Update arm-trusted-firmware to 2.12.1

  • Done
  • quality assurance status badge
Details
One participant
  • Vagrant Cascadian
Owner
unassigned
Submitted by
Vagrant Cascadian
Severity
normal

Debbugs page

Vagrant Cascadian wrote 1 weeks ago
(address . guix-patches@gnu.org)(name . Efraim Flashner)(address . efraim@flashner.co.il)
87y0xn5enj.fsf@wireframe
The attached patch updates arm-trusted-firmware to 2.12.1, fixing a few
CVE issues.

All the various u-boot dependents still appear to build:

/gnu/store/641kcdl61xjsqn6001gmfqq8cx7j0pw3-u-boot-rock64-rk3328-2024.10
/gnu/store/2lh91is66sa964nk4860f47f7bp58mfk-u-boot-orangepi-r1-plus-lts-rk3328-2024.10
/gnu/store/f9vghparyywn7w9m3nxdlg8mpbwp1xgf-u-boot-firefly-rk3399-2024.10
/gnu/store/8cd32i44gxbkig4z359l1d527wkzsqra-u-boot-pinebook-pro-rk3399-2024.10
/gnu/store/j12i6bs7a4w1k7ssa4g2nfkmymv9pir4-u-boot-puma-rk3399-2024.10
/gnu/store/a7s96k9k62aa36l733vdazgq7dvdjzas-u-boot-rockpro64-rk3399-2024.10
/gnu/store/4mlmfxzy2kb6ilzm4k6hhr870i7m5f4y-u-boot-pinebook-2024.10
/gnu/store/6d0476i6zkj1nsn78jyfclqpw5b5sgv7-u-boot-pine64-lts-2024.10
/gnu/store/5csl9vwkn195qf37y4q8c8yq3x59mw11-u-boot-pine64-plus-2024.10

I have not done any boot testing.

live well,
vagrant
From 17912f437b041fb790e29e07c7bfc2f543f7bb2c Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@debian.org>
Date: Sun, 2 Mar 2025 11:55:42 -0800
Subject: [PATCH] gnu: arm-trusted-firmware: Update to 2.12.1.

* gnu/packages/firmware.scm (make-arm-trusted-firmware): Update to 2.12.1.
---
gnu/packages/firmware.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

Toggle diff (29 lines)
diff --git a/gnu/packages/firmware.scm b/gnu/packages/firmware.scm
index 2e78936d83..06c0664d31 100644
--- a/gnu/packages/firmware.scm
+++ b/gnu/packages/firmware.scm
@@ -1107,17 +1107,17 @@ (define (native-build?)
(string=? (%current-system) (gnu-triplet->nix-system triplet))))
(package
(name (downstream-package-name "arm-trusted-firmware-" platform))
- (version "2.12")
+ (version "2.12.1")
(source
(origin
(method git-fetch)
(uri (git-reference
(url (string-append "https://git.trustedfirmware.org"
"/TF-A/trusted-firmware-a.git/"))
- (commit (string-append "v" version))))
+ (commit (string-append "lts-v" version))))
(file-name (git-file-name "arm-trusted-firmware" version))
(sha256
- (base32 "18rzhygvq0afcylirq9yis3kaa1nli14k2jrm64ih85gz4nhl99w"))
+ (base32 "1vngwbjghgsh5i02zq66nmbxxr2d4p93rirsvh5jrhbcdn0v5xf8"))
(patches (search-patches "8mq-enable-imx_hab_handler.patch"
"8mq-move-stack-to-ocram_s.patch"))
(modules '((guix build utils)))

base-commit: 6315f3ff4d3d0cf1bd89b92bdb9a139aee404ca2
--
2.39.5
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZ8THkAAKCRDcUY/If5cW
qo1GAQC3v1+5gXzSqL6qjvs8rYM0zB9biRwSaJtejdN/wxJDPwEAoWMdSdXQe3Sf
9kjGhMlzff/LpCswHwdoAV5OvgG9PwU=
=88Bc
-----END PGP SIGNATURE-----

Vagrant Cascadian wrote 1 weeks ago
(address . 76692@debbugs.gnu.org)(name . Efraim Flashner)(address . efraim@flashner.co.il)
87bjug63mb.fsf@wireframe
On 2025-03-02, Vagrant Cascadian wrote:
Toggle quote (17 lines)
> The attached patch updates arm-trusted-firmware to 2.12.1, fixing a few
> CVE issues.
>
> All the various u-boot dependents still appear to build:
>
> /gnu/store/641kcdl61xjsqn6001gmfqq8cx7j0pw3-u-boot-rock64-rk3328-2024.10
> /gnu/store/2lh91is66sa964nk4860f47f7bp58mfk-u-boot-orangepi-r1-plus-lts-rk3328-2024.10
> /gnu/store/f9vghparyywn7w9m3nxdlg8mpbwp1xgf-u-boot-firefly-rk3399-2024.10
> /gnu/store/8cd32i44gxbkig4z359l1d527wkzsqra-u-boot-pinebook-pro-rk3399-2024.10
> /gnu/store/j12i6bs7a4w1k7ssa4g2nfkmymv9pir4-u-boot-puma-rk3399-2024.10
> /gnu/store/a7s96k9k62aa36l733vdazgq7dvdjzas-u-boot-rockpro64-rk3399-2024.10
> /gnu/store/4mlmfxzy2kb6ilzm4k6hhr870i7m5f4y-u-boot-pinebook-2024.10
> /gnu/store/6d0476i6zkj1nsn78jyfclqpw5b5sgv7-u-boot-pine64-lts-2024.10
> /gnu/store/5csl9vwkn195qf37y4q8c8yq3x59mw11-u-boot-pine64-plus-2024.10
>
> I have not done any boot testing.

Finally got my rockpro64 up and running guix again, and boot-tested it,
so that is at least one platform!

live well,
vagrant
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZ8dJLAAKCRDcUY/If5cW
qkM5AQCb+SKCU+qwlByVBM9uW9d35ZukippykXl3Jh1DdwiXgwD+Pn+l4YKTJEyg
3NAJ9U7stMMzclyyGLoWCsuNi7j24ws=
=J8So
-----END PGP SIGNATURE-----

Vagrant Cascadian wrote 3 days ago
(address . 76692-done@debbugs.gnu.org)(name . Efraim Flashner)(address . efraim@flashner.co.il)
87wmcx3m2n.fsf@wireframe
On 2025-03-04, Vagrant Cascadian wrote:
Toggle quote (5 lines)
> On 2025-03-02, Vagrant Cascadian wrote:
>> The attached patch updates arm-trusted-firmware to 2.12.1, fixing a few
>> CVE issues.
>>
>> All the various u-boot dependents still appear to build:
...
Toggle quote (3 lines)
> Finally got my rockpro64 up and running guix again, and boot-tested it,
> so that is at least one platform!

Pushed as:

3aed6ee07bd0d22cd6cf897eada7ea3b95f6adf5 gnu: arm-trusted-firmware: Update to 2.12.1.

live well,
vagrant
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZ84OgAAKCRDcUY/If5cW
qkQ4AQCC3Do9QxOCnHPhJY/YrFs3IWIsit7KbeflGctw36Al4wEAmmgJzBhdLDGx
Gyg/sR/lkQKf/yFSCnfW46cjoa7pQw0=
=qVt5
-----END PGP SIGNATURE-----

Closed
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 76692@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 76692
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help