corstone1000: update for CORSTONE1000-2022.01.07

This commit updates documentation for running SystemReady-IR tests on
corstone1000 MPS3 FPGA:
  - ACS tests (SCT, FWTS, BSA),
  - manual capsule update test,
  - Linux distro install and boot, etc.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>

docs/embedded-a/corstone1000/change-log.rst

@@ -4,6 +4,18 @@ Change Log
 This document contains a summary of the new features, changes and
 fixes in each release of Corstone-1000 software stack.
 
+Version 2022.01.07
+------------------
+
+Changes
+~~~~~~~
+
+- Corstone1000: fix SystemReady-IR ACS test (SCT, FWTS) failures.
+- U-Boot: send bootcomplete event to secure enclave.
+- U-Boot: support populating corstone1000 image_info to ESRT table.
+- U-Boot: add ethernet device and enable configs to support bootfromnetwork SCT.
+
+
 Version 2021.12.15
 ------------------
 

docs/embedded-a/corstone1000/release_notes.rst

@@ -3,6 +3,17 @@
 
 .. contents::
 
+
+Release notes - 2022.01.07
+==========================
+
+Known Issues or Limitations
+---------------------------
+ - Before running each SystemReady-IR tests: ACS tests (SCT, FWTS, BSA), manual
+   capsule update test, Linux distro install and boot, etc., the SecureEnclave
+   flash must be cleaned. See user-guide "Clean Secure Flash Before Testing"
+   section.
+
 Release notes - 2021.12.15
 ==========================
 

docs/embedded-a/corstone1000/user-guide.rst

@@ -126,7 +126,7 @@ In the top directory of the workspace ``<_workspace>``, run:
 
 ::
 
-    git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2021.12.15
+    git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.01.06
 
 
 To build corstone1000 image for MPS3 FPGA, run:
@@ -263,18 +263,115 @@ booted completely, user can login to the shell using
 Running test applications (applicable to FPGA only)
 ----------------------------------------------------------
 
+**NOTE**: Running the SystemReady-IR tests described below requires the user to
+work with USB sticks. In our testing, not all USB stick models work well with
+MPS3 FPGA. Here are the USB sticks models that are stable in our test
+environment.
+
+ - HP V165W 8 GB USB Flash Drive
+ - SanDisk Ultra 32GB Dual USB Flash Drive USB M3.0
+ - SanDisk Ultra 16GB Dual USB Flash Drive USB M3.0
+
+**NOTE**:
+Before running each of the tests in this chapter, the user should follow the
+steps described in following section "Clean Secure Flash Before Testing" to
+erase the SecureEnclave flash cleanly and prepare a clean board environment for
+the testing.
+
+Clean Secure Flash Before Testing
+#################################
+To prepare a clean board environment with clean secure flash for the testing,
+the user should prepare an image that erases the secure flash cleanly during
+boot. Run following commands to build such image.
+
+::
+
+  cd <_workspace>
+  git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.01.06
+  git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git
+  cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch meta-arm
+  cd meta-arm
+  git apply 0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch
+  cd ..
+  kas shell meta-arm/kas/corstone1000-mps3.yml
+  bitbake corstone1000-image
+
+Replace the bl1.bin and cs1000.bin files on the SD card with following files:
+  - The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin
+  - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt
+
+Now reboot the board. This step erases the Corstone1000 SecureEnclave flash
+completely, the user should expect following message from TF-M log:
+
+::
+
+  !!!SECURE FLASH HAS BEEN CLEANED!!!
+  NOW YOU CAN FLASH THE ACTUAL CORSTONE1000 IMAGE
+  PLEASE REMOVE THE LATEST ERASE SECURE FLASH PATCH AND BUILD THE IMAGE AGAIN
+
+Then the user should follow "Building the software stack" to build a clean
+software stack and flash the FPGA as normal. And continue the testing.
+
 Run SystemReady-IR ACS tests
 ############################
 
-First, the user should prepare a USB stick with ACS image. Provided the USB
-device is sda, run the following commands to prepare the ACS image in USB
-stick:
+This section describes how the user can build and run Architecture Compliance
+Suite (ACS) tests on Corstone1000.
+
+First, the user should download the `Arm SystemReady ACS repository <https://github.com/ARM-software/arm-systemready/>`__.
+This repository contains the infrastructure to build the Architecture
+Compliance Suite (ACS) and the bootable prebuilt images to be used for the
+certifications of SystemReady-IR. To download the repository, run command:
+
+::
+
+  cd <_workspace>
+  git clone https://github.com/ARM-software/arm-systemready.git -b v21.07_0.9_BETA
+
+**NOTE**: Currently the bootable prebuilt images included this repository
+doesn't contain the 5.14 Linux kernel, thus it doesn't provide USB driver
+support for Corstone1000. The user needs to follow the instructions below to
+build the ACS images from source with USB driver patches for testing on
+Corstone1000.
+
+To download the USB driver patches, run:
 
 ::
 
-  wget https://github.com/ARM-software/arm-systemready/raw/main/IR/prebuilt_images/v21.09_1.0/ir_acs_live_image.img.xz
+  cd <_workspace>
+  git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git
+  cp -fr systemready-patch/embedded-a/corstone1000/IR/patches/usb arm-systemready/IR/patches/
+  cp -f  systemready-patch/embedded-a/corstone1000/common/config/startup.nsh arm-systemready/common/config/startup.nsh
+  cp -f  systemready-patch/embedded-a/corstone1000/common/ramdisk/init.sh arm-systemready/common/ramdisk/init.sh
+  cp -f  systemready-patch/embedded-a/corstone1000/common/scripts/build-linux.sh arm-systemready/common/scripts/build-linux.sh
+
+Then, to build the ACS image, run following commands.
+
+**NOTE**: the scripts below require the user to have ``sudo`` permission on the
+host build machine.
+
+::
+
+  cd <_workspace>/arm-systemready/IR/scripts
+  # Make sure this is a clean build, remove directories generated from previous builds
+  rm -rf bbr-acs busybox edk2 edk2-test fwts grub linux-5.11 linux-acs output tools
+  ./build-scripts/get_source.sh
+  ./build-scripts/build-ir-live-image.sh
+
+Once the build is successful, the output ACS live image will be placed in the following path:
+ - ``<_workspace>/arm-systemready/IR/scripts/output/ir_acs_live_image.img.xz``
+
+Then, the user should prepare a USB stick with ACS image. In the given example
+here, we assume the USB device is ``/dev/sdb`` (the user should use ``lsblk``
+command to confirm). Be cautious here and don't confuse your host PC's own hard
+drive with the USB drive. Run the following commands to prepare the ACS image
+in USB stick:
+
+::
+
+  cd <_workspace>/arm-systemready/IR/scripts/output/
   unxz ir_acs_live_image.img.xz
-  sudo dd if=ir_acs_live_image.img of=/dev/sda iflag=direct oflag=direct bs=1M status=progress; sync
+  sudo dd if=ir_acs_live_image.img of=/dev/sdb iflag=direct oflag=direct bs=1M status=progress; sync
 
 Once the USB stick with ACS image is prepared, the user should make sure that
 ensure that only the USB stick with the ACS image is connected to the board,
@@ -309,7 +406,7 @@ The <binary_file> here should be a wic image. And this input binary file
 (capsule) should be less than 15 MB.
 
 Based on the user's requirement, the user can change the firmware version
-number given to --fw-version option (the version number needs to be >= 1).
+number given to ``--fw-version`` option (the version number needs to be >= 1).
 
 Place the generated ``cs1k_cap`` file in the root directory of the boot partition in
 the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file should
@@ -323,6 +420,38 @@ Boot the board and reach u-boot shell. Run the EFI Shell. In the EFI Shell, run:
   FS0:
   EFI/BOOT/app/CapsuleApp.efi cs1k_cap
 
+For this test, the user can provide two capsules for testing: a positive test
+case capsule which boots the board correctly, and a negative test case with an
+incorrect capsule which fails to boot the host software.
+
+In the positive case scenario, the user should see following log in TF-M log,
+indicating the new capsule image is successfully applied, and the board boots
+correctly.
+
+::
+
+  ...
+  SysTick_Handler: counted = 10, expiring on = 360
+  SysTick_Handler: counted = 20, expiring on = 360
+  SysTick_Handler: counted = 30, expiring on = 360
+  ...
+  metadata_write: success: active = 1, previous = 0
+  accept_full_capsule: exit: fwu state is changed to regular
+  ...
+
+
+In the negative case scenario, the user should see that Secure Enclave tries to
+boot 5 times with the new image (can be seen from the TF-M log). If Secure
+Enclave found the new image still cannot boot correctly after 5 attempts, it will
+switch to the previous active bank, and the board boots correctly.
+
+::
+
+  ...
+  metadata_write: success: active = 0, previous = 1
+  fwu_select_previous: in regular state by choosing previous active bank
+  ...
+
 Linux distro install and boot
 #############################
 
@@ -335,14 +464,14 @@ Download one of following Linux distro images:
 
 Once the .iso file is downloaded, the .iso file needs to be flashed to your USB drive.
 
-In the given example here, we assume the USB device is /dev/sdb (the user
+In the given example here, we assume the USB device is ``/dev/sdb`` (the user
 should use `lsblk` command to confirm). Be cautious here and don't confuse your
 host PC's own hard drive with the USB drive. Then copy the contents of an iso
 file into the first USB stick, run:
 
 ::
 
-  sudo dd if=/path/to/iso_file of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
+  sudo dd if=</path/to/iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
 
 Boot the MSP3 board with the first USB stick connected. Open following minicom sessions: