
+
+DEPENDS:append = " ${@bb.utils.contains('TS_ENVIRONMENT', 'opteesp', 'optee-spdevkit', '', d)}"
+
+EXTRA_OEMAKE += "HOST_PREFIX=${HOST_PREFIX}"
+EXTRA_OEMAKE += "CROSS_COMPILE64=${HOST_PREFIX}"
+
+export CROSS_COMPILE="${TARGET_PREFIX}"
+
+CFLAGS[unexport] = "1"
+CPPFLAGS[unexport] = "1"
+AS[unexport] = "1"
+LD[unexport] = "1"
+
+# setting the linker options used to build the secure partitions
+SECURITY_LDFLAGS = ""
+TARGET_LDFLAGS = "-Wl,--build-id=none -Wl,--hash-style=both"
+
+# only used if TS_ENVIRONMENT is opteesp
+SP_DEV_KIT_DIR = "${@bb.utils.contains('TS_ENVIRONMENT', 'opteesp', '${STAGING_INCDIR}/optee/export-user_sp', '', d)}"
+
+# SP images are embedded into optee os image
+SP_PACKAGING_METHOD ?= "embedded"
+
+do_configure[cleandirs] = "${B}"
+
+do_configure() {
+    for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do
+        cmake \
+          -DCMAKE_INSTALL_PREFIX=${D}/firmware/sp \
+          -DSP_DEV_KIT_DIR=${SP_DEV_KIT_DIR} \
+          -DSP_PACKAGING_METHOD=${SP_PACKAGING_METHOD} \
+          -S ${S}/$TS_DEPLOYMENT -B "${B}/$TS_DEPLOYMENT"
+    done
+}
+
+do_compile() {
+    for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do
+        cmake --build "${B}/$TS_DEPLOYMENT"
+    done
+}
+
+do_install () {
+    if [ "${TS_ENVIRONMENT}" = "opteesp" ]; then
+        for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do
+            cmake --install "${B}/$TS_DEPLOYMENT"
+        done
+    fi
+}
+
+SYSROOT_DIRS = "/firmware"
+
+do_deploy() {
+    cp -rf ${D}/firmware/* ${DEPLOYDIR}/
+}
+addtask deploy after do_install
+
+FILES:${PN} = "/firmware/*"
-- 
2.17.1

[PATCH 5/5] meta-arm-bsp/security: corstone1000: add trusted services support

[abdellatif.elkhlifi]

From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>

These changes are to add support to build TrustedServices.
corstone1000 platfrom uses optee-sp option which will include
secure partitions into optee Image

Following changes are made to trusted-services code
* TS_PLATFORM should be set at the external build system level.
* fix EARLY_TA_PATHS environment variable
* se-proxy string and make it as child node

Change-Id: I58d76b5e25e7f285794c93dc92c1b93fdd77cfb9
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
---
 .../conf/machine/include/corstone1000.inc     |  3 ++
 .../trusted-firmware-m-corstone1000.inc       |  4 +-
 .../optee/optee-os_corstone1000.inc           | 32 ++++---------
 .../optee/optee-os_corstone1000_common.inc    | 27 +++++++++++
 .../optee/optee-spdevkit_corstone1000.inc     |  1 +
 .../optee/optee-spdevkit_git.bbappend         |  6 +++
 ...pplying-lowercase-project-convention.patch | 33 ++++++++++++++
 ...0002-fix-EARLY_TA_PATHS-env-variable.patch | 31 +++++++++++++
 ...proxy-dts-add-se-proxy-as-child-node.patch | 45 +++++++++++++++++++
 .../secure-partitions_%.bbappend              |  4 ++
 .../trusted-services/ts-corstone1000.inc      | 17 +++++++
 11 files changed, 178 insertions(+), 25 deletions(-)
 create mode 100644 meta-arm-bsp/recipes-security/optee/optee-os_corstone1000_common.inc
 create mode 100644 meta-arm-bsp/recipes-security/optee/optee-spdevkit_corstone1000.inc
 create mode 100644 meta-arm-bsp/recipes-security/optee/optee-spdevkit_git.bbappend
 create mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0001-tools-cmake-common-applying-lowercase-project-convention.patch
 create mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0002-fix-EARLY_TA_PATHS-env-variable.patch
 create mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0003-se-proxy-dts-add-se-proxy-as-child-node.patch
 create mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions_%.bbappend
 create mode 100644 meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc

diff --git a/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm-bsp/conf/machine/include/corstone1000.inc
index 2df4627..0e1c896 100644
--- a/meta-arm-bsp/conf/machine/include/corstone1000.inc
+++ b/meta-arm-bsp/conf/machine/include/corstone1000.inc
@@ -41,6 +41,9 @@ EXTRA_IMAGEDEPENDS += "optee-os"
 OPTEE_ARCH = "arm64"
 OPTEE_BINARY = "tee-pager_v2.bin"
 
+# Trusted Services(TS)
+EXTRA_IMAGEDEPENDS += "secure-partitions"
+
 # Linux kernel
 PREFERRED_PROVIDER_virtual/kernel:forcevariable = "linux-yocto"
 PREFERRED_VERSION_linux-yocto = "5.10%"
diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
index 9114905..8f43f8d 100644
--- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
+++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
@@ -4,8 +4,8 @@ COMPATIBLE_MACHINE = "(corstone1000)"
 
 TFM_DEBUG = "1"
 
-# Default is the FVP
-TFM_PLATFORM_IS_FVP ?= "TRUE"
+## Default is the MPS3 board
+TFM_PLATFORM_IS_FVP ?= "FALSE"
 EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}"
 
 SRCBRANCH_tfm = "master"
diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000.inc b/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000.inc
index e2cc7d6..eb4d6af 100644
--- a/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000.inc
+++ b/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000.inc
@@ -1,27 +1,13 @@
-SRC_URI = "git://git.trustedfirmware.org/OP-TEE/optee_os.git;protocol=https;branch=psa-development"
-SRCREV = "f9de2c9520ed97b89760cc4c99424aae440b63f4"
-PV .= "+git${SRCREV}"
+require optee-os_corstone1000_common.inc
 
-DEPENDS += "python3-pycryptodomex-native"
+DEPENDS += " secure-partitions"
+EXTRA_OEMAKE +="'SP_PACKAGING_METHOD=embedded'"
 
-FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:"
+TS_INSTALL_PREFIX_PATH="${RECIPE_SYSROOT}/firmware/sp/opteesp"
+EXTRA_OEMAKE += "'TS_INSTALL_PREFIX=${TS_INSTALL_PREFIX_PATH}'"
 
-SRC_URI:append = " \
-                  file://0001-plat-corstone1000-add-corstone1000-platform.patch \
-                  file://0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch"
+# se-proxy secure partition
+SP_MKFILE_PATH="${TS_INSTALL_PREFIX}/lib/make/se-proxy.mk"
 
-COMPATIBLE_MACHINE = "corstone1000"
-
-OPTEEMACHINE = "corstone1000"
-# Enable optee memory layout and boot logs
-EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
-
-# default disable latency benchmarks (over all OP-TEE layers)
-EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n"
-
-EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y"
-
-EXTRA_OEMAKE += " CFG_WITH_SP=y"
-
-EXTRA_OEMAKE += " HOST_PREFIX=${HOST_PREFIX}"
-EXTRA_OEMAKE += " CROSS_COMPILE64=${HOST_PREFIX}"
+EXTRA_OEMAKE += "'CFG_SP_MKFILE_PATH=${SP_MKFILE_PATH}'"
+EXTRA_OEMAKE += "'CFG_EMBED_DTB_SOURCE_FILE=${TS_INSTALL_PREFIX_PATH}/manifest/46bb39d1-b4d9-45b5-88ff-040027dab249.dts'"
diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000_common.inc b/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000_common.inc
new file mode 100644
index 0000000..423e968
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000_common.inc
@@ -0,0 +1,27 @@
+SRC_URI = "git://git.trustedfirmware.org/OP-TEE/optee_os.git;protocol=https;branch=psa-development"
+SRCREV = "f9de2c9520ed97b89760cc4c99424aae440b63f4"
+PV .= "+git${SRCREV}"
+
+DEPENDS += "python3-pycryptodomex-native dtc-native"
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:"
+
+SRC_URI:append = " \
+                  file://0001-plat-corstone1000-add-corstone1000-platform.patch \
+                  file://0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch"
+
+COMPATIBLE_MACHINE = "corstone1000"
+
+OPTEEMACHINE = "corstone1000"
+# Enable optee memory layout and boot logs
+EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
+
+# default disable latency benchmarks (over all OP-TEE layers)
+EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n"
+
+EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y"
+
+EXTRA_OEMAKE += " CFG_WITH_SP=y"
+
+EXTRA_OEMAKE += " HOST_PREFIX=${HOST_PREFIX}"
+EXTRA_OEMAKE += " CROSS_COMPILE64=${HOST_PREFIX}"
diff --git a/meta-arm-bsp/recipes-security/optee/optee-spdevkit_corstone1000.inc b/meta-arm-bsp/recipes-security/optee/optee-spdevkit_corstone1000.inc
new file mode 100644
index 0000000..363b0ed
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/optee/optee-spdevkit_corstone1000.inc
@@ -0,0 +1 @@
+require optee-os_corstone1000_common.inc
diff --git a/meta-arm-bsp/recipes-security/optee/optee-spdevkit_git.bbappend b/meta-arm-bsp/recipes-security/optee/optee-spdevkit_git.bbappend
new file mode 100644
index 0000000..13e109c
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/optee/optee-spdevkit_git.bbappend
@@ -0,0 +1,6 @@
+# Machine specific configurations
+
+MACHINE_OPTEE_SPDEVKIT_REQUIRE ?= ""
+MACHINE_OPTEE_SPDEVKIT_REQUIRE:corstone1000 = "optee-spdevkit_corstone1000.inc"
+
+require ${MACHINE_OPTEE_SPDEVKIT_REQUIRE}
diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0001-tools-cmake-common-applying-lowercase-project-convention.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0001-tools-cmake-common-applying-lowercase-project-convention.patch
new file mode 100644
index 0000000..1de064b
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0001-tools-cmake-common-applying-lowercase-project-convention.patch
@@ -0,0 +1,33 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+
+From 0bdafbd98ffd25a09822a560435ee9719e9bc0e4 Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Sat, 13 Nov 2021 07:47:44 +0000
+Subject: [PATCH] tools/cmake/common: applying lowercase project convention
+
+Lowercase convention should only apply on the paths inside TS
+source-code.
+Host build paths should not be lowercased. Otherwise, builds
+with uppercase paths will break.
+
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+
+diff --git a/tools/cmake/common/AddPlatform.cmake b/tools/cmake/common/AddPlatform.cmake
+index ae34c6e..31bcd8c 100644
+--- a/tools/cmake/common/AddPlatform.cmake
++++ b/tools/cmake/common/AddPlatform.cmake
+@@ -37,8 +37,8 @@ function(add_platform)
+ 	set(TGT ${MY_PARAMS_TARGET} CACHE STRING "")
+ 
+ 	# Ensure file path conforms to lowercase project convention
+-	string(TOLOWER "${TS_PLATFORM_ROOT}/${TS_PLATFORM}/platform.cmake" _platdef)
+-	include(${_platdef})
++	string(TOLOWER "${TS_PLATFORM}/platform.cmake" _platdef)
++	include(${TS_PLATFORM_ROOT}/${_platdef})
+ 	set(CMAKE_CONFIGURE_DEPENDS ${_platdef})
+ 
+ 	unset(TGT CACHE)
+-- 
+2.17.1
+
diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0002-fix-EARLY_TA_PATHS-env-variable.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0002-fix-EARLY_TA_PATHS-env-variable.patch
new file mode 100644
index 0000000..e404e6f
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0002-fix-EARLY_TA_PATHS-env-variable.patch
@@ -0,0 +1,31 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+
+From 28f3e8d68996ad2e3ccca45d2435b3b524daef48 Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Sat, 13 Nov 2021 07:51:53 +0000
+Subject: [PATCH] fix EARLY_TA_PATHS env variable
+
+Yocto cleans up environment varaibles at build time.
+EARLY_TA_PATHS should be set a separate rule for securepartitions
+to be included into optee-os image
+
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+diff --git a/environments/opteesp/sp.mk.in b/environments/opteesp/sp.mk.in
+index c44ad59..d67e2dc 100644
+--- a/environments/opteesp/sp.mk.in
++++ b/environments/opteesp/sp.mk.in
+@@ -14,7 +14,8 @@ ifeq (,${@EXPORT_SP_UUID@-included})
+ endif
+ 
+ ifeq (embedded,${SP_PACKAGING_METHOD})
+-OPTEE_OS_COMMON_EXTRA_FLAGS+=EARLY_TA_PATHS+=${TS_INSTALL_PREFIX}/opteesp/bin/@EXPORT_SP_UUID@.stripped.elf
++EARLY_TA_PATHS+=${TS_INSTALL_PREFIX}/bin/@EXPORT_SP_UUID@.stripped.elf
++OPTEE_OS_COMMON_EXTRA_FLAGS+=${EARLY_TA_PATHS}
+ TS_SP_DTSI_LIST+="\\n\#include \"${TS_INSTALL_PREFIX}/opteesp/manifest/@EXPORT_SP_UUID@.dtsi\""
+ else ifeq (fip,${SP_PACKAGING_METHOD})
+ TS_SP_JSON_LIST+=${TS_INSTALL_PREFIX}/opteesp/json/@EXPORT_SP_NAME@.json
+-- 
+2.17.1
+
diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0003-se-proxy-dts-add-se-proxy-as-child-node.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0003-se-proxy-dts-add-se-proxy-as-child-node.patch
new file mode 100644
index 0000000..5d64949
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0003-se-proxy-dts-add-se-proxy-as-child-node.patch
@@ -0,0 +1,45 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+
+From 446155031c5a37c3a9771f0215d9fb23d59648d6 Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Sat, 13 Nov 2021 08:34:42 +0000
+Subject: [PATCH] se-proxy:dts: add se-proxy as child node
+
+se-proxy sp string should be added for se-proxy node to be
+read properly.
+
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
+index 961071a..9f5cf71 100644
+--- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in
++++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
+@@ -7,13 +7,15 @@
+ @DTS_TAG@
+ 
+ @DTS_NODE@ {
+-	compatible = "arm,ffa-manifest-1.0";
+-	ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */
+-	uuid = <@EXPORT_SP_UUID_DT@>;
+-	description = "SE Proxy";
+-	execution-ctx-count = <1>;
+-	exception-level = <1>; /* S-EL0 */
+-	execution-state = <0>; /* AArch64 */
+-	xlat-granule = <0>; /* 4KiB */
+-	messaging-method = <0>; /* Direct messaging only */
++	se-proxy {
++		compatible = "arm,ffa-manifest-1.0";
++		ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */
++		uuid = <@EXPORT_SP_UUID_DT@>;
++		description = "SE Proxy";
++		execution-ctx-count = <1>;
++		exception-level = <1>; /* S-EL0 */
++		execution-state = <0>; /* AArch64 */
++		xlat-granule = <0>; /* 4KiB */
++		messaging-method = <0>; /* Direct messaging only */
++	};
+ };
+-- 
+2.17.1
+
diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions_%.bbappend
new file mode 100644
index 0000000..8a37a28
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions_%.bbappend
@@ -0,0 +1,4 @@
+MACHINE_TS_REQUIRE ?= ""
+MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc"
+
+require ${MACHINE_TS_REQUIRE}
diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
new file mode 100644
index 0000000..d574fbe
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
@@ -0,0 +1,17 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/secure-partitions:"
+
+COMPATIBLE_MACHINE = "corstone1000"
+
+SRC_URI:append = " file://0001-tools-cmake-common-applying-lowercase-project-convention.patch \
+                  file://0002-fix-EARLY_TA_PATHS-env-variable.patch \
+                  file://0003-se-proxy-dts-add-se-proxy-as-child-node.patch \
+		  "
+
+TS_PLATFORM = "arm/fvp/fvp_base_revc-2xaemv8a"
+TS_ENVIRONMENT = "opteesp"
+SP_PACKAGING_METHOD = "embedded"
+
+EXTRA_OEMAKE += "TS_PLATFORM=${TS_PLATFORM}"
+
+# Secure Enclave proxy secure partition
+TS_DEPLOYMENTS += "'deployments/se-proxy/${TS_ENVIRONMENT}'"
-- 
2.17.1