diff --git a/meta-digi-arm/conf/machine/include/ccmp2.inc b/meta-digi-arm/conf/machine/include/ccmp2.inc index 47a899fed..1dd785307 100644 --- a/meta-digi-arm/conf/machine/include/ccmp2.inc +++ b/meta-digi-arm/conf/machine/include/ccmp2.inc @@ -25,7 +25,6 @@ FIP_BL31_ENABLE = "1" # optee-os # ========================================================================= PREFERRED_PROVIDER_virtual/optee-os = "optee-os-stm32mp" -PREFERRED_VERSION_optee-os-stm32mp ?= "3.19%" PREFERRED_VERSION_gcnano-driver-stm32mp ?= "6.4.15%" PREFERRED_VERSION_gcnano-userland-multi-binary-stm32mp ?= "6.4.15%" diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/files/fonts.tar.gz b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/files/fonts.tar.gz deleted file mode 100644 index 0a564c426..000000000 Binary files a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/files/fonts.tar.gz and /dev/null differ diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-client/tee-supplicant.service b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-client/tee-supplicant.service deleted file mode 100644 index ffb54d390..000000000 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-client/tee-supplicant.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=TEE Supplicant - -[Service] -User=root -EnvironmentFile=-/etc/default/tee-supplicant -ExecStart=/usr/sbin/tee-supplicant $OPTARGS - -[Install] -WantedBy=basic.target diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-client_3.16.bb b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-client_3.16.bb deleted file mode 100755 index bea3c2478..000000000 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-client_3.16.bb +++ /dev/null @@ -1,36 +0,0 @@ -SUMMARY = "OPTEE Client" -HOMEPAGE = "https://github.com/OP-TEE/optee_client" - -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=69663ab153298557a59c67a60a743e5b" - -inherit python3native systemd cmake - -SRC_URI = "git://github.com/OP-TEE/optee_client.git;protocol=https;branch=master \ - file://tee-supplicant.service \ - " - -SRCREV = "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2" - -PV = "3.16.0+git${SRCPV}" - -S = "${WORKDIR}/git" - -SYSTEMD_SERVICE:${PN} = "tee-supplicant.service" - -EXTRA_OECMAKE = " \ - -DCFG_TEE_FS_PARENT_PATH='${localstatedir}/lib/tee' \ - -DCFG_WERROR=OFF \ - -DCFG_TEE_CLIENT_LOG_LEVEL=2 \ - -DBUILD_SHARED_LIBS=ON \ - " - -# If TF file based encryption is enabled, move the TEE_FS_PARENT_PATH out of the rootfs -EXTRA_OECMAKE += "${@oe.utils.vartrue('TRUSTFENCE_FILE_BASED_ENCRYPT', '-DCFG_TEE_FS_PARENT_PATH=/mnt/data/tee', '', d)}" - -do_install:append() { - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service - fi -} -FILES:${PN} += "${systemd_system_unitdir}" diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp2-common.inc b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp2-common.inc deleted file mode 100644 index 533a9ffe0..000000000 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp2-common.inc +++ /dev/null @@ -1,172 +0,0 @@ -FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:" - -PACKAGE_ARCH = "${MACHINE_ARCH}" - -PROVIDES += "virtual/optee-os" -RPROVIDES:${PN} += "virtual/optee-os virtual/systemd-bootconf" - -CVE_PRODUCT = "op-tee:op-tee_os" - -############################################################# -#inherit external-dt scp-firmware - -# Enable use of scp-firmware shared folder -STAGING_SCPFW_DIR = "${TMPDIR}/work-shared/${MACHINE}/scp-firmware" - -do_compile[depends] += "scp-firmware:do_configure" - - -STAGING_EXTDT_DIR = "${TMPDIR}/work-shared/${MACHINE}/external-dt" -############################################################# - -B = "${WORKDIR}/build" -# Configure build dir for externalsrc class usage through devtool -EXTERNALSRC_BUILD:pn-${PN} = "${WORKDIR}/build" - -DEPENDS += "dtc-native" -DEPENDS += "python3-pycryptodomex-native" -DEPENDS += "python3-pyelftools-native" -DEPENDS += "libgcc python3-cryptography-native" -DEPENDS += "python3-pillow-native" - -inherit deploy python3native - -OPTEEMACHINE ?= "${MACHINE}" -OPTEEOUTPUTMACHINE ?= "${MACHINE}" - -# Default log level -ST_OPTEE_DEBUG_LOG_LEVEL ??= "2" - -# default core debug -ST_OPTEE_CORE_DEBUG ??= "y" -ST_OPTEE_CORE_DEBUG:stm32mp15common ?= "n" - -EXTRA_OEMAKE = "PLATFORM=${OPTEEMACHINE}" -EXTRA_OEMAKE += "CROSS_COMPILE_core=${HOST_PREFIX}" -EXTRA_OEMAKE += "CROSS_COMPILE_ta_arm64=${HOST_PREFIX}" -EXTRA_OEMAKE += "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', 'ARCH=arm CFG_ARM64_core=y', 'ARCH=arm CFG_ARM32_core=y CROSS_COMPILE_ta_arm32=${HOST_PREFIX}', d)}" -EXTRA_OEMAKE += "NOWERROR=1" -EXTRA_OEMAKE += "LDFLAGS=" -# Set external-dt support -EXTRA_OEMAKE += "${@bb.utils.contains('EXTERNAL_DT_ENABLED', '1', 'CFG_EXT_DTS=${STAGING_EXTDT_DIR}/optee', '', d)}" -# Set scp-firmware support -EXTRA_OEMAKE += "CFG_SCP_FIRMWARE=${STAGING_SCPFW_DIR} CFG_SCPFW_LOG_LEVEL=5 CFG_WERROR=n" - -# debug and trace -EXTRA_OEMAKE += "${@bb.utils.contains('ST_OPTEE_DEBUG_TRACE', '1', 'CFG_TEE_CORE_LOG_LEVEL=${ST_OPTEE_DEBUG_LOG_LEVEL} CFG_TEE_CORE_DEBUG=${ST_OPTEE_CORE_DEBUG}', '', d)}" - -# OPTEE in sysram -EXTRA_OEMAKE:append:stm32mp15common = " ${@bb.utils.contains('ST_OPTEE_IN_SYSRAM', '1', 'CFG_STM32MP1_OPTEE_IN_SYSRAM=y', '', d)}" - -# SCP firmware -#EXTRA_OEMAKE_SCP_FIRMWARE ??= "" -EXTRA_OEMAKE_SCP_FIRMWARE:stm32mp15common ??= "" -EXTRA_OEMAKE_SCP_FIRMWARE:stm32mp13common ??= "${@bb.utils.contains('ENABLE_SCMI_SCPFW', '1', 'CFG_SCMI_SCPFW=y', 'CFG_SCMI_SCPFW=n', d)}" -EXTRA_OEMAKE_SCP_FIRMWARE:stm32mp25common ??= "CFG_SCMI_SCPFW=y" -EXTRA_OEMAKE += " ${EXTRA_OEMAKE_SCP_FIRMWARE}" - -OPTEE_ARCH:armv7a = "arm32" -OPTEE_ARCH:armv7ve = "arm32" -OPTEE_ARCH:aarch64 = "arm64" - -do_configure:prepend(){ - chmod 755 ${S}/scripts/bin_to_c.py -} - -do_compile() { - export CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST}" - export OPENSSL_MODULES=${STAGING_LIBDIR_NATIVE}/ossl-modules/ - if [ -n "${OPTEE_CONF}" ]; then - for conf in ${OPTEE_CONF}; do - # Configure SOC switch - soc_extra="" - for soc in ${STM32MP_SOC_NAME}; do - if [ "$(echo ${conf} | grep -c ${soc})" -eq 1 ]; then - soc_extra="$(echo CFG_${soc} | awk '{print toupper($0)}')=y" - break - fi - done - - oe_runmake -C ${S} O=${B}/${conf} CFG_EMBED_DTB_SOURCE_FILE=${conf}.dts ${soc_extra} - done - else - oe_runmake -C ${S} O=${B}/out - fi -} - -do_install:stm32mp1common() { - #install TA devkit - install -d ${D}${includedir}/optee/export-user_ta/ - - if [ -n "${OPTEE_CONF}" ]; then - for conf in ${OPTEE_CONF}; do - for f in ${B}/${conf}/export-ta_${OPTEE_ARCH}/* ; do - cp -aRf $f ${D}${includedir}/optee/export-user_ta/ - done - done - fi -} -do_install:stm32mp2common() { - #install TA devkit - install -d ${D}${includedir}/optee/export-user_ta_arm32/ - install -d ${D}${includedir}/optee/export-user_ta_arm64/ - - if [ -n "${OPTEE_CONF}" ]; then - for conf in ${OPTEE_CONF}; do - if [ -d ${B}/${conf}/export-ta_arm32 ]; then - for f in ${B}/${conf}/export-ta_arm32/* ; do - cp -aRf $f ${D}${includedir}/optee/export-user_ta_arm32/ - done - fi - if [ -d ${B}/${conf}/export-ta_arm64 ]; then - for f in ${B}/${conf}/export-ta_arm64/* ; do - cp -aRf $f ${D}${includedir}/optee/export-user_ta_arm64/ - done - fi - done - fi -} - - -# Configure optee binaries -OPTEE_HEADER = "tee-header_v2" -OPTEE_PAGEABLE = "tee-pageable_v2" -OPTEE_PAGER = "tee-pager_v2" -OPTEE_SUFFIX = "bin" -# Output the ELF generated -ELF_DEBUG_ENABLE ?= "" -OPTEE_ELF = "tee" -OPTEE_ELF_SUFFIX = "elf" - -do_deploy[sstate-outputdirs] = "${DEPLOY_DIR_IMAGE}/optee" -do_deploy() { - install -d ${DEPLOYDIR}/debug - if [ -n "${OPTEE_CONF}" ]; then - for conf in ${OPTEE_CONF}; do - install -m 644 ${B}/${conf}/core/${OPTEE_HEADER}.${OPTEE_SUFFIX} ${DEPLOYDIR}/${OPTEE_HEADER}-${conf}.${OPTEE_SUFFIX} - install -m 644 ${B}/${conf}/core/${OPTEE_PAGER}.${OPTEE_SUFFIX} ${DEPLOYDIR}/${OPTEE_PAGER}-${conf}.${OPTEE_SUFFIX} - install -m 644 ${B}/${conf}/core/${OPTEE_PAGEABLE}.${OPTEE_SUFFIX} ${DEPLOYDIR}/${OPTEE_PAGEABLE}-${conf}.${OPTEE_SUFFIX} - if [ -n "${ELF_DEBUG_ENABLE}" ]; then - install -m 644 ${B}/${conf}/core/${OPTEE_ELF}.${OPTEE_ELF_SUFFIX} ${DEPLOYDIR}/debug/${OPTEE_ELF}-${conf}.${OPTEE_ELF_SUFFIX} - fi - done - else - install -m 644 ${B}/core/${OPTEE_HEADER}.${OPTEE_SUFFIX} ${DEPLOYDIR}/${OPTEE_HEADER}.${OPTEE_SUFFIX} - install -m 644 ${B}/core/${OPTEE_PAGER}.${OPTEE_SUFFIX} ${DEPLOYDIR}/${OPTEE_PAGER}.${OPTEE_SUFFIX} - install -m 644 ${B}/core/${OPTEE_PAGEABLE}.${OPTEE_SUFFIX} ${DEPLOYDIR}/${OPTEE_PAGEABLE}.${OPTEE_SUFFIX} - if [ -n "${ELF_DEBUG_ENABLE}" ]; then - install -m 644 ${B}/core/${OPTEE_ELF}.${OPTEE_ELF_SUFFIX} ${DEPLOYDIR}/debug/${OPTEE_ELF}.${OPTEE_ELF_SUFFIX} - fi - fi -} -addtask deploy before do_build after do_compile - -FILES:${PN} = "${nonarch_base_libdir}/firmware/" -FILES:${PN}-dev = "/usr/include/optee" - -INSANE_SKIP:${PN}-dev = "staticdev" - -INHIBIT_PACKAGE_STRIP = "1" -# --------------------------------------------------------------------- -# Avoid QA Issue: contains reference to TMPDIR [buildpaths] -INSANE_SKIP:${PN} += "buildpaths" diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_3.19.0.bb b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_3.19.0.bb deleted file mode 100644 index c33b5a721..000000000 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_3.19.0.bb +++ /dev/null @@ -1,67 +0,0 @@ -SUMMARY = "OPTEE TA development kit for stm32mp" -LICENSE = "BSD-2-Clause & BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" - -# Select internal or Github OPTEE repo -OPTEE_URI_STASH = "${DIGI_MTK_GIT}/emp/optee_os.git;protocol=ssh" -OPTEE_URI_GITHUB = "${DIGI_GITHUB_GIT}/optee_os.git;protocol=https" -OPTEE_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${OPTEE_URI_STASH}', '${OPTEE_URI_GITHUB}', d)}" - -SRCBRANCH = "3.19.0/stm/master" -SRCREV = "${AUTOREV}" - -SRC_URI = " \ - ${OPTEE_GIT_URI};branch=${SRCBRANCH};name=os \ - file://fonts.tar.gz;subdir=git;name=fonts \ -" - -SRC_URI[fonts.sha256sum] = "4941e8bb6d8ac377838e27b214bf43008c496a24a8f897e0b06433988cbd53b2" - -OPTEE_VERSION = "3.19.0" -OPTEE_SUBVERSION = "stm32mp" -OPTEE_RELEASE = "beta-r1" - -PV = "${OPTEE_VERSION}-${OPTEE_SUBVERSION}-${OPTEE_RELEASE}" - -ARCHIVER_ST_BRANCH = "${OPTEE_VERSION}-${OPTEE_SUBVERSION}" -ARCHIVER_ST_REVISION = "${PV}" -ARCHIVER_COMMUNITY_BRANCH = "master" -ARCHIVER_COMMUNITY_REVISION = "${OPTEE_VERSION}" - -S = "${WORKDIR}/git" - -OPTEEMACHINE ?= "stm32mp1" -OPTEEMACHINE:stm32mp1common = "stm32mp1" -OPTEEMACHINE:stm32mp2common = "stm32mp2" - -OPTEEOUTPUTMACHINE ?= "stm32mp1" -OPTEEOUTPUTMACHINE:stm32mp1common = "stm32mp1" -OPTEEOUTPUTMACHINE:stm32mp2common = "stm32mp2" - -# Enable OPTEE_DEBUG_TRACE; If set to 0, LOG_LEVEL defaults to 3 on optee code -ST_OPTEE_DEBUG_TRACE = "1" -# Log level -ST_OPTEE_DEBUG_LOG_LEVEL = "0" - -# The package is empty but must be generated to avoid apt-get installation issue -ALLOW_EMPTY:${PN} = "1" - -require optee-os-stm32mp2-common.inc - -# Specific for revA board -EXTRA_OEMAKE_REVA:stm32mp25revabcommon:append = " CFG_STM32MP25x_REVA=y " -EXTRA_OEMAKE += " ${EXTRA_OEMAKE_REVA}" - -# --------------------------------- -# Configure archiver use -# --------------------------------- -include ${@oe.utils.ifelse(d.getVar('ST_ARCHIVER_ENABLE') == '1', 'optee-os-stm32mp-archiver.inc','')} - -# --------------------------------- -# Configure default preference to manage dynamic selection between tarball and github -# --------------------------------- -STM32MP_SOURCE_SELECTION ?= "tarball" - -DEFAULT_PREFERENCE = "${@bb.utils.contains('STM32MP_SOURCE_SELECTION', 'github', '-1', '1', d)}" - -COMPATIBLE_MACHINE = "(ccmp2)" diff --git a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_3.16.0.bbappend b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_4.0.0.bbappend similarity index 87% rename from meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_3.16.0.bbappend rename to meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_4.0.0.bbappend index bc204fe62..daa71e9d7 100644 --- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_3.16.0.bbappend +++ b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-os-stm32mp_4.0.0.bbappend @@ -1,5 +1,5 @@ # -# Copyright (C) 2022, Digi International Inc. +# Copyright (C) 2022-2024, Digi International Inc. # # Select internal or Github OPTEE repo @@ -7,7 +7,7 @@ OPTEE_URI_STASH = "${DIGI_MTK_GIT}/emp/optee_os.git;protocol=ssh" OPTEE_URI_GITHUB = "${DIGI_GITHUB_GIT}/optee_os.git;protocol=https" OPTEE_GIT_URI ?= "${@oe.utils.conditional('DIGI_INTERNAL_GIT', '1' , '${OPTEE_URI_STASH}', '${OPTEE_URI_GITHUB}', d)}" -SRCBRANCH = "3.16.0/stm/master" +SRCBRANCH = "4.0.0/stm/master" SRCREV = "${AUTOREV}" SRC_URI = " \