WIP: optee-oswip-optee-os-fix

Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io>
author: Daiane Angolini <daiane.angolini@foundries.io> 2024-10-22 09:27:41 -0300
committer: Daiane Angolini <daiane.angolini@foundries.io> 2024-10-22 09:27:41 -0300
commit: 9cb48dfa57d96ba1254c2380c531331eb755b7e7 (patch)
tree: 0dba78723acb83483da027dd92476e6cd8b8386c /recipes-security/optee-imx
parent: 12fc8f4da4677d60404acb116a3dbce6366102cf (diff)
download: meta-freescale-wip-optee-os-fix.tar.gz
6 files changed, 106 insertions, 6 deletions
diff --git a/recipes-security/optee-imx/optee-client-fslc.inc b/recipes-security/optee-imx/optee-client-fslc.inc
index f55f0ab2..e5fe678f 100644
--- a/recipes-security/optee-imx/optee-client-fslc.inc
+++ b/recipes-security/optee-imx/optee-client-fslc.inc
@@ -7,8 +7,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b"
 SRC_URI = "file://tee-supplicant.service"
-S = "${WORKDIR}/git"
+S = "${UNPACKDIR}/git"
-B = "${WORKDIR}/build"
+B = "${UNPACKDIR}/build"
 inherit python3native systemd features_check pkgconfig
diff --git a/recipes-security/optee-imx/optee-fslc.inc b/recipes-security/optee-imx/optee-fslc.inc
index 6c96dc2b..47f95b0e 100644
--- a/recipes-security/optee-imx/optee-fslc.inc
+++ b/recipes-security/optee-imx/optee-fslc.inc
@@ -6,8 +6,8 @@ REQUIRED_MACHINE_FEATURES = "optee"
 DEPENDS = "python3-cryptography-native"
-S = "${WORKDIR}/git"
+S = "${UNPACKDIR}/git"
-B = "${WORKDIR}/build"
+B = "${UNPACKDIR}/build"
 OPTEE_ARCH:arm     = "arm32"
 OPTEE_ARCH:aarch64 = "arm64"
@@ -23,4 +23,5 @@ EXTRA_OEMAKE = " \
    OPENSSL_MODULES=${STAGING_LIBDIR_NATIVE}/ossl-modules \
    OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${exec_prefix} \
    -C ${S} O=${B} \
+    AFLAGS="${CFLAGS}" \
 "
diff --git a/recipes-security/optee-imx/optee-os-fslc.inc b/recipes-security/optee-imx/optee-os-fslc.inc
index b91a5531..0051130c 100644
--- a/recipes-security/optee-imx/optee-os-fslc.inc
+++ b/recipes-security/optee-imx/optee-os-fslc.inc
@@ -33,6 +33,7 @@ EXTRA_OEMAKE:append:imx8mq-lpddr4-wevk = " \
    CFG_DDR_SIZE=0x100000000 \
    CFG_TZDRAM_START=0xfe000000 \
 "
+export EXTRA_CFLAGS = "${CFLAGS}"
 LDFLAGS[unexport] = "1"
 CPPFLAGS[unexport] = "1"
diff --git a/recipes-security/optee-imx/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch b/recipes-security/optee-imx/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch
new file mode 100644
index 00000000..7a12bff8
--- /dev/null
+++ b/recipes-security/optee-imx/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch
@@ -0,0 +1,44 @@
+From c8a2a6529dc3ff609281ef4fe5c5bc949c805b5c Mon Sep 17 00:00:00 2001
+From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
+Date: Thu, 6 Jun 2024 11:42:46 +0200
+Subject: [PATCH] checkconf.mk: do not use full path to generate guard symbol
+ in conf.h
+The combination of building with -g3 (which emits definitions of all
+defined preprocessor macros to the debug info) and using a full path
+to define the name of this preprocessor guard means that the output is
+not binary reproducible across different build hosts. For example, in
+my Yocto build, the string
+  __home_ravi_yocto_tmp_glibc_work_stm32mp135fdk_oe_linux_gnueabi_optee_os_stm32mp_3_19_0_stm32mp_r1_1_build_stm32mp135f_dk_include_generated_conf_h_
+appears in several build artifacts. Another developer or buildbot
+would not build in some /home/ravi/... directory.
+In order to increase binary reproducibility, only use the path sans
+the $(out-dir)/ prefix of the conf.h file.
+Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
+Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
+---
+ mk/checkconf.mk | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+Upstream-Status: Backport [c8a2a6529dc3ff609281ef4fe5c5bc949c805b5c]
+diff --git a/mk/checkconf.mk b/mk/checkconf.mk
+index 449b1c2b8..bb08d6b15 100644
+--- a/mk/checkconf.mk
+++ b/mk/checkconf.mk
+@@ -17,7 +17,8 @@ define check-conf-h
+        cnf='$(strip $(foreach var,                             \
+                $(call cfg-vars-by-prefix,$1),                  \
+                $(call cfg-make-define,$(var))))';              \
+-       guard="_`echo $@ | tr -- -/.+ _`_";                     \
+       guardpath="$(patsubst $(out-dir)/%,%,$@)"               \
+       guard="_`echo "$${guardpath}" | tr -- -/.+ _`_";        \
+        mkdir -p $(dir $@);                                     \
+        echo "#ifndef $${guard}" >$@.tmp;                       \
+        echo "#define $${guard}" >>$@.tmp;                      \
+--
+2.34.1
diff --git a/recipes-security/optee-imx/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch b/recipes-security/optee-imx/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch
new file mode 100644
index 00000000..ecea9148
--- /dev/null
+++ b/recipes-security/optee-imx/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch
@@ -0,0 +1,52 @@
+From 29b84ae5b277b85cd7244acde077694e6643fcde Mon Sep 17 00:00:00 2001
+From: Mikko Rapeli <mikko.rapeli@linaro.org>
+Date: Thu, 18 Jul 2024 07:54:18 +0000
+Subject: [PATCH] mk/compile.mk: remove absolute build time paths
+Some generated files get a __FILE_ID__ which include absolute
+build time paths. Remove the paths and use plain file name.
+Fixes yocto QA check.
+Problem/bug:
+$ strings ../image/lib/firmware/tee.elf | grep mikko
+__FILE_ID__
+_home_mikko_build_core_ta_pub_key_c
+__FILE_ID__
+_home_mikko_build_core_ldelf_hex_c
+__FILE_ID__
+_home_mikko_build_core_early_ta_fd02c9da_306c_48c7_a49c_bbd827ae86ee_c
+With this patch:
+$ strings ../image/lib/firmware/tee.elf | grep mikko
+$ strings ../image/lib/firmware/tee.elf | grep FILE_ID | egrep \
+"core_ta_pub_key_c|core_ldelf_hex_c|core_early_ta_fd02c9da_306c_4"
+__FILE_ID__ core_ta_pub_key_c
+__FILE_ID__ core_ldelf_hex_c
+__FILE_ID__ core_early_ta_fd02c9da_306c_48c7_a49c_bbd827ae86ee_c
+Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
+Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
+Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
+---
+ mk/compile.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+Upstream-Status: Backport
+diff --git a/mk/compile.mk b/mk/compile.mk
+index b3d807ba4..338535bf3 100644
+--- a/mk/compile.mk
+++ b/mk/compile.mk
+@@ -120,7 +120,7 @@ comp-cppflags-$2 = $$(filter-out $$(CPPFLAGS_REMOVE) $$(cppflags-remove) \
+                      $$(addprefix -I,$$(incdirs-$2)) \
+                      $$(cppflags$$(comp-sm-$2)) \
+                      $$(cppflags-lib$$(comp-lib-$2)) $$(cppflags-$2)) \
+-                     -D__FILE_ID__=$$(subst -,_,$$(subst /,_,$$(subst .,_,$1)))
+                     -D__FILE_ID__=$$(subst -,_,$$(subst /,_,$$(subst .,_,$$(patsubst $$(out-dir)/%,%,$1))))
+ comp-flags-$2 += -MD -MF $$(comp-dep-$2) -MT $$@
+ comp-flags-$2 += $$(comp-cppflags-$2)
+--
+2.34.1
diff --git a/recipes-security/optee-imx/optee-os_4.2.0.imx.bb b/recipes-security/optee-imx/optee-os_4.2.0.imx.bb
index 96948bc7..eb9f9171 100644
--- a/recipes-security/optee-imx/optee-os_4.2.0.imx.bb
+++ b/recipes-security/optee-imx/optee-os_4.2.0.imx.bb
@@ -7,6 +7,8 @@ SRC_URI += " \
    file://0002-optee-enable-clang-support.patch \
    file://0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch \
    file://0004-core-link-add-no-warn-rwx-segments.patch \
+    file://0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch \
+    file://0001-mk-compile.mk-remove-absolute-build-time-paths.patch \
 "
-SRCBRANCH = "lf-6.6.23_2.0.0"
+SRCBRANCH = "lf-6.6.36_2.1.0"
-SRCREV = "c6be5b572452a2808d1a34588fd10e71715e23cf"
+SRCREV = "612bc5a642a4608d282abeee2349d86de996d7ee"
author	Daiane Angolini <daiane.angolini@foundries.io>	2024-10-22 09:27:41 -0300
committer	Daiane Angolini <daiane.angolini@foundries.io>	2024-10-22 09:27:41 -0300
commit	9cb48dfa57d96ba1254c2380c531331eb755b7e7 (patch)
tree	0dba78723acb83483da027dd92476e6cd8b8386c /recipes-security/optee-imx
parent	12fc8f4da4677d60404acb116a3dbce6366102cf (diff)
download	meta-freescale-wip-optee-os-fix.tar.gz

diff --git a/recipes-security/optee-imx/optee-client-fslc.inc b/recipes-security/optee-imx/optee-client-fslc.inc index f55f0ab2..e5fe678f 100644 --- a/recipes-security/optee-imx/optee-client-fslc.inc +++ b/recipes-security/optee-imx/optee-client-fslc.inc
@@ -7,8 +7,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b"
7		7
8	SRC_URI = "file://tee-supplicant.service"	8	SRC_URI = "file://tee-supplicant.service"
9		9
10	S = "${WORKDIR}/git"	10	S = "${UNPACKDIR}/git"
11	B = "${WORKDIR}/build"	11	B = "${UNPACKDIR}/build"
12		12
13	inherit python3native systemd features_check pkgconfig	13	inherit python3native systemd features_check pkgconfig
14		14


diff --git a/recipes-security/optee-imx/optee-fslc.inc b/recipes-security/optee-imx/optee-fslc.inc index 6c96dc2b..47f95b0e 100644 --- a/recipes-security/optee-imx/optee-fslc.inc +++ b/recipes-security/optee-imx/optee-fslc.inc
@@ -6,8 +6,8 @@ REQUIRED_MACHINE_FEATURES = "optee"
6		6
7	DEPENDS = "python3-cryptography-native"	7	DEPENDS = "python3-cryptography-native"
8		8
9	S = "${WORKDIR}/git"	9	S = "${UNPACKDIR}/git"
10	B = "${WORKDIR}/build"	10	B = "${UNPACKDIR}/build"
11		11
12	OPTEE_ARCH:arm = "arm32"	12	OPTEE_ARCH:arm = "arm32"
13	OPTEE_ARCH:aarch64 = "arm64"	13	OPTEE_ARCH:aarch64 = "arm64"
@@ -23,4 +23,5 @@ EXTRA_OEMAKE = " \
23	OPENSSL_MODULES=${STAGING_LIBDIR_NATIVE}/ossl-modules \	23	OPENSSL_MODULES=${STAGING_LIBDIR_NATIVE}/ossl-modules \
24	OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${exec_prefix} \	24	OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${exec_prefix} \
25	-C ${S} O=${B} \	25	-C ${S} O=${B} \
		26	AFLAGS="${CFLAGS}" \
26	"	27	"


diff --git a/recipes-security/optee-imx/optee-os-fslc.inc b/recipes-security/optee-imx/optee-os-fslc.inc index b91a5531..0051130c 100644 --- a/recipes-security/optee-imx/optee-os-fslc.inc +++ b/recipes-security/optee-imx/optee-os-fslc.inc
@@ -33,6 +33,7 @@ EXTRA_OEMAKE:append:imx8mq-lpddr4-wevk = " \
33	CFG_DDR_SIZE=0x100000000 \	33	CFG_DDR_SIZE=0x100000000 \
34	CFG_TZDRAM_START=0xfe000000 \	34	CFG_TZDRAM_START=0xfe000000 \
35	"	35	"
		36	export EXTRA_CFLAGS = "${CFLAGS}"
36		37
37	LDFLAGS[unexport] = "1"	38	LDFLAGS[unexport] = "1"
38	CPPFLAGS[unexport] = "1"	39	CPPFLAGS[unexport] = "1"


diff --git a/recipes-security/optee-imx/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch b/recipes-security/optee-imx/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch new file mode 100644 index 00000000..7a12bff8 --- /dev/null +++ b/recipes-security/optee-imx/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch
@@ -0,0 +1,44 @@
		1	From c8a2a6529dc3ff609281ef4fe5c5bc949c805b5c Mon Sep 17 00:00:00 2001
		2	From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
		3	Date: Thu, 6 Jun 2024 11:42:46 +0200
		4	Subject: [PATCH] checkconf.mk: do not use full path to generate guard symbol
		5	in conf.h
		6
		7	The combination of building with -g3 (which emits definitions of all
		8	defined preprocessor macros to the debug info) and using a full path
		9	to define the name of this preprocessor guard means that the output is
		10	not binary reproducible across different build hosts. For example, in
		11	my Yocto build, the string
		12
		13	__home_ravi_yocto_tmp_glibc_work_stm32mp135fdk_oe_linux_gnueabi_optee_os_stm32mp_3_19_0_stm32mp_r1_1_build_stm32mp135f_dk_include_generated_conf_h_
		14
		15	appears in several build artifacts. Another developer or buildbot
		16	would not build in some /home/ravi/... directory.
		17
		18	In order to increase binary reproducibility, only use the path sans
		19	the $(out-dir)/ prefix of the conf.h file.
		20
		21	Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
		22	Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
		23	---
		24	mk/checkconf.mk \| 3 ++-
		25	1 file changed, 2 insertions(+), 1 deletion(-)
		26
		27	Upstream-Status: Backport [c8a2a6529dc3ff609281ef4fe5c5bc949c805b5c]
		28
		29	diff --git a/mk/checkconf.mk b/mk/checkconf.mk
		30	index 449b1c2b8..bb08d6b15 100644
		31	--- a/mk/checkconf.mk
		32	+++ b/mk/checkconf.mk
		33	@@ -17,7 +17,8 @@ define check-conf-h
		34	cnf='$(strip $(foreach var, \
		35	$(call cfg-vars-by-prefix,$1), \
		36	$(call cfg-make-define,$(var))))'; \
		37	- guard="_`echo $@ \| tr -- -/.+ _`_"; \
		38	+ guardpath="$(patsubst $(out-dir)/%,%,$@)" \
		39	+ guard="_`echo "$${guardpath}" \| tr -- -/.+ _`_"; \
		40	mkdir -p $(dir $@); \
		41	echo "#ifndef $${guard}" >$@.tmp; \
		42	echo "#define $${guard}" >>$@.tmp; \
		43	--
		44	2.34.1


diff --git a/recipes-security/optee-imx/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch b/recipes-security/optee-imx/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch new file mode 100644 index 00000000..ecea9148 --- /dev/null +++ b/recipes-security/optee-imx/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch
@@ -0,0 +1,52 @@
		1	From 29b84ae5b277b85cd7244acde077694e6643fcde Mon Sep 17 00:00:00 2001
		2	From: Mikko Rapeli <mikko.rapeli@linaro.org>
		3	Date: Thu, 18 Jul 2024 07:54:18 +0000
		4	Subject: [PATCH] mk/compile.mk: remove absolute build time paths
		5
		6	Some generated files get a __FILE_ID__ which include absolute
		7	build time paths. Remove the paths and use plain file name.
		8	Fixes yocto QA check.
		9
		10	Problem/bug:
		11
		12	$ strings ../image/lib/firmware/tee.elf \| grep mikko
		13	__FILE_ID__
		14	_home_mikko_build_core_ta_pub_key_c
		15	__FILE_ID__
		16	_home_mikko_build_core_ldelf_hex_c
		17	__FILE_ID__
		18	_home_mikko_build_core_early_ta_fd02c9da_306c_48c7_a49c_bbd827ae86ee_c
		19
		20	With this patch:
		21
		22	$ strings ../image/lib/firmware/tee.elf \| grep mikko
		23	$ strings ../image/lib/firmware/tee.elf \| grep FILE_ID \| egrep \
		24	"core_ta_pub_key_c\|core_ldelf_hex_c\|core_early_ta_fd02c9da_306c_4"
		25	__FILE_ID__ core_ta_pub_key_c
		26	__FILE_ID__ core_ldelf_hex_c
		27	__FILE_ID__ core_early_ta_fd02c9da_306c_48c7_a49c_bbd827ae86ee_c
		28
		29	Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
		30	Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
		31	Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
		32	---
		33	mk/compile.mk \| 2 +-
		34	1 file changed, 1 insertion(+), 1 deletion(-)
		35
		36	Upstream-Status: Backport
		37
		38	diff --git a/mk/compile.mk b/mk/compile.mk
		39	index b3d807ba4..338535bf3 100644
		40	--- a/mk/compile.mk
		41	+++ b/mk/compile.mk
		42	@@ -120,7 +120,7 @@ comp-cppflags-$2 = $$(filter-out $$(CPPFLAGS_REMOVE) $$(cppflags-remove) \
		43	$$(addprefix -I,$$(incdirs-$2)) \
		44	$$(cppflags$$(comp-sm-$2)) \
		45	$$(cppflags-lib$$(comp-lib-$2)) $$(cppflags-$2)) \
		46	- -D__FILE_ID__=$$(subst -,_,$$(subst /,_,$$(subst .,_,$1)))
		47	+ -D__FILE_ID__=$$(subst -,_,$$(subst /,_,$$(subst .,_,$$(patsubst $$(out-dir)/%,%,$1))))
		48
		49	comp-flags-$2 += -MD -MF $$(comp-dep-$2) -MT $$@
		50	comp-flags-$2 += $$(comp-cppflags-$2)
		51	--
		52	2.34.1


diff --git a/recipes-security/optee-imx/optee-os_4.2.0.imx.bb b/recipes-security/optee-imx/optee-os_4.2.0.imx.bb index 96948bc7..eb9f9171 100644 --- a/recipes-security/optee-imx/optee-os_4.2.0.imx.bb +++ b/recipes-security/optee-imx/optee-os_4.2.0.imx.bb
@@ -7,6 +7,8 @@ SRC_URI += " \
7	file://0002-optee-enable-clang-support.patch \	7	file://0002-optee-enable-clang-support.patch \
8	file://0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch \	8	file://0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch \
9	file://0004-core-link-add-no-warn-rwx-segments.patch \	9	file://0004-core-link-add-no-warn-rwx-segments.patch \
		10	file://0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch \
		11	file://0001-mk-compile.mk-remove-absolute-build-time-paths.patch \
10	"	12	"
11	SRCBRANCH = "lf-6.6.23_2.0.0"	13	SRCBRANCH = "lf-6.6.36_2.1.0"
12	SRCREV = "c6be5b572452a2808d1a34588fd10e71715e23cf"	14	SRCREV = "612bc5a642a4608d282abeee2349d86de996d7ee"