From cc117ffabd78df729e427e5e90a5e7a434a29cf1 Mon Sep 17 00:00:00 2001 From: Oleksandr Suvorov Date: Fri, 6 Jan 2023 11:17:58 +0200 Subject: optee: Upgrade 3.17.0.imx to 3.19.0.imx NXP BSP lf-5.15.71_2.2.0 uses op-tee 3.19.0.imx. Upgrade optee-os, optee-client, and optee-test accordingly. Add missed support for imx93evk platform. Relevant changes for optee-os: - 00919403f LF-7525 drivers: dcp: do not modify DCP node status in the DTB - 842961521 core: mm: fix error flushing unused pgt's - 96d9b4c19 libutils: util.h: fix the ROUNDUP_OVERFLOW() macro - 2885fd08e LFOPTEE-203 drivers: ele: align HUK output buffer - 7e41f6603 drivers: imx_ele: add HUK support for imx93 - ab1525d14 core: imx: remove SC_IPC_BASE_SECURE definition - 382a7ae57 LFOPTEE-181 drivers: imx_ele: re-work imx_ele_session_get_device_info() - b27da7b0d LFOPTEE-181 drivers: imx_ele: remove RNG support for 8ulp A0 - 4a9f3e387 LFOPTEE-181 drivers: imx_ele: add MU infos for imx93 - 8c4caec41 LFOPTEE-181 core: imx: enable MU and ELE drivers for imx93 - f5bc45d6d LFOPTEE-181 core: imx: add MU_BASE and MU_SIZE for imx93 - b19786dfb LFOPTEE-181 drivers: imx_mu: add support for imx93 - 4c598c905 core: imx_ele: remove addition of word for CRC - 9f9fb3899 LFU-368: core: imx93: enable trusted_keys as early TA - 23889478f LFU-368: core: imx: enabled dynamic share memory for i.MX93 Relevant changes in optee-client: - 644022f teeacl: fix include path - 140bf46 libckteec: Add EDDSA attribute serialization - 1fc38c6 libteeacl: Add function to resolve name to gid_t - 1560582 libteeacl: function to encode a group login UUID - e58b158 libteeacl: Add new ACL helper library - 5364e61 tee-supplicant: read rpmb dev info from sysfs - a46239c tee-supplicant: android: make RPMB_EMU a conditional assignment - 30abe6c cmake: Use separate generator expression for lib targets - f2755fe cmake: Don't set teec include_directory from libseteec - 1dcb80a Use CMake project command to set version - 492410d tee-supplicant: -d: return after TEE device is opened - d59ed2d cmake: fix log level don't take effect - e7cba71 tee-supplicant: fs: use errno instead of returning TEEC_ERROR_GENERIC - f7ed8e3 tee-supplicant: support multiple TA load paths - a5c30b1 Makefile: Makefile: only preserve links when installing output files - dc58de2 tee-supplicant: close shm fd before freeing memory - f2a7c94 tee-supplicant/src/tee_supplicant.c: fix build without plugins Relevant changes in optee-test: - 5c1dbb5 LFOPTEE-129 Make MP test use embedded crypto instead of openssl - 661a7b3 LFOPTEE-131 Fix ta_keygen compilation warnings - 6fcbcb1 LFOPTEE-123 Reset the handle when freed - 980dbbb LFOPTEE-123 Handle benchmark logging for key generation measures - ebf619a LFOPTEE-95 Add performance measure of key generation - 28ba903 LFOPTEE-93 Check MP is functional - d7f6c03 LFOPTEE-84 xtest: Add test of MP feature - d928ce2 LFOPTEE-84 ta: Add test of MP - b060fc4 MMIOT-789 xtest: crypto_perf: fix resource leak in read_random - f9d2ab0 TEE-641 regression_nxp: add AES CTR in place tests - dd158a7 LFOPTEE-65 xtest: add DIGPROG tests - e1492fa LFOPTEE-65 xtest: add OCOTP tests - c520c98 YOCIMX-5658 regression_nxp: replace malloc() calls with calloc() calls - 09dbac1 LFOPTEE-55: crypto-perf: RSA: Fix for RSA Encryption/Decryption error - 63dcd10 LFOPTEE-55: crypto-perf: add domain parameters for dsa - c88fb78 LFOPTEE-55: crypto-perf: DH: Remove non-essential attributes passed during key generation - b7b285a LFOPTEE-55: crypto-perf: ta: ECDSA, ECDH: Remove non-essential attributes passed during key generation - 8350e03 LFOPTEE-55: crypto-perf: xtest: ECDH: RoundUp key size - 7a9c375 LFOPTEE-39 regression_nxp: Add test of DEK blob generation - 61e5ede MMIOT-723 regression_nxp: crypto: Fixing memory corruption in nxp_crypto_003 - 7d9ff08 LFOPTEE-17: xtest: regression_nxp: add test case for I2C driver testing - 6ae8e95 xtest: enable PKCS11 tests - 35173ba regression_nxp: enable CFG_REGRESSION_NXP flag - cfb6e7b LFOPTEE-16: fix warning where uint32_t is expected - a740498 LFOPTEE-16: fix trace compilation warnings - 0fa4d73 LFOPTEE-13 crypto-perf: fix command line algorithm search - 6a28f3c LFOPTEE-13 crypto-perf: fix compilation warnings - e78f18d TEE-127 CAAM Crypto Performance - 5ec9bce TEE-606 xtest: define a 'regression_nxp' test suite in xtest - e562b26 TEE-606 xtest: add CFG_REGRESSION_NXP flag - d9d73a8 TEE-367 crypto: cipher memory leakage verification - f3e776b TEE-548 regression_nxp: Cipher operation with a big buffer - 5312feb TEE-577 regression_nxp: AES CTR streaming byte per byte - 6df2c3f TEE-418 regression_nxp: add cipher streaming byte incremental - ab9863c Add ED25519 test cases - eb3d01f xtest: Add FF-A memory test - 252faa9 xtest: SPMC Add basic test - 13cce36 xtest: remove ADBG_REQUIRE* macros - d9d269e xtest: fix compilation issue - 2055d75 xtest: fix compilation issue - c7f733c xtest: fix compilation issue - d09b43b host: supp_plugin: fix cross compilation - da5282a sdp: Add dmabuf support - 366179c regression 4007_x25519: do not fail if X25519 is not supported - 00b3f2c Add x25519 test cases Signed-off-by: Oleksandr Suvorov (cherry picked from commit 667a28c32f118ca64cbc88eaea9dcc2fa2a4cd1c) --- conf/machine/include/imx-base.inc | 6 +- .../optee-imx/optee-client_3.17.0.imx.bb | 46 --------- .../optee-imx/optee-client_3.19.0.imx.bb | 48 +++++++++ .../optee-os/0008-no-warn-rwx-segments.patch | 64 ------------ recipes-security/optee-imx/optee-os_3.17.0.imx.bb | 115 --------------------- recipes-security/optee-imx/optee-os_3.19.0.imx.bb | 110 ++++++++++++++++++++ .../optee-imx/optee-test_3.17.0.imx.bb | 62 ----------- .../optee-imx/optee-test_3.19.0.imx.bb | 62 +++++++++++ 8 files changed, 223 insertions(+), 290 deletions(-) delete mode 100644 recipes-security/optee-imx/optee-client_3.17.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-client_3.19.0.imx.bb delete mode 100644 recipes-security/optee-imx/optee-os/0008-no-warn-rwx-segments.patch delete mode 100644 recipes-security/optee-imx/optee-os_3.17.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-os_3.19.0.imx.bb delete mode 100644 recipes-security/optee-imx/optee-test_3.17.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-test_3.19.0.imx.bb diff --git a/conf/machine/include/imx-base.inc b/conf/machine/include/imx-base.inc index b2d8ddf16..426d66a83 100644 --- a/conf/machine/include/imx-base.inc +++ b/conf/machine/include/imx-base.inc @@ -500,9 +500,9 @@ PREFERRED_VERSION_vulkan-loader:imxvulkan ??= "1.2.182.0" PREFERRED_VERSION_vulkan-tools:imxvulkan ??= "1.2.182.0" # Use i.MX optee Version -PREFERRED_VERSION_optee-os:mx8-nxp-bsp ??= "3.17.0.imx" -PREFERRED_VERSION_optee-client:mx8-nxp-bsp ??= "3.17.0.imx" -PREFERRED_VERSION_optee-test:mx8-nxp-bsp ??= "3.17.0.imx" +PREFERRED_VERSION_optee-os:mx8-nxp-bsp ??= "3.19.0.imx" +PREFERRED_VERSION_optee-client:mx8-nxp-bsp ??= "3.19.0.imx" +PREFERRED_VERSION_optee-test:mx8-nxp-bsp ??= "3.19.0.imx" #Use i.MX opencv Version for mx8 PREFERRED_VERSION_opencv:mx8-nxp-bsp ??= "4.6.0.imx" diff --git a/recipes-security/optee-imx/optee-client_3.17.0.imx.bb b/recipes-security/optee-imx/optee-client_3.17.0.imx.bb deleted file mode 100644 index 6f0435fef..000000000 --- a/recipes-security/optee-imx/optee-client_3.17.0.imx.bb +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright (C) 2017-2021 NXP - -SUMMARY = "OPTEE Client libs" -HOMEPAGE = "http://www.optee.org/" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" - -SRC_URI = " \ - git://github.com/nxp-imx/imx-optee-client.git;protocol=https;branch=${SRCBRANCH} \ - file://tee-supplicant.service" -SRCBRANCH = "lf-5.15.52_2.1.0" -SRCREV = "9d8f1903bbea3a1e631c8d26ee51c37020569312" - -S = "${WORKDIR}/git" -B = "${WORKDIR}/build" - -inherit python3native systemd features_check - -REQUIRED_MACHINE_FEATURES = "optee" - -SYSTEMD_SERVICE:${PN} = "tee-supplicant.service" - -EXTRA_OEMAKE = " \ - -C ${S} O=${B} \ -" - -do_install () { - oe_runmake -C ${S} install - - install -D -p -m0644 ${B}/export/usr/lib/libteec.so.1.0.0 ${D}${libdir}/libteec.so.1.0.0 - ln -sf libteec.so.1.0.0 ${D}${libdir}/libteec.so.1 - ln -sf libteec.so.1.0.0 ${D}${libdir}/libteec.so - - install -D -p -m0644 ${B}/export/usr/lib/libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0.1.0 - ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0 - ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so - - install -D -p -m0755 ${B}/export/usr/sbin/tee-supplicant ${D}${bindir}/tee-supplicant - - cp -a ${B}/export/usr/include ${D}${includedir} - - sed -i -e s:/etc:${sysconfdir}:g -e s:/usr/bin:${bindir}:g ${WORKDIR}/tee-supplicant.service - install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service -} - -COMPATIBLE_MACHINE = "(imx-nxp-bsp)" diff --git a/recipes-security/optee-imx/optee-client_3.19.0.imx.bb b/recipes-security/optee-imx/optee-client_3.19.0.imx.bb new file mode 100644 index 000000000..b0fb9178c --- /dev/null +++ b/recipes-security/optee-imx/optee-client_3.19.0.imx.bb @@ -0,0 +1,48 @@ +# Copyright (C) 2017-2021 NXP + +SUMMARY = "OPTEE Client libs" +HOMEPAGE = "http://www.optee.org/" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" + +SRC_URI = " \ + git://github.com/nxp-imx/imx-optee-client.git;protocol=https;branch=${SRCBRANCH} \ + file://tee-supplicant.service" +SRCBRANCH = "lf-5.15.71_2.2.0" +SRCREV = "644022f8970c832a40be00747fcec70c7b5d488c" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +inherit python3native systemd features_check pkgconfig + +DEPENDS = "util-linux-libuuid" + +REQUIRED_MACHINE_FEATURES = "optee" + +SYSTEMD_SERVICE:${PN} = "tee-supplicant.service" + +EXTRA_OEMAKE = " \ + -C ${S} O=${B} \ +" + +do_install () { + oe_runmake -C ${S} install + + install -D -p -m0644 ${B}/export/usr/lib/libteec.so.1.0.0 ${D}${libdir}/libteec.so.1.0.0 + ln -sf libteec.so.1.0.0 ${D}${libdir}/libteec.so.1 + ln -sf libteec.so.1.0.0 ${D}${libdir}/libteec.so + + install -D -p -m0644 ${B}/export/usr/lib/libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0.1.0 + ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0 + ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so + + install -D -p -m0755 ${B}/export/usr/sbin/tee-supplicant ${D}${bindir}/tee-supplicant + + cp -a ${B}/export/usr/include ${D}${includedir} + + sed -i -e s:/etc:${sysconfdir}:g -e s:/usr/bin:${bindir}:g ${WORKDIR}/tee-supplicant.service + install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service +} + +COMPATIBLE_MACHINE = "(imx-nxp-bsp)" diff --git a/recipes-security/optee-imx/optee-os/0008-no-warn-rwx-segments.patch b/recipes-security/optee-imx/optee-os/0008-no-warn-rwx-segments.patch deleted file mode 100644 index 1dd70b312..000000000 --- a/recipes-security/optee-imx/optee-os/0008-no-warn-rwx-segments.patch +++ /dev/null @@ -1,64 +0,0 @@ -Signed-off-by: Anton Antonov -Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] - -From 0b8a917fa51a366806edc0f04b88cd23b24098c4 Mon Sep 17 00:00:00 2001 -From: Jerome Forissier -Date: Fri, 5 Aug 2022 09:48:03 +0200 -Subject: [PATCH] core: link: add --no-warn-rwx-segments - -binutils ld.bfd generates one RWX LOAD segment by merging several sections -with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it -also warns by default when that happens [1], which breaks the build due to ---fatal-warnings. The RWX segment is not a problem for the TEE core, since -that information is not used to set memory permissions. Therefore, silence -the warning. - -Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 -Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 -Reported-by: Dominique Martinet -Signed-off-by: Jerome Forissier -Acked-by: Jens Wiklander ---- - core/arch/arm/kernel/link.mk | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index 7eed333a32..c39d43cbfc 100644 ---- a/core/arch/arm/kernel/link.mk -+++ b/core/arch/arm/kernel/link.mk -@@ -31,6 +31,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map - link-ldflags += --sort-section=alignment - link-ldflags += --fatal-warnings - link-ldflags += --gc-sections -+link-ldflags += $(call ld-option,--no-warn-rwx-segments) - - link-ldadd = $(LDADD) - link-ldadd += $(ldflags-external) -@@ -55,6 +56,7 @@ link-script-cppflags := \ - $(cppflagscore)) - - ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \ -+ $(call ld-option,--no-warn-rwx-segments) \ - $(link-objs) $(link-ldadd) $(libgcccore) - cleanfiles += $(link-out-dir)/all_objs.o - $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST) -@@ -67,7 +69,8 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o - $(q)$(NMcore) $< | \ - $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@ - --unpaged-ldargs = -T $(link-script-dummy) --no-check-sections --gc-sections -+unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ -+ $(call ld-option,--no-warn-rwx-segments) - unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore) - cleanfiles += $(link-out-dir)/unpaged.o - $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt -@@ -95,7 +98,8 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o - $(q)$(NMcore) $< | \ - $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@ - --init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections -+init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ -+ $(call ld-option,--no-warn-rwx-segments) - init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \ - $(libgcccore) - cleanfiles += $(link-out-dir)/init.o diff --git a/recipes-security/optee-imx/optee-os_3.17.0.imx.bb b/recipes-security/optee-imx/optee-os_3.17.0.imx.bb deleted file mode 100644 index f759e40cd..000000000 --- a/recipes-security/optee-imx/optee-os_3.17.0.imx.bb +++ /dev/null @@ -1,115 +0,0 @@ -# Copyright (C) 2017-2021 NXP - -SUMMARY = "OPTEE OS" -DESCRIPTION = "OPTEE OS" -HOMEPAGE = "http://www.optee.org/" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" - -DEPENDS = "python3-cryptography-native python3-pyelftools-native u-boot-mkimage-native" - -SRC_URI = "git://github.com/nxp-imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH}" -SRCBRANCH = "lf-5.15.52_2.1.0" -SRCREV = "9e86c8b6b102efa09ada451d0383ea3d11f8fad6" - -SRC_URI:append = " \ - file://0008-no-warn-rwx-segments.patch \ - " - -S = "${WORKDIR}/git" -B = "${WORKDIR}/build" - -inherit deploy python3native autotools features_check - -REQUIRED_MACHINE_FEATURES = "optee" - -# The platform flavor corresponds to the Yocto machine without the leading 'i'. -PLATFORM_FLAVOR = "${@d.getVar('MACHINE')[1:]}" -PLATFORM_FLAVOR:imx6qdlsabresd = "mx6qsabresd" -PLATFORM_FLAVOR:imx6qdlsabreauto = "mx6qsabreauto" -PLATFORM_FLAVOR:imx6qpdlsolox = "mx6qsabresd" -PLATFORM_FLAVOR:mx6ul-nxp-bsp = "mx6ulevk" -PLATFORM_FLAVOR:mx6ull-nxp-bsp = "mx6ullevk" -PLATFORM_FLAVOR:mx6ulz-nxp-bsp = "mx6ulzevk" -PLATFORM_FLAVOR:mx8mq-nxp-bsp = "mx8mqevk" -PLATFORM_FLAVOR:mx8mm-nxp-bsp = "mx8mmevk" -PLATFORM_FLAVOR:mx8mn-nxp-bsp = "mx8mnevk" -PLATFORM_FLAVOR:mx8mnul-nxp-bsp = "mx8mnevk" -PLATFORM_FLAVOR:mx8mp-nxp-bsp = "mx8mpevk" -PLATFORM_FLAVOR:mx8mpul-nxp-bsp = "mx8mpevk" -PLATFORM_FLAVOR:mx8qm-nxp-bsp = "mx8qmmek" -PLATFORM_FLAVOR:mx8qxp-nxp-bsp = "mx8qxpmek" -PLATFORM_FLAVOR:mx8dx-nxp-bsp = "mx8dxmek" -PLATFORM_FLAVOR:mx8dxl-nxp-bsp = "mx8dxlevk" -PLATFORM_FLAVOR:mx8ulp-nxp-bsp = "mx8ulpevk" - -OPTEE_ARCH:arm = "arm32" -OPTEE_ARCH:aarch64 = "arm64" - -# Optee-os can be built for 32 bits and 64 bits at the same time -# as long as the compilers are correctly defined. -# For 64bits, CROSS_COMPILE64 must be set -# When defining CROSS_COMPILE and CROSS_COMPILE64, we assure that -# any 32 or 64 bits builds will pass -EXTRA_OEMAKE = " \ - PLATFORM=imx-${PLATFORM_FLAVOR} \ - CROSS_COMPILE=${HOST_PREFIX} \ - CROSS_COMPILE64=${HOST_PREFIX} \ - CFG_TEE_TA_LOG_LEVEL=0 \ - CFG_TEE_CORE_LOG_LEVEL=0 \ - OPENSSL_MODULES=${STAGING_LIBDIR_NATIVE}/ossl-modules \ - -C ${S} O=${B} \ -" - -LDFLAGS[unexport] = "1" -CFLAGS += "--sysroot=${STAGING_DIR_HOST}" -CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" - -do_configure[noexec] = "1" - -do_compile:arm () { - oe_runmake all uTee -} - -do_compile:aarch64 () { - oe_runmake all -} -do_compile[cleandirs] = "${B}" - -do_deploy () { - install -d ${DEPLOYDIR} - cp ${B}/core/tee-raw.bin ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin - ln -sf tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/tee.bin -} - -do_deploy:append:arm () { - cp ${B}/core/uTee ${DEPLOYDIR}/uTee-${OPTEE_BIN_EXT} -} - -do_install () { - install -d ${D}${nonarch_base_libdir}/firmware/ - install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ - - # Install the TA devkit - install -d ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ - for f in ${B}/export-ta_${OPTEE_ARCH}/*; do - cp -aR $f ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ - done - - # Install embedded TAs - install -d ${D}${nonarch_base_libdir}/optee_armtz - find ${B}/ta -name '*.ta' | while read name; do - install -m 444 $name ${D}${nonarch_base_libdir}/optee_armtz/ - done -} - -addtask deploy after do_compile before do_install - -FILES:${PN} = "${nonarch_base_libdir}/firmware/ ${nonarch_base_libdir}/optee_armtz/" -FILES:${PN}-staticdev = "${includedir}/optee/" -RDEPENDS:${PN}-dev += "${PN}-staticdev" - -PACKAGE_ARCH = "${MACHINE_ARCH}" -COMPATIBLE_MACHINE = "(imx-nxp-bsp)" - -TOOLCHAIN = "gcc" diff --git a/recipes-security/optee-imx/optee-os_3.19.0.imx.bb b/recipes-security/optee-imx/optee-os_3.19.0.imx.bb new file mode 100644 index 000000000..9e491bac4 --- /dev/null +++ b/recipes-security/optee-imx/optee-os_3.19.0.imx.bb @@ -0,0 +1,110 @@ +# Copyright (C) 2017-2021 NXP + +SUMMARY = "OPTEE OS" +DESCRIPTION = "OPTEE OS" +HOMEPAGE = "http://www.optee.org/" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" + +DEPENDS = "python3-pyelftools-native u-boot-mkimage-native \ + python3-cryptography-native" + +SRC_URI = "git://github.com/nxp-imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH}" +SRCBRANCH = "lf-5.15.71_2.2.0" +SRCREV = "00919403f040fad4f8603e605932281ff8451b1d" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +inherit deploy python3native autotools features_check + +REQUIRED_MACHINE_FEATURES = "optee" + +# The platform flavor corresponds to the Yocto machine without the leading 'i'. +PLATFORM_FLAVOR = "${@d.getVar('MACHINE')[1:]}" +PLATFORM_FLAVOR:imx6qdlsabresd = "mx6qsabresd" +PLATFORM_FLAVOR:imx6qdlsabreauto = "mx6qsabreauto" +PLATFORM_FLAVOR:imx6qpdlsolox = "mx6qsabresd" +PLATFORM_FLAVOR:mx6ul-nxp-bsp = "mx6ulevk" +PLATFORM_FLAVOR:mx6ull-nxp-bsp = "mx6ullevk" +PLATFORM_FLAVOR:mx6ulz-nxp-bsp = "mx6ulzevk" +PLATFORM_FLAVOR:mx8mq-nxp-bsp = "mx8mqevk" +PLATFORM_FLAVOR:mx8mm-nxp-bsp = "mx8mmevk" +PLATFORM_FLAVOR:mx8mn-nxp-bsp = "mx8mnevk" +PLATFORM_FLAVOR:mx8mnul-nxp-bsp = "mx8mnevk" +PLATFORM_FLAVOR:mx8mp-nxp-bsp = "mx8mpevk" +PLATFORM_FLAVOR:mx8mpul-nxp-bsp = "mx8mpevk" +PLATFORM_FLAVOR:mx8qm-nxp-bsp = "mx8qmmek" +PLATFORM_FLAVOR:mx8qxp-nxp-bsp = "mx8qxpmek" +PLATFORM_FLAVOR:mx8dx-nxp-bsp = "mx8dxmek" +PLATFORM_FLAVOR:mx8dxl-nxp-bsp = "mx8dxlevk" +PLATFORM_FLAVOR:mx8ulp-nxp-bsp = "mx8ulpevk" +PLATFORM_FLAVOR:mx93-nxp-bsp = "mx93evk" + +OPTEE_ARCH:arm = "arm32" +OPTEE_ARCH:aarch64 = "arm64" + +# Optee-os can be built for 32 bits and 64 bits at the same time +# as long as the compilers are correctly defined. +# For 64bits, CROSS_COMPILE64 must be set +# When defining CROSS_COMPILE and CROSS_COMPILE64, we assure that +# any 32 or 64 bits builds will pass +EXTRA_OEMAKE = " \ + PLATFORM=imx-${PLATFORM_FLAVOR} \ + CROSS_COMPILE=${HOST_PREFIX} \ + CROSS_COMPILE64=${HOST_PREFIX} \ + CFG_TEE_TA_LOG_LEVEL=0 \ + CFG_TEE_CORE_LOG_LEVEL=0 \ + OPENSSL_MODULES=${STAGING_LIBDIR_NATIVE}/ossl-modules \ + -C ${S} O=${B} \ +" + +LDFLAGS[unexport] = "1" +CFLAGS += "--sysroot=${STAGING_DIR_HOST}" +CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" + +do_configure[noexec] = "1" + +do_compile:arm () { + oe_runmake all uTee +} + +do_compile:aarch64 () { + oe_runmake all +} +do_compile[cleandirs] = "${B}" + +do_deploy () { + install -d ${DEPLOYDIR} + cp ${B}/core/tee-raw.bin ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin + ln -sf tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/tee.bin +} + +do_deploy:append:arm () { + cp ${B}/core/uTee ${DEPLOYDIR}/uTee-${OPTEE_BIN_EXT} +} + +do_install () { + install -d ${D}${nonarch_base_libdir}/firmware/ + install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ + + # Install embedded TAs + install -d ${D}${nonarch_base_libdir}/optee_armtz/ + install -m 444 ${B}/ta/*/*.ta ${D}${nonarch_base_libdir}/optee_armtz/ + + # Install the TA devkit + install -d ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ + cp -aR ${B}/export-ta_${OPTEE_ARCH}/* \ + ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ +} + +addtask deploy after do_compile before do_install + +FILES:${PN} = "${nonarch_base_libdir}/firmware/ ${nonarch_base_libdir}/optee_armtz/" +FILES:${PN}-staticdev = "${includedir}/optee/" +RDEPENDS:${PN}-dev += "${PN}-staticdev" + +PACKAGE_ARCH = "${MACHINE_ARCH}" +COMPATIBLE_MACHINE = "(imx-nxp-bsp)" + +TOOLCHAIN = "gcc" diff --git a/recipes-security/optee-imx/optee-test_3.17.0.imx.bb b/recipes-security/optee-imx/optee-test_3.17.0.imx.bb deleted file mode 100644 index e1b831f17..000000000 --- a/recipes-security/optee-imx/optee-test_3.17.0.imx.bb +++ /dev/null @@ -1,62 +0,0 @@ -# Copyright (C) 2017-2021 NXP - -SUMMARY = "OPTEE test" -HOMEPAGE = "http://www.optee.org/" - -LICENSE = "BSD-2-Clause & GPL-2.0-only" -LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" - -DEPENDS = "python3-cryptography-native optee-os optee-client openssl" - -SRC_URI = "git://github.com/nxp-imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH}" -SRCBRANCH = "lf-5.15.52_2.1.0" -SRCREV = "41222c4b8df1adc0f0bdc737e5cb824becd25f63" - -S = "${WORKDIR}/git" -B = "${WORKDIR}/build" - -inherit python3native features_check - -REQUIRED_MACHINE_FEATURES = "optee" - -OPTEE_ARCH:arm = "arm32" -OPTEE_ARCH:aarch64 = "arm64" - -CFLAGS += "--sysroot=${STAGING_DIR_HOST}" -CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" - -EXTRA_OEMAKE = " \ - TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_${OPTEE_ARCH}/ \ - OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${exec_prefix} \ - CROSS_COMPILE_HOST=${HOST_PREFIX} \ - CROSS_COMPILE_TA=${HOST_PREFIX} \ - CROSS_COMPILE=${HOST_PREFIX} \ - OPENSSL_MODULES=${STAGING_LIBDIR_NATIVE}/ossl-modules \ - -C ${S} O=${B} \ -" - -do_compile() { - oe_runmake all -} -do_compile[cleandirs] = "${B}" - -do_install () { - install -d ${D}${bindir} - install ${B}/xtest/xtest ${D}${bindir} - - install -d ${D}${nonarch_base_libdir}/optee_armtz - find ${B}/ta -name '*.ta' | while read name; do - install -m 444 $name ${D}${nonarch_base_libdir}/optee_armtz/ - done - - install -d ${D}${libdir}/tee-supplicant/plugins/ - install ${B}/supp_plugin/*plugin ${D}${libdir}/tee-supplicant/plugins/ -} - -FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/ ${libdir}/tee-supplicant/plugins/" - -RDEPENDS:${PN} = "optee-os" - -COMPATIBLE_MACHINE = "(imx-nxp-bsp)" - -TOOLCHAIN = "gcc" diff --git a/recipes-security/optee-imx/optee-test_3.19.0.imx.bb b/recipes-security/optee-imx/optee-test_3.19.0.imx.bb new file mode 100644 index 000000000..25cd86ddd --- /dev/null +++ b/recipes-security/optee-imx/optee-test_3.19.0.imx.bb @@ -0,0 +1,62 @@ +# Copyright (C) 2017-2021 NXP + +SUMMARY = "OPTEE test" +HOMEPAGE = "http://www.optee.org/" + +LICENSE = "BSD-2-Clause & GPL-2.0-only" +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" + +DEPENDS = "python3-cryptography-native optee-os optee-client openssl" + +SRC_URI = "git://github.com/nxp-imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH}" +SRCBRANCH = "lf-5.15.71_2.2.0" +SRCREV = "5c1dbb531b304f7ae100958f6261b6cefea49b62" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +inherit python3native features_check + +REQUIRED_MACHINE_FEATURES = "optee" + +OPTEE_ARCH:arm = "arm32" +OPTEE_ARCH:aarch64 = "arm64" + +CFLAGS += "--sysroot=${STAGING_DIR_HOST}" +CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" + +EXTRA_OEMAKE = " \ + TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_${OPTEE_ARCH}/ \ + OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${exec_prefix} \ + CROSS_COMPILE_HOST=${HOST_PREFIX} \ + CROSS_COMPILE_TA=${HOST_PREFIX} \ + CROSS_COMPILE=${HOST_PREFIX} \ + OPENSSL_MODULES=${STAGING_LIBDIR_NATIVE}/ossl-modules \ + -C ${S} O=${B} \ +" + +do_compile() { + oe_runmake all +} +do_compile[cleandirs] = "${B}" + +do_install () { + install -d ${D}${bindir} + install ${B}/xtest/xtest ${D}${bindir} + + install -d ${D}${nonarch_base_libdir}/optee_armtz + find ${B}/ta -name '*.ta' | while read name; do + install -m 444 $name ${D}${nonarch_base_libdir}/optee_armtz/ + done + + install -d ${D}${libdir}/tee-supplicant/plugins/ + install ${B}/supp_plugin/*plugin ${D}${libdir}/tee-supplicant/plugins/ +} + +FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/ ${libdir}/tee-supplicant/plugins/" + +RDEPENDS:${PN} = "optee-os" + +COMPATIBLE_MACHINE = "(imx-nxp-bsp)" + +TOOLCHAIN = "gcc" -- cgit v1.2.3-54-g00ecf