From 76fdfef4bff0e831914dacf733c9e5c79e1e7bd8 Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Mon, 1 Aug 2022 14:48:54 -0500 Subject: optee: Upgrade 3.15.0.imx -> 3.17.0.imx Signed-off-by: Tom Hochstein (cherry picked from commit d5abe2b1f7afccc879671ca0fba212eca369e825) --- conf/machine/include/imx-base.inc | 6 +- .../optee-imx/optee-client_3.15.0.imx.bb | 50 ---------- .../optee-imx/optee-client_3.17.0.imx.bb | 50 ++++++++++ recipes-security/optee-imx/optee-os_3.15.0.imx.bb | 103 --------------------- recipes-security/optee-imx/optee-os_3.17.0.imx.bb | 102 ++++++++++++++++++++ .../optee-imx/optee-test_3.15.0.imx.bb | 62 ------------- .../optee-imx/optee-test_3.17.0.imx.bb | 60 ++++++++++++ 7 files changed, 215 insertions(+), 218 deletions(-) delete mode 100644 recipes-security/optee-imx/optee-client_3.15.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-client_3.17.0.imx.bb delete mode 100644 recipes-security/optee-imx/optee-os_3.15.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-os_3.17.0.imx.bb delete mode 100644 recipes-security/optee-imx/optee-test_3.15.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-test_3.17.0.imx.bb diff --git a/conf/machine/include/imx-base.inc b/conf/machine/include/imx-base.inc index 800270725..e9b751e09 100644 --- a/conf/machine/include/imx-base.inc +++ b/conf/machine/include/imx-base.inc @@ -490,9 +490,9 @@ PREFERRED_VERSION_vulkan-loader:imxvulkan ??= "1.2.182.0" PREFERRED_VERSION_vulkan-tools:imxvulkan ??= "1.2.182.0" # Use i.MX optee Version -PREFERRED_VERSION_optee-os:mx8-nxp-bsp ??= "3.15.0.imx" -PREFERRED_VERSION_optee-client:mx8-nxp-bsp ??= "3.15.0.imx" -PREFERRED_VERSION_optee-test:mx8-nxp-bsp ??= "3.15.0.imx" +PREFERRED_VERSION_optee-os:mx8-nxp-bsp ??= "3.17.0.imx" +PREFERRED_VERSION_optee-client:mx8-nxp-bsp ??= "3.17.0.imx" +PREFERRED_VERSION_optee-test:mx8-nxp-bsp ??= "3.17.0.imx" #Use i.MX opencv Version for mx8 PREFERRED_VERSION_opencv:mx8-nxp-bsp ??= "4.5.2.imx" diff --git a/recipes-security/optee-imx/optee-client_3.15.0.imx.bb b/recipes-security/optee-imx/optee-client_3.15.0.imx.bb deleted file mode 100644 index 53ee5bc42..000000000 --- a/recipes-security/optee-imx/optee-client_3.15.0.imx.bb +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright (C) 2017-2021 NXP - -SUMMARY = "OPTEE Client libs" -HOMEPAGE = "http://www.optee.org/" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" - -SRCBRANCH = "lf-5.15.5_1.0.0" -SRC_URI = " \ - git://source.codeaurora.org/external/imx/imx-optee-client.git;protocol=https;branch=${SRCBRANCH} \ - file://tee-supplicant.service \ -" - -SRCREV = "182874320395787a389e5b0f7df02b32f3c0a1b0" - -S = "${WORKDIR}/git" -B = "${WORKDIR}/build" - -inherit python3native systemd features_check - -REQUIRED_MACHINE_FEATURES = "optee" - -SYSTEMD_SERVICE:${PN} = "tee-supplicant.service" - -OPTEE_ARCH ?= "arm32" -OPTEE_ARCH:armv7a = "arm32" -OPTEE_ARCH:aarch64 = "arm64" - -EXTRA_OEMAKE = "ARCH=${OPTEE_ARCH} O=${B}" - -do_install () { - oe_runmake -C ${S} install - - install -D -p -m0644 ${B}/export/usr/lib/libteec.so.1.0.0 ${D}${libdir}/libteec.so.1.0.0 - ln -sf libteec.so.1.0.0 ${D}${libdir}/libteec.so.1 - ln -sf libteec.so.1.0.0 ${D}${libdir}/libteec.so - - install -D -p -m0644 ${B}/export/usr/lib/libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0.1.0 - ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0 - ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so - - install -D -p -m0755 ${B}/export/usr/sbin/tee-supplicant ${D}${bindir}/tee-supplicant - - cp -a ${B}/export/usr/include ${D}${includedir} - - sed -i -e s:/etc:${sysconfdir}:g -e s:/usr/bin:${bindir}:g ${WORKDIR}/tee-supplicant.service - install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service -} - -COMPATIBLE_MACHINE = "(imx-nxp-bsp)" diff --git a/recipes-security/optee-imx/optee-client_3.17.0.imx.bb b/recipes-security/optee-imx/optee-client_3.17.0.imx.bb new file mode 100644 index 000000000..53ee5bc42 --- /dev/null +++ b/recipes-security/optee-imx/optee-client_3.17.0.imx.bb @@ -0,0 +1,50 @@ +# Copyright (C) 2017-2021 NXP + +SUMMARY = "OPTEE Client libs" +HOMEPAGE = "http://www.optee.org/" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" + +SRCBRANCH = "lf-5.15.5_1.0.0" +SRC_URI = " \ + git://source.codeaurora.org/external/imx/imx-optee-client.git;protocol=https;branch=${SRCBRANCH} \ + file://tee-supplicant.service \ +" + +SRCREV = "182874320395787a389e5b0f7df02b32f3c0a1b0" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +inherit python3native systemd features_check + +REQUIRED_MACHINE_FEATURES = "optee" + +SYSTEMD_SERVICE:${PN} = "tee-supplicant.service" + +OPTEE_ARCH ?= "arm32" +OPTEE_ARCH:armv7a = "arm32" +OPTEE_ARCH:aarch64 = "arm64" + +EXTRA_OEMAKE = "ARCH=${OPTEE_ARCH} O=${B}" + +do_install () { + oe_runmake -C ${S} install + + install -D -p -m0644 ${B}/export/usr/lib/libteec.so.1.0.0 ${D}${libdir}/libteec.so.1.0.0 + ln -sf libteec.so.1.0.0 ${D}${libdir}/libteec.so.1 + ln -sf libteec.so.1.0.0 ${D}${libdir}/libteec.so + + install -D -p -m0644 ${B}/export/usr/lib/libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0.1.0 + ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0 + ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so + + install -D -p -m0755 ${B}/export/usr/sbin/tee-supplicant ${D}${bindir}/tee-supplicant + + cp -a ${B}/export/usr/include ${D}${includedir} + + sed -i -e s:/etc:${sysconfdir}:g -e s:/usr/bin:${bindir}:g ${WORKDIR}/tee-supplicant.service + install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service +} + +COMPATIBLE_MACHINE = "(imx-nxp-bsp)" diff --git a/recipes-security/optee-imx/optee-os_3.15.0.imx.bb b/recipes-security/optee-imx/optee-os_3.15.0.imx.bb deleted file mode 100644 index 6d10b93da..000000000 --- a/recipes-security/optee-imx/optee-os_3.15.0.imx.bb +++ /dev/null @@ -1,103 +0,0 @@ -# Copyright (C) 2017-2021 NXP - -SUMMARY = "OPTEE OS" -DESCRIPTION = "OPTEE OS" -HOMEPAGE = "http://www.optee.org/" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" - -DEPENDS = "python3-pycryptodomex-native python3-pyelftools-native u-boot-mkimage-native" - -SRCBRANCH = "lf-5.15.5_1.0.0" -SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH}" - -SRCREV = "807629a0889ad5e888f1fd187932ab7f701ddf8c" - -S = "${WORKDIR}/git" - -inherit deploy python3native autotools features_check - -REQUIRED_MACHINE_FEATURES = "optee" - -# The platform flavor corresponds to the Yocto machine without the leading 'i'. -PLATFORM_FLAVOR = "${@d.getVar('MACHINE')[1:]}" -PLATFORM_FLAVOR:imx6qdlsabresd = "mx6qsabresd" -PLATFORM_FLAVOR:imx6qdlsabreauto = "mx6qsabreauto" -PLATFORM_FLAVOR:imx6qpdlsolox = "mx6qsabresd" -PLATFORM_FLAVOR:imx6ul = "mx6ulevk" -PLATFORM_FLAVOR:imx6ull = "mx6ullevk" -PLATFORM_FLAVOR:imx6ull = "mx6ullevk" -PLATFORM_FLAVOR:imx6ulz = "mx6ulzevk" -PLATFORM_FLAVOR:mx8mq-nxp-bsp = "mx8mqevk" -PLATFORM_FLAVOR:mx8mm-nxp-bsp = "mx8mmevk" -PLATFORM_FLAVOR:mx8mn-nxp-bsp = "mx8mnevk" -PLATFORM_FLAVOR:mx8mnul-nxp-bsp = "mx8mnevk" -PLATFORM_FLAVOR:mx8mp-nxp-bsp = "mx8mpevk" -PLATFORM_FLAVOR:mx8mpul-nxp-bsp = "mx8mpevk" -PLATFORM_FLAVOR:mx8qm-nxp-bsp = "mx8qmmek" -PLATFORM_FLAVOR:mx8qxp-nxp-bsp = "mx8qxpmek" -PLATFORM_FLAVOR:mx8dx-nxp-bsp = "mx8dxmek" -PLATFORM_FLAVOR:mx8dxl-nxp-bsp = "mx8dxlevk" -PLATFORM_FLAVOR:mx8ulp-nxp-bsp = "mx8ulpevk" - -OPTEE_ARCH:arm = "arm32" -OPTEE_ARCH:aarch64 = "arm64" - -# Optee-os can be built for 32 bits and 64 bits at the same time -# as long as the compilers are correctly defined. -# For 64bits, CROSS_COMPILE64 must be set -# When defining CROSS_COMPILE and CROSS_COMPILE64, we assure that -# any 32 or 64 bits builds will pass -EXTRA_OEMAKE = " \ - PLATFORM=imx \ - PLATFORM_FLAVOR=${PLATFORM_FLAVOR} \ - CROSS_COMPILE=${HOST_PREFIX} \ - CROSS_COMPILE64=${HOST_PREFIX} \ - CFG_TEE_TA_LOG_LEVEL=0 \ - CFG_TEE_CORE_LOG_LEVEL=0 \ - -C ${S} O=${B}\ -" - -LDFLAGS = "" -CFLAGS += "--sysroot=${STAGING_DIR_HOST}" -CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" - -do_deploy () { - install -d ${DEPLOYDIR} - cp ${B}/core/tee-raw.bin ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin - ln -sf tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/tee.bin - - if [ "${OPTEE_ARCH}" != "arm64" ]; then - IMX_LOAD_ADDR=`${TARGET_PREFIX}readelf -h ${B}/core/tee.elf | grep "Entry point address" | awk '{print $4}'` - uboot-mkimage -A arm -O linux -C none -a ${IMX_LOAD_ADDR} -e ${IMX_LOAD_ADDR} \ - -d ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/uTee-${OPTEE_BIN_EXT} - fi -} - -do_install () { - install -d ${D}${nonarch_base_libdir}/firmware/ - install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ - - # Install the TA devkit - install -d ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ - - for f in ${B}/export-ta_${OPTEE_ARCH}/*; do - cp -aR $f ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ - done - - # Install embedded TAs - install -d ${D}${nonarch_base_libdir}/optee_armtz - find ${B}/ta -name '*.ta' | while read name; do - install -m 444 $name ${D}${nonarch_base_libdir}/optee_armtz/ - done -} - -addtask deploy after do_compile before do_install - - -FILES:${PN} = "${nonarch_base_libdir}/firmware/ ${nonarch_base_libdir}/optee_armtz/" -FILES:${PN}-staticdev = "${includedir}/optee/" -RDEPENDS:${PN}-dev += "${PN}-staticdev" - -PACKAGE_ARCH = "${MACHINE_ARCH}" -COMPATIBLE_MACHINE = "(imx-nxp-bsp)" diff --git a/recipes-security/optee-imx/optee-os_3.17.0.imx.bb b/recipes-security/optee-imx/optee-os_3.17.0.imx.bb new file mode 100644 index 000000000..d25c0f9d2 --- /dev/null +++ b/recipes-security/optee-imx/optee-os_3.17.0.imx.bb @@ -0,0 +1,102 @@ +# Copyright (C) 2017-2021 NXP + +SUMMARY = "OPTEE OS" +DESCRIPTION = "OPTEE OS" +HOMEPAGE = "http://www.optee.org/" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" + +DEPENDS = "python3-cryptography-native python3-pyelftools-native u-boot-mkimage-native" + +SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH}" +SRCBRANCH = "lf-5.15.32_2.0.0" +SRCREV = "984996422c25c99ebfc5194c1bb393028605bb0c" + +S = "${WORKDIR}/git" + +inherit deploy python3native autotools features_check + +REQUIRED_MACHINE_FEATURES = "optee" + +# The platform flavor corresponds to the Yocto machine without the leading 'i'. +PLATFORM_FLAVOR = "${@d.getVar('MACHINE')[1:]}" +PLATFORM_FLAVOR:imx6qdlsabresd = "mx6qsabresd" +PLATFORM_FLAVOR:imx6qdlsabreauto = "mx6qsabreauto" +PLATFORM_FLAVOR:imx6qpdlsolox = "mx6qsabresd" +PLATFORM_FLAVOR:imx6ul = "mx6ulevk" +PLATFORM_FLAVOR:imx6ull = "mx6ullevk" +PLATFORM_FLAVOR:imx6ull = "mx6ullevk" +PLATFORM_FLAVOR:imx6ulz = "mx6ulzevk" +PLATFORM_FLAVOR:mx8mq-nxp-bsp = "mx8mqevk" +PLATFORM_FLAVOR:mx8mm-nxp-bsp = "mx8mmevk" +PLATFORM_FLAVOR:mx8mn-nxp-bsp = "mx8mnevk" +PLATFORM_FLAVOR:mx8mnul-nxp-bsp = "mx8mnevk" +PLATFORM_FLAVOR:mx8mp-nxp-bsp = "mx8mpevk" +PLATFORM_FLAVOR:mx8mpul-nxp-bsp = "mx8mpevk" +PLATFORM_FLAVOR:mx8qm-nxp-bsp = "mx8qmmek" +PLATFORM_FLAVOR:mx8qxp-nxp-bsp = "mx8qxpmek" +PLATFORM_FLAVOR:mx8dx-nxp-bsp = "mx8dxmek" +PLATFORM_FLAVOR:mx8dxl-nxp-bsp = "mx8dxlevk" +PLATFORM_FLAVOR:mx8ulp-nxp-bsp = "mx8ulpevk" + +OPTEE_ARCH:arm = "arm32" +OPTEE_ARCH:aarch64 = "arm64" + +# Optee-os can be built for 32 bits and 64 bits at the same time +# as long as the compilers are correctly defined. +# For 64bits, CROSS_COMPILE64 must be set +# When defining CROSS_COMPILE and CROSS_COMPILE64, we assure that +# any 32 or 64 bits builds will pass +EXTRA_OEMAKE = " \ + PLATFORM=imx-${PLATFORM_FLAVOR} \ + CROSS_COMPILE=${HOST_PREFIX} \ + CROSS_COMPILE64=${HOST_PREFIX} \ + CFG_TEE_TA_LOG_LEVEL=0 \ + CFG_TEE_CORE_LOG_LEVEL=0 \ + OPENSSL_MODULES=${STAGING_LIBDIR_NATIVE}/ossl-modules \ + -C ${S} O=${B} \ +" + +LDFLAGS = "" +CFLAGS += "--sysroot=${STAGING_DIR_HOST}" +CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" + +do_deploy () { + install -d ${DEPLOYDIR} + cp ${B}/core/tee-raw.bin ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin + ln -sf tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/tee.bin + + if [ "${OPTEE_ARCH}" != "arm64" ]; then + IMX_LOAD_ADDR=`${TARGET_PREFIX}readelf -h ${B}/core/tee.elf | grep "Entry point address" | awk '{print $4}'` + uboot-mkimage -A arm -O linux -C none -a ${IMX_LOAD_ADDR} -e ${IMX_LOAD_ADDR} \ + -d ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/uTee-${OPTEE_BIN_EXT} + fi +} + +do_install () { + install -d ${D}${nonarch_base_libdir}/firmware/ + install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ + + # Install the TA devkit + install -d ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ + + for f in ${B}/export-ta_${OPTEE_ARCH}/*; do + cp -aR $f ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ + done + + # Install embedded TAs + install -d ${D}${nonarch_base_libdir}/optee_armtz + find ${B}/ta -name '*.ta' | while read name; do + install -m 444 $name ${D}${nonarch_base_libdir}/optee_armtz/ + done +} + +addtask deploy after do_compile before do_install + + +FILES:${PN} = "${nonarch_base_libdir}/firmware/ ${nonarch_base_libdir}/optee_armtz/" +FILES:${PN}-staticdev = "${includedir}/optee/" +RDEPENDS:${PN}-dev += "${PN}-staticdev" + +PACKAGE_ARCH = "${MACHINE_ARCH}" +COMPATIBLE_MACHINE = "(imx-nxp-bsp)" diff --git a/recipes-security/optee-imx/optee-test_3.15.0.imx.bb b/recipes-security/optee-imx/optee-test_3.15.0.imx.bb deleted file mode 100644 index a3649d745..000000000 --- a/recipes-security/optee-imx/optee-test_3.15.0.imx.bb +++ /dev/null @@ -1,62 +0,0 @@ -# Copyright (C) 2017-2021 NXP - -SUMMARY = "OPTEE test" -HOMEPAGE = "http://www.optee.org/" - -LICENSE = "BSD-2-Clause & GPL-2.0-only" -LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" - -DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native optee-os optee-client openssl" - -SRCBRANCH = "lf-5.15.5_1.0.0" - -SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH}" - -S = "${WORKDIR}/git" -B = "${WORKDIR}/build" - -SRCREV = "e9d8bf6ee121d6686e6e409c727caee76496bb86" - -inherit python3native features_check - -REQUIRED_MACHINE_FEATURES = "optee" - -OPTEE_ARCH:arm = "arm32" -OPTEE_ARCH:aarch64 = "arm64" - -CFLAGS += "--sysroot=${STAGING_DIR_HOST}" -CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" - -EXTRA_OEMAKE = " \ - TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_${OPTEE_ARCH}/ \ - ARCH=${OPTEE_ARCH} \ - OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${exec_prefix} \ - CROSS_COMPILE_HOST=${HOST_PREFIX} \ - CROSS_COMPILE_TA=${HOST_PREFIX} \ - CROSS_COMPILE=${HOST_PREFIX} \ - -C ${S} O=${B} \ -" - -do_compile() { - oe_runmake all -} -do_compile[cleandirs] = "${B}" - -do_install () { - install -d ${D}${bindir} - install ${B}/xtest/xtest ${D}${bindir} - - install -d ${D}${nonarch_base_libdir}/optee_armtz - find ${B}/ta -name '*.ta' | while read name; do - install -m 444 $name ${D}${nonarch_base_libdir}/optee_armtz/ - done - - install -d ${D}${libdir}/tee-supplicant/plugins/ - install ${B}/supp_plugin/*plugin ${D}${libdir}/tee-supplicant/plugins/ -} - -FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/ ${libdir}/tee-supplicant/plugins/" - -RDEPENDS:${PN} = "optee-os" - -COMPATIBLE_MACHINE = "(imx-nxp-bsp)" diff --git a/recipes-security/optee-imx/optee-test_3.17.0.imx.bb b/recipes-security/optee-imx/optee-test_3.17.0.imx.bb new file mode 100644 index 000000000..54f92d727 --- /dev/null +++ b/recipes-security/optee-imx/optee-test_3.17.0.imx.bb @@ -0,0 +1,60 @@ +# Copyright (C) 2017-2021 NXP + +SUMMARY = "OPTEE test" +HOMEPAGE = "http://www.optee.org/" + +LICENSE = "BSD-2-Clause & GPL-2.0-only" +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" + +DEPENDS = "python3-cryptography-native optee-os optee-client openssl" + +SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH}" +SRCBRANCH = "lf-5.15.32_2.0.0" +SRCREV = "e064126a9769f168d1d0e178b74955e6648683b4" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +inherit python3native features_check + +REQUIRED_MACHINE_FEATURES = "optee" + +OPTEE_ARCH:arm = "arm32" +OPTEE_ARCH:aarch64 = "arm64" + +CFLAGS += "--sysroot=${STAGING_DIR_HOST}" +CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" + +EXTRA_OEMAKE = " \ + TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_${OPTEE_ARCH}/ \ + OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${exec_prefix} \ + CROSS_COMPILE_HOST=${HOST_PREFIX} \ + CROSS_COMPILE_TA=${HOST_PREFIX} \ + CROSS_COMPILE=${HOST_PREFIX} \ + OPENSSL_MODULES=${STAGING_LIBDIR_NATIVE}/ossl-modules \ + -C ${S} O=${B} \ +" + +do_compile() { + oe_runmake all +} +do_compile[cleandirs] = "${B}" + +do_install () { + install -d ${D}${bindir} + install ${B}/xtest/xtest ${D}${bindir} + + install -d ${D}${nonarch_base_libdir}/optee_armtz + find ${B}/ta -name '*.ta' | while read name; do + install -m 444 $name ${D}${nonarch_base_libdir}/optee_armtz/ + done + + install -d ${D}${libdir}/tee-supplicant/plugins/ + install ${B}/supp_plugin/*plugin ${D}${libdir}/tee-supplicant/plugins/ +} + +FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/ ${libdir}/tee-supplicant/plugins/" + +RDEPENDS:${PN} = "optee-os" + +COMPATIBLE_MACHINE = "(imx-nxp-bsp)" -- cgit v1.2.3-54-g00ecf From eec19c55fe65fad64b80ec01ed45efff22e4b0da Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Mon, 1 Aug 2022 15:52:50 -0500 Subject: optee-os: Fix PLATFORM_FLAVOR overrides for 6UL, 6ULL, and 6ULZ The PLATFORM_FLAVOR overrides for 6UL, 6ULL, and 6ULZ SOCs were mistakenly added with a leading 'i'. Fixes: b937d5b Signed-off-by: Tom Hochstein (cherry picked from commit dbcc587ed8ed2a70b9581db9059365ced1704812) --- recipes-security/optee-imx/optee-os_3.17.0.imx.bb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/recipes-security/optee-imx/optee-os_3.17.0.imx.bb b/recipes-security/optee-imx/optee-os_3.17.0.imx.bb index d25c0f9d2..6e34eb9a0 100644 --- a/recipes-security/optee-imx/optee-os_3.17.0.imx.bb +++ b/recipes-security/optee-imx/optee-os_3.17.0.imx.bb @@ -23,10 +23,9 @@ PLATFORM_FLAVOR = "${@d.getVar('MACHINE')[1:]}" PLATFORM_FLAVOR:imx6qdlsabresd = "mx6qsabresd" PLATFORM_FLAVOR:imx6qdlsabreauto = "mx6qsabreauto" PLATFORM_FLAVOR:imx6qpdlsolox = "mx6qsabresd" -PLATFORM_FLAVOR:imx6ul = "mx6ulevk" -PLATFORM_FLAVOR:imx6ull = "mx6ullevk" -PLATFORM_FLAVOR:imx6ull = "mx6ullevk" -PLATFORM_FLAVOR:imx6ulz = "mx6ulzevk" +PLATFORM_FLAVOR:mx6ul-nxp-bsp = "mx6ulevk" +PLATFORM_FLAVOR:mx6ull-nxp-bsp = "mx6ullevk" +PLATFORM_FLAVOR:mx6ulz-nxp-bsp = "mx6ulzevk" PLATFORM_FLAVOR:mx8mq-nxp-bsp = "mx8mqevk" PLATFORM_FLAVOR:mx8mm-nxp-bsp = "mx8mmevk" PLATFORM_FLAVOR:mx8mn-nxp-bsp = "mx8mnevk" -- cgit v1.2.3-54-g00ecf From 0d2e41d1dd60b4f8ba42def0e15b59f01e893677 Mon Sep 17 00:00:00 2001 From: Andrey Zhizhikin Date: Fri, 26 Aug 2022 13:07:25 +0000 Subject: optee-os: fix build with binutils 2.39 binutils 2.39 started to produce warning on RWX LOAD segments, which breaks the linking process of optee-os. Upstream optee-os package has patch ac425901 ("arm/optee-os: backport RWX permission error patch") [1] integrated, which has been backported in OP-TEE from PR #5475 [2] targeting master in upstream. Port upstream optee-os commit into NXP fork of optee-os. Link: [1]: https://github.com/jonmason/meta-arm/commit/ac4259011f4c8cec01191828014487ccc5de73ca Link: [2]: https://github.com/OP-TEE/optee_os/pull/5474 Signed-off-by: Andrey Zhizhikin Cc: Tom Hochstein (cherry picked from commit 42a054f5e3d18bdf0092dd29eff5980ba9af8db1) --- .../optee-os/0008-no-warn-rwx-segments.patch | 64 ++++++++++++++++++++++ recipes-security/optee-imx/optee-os_3.17.0.imx.bb | 4 ++ 2 files changed, 68 insertions(+) create mode 100644 recipes-security/optee-imx/optee-os/0008-no-warn-rwx-segments.patch diff --git a/recipes-security/optee-imx/optee-os/0008-no-warn-rwx-segments.patch b/recipes-security/optee-imx/optee-os/0008-no-warn-rwx-segments.patch new file mode 100644 index 000000000..1dd70b312 --- /dev/null +++ b/recipes-security/optee-imx/optee-os/0008-no-warn-rwx-segments.patch @@ -0,0 +1,64 @@ +Signed-off-by: Anton Antonov +Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] + +From 0b8a917fa51a366806edc0f04b88cd23b24098c4 Mon Sep 17 00:00:00 2001 +From: Jerome Forissier +Date: Fri, 5 Aug 2022 09:48:03 +0200 +Subject: [PATCH] core: link: add --no-warn-rwx-segments + +binutils ld.bfd generates one RWX LOAD segment by merging several sections +with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it +also warns by default when that happens [1], which breaks the build due to +--fatal-warnings. The RWX segment is not a problem for the TEE core, since +that information is not used to set memory permissions. Therefore, silence +the warning. + +Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 +Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 +Reported-by: Dominique Martinet +Signed-off-by: Jerome Forissier +Acked-by: Jens Wiklander +--- + core/arch/arm/kernel/link.mk | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk +index 7eed333a32..c39d43cbfc 100644 +--- a/core/arch/arm/kernel/link.mk ++++ b/core/arch/arm/kernel/link.mk +@@ -31,6 +31,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map + link-ldflags += --sort-section=alignment + link-ldflags += --fatal-warnings + link-ldflags += --gc-sections ++link-ldflags += $(call ld-option,--no-warn-rwx-segments) + + link-ldadd = $(LDADD) + link-ldadd += $(ldflags-external) +@@ -55,6 +56,7 @@ link-script-cppflags := \ + $(cppflagscore)) + + ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \ ++ $(call ld-option,--no-warn-rwx-segments) \ + $(link-objs) $(link-ldadd) $(libgcccore) + cleanfiles += $(link-out-dir)/all_objs.o + $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST) +@@ -67,7 +69,8 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o + $(q)$(NMcore) $< | \ + $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@ + +-unpaged-ldargs = -T $(link-script-dummy) --no-check-sections --gc-sections ++unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ ++ $(call ld-option,--no-warn-rwx-segments) + unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore) + cleanfiles += $(link-out-dir)/unpaged.o + $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt +@@ -95,7 +98,8 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o + $(q)$(NMcore) $< | \ + $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@ + +-init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections ++init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ ++ $(call ld-option,--no-warn-rwx-segments) + init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \ + $(libgcccore) + cleanfiles += $(link-out-dir)/init.o diff --git a/recipes-security/optee-imx/optee-os_3.17.0.imx.bb b/recipes-security/optee-imx/optee-os_3.17.0.imx.bb index 6e34eb9a0..93e0ff6e9 100644 --- a/recipes-security/optee-imx/optee-os_3.17.0.imx.bb +++ b/recipes-security/optee-imx/optee-os_3.17.0.imx.bb @@ -12,6 +12,10 @@ SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-os.git;protocol=ht SRCBRANCH = "lf-5.15.32_2.0.0" SRCREV = "984996422c25c99ebfc5194c1bb393028605bb0c" +SRC_URI:append = " \ + file://0008-no-warn-rwx-segments.patch \ + " + S = "${WORKDIR}/git" inherit deploy python3native autotools features_check -- cgit v1.2.3-54-g00ecf