arm-trusted-firmware/arm-trusted-firmware.spec

%global debug_package %{nil}

Name:          arm-trusted-firmware
Version:       2.3
Release:       6
Summary:       ARM Trusted Firmware
License:       BSD
URL:           https://github.com/ARM-software/arm-trusted-firmware/wiki
Source0:       https://github.com/ARM-software/arm-trusted-firmware/archive/v%{version}.tar.gz
# https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=fd37982a19a4a291
Patch0000:     CVE-2022-47630-1.patch
# https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=72460f50e2437a85
Patch0001:     CVE-2022-47630-2.patch
# https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=f5c51855d36e399e
Patch0002:     CVE-2022-47630-3.patch
# https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=abb8f936fd0ad085
Patch0003:     CVE-2022-47630-4.patch
# https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=a7eff3477dcf3624
Patch0004:     CVE-2023-49100.patch
# https://github.com/renesas-rcar/arm-trusted-firmware/commit/235f85b654a031f7647e81b86fc8e4ffeb430164
Patch0005:     CVE-2024-6563.patch
Patch0006:     CVE-2024-6564.patch
# https://github.com/renesas-rcar/arm-trusted-firmware/commit/6a96c18c474e6339fab93f54d52aa7dcc4b70e52
Patch0007:     CVE-2024-6287-1.patch
# https://github.com/renesas-rcar/arm-trusted-firmware/commit/954d488a9798f8fda675c6b57c571b469b298f04
Patch0008:     CVE-2024-6287-2.patch
Patch0009:     CVE-2024-6285.patch
ExclusiveArch: aarch64
BuildRequires: dtc

%description
Trusted Firmware-A is a reference implementation of secure world software
for Arm A-Profile architectures (Armv8-A and Armv7-A), including an Exception Level 3 (EL3) Secure Monitor.

%package       -n arm-trusted-firmware-armv8
Summary:       ARMv8-A Trusted Firmware
%description   -n arm-trusted-firmware-armv8
ARM Trusted Firmware for various ARMv8-A SoCs.


%prep
%autosetup -p1 -n %{name}-%{version}
sed -i 's/arm-none-eabi-/arm-linux-gnu-/' plat/rockchip/rk3399/drivers/m0/Makefile

%build
for soc in hikey hikey960 imx8qm imx8qx juno rk3368 rk3328 rpi3 sun50i_a64 sun50i_h6 zynqmp
do
make HOSTCC="gcc $RPM_OPT_FLAGS -fPIE -Wl,-z,relro,-z,now" CROSS_COMPILE="" PLAT=$(echo $soc) bl31
done


%install
install -d %{buildroot}%{_datadir}/%{name}
for soc in hikey hikey960 imx8qm imx8qx juno rpi3 sun50i_a64 sun50i_h6 zynqmp
do
install -d %{buildroot}%{_datadir}/%{name}/$(echo $soc)/
if [ -f build/$(echo $soc)/release/bl31.bin ]; then
install -p -m 0644 build/$(echo $soc)/release/bl31.bin /%{buildroot}%{_datadir}/%{name}/$(echo $soc)/
fi
done

for soc in rk3368 rk3328
do
install -d %{buildroot}%{_datadir}/%{name}/$(echo $soc)/
for file in bl31/bl31.elf m0/rk3399m0.bin m0/rk3399m0.elf
do
 if [ -f build/$(echo $soc)/release/$(echo $file) ]; then
   install -p -m 0644 build/$(echo $soc)/release/$(echo $file) /%{buildroot}%{_datadir}/%{name}/$(echo $soc)/
 fi
done
done

strip %{buildroot}/%{_datadir}/%{name}/rk3328/bl31.elf
strip %{buildroot}/%{_datadir}/%{name}/rk3368/bl31.elf

%files -n arm-trusted-firmware-armv8
%license license.rst
%doc readme.rst
%{_datadir}/%{name}

%changelog
* Mon Dec 16 2024 wangkai <13474090681@163.com> - 2.3-6
- Fix CVE-2024-6285 CVE-2024-6287

* Tue Jul 09 2024 zhangxianting <zhangxianting@uniontech.com> - 2.3-5
- Fix CVE-2024-6563 CVE-2024-6564

* Tue Jan 23 2024 yaoxin <yao_xin001@hoperun.com> - 2.3-4
- Fix CVE-2023-49100

* Fri Dec 01 2023 yaoxin <yao_xin001@hoperun.com> - 2.3-3
- Fix CVE-2022-47630

* Wed Dec 07 2022 yaoxin <yaoxin30@h-partners.com> -2.3-2
- Add RELRO,PIE,BIND_NOW flags and fix not striped problem

* Tue Jan 5 2021 huanghaitao <huanghaitao8@huawei.com> - 2.3-1
- Update to 2.3 release

* Wed Sep 16 2020 wangyue <wangyue92@huawei.com> - 1.6-2
- fix CVE-2017-15031

* Tue Dec 31 2019 Shuaishuai Song <songshuaishuai2@huawei.com> 1.6-0.2
- package init