a0871be6c0
* Update buildroot-patches for 2020.11-rc1 buildroot * Update buildroot to 2020.11-rc1 Signed-off-by: Stefan Agner <stefan@agner.ch> * Don't rely on sfdisk --list-free output The --list-free (-F) argument does not allow machine readable mode. And it seems that the output format changes over time (different spacing, using size postfixes instead of raw blocks). Use sfdisk json output and calculate free partition space ourselfs. This works for 2.35 and 2.36 and is more robust since we rely on output which is meant for scripts to parse. * Migrate defconfigs for Buildroot 2020.11-rc1 In particular, rename BR2_TARGET_UBOOT_BOOT_SCRIPT(_SOURCE) to BR2_PACKAGE_HOST_UBOOT_TOOLS_BOOT_SCRIPT(_SOURCE). * Rebase/remove systemd patches for systemd 246 * Drop apparmor/libapparmor from buildroot-external * hassos-persists: use /run as directory for lockfiles The U-Boot tools use /var/lock by default which is not created any more by systemd by default (it is under tmpfiles legacy.conf, which we no longer install). * Disable systemd-update-done.service The service is not suited for pure read-only systems. In particular the service needs to be able to write a file in /etc and /var. Remove the service. Note: This is a static service and cannot be removed using systemd-preset. * Disable apparmor.service for now The service loads all default profiles. Some might actually cause problems. E.g. the profile for ping seems not to match our setup for /etc/resolv.conf: [85503.634653] audit: type=1400 audit(1605286002.684:236): apparmor="DENIED" operation="open" profile="ping" name="/run/resolv.conf" pid=27585 comm="ping" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
179 lines
5.3 KiB
Plaintext
179 lines
5.3 KiB
Plaintext
config BR2_TARGET_ARM_TRUSTED_FIRMWARE
|
|
bool "ARM Trusted Firmware (ATF)"
|
|
depends on (BR2_ARM_CPU_ARMV8A || BR2_ARM_CPU_ARMV7A) && \
|
|
BR2_TARGET_UBOOT
|
|
help
|
|
Enable this option if you want to build the ATF for your ARM
|
|
based embedded device.
|
|
|
|
https://github.com/ARM-software/arm-trusted-firmware
|
|
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE
|
|
choice
|
|
prompt "ATF Version"
|
|
help
|
|
Select the specific ATF version you want to use
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_LATEST_VERSION
|
|
bool "v2.2"
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION
|
|
bool "Custom version"
|
|
help
|
|
This option allows to use a specific official versions
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL
|
|
bool "Custom tarball"
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT
|
|
bool "Custom Git repository"
|
|
|
|
endchoice
|
|
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL_LOCATION
|
|
string "URL of custom ATF tarball"
|
|
|
|
endif
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE
|
|
string "ATF version"
|
|
depends on BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_VERSION
|
|
string
|
|
default "v2.2" if BR2_TARGET_ARM_TRUSTED_FIRMWARE_LATEST_VERSION
|
|
default "custom" if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL
|
|
default BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION \
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT
|
|
default BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE \
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION
|
|
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_URL
|
|
string "URL of custom repository"
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_REPO_VERSION
|
|
string "Custom repository version"
|
|
help
|
|
Revision to use in the typical format used by Git
|
|
E.G. a sha id, a tag, ..
|
|
|
|
endif
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM
|
|
string "ATF platform"
|
|
help
|
|
Target plaform to build for.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP
|
|
bool "Build FIP image"
|
|
help
|
|
This option enables building the FIP image (Firmware Image
|
|
Package). This is typically the image format used by
|
|
platforms were ATF encapsulates the second stage bootloader
|
|
(such as U-Boot).
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31
|
|
bool "Build BL31 image"
|
|
help
|
|
This option enables building the BL31 image. This is
|
|
typically used on platforms where another bootloader (e.g
|
|
U-Boot) encapsulates ATF BL31.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31_UBOOT
|
|
bool "Build BL31 U-Boot image"
|
|
select BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31
|
|
help
|
|
Generates a U-Boot image named atf-uboot.ub containing
|
|
bl31.bin. This is used for example by the Xilinx version of
|
|
U-Boot SPL to load ATF on the ZynqMP SoC.
|
|
|
|
choice
|
|
prompt "BL32"
|
|
default BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_DEFAULT
|
|
help
|
|
Select BL32 stage for the trusted firmware
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_DEFAULT
|
|
bool "Default"
|
|
help
|
|
With this option selected, ATF will not use any BL32 stage,
|
|
unless if one is explicitly chosen using the SPD (for
|
|
AArch64) or AARCH32_SP (for AArch32) variables, which can be
|
|
passed through
|
|
BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL32_OPTEE
|
|
bool "OP-TEE OS"
|
|
depends on BR2_TARGET_OPTEE_OS
|
|
help
|
|
This option allows to embed OP-TEE OS as the BL32 part of
|
|
the ARM Trusted Firmware boot sequence.
|
|
|
|
endchoice
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
|
|
bool "Use U-Boot as BL33"
|
|
depends on BR2_TARGET_UBOOT
|
|
help
|
|
This option allows to embed u-boot.bin as the BL33 part of
|
|
the ARM Trusted Firmware. It ensures that the u-boot package
|
|
gets built before ATF, and that the appropriate BL33
|
|
variable pointing to u-boot.bin is passed when building ATF.
|
|
|
|
if BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_AS_BL33
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_UBOOT_BL33_IMAGE
|
|
string "U-Boot BL33 image name"
|
|
default "u-boot.bin"
|
|
help
|
|
Name of the U-Boot BL33 image to include in ATF, it must
|
|
have been installed to BINARIES_DIR by the U-Boot package.
|
|
|
|
endif
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_TARGETS
|
|
string "Additional ATF make targets"
|
|
help
|
|
Additional targets for the ATF build
|
|
E.G. When using the QorIQ custom ATF repository from NXP,
|
|
the target 'pbl' can be used to build the pbl binary.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES
|
|
string "Additional ATF build variables"
|
|
help
|
|
Additional parameters for the ATF build
|
|
E.G. 'DEBUG=1 LOG_LEVEL=20'
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_DEBUG
|
|
bool "Build in debug mode"
|
|
help
|
|
Enable this option to build ATF with DEBUG=1.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_IMAGES
|
|
string "Binary boot images"
|
|
default "*.bin"
|
|
help
|
|
Names of generated image files that are installed in the
|
|
output images/ directory.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_DTC
|
|
bool "Needs dtc"
|
|
select BR2_PACKAGE_HOST_DTC
|
|
help
|
|
Select this option if your ATF board configuration
|
|
requires the Device Tree compiler to be available.
|
|
|
|
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN
|
|
bool "Needs arm-none-eabi toolchain"
|
|
depends on BR2_aarch64
|
|
depends on BR2_HOSTARCH = "x86_64"
|
|
help
|
|
Select this option if your ATF board configuration requires
|
|
an ARM32 bare metal toolchain to be available.
|
|
|
|
endif
|