From c611cefd8038dce0c7e1e4ecfb0ce5bebff2d809 Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Wed, 26 Mar 2025 06:59:25 -0700 Subject: optee-imx: Upgrade 4.2.0.imx -> 4.4.0.imx Copy latest support from NXP BSP LF6.6.52_2.2.0. Note that clang is disabled in optee-os-fslc.inc, which is copied from meta-arm optee-os.inc. Fixes: Issue 2048 - Upgrade BSP to LF6.6.52_2.2.0 Signed-off-by: Tom Hochstein --- conf/machine/include/imx-base.inc | 12 +-- .../optee-imx/optee-client-fslc-imx.inc | 35 ++++++- recipes-security/optee-imx/optee-client-fslc.inc | 59 +++++------ .../optee-imx/optee-client/tee-supplicant.service | 11 --- .../optee-imx/optee-client/tee-supplicant.sh | 46 +++++++++ .../optee-imx/optee-client/tee-supplicant@.service | 10 ++ .../optee-imx/optee-client/tee-udev.rules | 7 ++ .../optee-imx/optee-client_4.2.0.imx.bb | 7 -- .../optee-imx/optee-client_4.4.0.imx.bb | 4 + recipes-security/optee-imx/optee-fslc.inc | 53 ++++++---- .../optee-imx/optee-os-common-fslc-imx.inc | 62 ++++++++++++ recipes-security/optee-imx/optee-os-fslc-imx.inc | 47 +++++---- recipes-security/optee-imx/optee-os-fslc.inc | 110 ++++++++++----------- .../optee-imx/optee-os-tadevkit-fslc-imx.inc | 27 +++++ .../optee-imx/optee-os-tadevkit_4.4.0.imx.bb | 4 + .../0007-allow-setting-sysroot-for-clang.patch | 30 ++++++ recipes-security/optee-imx/optee-os_4.2.0.imx.bb | 10 -- recipes-security/optee-imx/optee-os_4.4.0.imx.bb | 10 ++ recipes-security/optee-imx/optee-test-fslc-imx.inc | 18 ++++ recipes-security/optee-imx/optee-test-fslc.inc | 67 +++++++++---- recipes-security/optee-imx/optee-test/run-ptest | 52 ++++++++++ recipes-security/optee-imx/optee-test_4.2.0.imx.bb | 10 -- recipes-security/optee-imx/optee-test_4.4.0.imx.bb | 13 +++ 23 files changed, 509 insertions(+), 195 deletions(-) delete mode 100644 recipes-security/optee-imx/optee-client/tee-supplicant.service create mode 100644 recipes-security/optee-imx/optee-client/tee-supplicant.sh create mode 100644 recipes-security/optee-imx/optee-client/tee-supplicant@.service create mode 100644 recipes-security/optee-imx/optee-client/tee-udev.rules delete mode 100644 recipes-security/optee-imx/optee-client_4.2.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-client_4.4.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-os-common-fslc-imx.inc create mode 100644 recipes-security/optee-imx/optee-os-tadevkit-fslc-imx.inc create mode 100644 recipes-security/optee-imx/optee-os-tadevkit_4.4.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-os/0007-allow-setting-sysroot-for-clang.patch delete mode 100644 recipes-security/optee-imx/optee-os_4.2.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-os_4.4.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-test-fslc-imx.inc create mode 100644 recipes-security/optee-imx/optee-test/run-ptest delete mode 100644 recipes-security/optee-imx/optee-test_4.2.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-test_4.4.0.imx.bb diff --git a/conf/machine/include/imx-base.inc b/conf/machine/include/imx-base.inc index 8ccdeb648..932b1e696 100644 --- a/conf/machine/include/imx-base.inc +++ b/conf/machine/include/imx-base.inc @@ -606,12 +606,12 @@ PREFERRED_VERSION_vulkan-tools:imxvulkan ??= "1.3.275.0.imx" PREFERRED_VERSION_vulkan-validation-layers:imxvulkan ??= "1.3.275.0.imx" # Use i.MX optee Version -PREFERRED_VERSION_optee-os:mx8-nxp-bsp ??= "4.2.0.imx" -PREFERRED_VERSION_optee-os:mx9-nxp-bsp ??= "4.2.0.imx" -PREFERRED_VERSION_optee-client:mx8-nxp-bsp ??= "4.2.0.imx" -PREFERRED_VERSION_optee-client:mx9-nxp-bsp ??= "4.2.0.imx" -PREFERRED_VERSION_optee-test:mx8-nxp-bsp ??= "4.2.0.imx" -PREFERRED_VERSION_optee-test:mx9-nxp-bsp ??= "4.2.0.imx" +PREFERRED_VERSION_optee-os:mx8-nxp-bsp ??= "4.4.0.imx" +PREFERRED_VERSION_optee-os:mx9-nxp-bsp ??= "4.4.0.imx" +PREFERRED_VERSION_optee-client:mx8-nxp-bsp ??= "4.4.0.imx" +PREFERRED_VERSION_optee-client:mx9-nxp-bsp ??= "4.4.0.imx" +PREFERRED_VERSION_optee-test:mx8-nxp-bsp ??= "4.4.0.imx" +PREFERRED_VERSION_optee-test:mx9-nxp-bsp ??= "4.4.0.imx" # Use i.MX opencv Version PREFERRED_VERSION_opencv:mx8-nxp-bsp ??= "4.6.0.imx" diff --git a/recipes-security/optee-imx/optee-client-fslc-imx.inc b/recipes-security/optee-imx/optee-client-fslc-imx.inc index 60e9e1fa5..7aeff9fd5 100644 --- a/recipes-security/optee-imx/optee-client-fslc-imx.inc +++ b/recipes-security/optee-imx/optee-client-fslc-imx.inc @@ -1,7 +1,36 @@ -# Copyright 2017-2024 NXP +# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-client-imx.inc. +# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L37 require optee-client-fslc.inc -SRC_URI += "git://github.com/nxp-imx/imx-optee-client.git;protocol=https;branch=${SRCBRANCH}" +DEPENDS += "util-linux-libuuid" -COMPATIBLE_MACHINE = "(imx-nxp-bsp)" +FILESEXTRAPATHS:prepend := "${THISDIR}/optee-client:" +SRC_URI:remove = "git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https" +SRC_URI:prepend = "${OPTEE_CLIENT_SRC};branch=${SRCBRANCH} " +OPTEE_CLIENT_SRC ?= "git://github.com/nxp-imx/imx-optee-client.git;protocol=https" + +inherit pkgconfig + +EXTRA_OECMAKE += "-DCFG_TEE_CLIENT_LOAD_PATH=${nonarch_base_libdir}" + +# Copy the udev rule from the libts recipe for starting tee-supplicant@.service +SRC_URI += "file://tee-udev.rules" +# Unix group name for dev/tee* ownership. +TEE_GROUP_NAME ?= "teeclnt" +do_install:append () { + if ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', 'false', 'true', d)}; then + install -d ${D}${nonarch_base_libdir}/udev/rules.d/ + install -m 755 ${UNPACKDIR}/tee-udev.rules ${D}${nonarch_base_libdir}/udev/rules.d/ + sed -i -e "s/teeclnt/${TEE_GROUP_NAME}/" ${D}${nonarch_base_libdir}/udev/rules.d/tee-udev.rules + fi + + if [ "${libdir}" != "${nonarch_base_libdir}" ]; then + rm -rf ${D}${libdir}/systemd + fi +} +inherit ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', '', 'useradd', d)} +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "--system ${TEE_GROUP_NAME}" + +FILES:${PN} += "${libdir}/* ${includedir}/*" diff --git a/recipes-security/optee-imx/optee-client-fslc.inc b/recipes-security/optee-imx/optee-client-fslc.inc index f55f0ab24..455bdd780 100644 --- a/recipes-security/optee-imx/optee-client-fslc.inc +++ b/recipes-security/optee-imx/optee-client-fslc.inc @@ -1,42 +1,43 @@ -# Copyright 2017-2024 NXP +# Copied from meta-arm/recipes-security/optee/optee-client.inc. +# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L30 + +SUMMARY = "OP-TEE Client API" +DESCRIPTION = "Open Portable Trusted Execution Environment - Normal World Client side of the TEE" +HOMEPAGE = "https://www.op-tee.org/" -SUMMARY = "OPTEE Client libs" -HOMEPAGE = "http://www.optee.org/" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" -SRC_URI = "file://tee-supplicant.service" - -S = "${WORKDIR}/git" -B = "${WORKDIR}/build" +inherit systemd update-rc.d cmake -inherit python3native systemd features_check pkgconfig - -DEPENDS = "util-linux-libuuid" +SRC_URI = " \ + git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https \ + file://tee-supplicant@.service \ + file://tee-supplicant.sh \ +" -REQUIRED_MACHINE_FEATURES = "optee" +UPSTREAM_CHECK_GITTAGREGEX = "^(?P\d+(\.\d+)+)$" -SYSTEMD_SERVICE:${PN} = "tee-supplicant.service" +S = "${WORKDIR}/git" -EXTRA_OEMAKE = " \ - -C ${S} O=${B} \ +EXTRA_OECMAKE = " \ + -DBUILD_SHARED_LIBS=ON \ + -DCFG_TEE_FS_PARENT_PATH='${localstatedir}/lib/tee' \ " +EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0" -do_install () { - oe_runmake -C ${S} install - - install -D -p -m0644 ${B}/export/usr/lib/libteec.so.2.0.0 ${D}${libdir}/libteec.so.2.0.0 - ln -sf libteec.so.2.0.0 ${D}${libdir}/libteec.so.2 - ln -sf libteec.so.2.0.0 ${D}${libdir}/libteec.so - - install -D -p -m0644 ${B}/export/usr/lib/libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0.1.0 - ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0 - ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so +do_install:append() { + install -D -p -m0644 ${UNPACKDIR}/tee-supplicant@.service ${D}${systemd_system_unitdir}/tee-supplicant@.service + install -D -p -m0755 ${UNPACKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant - install -D -p -m0755 ${B}/export/usr/sbin/tee-supplicant ${D}${bindir}/tee-supplicant + sed -i -e s:@sysconfdir@:${sysconfdir}:g \ + -e s:@sbindir@:${sbindir}:g \ + ${D}${systemd_system_unitdir}/tee-supplicant@.service \ + ${D}${sysconfdir}/init.d/tee-supplicant +} - cp -a ${B}/export/usr/include ${D}${includedir} +SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service" - sed -i -e s:/etc:${sysconfdir}:g -e s:/usr/bin:${bindir}:g ${UNPACKDIR}/tee-supplicant.service - install -D -p -m0644 ${UNPACKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service -} +INITSCRIPT_PACKAGES = "${PN}" +INITSCRIPT_NAME:${PN} = "tee-supplicant" +INITSCRIPT_PARAMS:${PN} = "start 10 1 2 3 4 5 . stop 90 0 6 ." diff --git a/recipes-security/optee-imx/optee-client/tee-supplicant.service b/recipes-security/optee-imx/optee-client/tee-supplicant.service deleted file mode 100644 index 0e2b4f6ba..000000000 --- a/recipes-security/optee-imx/optee-client/tee-supplicant.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=TEE Supplicant - -[Service] -User=root -EnvironmentFile=-/etc/default/tee-supplicant -ExecStart=/usr/bin/tee-supplicant $OPTARGS - -[Install] -WantedBy=basic.target - diff --git a/recipes-security/optee-imx/optee-client/tee-supplicant.sh b/recipes-security/optee-imx/optee-client/tee-supplicant.sh new file mode 100644 index 000000000..b4d219502 --- /dev/null +++ b/recipes-security/optee-imx/optee-client/tee-supplicant.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +# Source function library +. /etc/init.d/functions + +NAME=tee-supplicant +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DESC="OP-TEE Supplicant" + +DAEMON=@sbindir@/$NAME + +test -f $DAEMON || exit 0 + +test -f @sysconfdir@/default/$NAME && . @sysconfdir@/default/$NAME +test -f @sysconfdir@/default/rcS && . @sysconfdir@/default/rcS + +SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- -d $OPTARGS" + +set -e + +case $1 in + start) + echo -n "Starting $DESC: " + start-stop-daemon --start $SSD_OPTIONS + echo "${DAEMON##*/}." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon --stop $SSD_OPTIONS + echo "${DAEMON##*/}." + ;; + restart|force-reload) + $0 stop + sleep 1 + $0 start + ;; + status) + status ${DAEMON} || exit $? + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/recipes-security/optee-imx/optee-client/tee-supplicant@.service b/recipes-security/optee-imx/optee-client/tee-supplicant@.service new file mode 100644 index 000000000..72c0b9aa5 --- /dev/null +++ b/recipes-security/optee-imx/optee-client/tee-supplicant@.service @@ -0,0 +1,10 @@ +[Unit] +Description=TEE Supplicant on %i + +[Service] +User=root +EnvironmentFile=-@sysconfdir@/default/tee-supplicant +ExecStart=@sbindir@/tee-supplicant $OPTARGS + +[Install] +WantedBy=basic.target diff --git a/recipes-security/optee-imx/optee-client/tee-udev.rules b/recipes-security/optee-imx/optee-client/tee-udev.rules new file mode 100644 index 000000000..43fafd8c9 --- /dev/null +++ b/recipes-security/optee-imx/optee-client/tee-udev.rules @@ -0,0 +1,7 @@ +# tee devices can only be accessed by the teeclnt group members +KERNEL=="tee[0-9]*", TAG+="systemd", MODE="0660", GROUP="teeclnt" + +# If a /dev/teepriv[0-9]* device is detected, start an instance of +# tee-supplicant.service with the device name as parameter +KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="tee", \ + TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service" diff --git a/recipes-security/optee-imx/optee-client_4.2.0.imx.bb b/recipes-security/optee-imx/optee-client_4.2.0.imx.bb deleted file mode 100644 index 59f8c84d7..000000000 --- a/recipes-security/optee-imx/optee-client_4.2.0.imx.bb +++ /dev/null @@ -1,7 +0,0 @@ -require optee-client-fslc-imx.inc - -SRCBRANCH = "lf-6.6.36_2.1.0" -SRCREV = "3eac340a781c00ccd61b151b0e9c22a8c6e9f9f0" - -DEPENDS += "util-linux" -EXTRA_OEMAKE += "PKG_CONFIG=pkg-config" diff --git a/recipes-security/optee-imx/optee-client_4.4.0.imx.bb b/recipes-security/optee-imx/optee-client_4.4.0.imx.bb new file mode 100644 index 000000000..322f998fc --- /dev/null +++ b/recipes-security/optee-imx/optee-client_4.4.0.imx.bb @@ -0,0 +1,4 @@ +require optee-client-fslc-imx.inc + +SRCBRANCH = "lf-6.6.52_2.2.0" +SRCREV = "d221676a58b305bddbf97db00395205b3038de8e" diff --git a/recipes-security/optee-imx/optee-fslc.inc b/recipes-security/optee-imx/optee-fslc.inc index 6c96dc2bc..42e23fc22 100644 --- a/recipes-security/optee-imx/optee-fslc.inc +++ b/recipes-security/optee-imx/optee-fslc.inc @@ -1,26 +1,43 @@ -HOMEPAGE = "http://www.optee.org/" +# Copied from meta-arm/recipes-security/optee/optee.inc. +# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L30 -inherit python3native features_check +UPSTREAM_CHECK_GITTAGREGEX = "^(?P\d+(\.\d+)+)$" -REQUIRED_MACHINE_FEATURES = "optee" +COMPATIBLE_MACHINE ?= "invalid" +COMPATIBLE_MACHINE:qemuarm64 ?= "qemuarm64" +COMPATIBLE_MACHINE:qemuarm ?= "qemuarm" +# Please add supported machines below or set it in .bbappend or .conf -DEPENDS = "python3-cryptography-native" +OPTEEMACHINE ?= "${MACHINE}" +OPTEEMACHINE:aarch64:qemuall ?= "vexpress-qemu_armv8a" +OPTEEMACHINE:arm:qemuall ?= "vexpress-qemu_virt" -S = "${WORKDIR}/git" -B = "${WORKDIR}/build" - -OPTEE_ARCH:arm = "arm32" +OPTEE_ARCH = "null" +OPTEE_ARCH:arm = "arm32" OPTEE_ARCH:aarch64 = "arm64" +OPTEE_CORE = "${@d.getVar('OPTEE_ARCH').upper()}" + +# FIXME - breaks with Clang 18. See https://github.com/OP-TEE/optee_os/issues/6754 +TOOLCHAIN = "gcc" + +OPTEE_TOOLCHAIN = "${@d.getVar('TOOLCHAIN') or 'gcc'}" +OPTEE_COMPILER = "${@bb.utils.contains("BBFILE_COLLECTIONS", "clang-layer", "${OPTEE_TOOLCHAIN}", "gcc", d)}" -COMPILER ?= "gcc" -COMPILER:toolchain-clang = "clang" +# Set here but not passed to EXTRA_OEMAKE by default as that breaks +# the optee-os build +TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta" + +EXTRA_OEMAKE += "V=1 \ + LIBGCC_LOCATE_CFLAGS='${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS}' \ + COMPILER=${OPTEE_COMPILER} \ + OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \ + TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \ + " +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" CFLAGS += "--sysroot=${STAGING_DIR_HOST}" -CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" - -EXTRA_OEMAKE = " \ - COMPILER=${COMPILER} \ - OPENSSL_MODULES=${STAGING_LIBDIR_NATIVE}/ossl-modules \ - OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${exec_prefix} \ - -C ${S} O=${B} \ -" + +# See the rationale in https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt. +CVE_STATUS[CVE-2021-36133] = "disputed: devices shipped open for development purposes" diff --git a/recipes-security/optee-imx/optee-os-common-fslc-imx.inc b/recipes-security/optee-imx/optee-os-common-fslc-imx.inc new file mode 100644 index 000000000..941182fe9 --- /dev/null +++ b/recipes-security/optee-imx/optee-os-common-fslc-imx.inc @@ -0,0 +1,62 @@ +# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-os-common-imx.inc. +# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L37 + +require optee-os-fslc.inc + +DEPENDS:append:arm = "u-boot-mkimage-native" + +FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:" + +SRC_URI:remove = "git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https" +SRC_URI:prepend = "${OPTEE_OS_SRC};branch=${SRCBRANCH} " +SRC_URI:append = " file://0007-allow-setting-sysroot-for-clang.patch" +SRC_URI:remove = "file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \ + file://0002-optee-enable-clang-support.patch \ + file://0003-core-link-add-no-warn-rwx-segments.patch" + +OPTEE_OS_SRC ?= "git://github.com/nxp-imx/imx-optee-os.git;protocol=https" + +inherit features_check + +REQUIRED_MACHINE_FEATURES = "optee" + +OPTEEMACHINE = "imx-${@d.getVar('MACHINE')[1:]}" +OPTEEMACHINE:imx6qpdlsolox = "imx-mx6qsabresd" +OPTEEMACHINE:mx6ul-nxp-bsp = "imx-mx6ulevk" +OPTEEMACHINE:mx6ull-nxp-bsp = "imx-mx6ullevk" +OPTEEMACHINE:mx6ulz-nxp-bsp = "imx-mx6ulzevk" +OPTEEMACHINE:mx8mq-nxp-bsp = "imx-mx8mqevk" +OPTEEMACHINE:mx8mm-nxp-bsp = "imx-mx8mmevk" +OPTEEMACHINE:mx8mn-nxp-bsp = "imx-mx8mnevk" +OPTEEMACHINE:mx8mp-nxp-bsp = "imx-mx8mpevk" +OPTEEMACHINE:mx8mpul-nxp-bsp = "imx-mx8mpevk" +OPTEEMACHINE:mx8qm-nxp-bsp = "imx-mx8qmmek" +OPTEEMACHINE:mx8qxp-nxp-bsp = "imx-mx8qxpmek" +OPTEEMACHINE:mx8dx-nxp-bsp = "imx-mx8dxmek" +OPTEEMACHINE:mx8dxl-nxp-bsp = "imx-mx8dxlevk" +OPTEEMACHINE:mx8mnul-nxp-bsp = "imx-mx8mnevk" +OPTEEMACHINE:mx8ulp-nxp-bsp = "imx-mx8ulpevk" +OPTEEMACHINE:mx91-nxp-bsp = "imx-mx91evk" +OPTEEMACHINE:mx93-nxp-bsp = "imx-mx93evk" +OPTEEMACHINE:mx95-nxp-bsp = "imx-mx95evk" + +# Strip the leading imx- +PLATFORM_FLAVOR = "${@d.getVar('OPTEEMACHINE')[4:]}" + +EXTRA_OEMAKE:append = " \ + CFG_TEE_TA_LOG_LEVEL=0 \ + CFG_TEE_CORE_LOG_LEVEL=0 \ +" + +EXTRA_OEMAKE:append:imx8mq-lpddr4-wevk = " \ + CFG_CORE_LARGE_PHYS_ADDR=y \ + CFG_CORE_ARM64_PA_BITS=36 \ + CFG_DDR_SIZE=0x100000000 \ + CFG_TZDRAM_START=0xfe000000 \ +" + +EXTRA_OEMAKE:append:imx8dxlb0-fips-lpddr4-evk = " \ + CFG_NXP_CAAM=n \ +" + +COMPATIBLE_MACHINE = "(imx-nxp-bsp)" diff --git a/recipes-security/optee-imx/optee-os-fslc-imx.inc b/recipes-security/optee-imx/optee-os-fslc-imx.inc index f4a532b7b..5fe6a75a5 100644 --- a/recipes-security/optee-imx/optee-os-fslc-imx.inc +++ b/recipes-security/optee-imx/optee-os-fslc-imx.inc @@ -1,27 +1,26 @@ -require optee-os-fslc.inc +# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-os-imx.inc. +# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L37 -SRC_URI = "git://github.com/nxp-imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH}" +require optee-os-common-fslc-imx.inc -# The platform flavor corresponds to the Yocto machine without the leading 'i'. -PLATFORM_FLAVOR = "${@d.getVar('MACHINE')[1:]}" -PLATFORM_FLAVOR:imx6qdlsabresd = "mx6qsabresd" -PLATFORM_FLAVOR:imx6qdlsabreauto = "mx6qsabreauto" -PLATFORM_FLAVOR:imx6qpdlsolox = "mx6qsabresd" -PLATFORM_FLAVOR:mx6ul-nxp-bsp = "mx6ulevk" -PLATFORM_FLAVOR:mx6ull-nxp-bsp = "mx6ullevk" -PLATFORM_FLAVOR:mx6ulz-nxp-bsp = "mx6ulzevk" -PLATFORM_FLAVOR:mx8mq-nxp-bsp = "mx8mqevk" -PLATFORM_FLAVOR:mx8mm-nxp-bsp = "mx8mmevk" -PLATFORM_FLAVOR:mx8mn-nxp-bsp = "mx8mnevk" -PLATFORM_FLAVOR:mx8mnul-nxp-bsp = "mx8mnevk" -PLATFORM_FLAVOR:mx8mp-nxp-bsp = "mx8mpevk" -PLATFORM_FLAVOR:mx8mpul-nxp-bsp = "mx8mpevk" -PLATFORM_FLAVOR:mx8qm-nxp-bsp = "mx8qmmek" -PLATFORM_FLAVOR:mx8qxp-nxp-bsp = "mx8qxpmek" -PLATFORM_FLAVOR:mx8dx-nxp-bsp = "mx8dxmek" -PLATFORM_FLAVOR:mx8dxl-nxp-bsp = "mx8dxlevk" -PLATFORM_FLAVOR:mx8ulp-nxp-bsp = "mx8ulpevk" -PLATFORM_FLAVOR:mx93-nxp-bsp = "mx93evk" -PLATFORM_FLAVOR:mx95-nxp-bsp = "mx95evk" +do_compile:arm() { + oe_runmake -C ${S} all uTee +} -COMPATIBLE_MACHINE = "(imx-nxp-bsp)" +do_install:append () { + # Install embedded TAs + install -d ${D}${nonarch_base_libdir}/optee_armtz/ + install -m 444 ${B}/ta/*/*.ta ${D}${nonarch_base_libdir}/optee_armtz/ +} + +do_deploy:append() { + cp ${B}/core/tee-raw.bin ${DEPLOYDIR}/${MLPREFIX}optee/tee.${PLATFORM_FLAVOR}.bin + ln -sf ${MLPREFIX}optee/tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/tee.bin +} + +do_deploy:append:arm() { + cp ${B}/core/uTee ${DEPLOYDIR}/${MLPREFIX}optee/uTee-${OPTEE_BIN_EXT} + ln -sf ${MLPREFIX}optee/uTee-${OPTEE_BIN_EXT} ${DEPLOYDIR}/uTee-${OPTEE_BIN_EXT} +} + +FILES:${PN} += "${nonarch_base_libdir}/optee_armtz" diff --git a/recipes-security/optee-imx/optee-os-fslc.inc b/recipes-security/optee-imx/optee-os-fslc.inc index 61906344f..c1f1f48f5 100644 --- a/recipes-security/optee-imx/optee-os-fslc.inc +++ b/recipes-security/optee-imx/optee-os-fslc.inc @@ -1,90 +1,86 @@ -# Copyright (C) 2017-2021,2024 NXP +# Copied from meta-arm/recipes-security/optee/optee-os.inc. +# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L30 + +SUMMARY = "OP-TEE Trusted OS" +DESCRIPTION = "Open Portable Trusted Execution Environment - Trusted side of the TEE" +HOMEPAGE = "https://www.op-tee.org/" -SUMMARY = "OPTEE OS" -DESCRIPTION = "OPTEE OS" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" +inherit deploy python3native require optee-fslc.inc -DEPENDS += "python3-pyelftools-native u-boot-mkimage-native" +CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os" + +DEPENDS = "python3-pyelftools-native python3-cryptography-native" + DEPENDS:append:toolchain-clang = " compiler-rt" -inherit deploy autotools +SRC_URI = "git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https" -# Optee-os can be built for 32 bits and 64 bits at the same time -# as long as the compilers are correctly defined. -# For 64bits, CROSS_COMPILE64 must be set -# When defining CROSS_COMPILE and CROSS_COMPILE64, we assure that -# any 32 or 64 bits builds will pass -EXTRA_OEMAKE += " \ - PLATFORM=imx-${PLATFORM_FLAVOR} \ - CROSS_COMPILE=${HOST_PREFIX} \ - CROSS_COMPILE64=${HOST_PREFIX} \ - CFLAGS32=--sysroot=${STAGING_DIR_HOST} \ - CFLAGS64=--sysroot=${STAGING_DIR_HOST} \ - CFG_TEE_TA_LOG_LEVEL=0 \ - CFG_TEE_CORE_LOG_LEVEL=0 \ -" +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" -EXTRA_OEMAKE:append:imx8mq-lpddr4-wevk = " \ - CFG_CORE_LARGE_PHYS_ADDR=y \ - CFG_CORE_ARM64_PA_BITS=36 \ - CFG_DDR_SIZE=0x100000000 \ - CFG_TZDRAM_START=0xfe000000 \ +EXTRA_OEMAKE += " \ + PLATFORM=${OPTEEMACHINE} \ + CFG_${OPTEE_CORE}_core=y \ + CROSS_COMPILE_core=${HOST_PREFIX} \ + CROSS_COMPILE_ta_${OPTEE_ARCH}=${HOST_PREFIX} \ + NOWERROR=1 \ + ta-targets=ta_${OPTEE_ARCH} \ + O=${B} \ " +EXTRA_OEMAKE += " HOST_PREFIX=${HOST_PREFIX}" +EXTRA_OEMAKE += " CROSS_COMPILE64=${HOST_PREFIX}" LDFLAGS[unexport] = "1" CPPFLAGS[unexport] = "1" AS[unexport] = "1" LD[unexport] = "1" -do_configure[noexec] = "1" - do_compile:prepend() { - PLAT_LIBGCC_PATH=$(${CC} -print-libgcc-file-name) -} - -do_compile:arm () { - oe_runmake all uTee + PLAT_LIBGCC_PATH=$(${CC} -print-libgcc-file-name) } -do_compile:aarch64 () { - oe_runmake all +do_compile() { + oe_runmake -C ${S} all } do_compile[cleandirs] = "${B}" -do_deploy () { - install -d ${DEPLOYDIR} - cp ${B}/core/tee-raw.bin ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin - ln -sf tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/tee.bin -} +do_install() { + #install core in firmware + install -d ${D}${nonarch_base_libdir}/firmware/ + install -m 644 ${B}/core/*.bin ${B}/core/tee.elf ${D}${nonarch_base_libdir}/firmware/ -do_deploy:append:arm () { - cp ${B}/core/uTee ${DEPLOYDIR}/uTee-${OPTEE_BIN_EXT} + #install tas in optee_armtz + install -d ${D}${nonarch_base_libdir}/optee_armtz/ + install -m 444 ${B}/ta/*/*.ta ${D}${nonarch_base_libdir}/optee_armtz } -do_install () { - install -d ${D}${nonarch_base_libdir}/firmware/ - install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ +PACKAGE_ARCH = "${MACHINE_ARCH}" - # Install embedded TAs - install -d ${D}${nonarch_base_libdir}/optee_armtz/ - install -m 444 ${B}/ta/*/*.ta ${D}${nonarch_base_libdir}/optee_armtz/ +do_deploy() { + install -d ${DEPLOYDIR}/${MLPREFIX}optee + install -m 644 ${D}${nonarch_base_libdir}/firmware/* ${DEPLOYDIR}/${MLPREFIX}optee - # Install the TA devkit - install -d ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ - cp -aR ${B}/export-ta_${OPTEE_ARCH}/* \ - ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ + install -d ${DEPLOYDIR}/${MLPREFIX}optee/ta + install -m 644 ${B}/ta/*/*.elf ${DEPLOYDIR}/${MLPREFIX}optee/ta } -addtask deploy after do_compile before do_install +addtask deploy before do_build after do_install -FILES:${PN} = "${nonarch_base_libdir}/firmware/ ${nonarch_base_libdir}/optee_armtz/" -FILES:${PN}-staticdev = "${includedir}/optee/" -RDEPENDS:${PN}-dev += "${PN}-staticdev" +SYSROOT_DIRS += "${nonarch_base_libdir}/firmware" -# FIXME: Build paths are currently embedded -INSANE_SKIP:${PN}-staticdev += "buildpaths" +PACKAGES += "${PN}-ta" +FILES:${PN} = "${nonarch_base_libdir}/firmware/" +FILES:${PN}-ta = "${nonarch_base_libdir}/optee_armtz/*" + + +# note: "textrel" is not triggered on all archs +INSANE_SKIP:${PN} = "textrel" +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths" +INSANE_SKIP:${PN}-dev = "staticdev" +INHIBIT_PACKAGE_STRIP = "1" -PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/recipes-security/optee-imx/optee-os-tadevkit-fslc-imx.inc b/recipes-security/optee-imx/optee-os-tadevkit-fslc-imx.inc new file mode 100644 index 000000000..18cf9a374 --- /dev/null +++ b/recipes-security/optee-imx/optee-os-tadevkit-fslc-imx.inc @@ -0,0 +1,27 @@ +# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-os-tadevkit-imx.inc. +# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L37 + +require optee-os-common-fslc-imx.inc + +SUMMARY = "OP-TEE Trusted OS TA devkit" +DESCRIPTION = "OP-TEE TA devkit for build TAs" +HOMEPAGE = "https://www.op-tee.org/" + +DEPENDS += "python3-pycryptodome-native" + +do_install() { + #install TA devkit + install -d ${D}${includedir}/optee/export-user_ta/ + for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do + cp -aR $f ${D}${includedir}/optee/export-user_ta/ + done +} + +do_deploy() { + echo "Do not inherit do_deploy from optee-os." +} + +FILES:${PN} = "${includedir}/optee/" + +# Build paths are currently embedded +INSANE_SKIP:${PN}-dev += "buildpaths" diff --git a/recipes-security/optee-imx/optee-os-tadevkit_4.4.0.imx.bb b/recipes-security/optee-imx/optee-os-tadevkit_4.4.0.imx.bb new file mode 100644 index 000000000..bb2e2cf6b --- /dev/null +++ b/recipes-security/optee-imx/optee-os-tadevkit_4.4.0.imx.bb @@ -0,0 +1,4 @@ +require optee-os-tadevkit-fslc-imx.inc + +SRCBRANCH = "lf-6.6.52_2.2.0" +SRCREV = "60beb308810f9561a67fdb435388a64c85eb6dcb" diff --git a/recipes-security/optee-imx/optee-os/0007-allow-setting-sysroot-for-clang.patch b/recipes-security/optee-imx/optee-os/0007-allow-setting-sysroot-for-clang.patch new file mode 100644 index 000000000..067ba6ebf --- /dev/null +++ b/recipes-security/optee-imx/optee-os/0007-allow-setting-sysroot-for-clang.patch @@ -0,0 +1,30 @@ +From db9e44af75c7cfd3316cab15aaa387383df3e57e Mon Sep 17 00:00:00 2001 +From: Brett Warren +Date: Wed, 23 Sep 2020 09:27:34 +0100 +Subject: [PATCH] optee: enable clang support + +When compiling with clang, the LIBGCC_LOCATE_CFLAG variable used +to provide a sysroot wasn't included, which results in not locating +compiler-rt. This is mitigated by including the variable as ammended. + +Upstream-Status: Pending +ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701 +Signed-off-by: Brett Warren + +--- + mk/clang.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/mk/clang.mk b/mk/clang.mk +index c141a3f2..7d067cc0 100644 +--- a/mk/clang.mk ++++ b/mk/clang.mk +@@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ + + # Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of + # libgcc for clang +-libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \ ++libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \ + -rtlib=compiler-rt -print-libgcc-file-name 2> /dev/null) + + # Core ASLR relies on the executable being ready to run from its preferred load diff --git a/recipes-security/optee-imx/optee-os_4.2.0.imx.bb b/recipes-security/optee-imx/optee-os_4.2.0.imx.bb deleted file mode 100644 index 11da204e9..000000000 --- a/recipes-security/optee-imx/optee-os_4.2.0.imx.bb +++ /dev/null @@ -1,10 +0,0 @@ -# Copyright 2017-2024 NXP - -require optee-os-fslc-imx.inc - -SRC_URI += " \ - file://0001-core-Define-section-attributes-for-clang.patch \ - file://0002-optee-enable-clang-support.patch \ -" -SRCBRANCH = "lf-6.6.36_2.1.0" -SRCREV = "612bc5a642a4608d282abeee2349d86de996d7ee" diff --git a/recipes-security/optee-imx/optee-os_4.4.0.imx.bb b/recipes-security/optee-imx/optee-os_4.4.0.imx.bb new file mode 100644 index 000000000..5ff12a599 --- /dev/null +++ b/recipes-security/optee-imx/optee-os_4.4.0.imx.bb @@ -0,0 +1,10 @@ +# Copyright 2017-2024 NXP + +require optee-os-fslc-imx.inc + +SRC_URI += " \ + file://0001-core-Define-section-attributes-for-clang.patch \ + file://0002-optee-enable-clang-support.patch \ +" +SRCBRANCH = "lf-6.6.52_2.2.0" +SRCREV = "60beb308810f9561a67fdb435388a64c85eb6dcb" diff --git a/recipes-security/optee-imx/optee-test-fslc-imx.inc b/recipes-security/optee-imx/optee-test-fslc-imx.inc new file mode 100644 index 000000000..ab16fd221 --- /dev/null +++ b/recipes-security/optee-imx/optee-test-fslc-imx.inc @@ -0,0 +1,18 @@ +# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-test-imx.inc. +# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L37 + +require optee-test-fslc.inc + +DEPENDS += "openssl" + +FILESEXTRAPATHS:prepend := "${THISDIR}/optee-test:" + +SRC_URI:remove = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https" +SRC_URI:prepend = "${OPTEE_TEST_SRC};branch=${SRCBRANCH} " + +OPTEE_TEST_SRC ?= "git://github.com/nxp-imx/imx-optee-test.git;protocol=https" + +EXTRA_OEMAKE:append:libc-musl = " OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}" +CFLAGS:append:libc-musl = " -Wno-error=deprecated-declarations" + +COMPATIBLE_MACHINE = "(imx-nxp-bsp)" diff --git a/recipes-security/optee-imx/optee-test-fslc.inc b/recipes-security/optee-imx/optee-test-fslc.inc index e0c133a7c..0fb5f878a 100644 --- a/recipes-security/optee-imx/optee-test-fslc.inc +++ b/recipes-security/optee-imx/optee-test-fslc.inc @@ -1,38 +1,65 @@ -# Copyright (C) 2017-2021 NXP +# Copied from meta-arm/recipes-security/optee/optee-test.inc. +# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L30 + +SUMMARY = "OP-TEE sanity testsuite" +DESCRIPTION = "Open Portable Trusted Execution Environment - Test suite" +HOMEPAGE = "https://www.op-tee.org/" -SUMMARY = "OPTEE test" LICENSE = "BSD-2-Clause & GPL-2.0-only" LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" +inherit python3native ptest +inherit deploy require optee-fslc.inc -DEPENDS += "optee-os optee-client openssl" +DEPENDS = "optee-client optee-os-tadevkit python3-cryptography-native openssl" + +SRC_URI = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \ + file://run-ptest \ + " + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" -EXTRA_OEMAKE += " \ - TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_${OPTEE_ARCH}/ \ - CROSS_COMPILE_HOST=${HOST_PREFIX} \ - CROSS_COMPILE_TA=${HOST_PREFIX} \ - CROSS_COMPILE=${HOST_PREFIX} \ -" +EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ + OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR} \ + CROSS_COMPILE_HOST=${HOST_PREFIX} \ + CROSS_COMPILE_TA=${HOST_PREFIX} \ + O=${B} \ + " + +CFLAGS += "-Wno-error=deprecated-declarations" do_compile() { - oe_runmake all + cd ${S} + # Top level makefile doesn't seem to handle parallel make gracefully + oe_runmake xtest + oe_runmake ta + oe_runmake test_plugin } do_compile[cleandirs] = "${B}" do_install () { - install -d ${D}${bindir} - install ${B}/xtest/xtest ${D}${bindir} + install -D -p -m0755 ${B}/xtest/xtest ${D}${bindir}/xtest - install -d ${D}${nonarch_base_libdir}/optee_armtz - find ${B}/ta -name '*.ta' | while read name; do - install -m 444 $name ${D}${nonarch_base_libdir}/optee_armtz/ - done + # install path should match the value set in optee-client/tee-supplicant + # default TEEC_LOAD_PATH is /lib + mkdir -p ${D}${nonarch_base_libdir}/optee_armtz/ + install -D -p -m0444 ${B}/ta/*/*.ta ${D}${nonarch_base_libdir}/optee_armtz/ + mkdir -p ${D}${libdir}/tee-supplicant/plugins + install -D -p -m0444 ${B}/supp_plugin/*.plugin ${D}${libdir}/tee-supplicant/plugins/ +} - install -d ${D}${libdir}/tee-supplicant/plugins/ - install ${B}/supp_plugin/*plugin ${D}${libdir}/tee-supplicant/plugins/ +do_deploy () { + install -d ${DEPLOYDIR}/${MLPREFIX}optee/ta + install -m 644 ${B}/ta/*/*.elf ${DEPLOYDIR}/${MLPREFIX}optee/ta } -FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/ ${libdir}/tee-supplicant/plugins/" +addtask deploy before do_build after do_install + +FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/ \ + ${libdir}/tee-supplicant/plugins/ \ + " -RDEPENDS:${PN} = "optee-os" +# Imports machine specific configs from staging to build +PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/recipes-security/optee-imx/optee-test/run-ptest b/recipes-security/optee-imx/optee-test/run-ptest new file mode 100644 index 000000000..ba88c14d3 --- /dev/null +++ b/recipes-security/optee-imx/optee-test/run-ptest @@ -0,0 +1,52 @@ +#!/bin/sh +xtest | awk ' + + # Escapes the special characters in a string so that, when + # included in a regex, it represents a literal match + function regx_escape_literal(str, ret) { + ret = str + gsub(/[\[\]\^\$\.\*\?\+\{\}\\\(\)\|]/ , "\\\\&", str) + return str + } + + # Returns the simple test formatted name + function name(n, ret) { + ret = n + gsub(/\./, " ", ret) + return ret + } + + # Returns the simple test formatted result + function result(res) { + if(res ~ /OK/) { + return "PASS" + } else if(res ~ /FAILED/) { + return "FAIL" + } + } + + function parse(name, description, has_subtests, result_line) { + has_subtests = 0 + + # Consume every line up to the result line + result_line = " " regx_escape_literal(name) " (OK|FAILED)" + do { + getline + + # If this is a subtest (denoted by an "o" bullet) then subparse + if($0 ~ /^o /) { + parse($2, description " : " substr($0, index($0, $3))) + has_subtests = 1 + } + } while ($0 !~ result_line) + + # Only print the results for the deepest nested subtests + if(!has_subtests) { + print result($2) ": " name(name) " - " description + } + } + + # Start parsing at the beginning of every test (denoted by a "*" bullet) + /^\* / { parse($2, substr($0, index($0, $3))) } + +' diff --git a/recipes-security/optee-imx/optee-test_4.2.0.imx.bb b/recipes-security/optee-imx/optee-test_4.2.0.imx.bb deleted file mode 100644 index e2cf40e93..000000000 --- a/recipes-security/optee-imx/optee-test_4.2.0.imx.bb +++ /dev/null @@ -1,10 +0,0 @@ -# Copyright 2017-2024 NXP - -require optee-test-fslc.inc - -SRC_URI = "git://github.com/nxp-imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH}" - -SRCBRANCH = "lf-6.6.36_2.1.0" -SRCREV = "5b52b48a73b4cc3f228ec66ae6cf9920897bb2e6" - -COMPATIBLE_MACHINE = "(imx-nxp-bsp)" diff --git a/recipes-security/optee-imx/optee-test_4.4.0.imx.bb b/recipes-security/optee-imx/optee-test_4.4.0.imx.bb new file mode 100644 index 000000000..b4ac12714 --- /dev/null +++ b/recipes-security/optee-imx/optee-test_4.4.0.imx.bb @@ -0,0 +1,13 @@ +# Copyright 2017-2024 NXP + +require optee-test-fslc-imx.inc + +# The BSD and GPL license files are now included in the source +# https://github.com/OP-TEE/optee_test/commit/a748f5fcd9ec8a574dc86a5aa56d05bc6ac174e7 +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a8fa504109e4cd7ea575bc49ea4be560 \ + file://LICENSE-BSD;md5=dca16d6efa93b55d0fd662ae5cd6feeb \ + file://LICENSE-GPL;md5=10e86b5d2a6cb0e2b9dcfdd26a9ac58d" + + +SRCBRANCH = "lf-6.6.52_2.2.0" +SRCREV = "dafc98ed8364d7281a9a7f0788dd0a2067844a59" -- cgit v1.2.3-54-g00ecf