Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

imx-boot: update boot artifacts for NXP's lf-6.6.52-2.2.1 release 

Also, refresh patches on top of new release.

https://onedigi.atlassian.net/browse/DEL-9748

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit is contained in:
Javier Viguera 2025-09-05 19:38:40 +02:00
parent 839e8aab91
commit 74753d8f99
26 changed files with 119 additions and 553 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
meta-digi-arm/conf/machine/include/imx-digi-base.inc
View File

@ -57,6 +57,11 @@ DEFAULTTUNE:mx93-nxp-bsp ?= "armv8a-crc-crypto"
INHERIT += "machine-overrides-extender"
IMX_SOC_REV ??= "A0"
IMX_SOC_REV:mx93-generic-bsp ??= "A1"
IMX_SOC_REV_LOWER = "${@d.getVar('IMX_SOC_REV').lower()}"
IMX_SOC_REV_UPPER = "${@d.getVar('IMX_SOC_REV').upper()}"
#######
### NXP BSP specific overrides
#######
@ -315,6 +320,9 @@ PREFERRED_VERSION_optee-client:mx9-nxp-bsp ??= "4.4.0.imx"
PREFERRED_VERSION_optee-test:mx8-nxp-bsp ??= "4.4.0.imx"
PREFERRED_VERSION_optee-test:mx9-nxp-bsp ??= "4.4.0.imx"
# Firmware from NXP's "lf-6.6.52-2.2.1" release
PREFERRED_VERSION_imx-boot-firmware-files:imx-nxp-bsp ??= "8.26.1"
# Optee runtime packages to install
OPTEE_PKGS ??= "optee-client optee-os"

16
meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/firmware-imx/firmware-imx-8.26.1.inc Normal file
View File

@ -0,0 +1,16 @@
# Copyright (C) 2012-2016 Freescale Semiconductor
# Copyright 2017-2025 NXP
# Copyright (C) 2018 O.S. Systems Software LTDA.
SECTION = "base"
LICENSE = "Proprietary"
LIC_FILES_CHKSUM = "file://COPYING;md5=bc649096ad3928ec06a8713b8d787eac"
# Note: This .inc file is used from differently named recipes, so the package
# name must be hard-coded, i.e., ${BPN} cannot be used.
SRC_URI = "${FSL_MIRROR}/firmware-imx-${PV}-${IMX_SRCREV_ABBREV}.bin;fsl-eula=true"
IMX_SRCREV_ABBREV = "410be01"
SRC_URI[sha256sum] = "0c2e2136c1efa544409017f14f07a1412cf8c1702075ed0e4060e903b91fe313"
S = "${WORKDIR}/firmware-imx-${PV}-${IMX_SRCREV_ABBREV}"
inherit fsl-eula-unpack

61
meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/firmware-imx/imx-boot-firmware-files_8.26.1.bb Normal file
View File

@ -0,0 +1,61 @@
# Copyright (C) 2018-2025 NXP
SUMMARY = "Freescale i.MX Firmware files used for boot"
require firmware-imx-${PV}.inc
inherit deploy nopackages
do_install[noexec] = "1"
DEPLOY_FOR = ""
DEPLOY_FOR:mx8-generic-bsp = "mx8"
DEPLOY_FOR:mx8m-generic-bsp = "mx8m"
DEPLOY_FOR:mx9-generic-bsp = "mx9"
deploy_for_mx8() {
# Cadence HDMI
install -m 0644 ${S}/firmware/hdmi/cadence/hdmitxfw.bin ${DEPLOYDIR}
install -m 0644 ${S}/firmware/hdmi/cadence/hdmirxfw.bin ${DEPLOYDIR}
install -m 0644 ${S}/firmware/hdmi/cadence/dpfw.bin ${DEPLOYDIR}
}
deploy_for_mx8m() {
# Synopsys DDR
for ddr_firmware in ${DDR_FIRMWARE_NAME}; do
install -m 0644 ${S}/firmware/ddr/synopsys/${ddr_firmware} ${DEPLOYDIR}
done
# Cadence DP and HDMI
install -m 0644 ${S}/firmware/hdmi/cadence/signed_dp_imx8m.bin ${DEPLOYDIR}
install -m 0644 ${S}/firmware/hdmi/cadence/signed_hdmi_imx8m.bin ${DEPLOYDIR}
}
deploy_for_mx9() {
# Synopsys DDR
for ddr_firmware in ${DDR_FIRMWARE_NAME}; do
install -m 0644 ${S}/firmware/ddr/synopsys/${ddr_firmware} ${DEPLOYDIR}
done
}
python () {
# Manually add the required functions as dependencies otherwise they won't be included in the
# final run script.
deploy_for = d.getVar('DEPLOY_FOR', True).split()
for soc in deploy_for:
d.appendVarFlag('do_deploy', 'vardeps', ' deploy_for_%s' % soc)
}
do_deploy () {
for soc in ${DEPLOY_FOR}; do
bbnote "Running deploy for $soc"
deploy_for_$soc
done
}
addtask deploy after do_install before do_build
PACKAGE_ARCH = "${MACHINE_SOCARCH}"
COMPATIBLE_MACHINE = "(mx8-generic-bsp|mx9-generic-bsp)"
COMPATIBLE_MACHINE:mx8x-generic-bsp = "(^$)"

2
meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0001-ccimx93-use-UART6-for-the-default-console.patch
View File

@ -10,7 +10,7 @@ Signed-off-by: Javier Viguera <javier.viguera@digi.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plat/imx/imx93/include/platform_def.h b/plat/imx/imx93/include/platform_def.h
index 2d140400d97e..cb5b6eba061c 100644
index 82e904b2c962..ef74d847decd 100644
--- a/plat/imx/imx93/include/platform_def.h
+++ b/plat/imx/imx93/include/platform_def.h
@@ -53,7 +53,7 @@

2
meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0001-imx8mm-Define-UART1-as-console-for-boot-stage.patch
View File

@ -13,7 +13,7 @@ Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plat/imx/imx8m/imx8mm/platform.mk b/plat/imx/imx8m/imx8mm/platform.mk
index 41fc3507f..1de30f40f 100644
index 41fc3507f796..1de30f40f397 100644
--- a/plat/imx/imx8m/imx8mm/platform.mk
+++ b/plat/imx/imx8m/imx8mm/platform.mk
@@ -172,7 +172,7 @@ $(eval $(call add_define,BL32_BASE))

2
meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0002-imx8mm-Disable-M4-debug-console.patch
View File

@ -14,7 +14,7 @@ Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c b/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c
index 179b6226f..388deae2b 100644
index 179b6226f00f..388deae2b0e8 100644
--- a/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c
+++ b/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c
@@ -117,7 +117,7 @@ static const struct imx_rdc_cfg rdc[] = {

4
meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0003-imx8mn-Define-UART1-as-console-for-boot-stage.patch
View File

@ -14,7 +14,7 @@ Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c b/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c
index 312eb32d1..9a82be010 100644
index 312eb32d1cb5..9a82be010e49 100644
--- a/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c
+++ b/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c
@@ -110,7 +110,7 @@ static const struct imx_rdc_cfg rdc[] = {
@ -27,7 +27,7 @@ index 312eb32d1..9a82be010 100644
/* memory region */
diff --git a/plat/imx/imx8m/imx8mn/platform.mk b/plat/imx/imx8m/imx8mn/platform.mk
index 84519426c..964ed9e5c 100644
index 84519426c68a..964ed9e5c2d1 100644
--- a/plat/imx/imx8m/imx8mn/platform.mk
+++ b/plat/imx/imx8m/imx8mn/platform.mk
@@ -77,7 +77,7 @@ $(eval $(call add_define,BL32_BASE))

2
meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0004-imx8mn-Disable-M7-debug-console.patch
View File

@ -15,7 +15,7 @@ Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c b/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c
index 9a82be010..7f9a0f5f4 100644
index 9a82be010e49..7f9a0f5f4c85 100644
--- a/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c
+++ b/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c
@@ -109,7 +109,7 @@ static const struct imx_rdc_cfg rdc[] = {

2
meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf_%.bbappend
View File

@ -17,8 +17,6 @@ SRC_URI:append:ccimx93 = " \
file://0002-imx93-bring-back-ELE-clock-workaround-for-soc-revisi.patch \
"
SRCREV = "1b27ee3edbb40ef9432c69ccaa744d1ac5d54c5d"
BOOT_TOOLS = "imx-boot-tools"
EXTRA_OEMAKE += "${@oe.utils.conditional('TRUSTFENCE_CONSOLE_DISABLE', '1', 'LOG_LEVEL=0', '', d)}"

4
meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0001-imx91-soc.mak-capture-commands-output-into-a-log-fil.patch
View File

@ -13,7 +13,7 @@ Signed-off-by: Javier Viguera <javier.viguera@digi.com>
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/iMX91/soc.mak b/iMX91/soc.mak
index b87a5bef79ce..3db3760c546d 100644
index fca7fdc447b0..2b884d0b3c69 100644
--- a/iMX91/soc.mak
+++ b/iMX91/soc.mak
@@ -1,4 +1,5 @@
@ -48,4 +48,4 @@ index b87a5bef79ce..3db3760c546d 100644
+ ./$(MKIMG) -soc IMX9 -append $(AHAB_IMG) -c -ap $(SPL_A55_IMG) a55 $(SPL_LOAD_ADDR) -out flash.bin | tee -a $(MKIMAGE_LOG)
$(call append_container,u-boot-atf-container.img,1)
flash_singleboot_no_ahabfw: $(MKIMG) $(SPL_A55_IMG) u-boot-atf-container.img
flash_singleboot_gdet: $(MKIMG) $(AHAB_IMG) $(SPL_A55_IMG) u-boot-atf-container.img

19
meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend
View File

@ -17,22 +17,12 @@ SRC_URI:append:ccimx93 = " \
file://0001-imx93-soc.mak-capture-commands-output-into-a-log-fil.patch \
file://0002-imx93-soc.mak-add-makefile-target-to-build-A0-revisi.patch \
"
SRCBRANCH = "lf-6.6.52_2.2.0"
SRCREV = "71b8c18af93a5eb972d80fbec290006066cff24f"
DEPENDS += "${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'trustfence-sign-tools-native', '', d)}"
# Do not tag imx-boot
UUU_BOOTLOADER:mx8-generic-bsp = ""
UUU_BOOTLOADER:mx9-generic-bsp = ""
BOOT_STAGING:mx91-generic-bsp = "${S}/iMX91"
BOOT_STAGING:mx93-generic-bsp = "${S}/iMX93"
# Add SOC family
SOC_FAMILY:mx91-generic-bsp = "mx91"
REV_OPTION:ccimx91 = "REV=A0"
REV_OPTION:ccimx93 = "REV=A1"
# Revert compile_mx8m() to how it was in kirkstone branch of meta-freescale,
# otherwise, a dead symlink is created in place of the dtb
@ -83,11 +73,6 @@ compile_mx93:append:ccimx93() {
fi
}
compile_mx91() {
bbnote i.MX 91 boot binary build
compile_mx93
}
do_compile:append:ccimx8m() {
bbnote "building ${IMX_BOOT_SOC_TARGET} - print_fit_hab"
make SOC=${IMX_BOOT_SOC_TARGET} dtbs=${UBOOT_DTB_NAME} print_fit_hab
@ -127,10 +112,6 @@ do_install:ccimx8x () {
done
}
deploy_mx91() {
deploy_mx93
}
generate_symlinks() {
# imx-boot recipe in meta-freescale supports *multiple* build configurations.
# We assume here only ONE build configuration for our platforms (otherwise

6
meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-mkimage_git.inc
View File

@ -1,12 +1,14 @@
# Copyright 2017-2023 NXP
# Keep the depends "not-native" so they get properly transformed
# for native/nativesdk packages
DEPENDS = "zlib openssl"
SRC_URI = "git://github.com/nxp-imx/imx-mkimage.git;protocol=https;branch=${SRCBRANCH} \
file://0001-iMX8M-soc.mak-use-native-mkimage-from-sysroot.patch \
"
SRCBRANCH = "lf-6.6.52_2.2.0"
SRCREV = "71b8c18af93a5eb972d80fbec290006066cff24f"
SRCBRANCH = "lf-6.6.52_2.2.1"
SRCREV = "81fca6434be0610f3f9216a762aadc4dc3e8d8db"
S = "${WORKDIR}/git"

1
meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-seco/imx-seco_5.9.4.1.bb
View File

@ -7,7 +7,6 @@ require recipes-bsp/imx-seco/imx-seco_5.9.4.bb
LIC_FILES_CHKSUM = "file://COPYING;md5=ca53281cc0caa7e320d4945a896fb837"
SRC_URI[md5sum] = "2a8fcdd322713bc127398ee66bf9b50a"
SRC_URI[sha256sum] = "bd8dc01966076836aabff53f2463295294166595006e1db430db21b6ffa6b667"
IMX_SRCREV_ABBREV = "0333596"

10
meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-client/tee-supplicant.service
View File

@ -1,10 +0,0 @@
[Unit]
Description=TEE Supplicant
[Service]
User=root
EnvironmentFile=-@sysconfdir@/default/tee-supplicant
ExecStart=@sbindir@/tee-supplicant $OPTARGS
[Install]
WantedBy=basic.target

9
meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-client_4.4.0.imx.bb
View File

@ -1,9 +0,0 @@
# Copyright (C) 2025, Digi International Inc.
#
# Reuse meta-freescale's optee-client_4.2.0.imx.bb
#
require recipes-security/optee-imx/optee-client_4.2.0.imx.bb
SRCBRANCH = "lf-6.6.52_2.2.0"
SRCREV = "d221676a58b305bddbf97db00395205b3038de8e"

19
meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-client_4.4.0.imx.bbappend
View File

@ -1,19 +1,12 @@
# Copyright (C) 2024, 2025, Digi International Inc.
FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}:"
SRC_URI += "${@oe.utils.vartrue('TRUSTFENCE_FILE_BASED_ENCRYPT', 'file://tee-supplicant', '', d)}"
EXTRA_OEMAKE += "PKG_CONFIG=pkg-config CFG_TEE_FS_PARENT_PATH='${localstatedir}/lib/tee'"
do_install() {
oe_runmake DESTDIR=${D} install
install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service
sed -i -e s:@sysconfdir@:${sysconfdir}:g \
-e s:@sbindir@:${sbindir}:g \
${D}${systemd_system_unitdir}/tee-supplicant.service
if ${@oe.utils.vartrue('TRUSTFENCE_FILE_BASED_ENCRYPT', 'true', 'false',d)}; then
install -d ${D}${sysconfdir}/default/
install -m 0644 ${WORKDIR}/tee-supplicant ${D}${sysconfdir}/default/tee-supplicant
fi
do_install:append(){
if ${@oe.utils.vartrue('TRUSTFENCE_FILE_BASED_ENCRYPT', 'true', 'false',d)}; then
install -d ${D}${sysconfdir}/default/
install -m 0644 ${WORKDIR}/tee-supplicant ${D}${sysconfdir}/default/tee-supplicant
fi
}

245
meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch
View File

@ -1,245 +0,0 @@
From ef83625c9a5f50610e25aa860c4b9c5e64723a66 Mon Sep 17 00:00:00 2001
From: Emekcan Aras <emekcan.aras@arm.com>
Date: Wed, 21 Dec 2022 10:55:58 +0000
Subject: [PATCH 1/4] core: Define section attributes for clang
Clang's attribute section is not same as gcc, here we need to add flags
to sections so they can be eventually collected by linker into final
output segments. Only way to do so with clang is to use
pragma clang section ...
The behavious is described here [1], this allows us to define names bss
sections. This was not an issue until clang-15 where LLD linker starts
to detect the section flags before merging them and throws the following
errors
| ld.lld: error: section type mismatch for .nozi.kdata_page
| >>> /mnt/b/yoe/master/build/tmp/work/qemuarm64-yoe-linux/optee-os-tadevkit/3.17.0-r0/build/core/arch/arm/kernel/thread.o:(.nozi.kdata_page): SHT_PROGBITS
| >>> output section .nozi: SHT_NOBITS
|
| ld.lld: error: section type mismatch for .nozi.mmu.l2
| >>> /mnt/b/yoe/master/build/tmp/work/qemuarm64-yoe-linux/optee-os-tadevkit/3.17.0-r0/build/core/arch/arm/mm/core_mmu_lpae.o:(.nozi.mmu.l2): SHT_PROGBITS
| >>> output section .nozi: SHT_NOBITS
These sections should be carrying SHT_NOBITS but so far it was not
possible to do so, this patch tries to use clangs pragma to get this
going and match the functionality with gcc.
[1] https://intel.github.io/llvm-docs/clang/LanguageExtensions.html#specifying-section-names-for-global-objects-pragma-clang-section
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
---
core/arch/arm/kernel/thread.c | 19 +++++++++++++++--
core/arch/arm/mm/core_mmu_lpae.c | 35 +++++++++++++++++++++++++++----
core/arch/arm/mm/core_mmu_v7.c | 36 +++++++++++++++++++++++++++++---
core/kernel/thread.c | 13 +++++++++++-
core/mm/pgt_cache.c | 12 ++++++++++-
5 files changed, 104 insertions(+), 11 deletions(-)
diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
index 66833b3a0..b3eb9cf9a 100644
--- a/core/arch/arm/kernel/thread.c
+++ b/core/arch/arm/kernel/thread.c
@@ -45,15 +45,30 @@ static size_t thread_user_kcode_size __nex_bss;
#if defined(CFG_CORE_UNMAP_CORE_AT_EL0) && \
defined(CFG_CORE_WORKAROUND_SPECTRE_BP_SEC) && defined(ARM64)
long thread_user_kdata_sp_offset __nex_bss;
+#ifdef __clang__
+#ifndef CFG_VIRTUALIZATION
+#pragma clang section bss=".nozi.kdata_page"
+#else
+#pragma clang section bss=".nex_nozi.kdata_page"
+#endif
+#endif
static uint8_t thread_user_kdata_page[
ROUNDUP(sizeof(struct thread_core_local) * CFG_TEE_CORE_NB_CORE,
SMALL_PAGE_SIZE)]
__aligned(SMALL_PAGE_SIZE)
+#ifndef __clang__
#ifndef CFG_NS_VIRTUALIZATION
- __section(".nozi.kdata_page");
+ __section(".nozi.kdata_page")
#else
- __section(".nex_nozi.kdata_page");
+ __section(".nex_nozi.kdata_page")
#endif
+#endif
+ ;
+#endif
+
+/* reset BSS section to default ( .bss ) */
+#ifdef __clang__
+#pragma clang section bss=""
#endif
#ifdef ARM32
diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c
index 4c8b85e39..1885e1d3f 100644
--- a/core/arch/arm/mm/core_mmu_lpae.c
+++ b/core/arch/arm/mm/core_mmu_lpae.c
@@ -234,19 +234,46 @@ typedef uint16_t l1_idx_t;
typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES];
typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES];
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.base_table"
+#endif
static base_xlat_tbls_t base_xlation_table[NUM_BASE_TABLES]
__aligned(NUM_BASE_LEVEL_ENTRIES * XLAT_ENTRY_SIZE)
- __section(".nozi.mmu.base_table");
+#ifndef __clang__
+ __section(".nozi.mmu.base_table")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.l2"
+#endif
static xlat_tbl_t xlat_tables[MAX_XLAT_TABLES]
- __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2");
+ __aligned(XLAT_TABLE_SIZE)
+#ifndef __clang__
+ __section(".nozi.mmu.l2")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
#define XLAT_TABLES_SIZE (sizeof(xlat_tbl_t) * MAX_XLAT_TABLES)
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.l2"
+#endif
/* MMU L2 table for TAs, one for each thread */
static xlat_tbl_t xlat_tables_ul1[CFG_NUM_THREADS]
- __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2");
-
+#ifndef __clang__
+ __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
/*
* TAs page table entry inside a level 1 page table.
*
diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c
index 61e703da8..1960c08ca 100644
--- a/core/arch/arm/mm/core_mmu_v7.c
+++ b/core/arch/arm/mm/core_mmu_v7.c
@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_ENTRIES];
typedef uint32_t l2_xlat_tbl_t[NUM_L2_ENTRIES];
typedef uint32_t ul1_xlat_tbl_t[NUM_UL1_ENTRIES];
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.l1"
+#endif
static l1_xlat_tbl_t main_mmu_l1_ttb
- __aligned(L1_ALIGNMENT) __section(".nozi.mmu.l1");
+ __aligned(L1_ALIGNMENT)
+#ifndef __clang__
+ __section(".nozi.mmu.l1")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
/* L2 MMU tables */
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.l2"
+#endif
static l2_xlat_tbl_t main_mmu_l2_ttb[MAX_XLAT_TABLES]
- __aligned(L2_ALIGNMENT) __section(".nozi.mmu.l2");
+ __aligned(L2_ALIGNMENT)
+#ifndef __clang__
+ __section(".nozi.mmu.l2")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
/* MMU L1 table for TAs, one for each thread */
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.ul1"
+#endif
static ul1_xlat_tbl_t main_mmu_ul1_ttb[CFG_NUM_THREADS]
- __aligned(UL1_ALIGNMENT) __section(".nozi.mmu.ul1");
+ __aligned(UL1_ALIGNMENT)
+#ifndef __clang__
+ __section(".nozi.mmu.ul1")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
struct mmu_partition {
l1_xlat_tbl_t *l1_table;
diff --git a/core/kernel/thread.c b/core/kernel/thread.c
index 2a1f22dce..5516b6771 100644
--- a/core/kernel/thread.c
+++ b/core/kernel/thread.c
@@ -39,13 +39,24 @@ static uint32_t end_canary_value = 0xababab00;
name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1]
#endif
+#define DO_PRAGMA(x) _Pragma (#x)
+
+#ifdef __clang__
+#define DECLARE_STACK(name, num_stacks, stack_size, linkage) \
+DO_PRAGMA (clang section bss=".nozi_stack." #name) \
+linkage uint32_t name[num_stacks] \
+ [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \
+ STACK_ALIGNMENT) / sizeof(uint32_t)] \
+ __attribute__((aligned(STACK_ALIGNMENT))); \
+DO_PRAGMA(clang section bss="")
+#else
#define DECLARE_STACK(name, num_stacks, stack_size, linkage) \
linkage uint32_t name[num_stacks] \
[ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \
STACK_ALIGNMENT) / sizeof(uint32_t)] \
__attribute__((section(".nozi_stack." # name), \
aligned(STACK_ALIGNMENT)))
-
+#endif
#define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack))
DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, STACK_TMP_SIZE,
diff --git a/core/mm/pgt_cache.c b/core/mm/pgt_cache.c
index 79553c6d2..b9efdf427 100644
--- a/core/mm/pgt_cache.c
+++ b/core/mm/pgt_cache.c
@@ -410,8 +410,18 @@ void pgt_init(void)
* has a large alignment, while .bss has a small alignment. The current
* link script is optimized for small alignment in .bss
*/
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.l2"
+#endif
static uint8_t pgt_tables[PGT_CACHE_SIZE][PGT_SIZE]
- __aligned(PGT_SIZE) __section(".nozi.pgt_cache");
+ __aligned(PGT_SIZE)
+#ifndef __clang__
+ __section(".nozi.pgt_cache")
+#endif
+ ;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
size_t n;
for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) {
--
2.43.2

4
meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0001-core-imx-support-ccimx91-dvk.patch
View File

@ -11,7 +11,7 @@ Signed-off-by: Javier Viguera <javier.viguera@digi.com>
2 files changed, 7 insertions(+)
diff --git a/core/arch/arm/plat-imx/conf.mk b/core/arch/arm/plat-imx/conf.mk
index 33647835f2fb..ca0a718ba6e5 100644
index d1fc2882e598..ffa39129e0be 100644
--- a/core/arch/arm/plat-imx/conf.mk
+++ b/core/arch/arm/plat-imx/conf.mk
@@ -95,6 +95,7 @@ mx95-flavorlist = \
@ -22,7 +22,7 @@ index 33647835f2fb..ca0a718ba6e5 100644
mx91evk \
ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx6ul-flavorlist)))
@@ -493,6 +494,11 @@ CFG_DDR_SIZE ?= 0x80000000
@@ -494,6 +495,11 @@ CFG_DDR_SIZE ?= 0x80000000
CFG_UART_BASE ?= UART1_BASE
endif

4
meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0001-core-imx-support-ccimx93-dvk.patch
View File

@ -13,7 +13,7 @@ Signed-off-by: Javier Viguera <javier.viguera@digi.com>
2 files changed, 18 insertions(+)
diff --git a/core/arch/arm/plat-imx/conf.mk b/core/arch/arm/plat-imx/conf.mk
index 33647835f2fb..8d065a3d3db3 100644
index d1fc2882e598..4e7b065ec180 100644
--- a/core/arch/arm/plat-imx/conf.mk
+++ b/core/arch/arm/plat-imx/conf.mk
@@ -89,6 +89,8 @@ mx8ulp-flavorlist = \
@ -25,7 +25,7 @@ index 33647835f2fb..8d065a3d3db3 100644
mx93evk \
mx95-flavorlist = \
@@ -493,6 +495,17 @@ CFG_DDR_SIZE ?= 0x80000000
@@ -494,6 +496,17 @@ CFG_DDR_SIZE ?= 0x80000000
CFG_UART_BASE ?= UART1_BASE
endif

4
meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0002-core-ccimx93-enable-AES_HUK-trusted-application.patch
View File

@ -26,10 +26,10 @@ Signed-off-by: Javier Viguera <javier.viguera@digi.com>
create mode 100644 ta/aes_huk/user_ta_header_defines.h
diff --git a/core/arch/arm/plat-imx/conf.mk b/core/arch/arm/plat-imx/conf.mk
index 8d065a3d3db3..de1cf45ca9b6 100644
index 4e7b065ec180..4e8b351bd877 100644
--- a/core/arch/arm/plat-imx/conf.mk
+++ b/core/arch/arm/plat-imx/conf.mk
@@ -498,12 +498,14 @@ endif
@@ -499,12 +499,14 @@ endif
ifneq (,$(filter $(PLATFORM_FLAVOR),ccimx93dvk))
CFG_DDR_SIZE ?= 0x40000000
CFG_UART_BASE ?= UART6_BASE

133
meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
View File

@ -1,133 +0,0 @@
From 6f738803a59613ec4a683ddbc1747ebffd75a4e6 Mon Sep 17 00:00:00 2001
From: Jerome Forissier <jerome.forissier@linaro.org>
Date: Tue, 23 Aug 2022 12:31:46 +0000
Subject: [PATCH 3/4] arm32: libutils, libutee, ta: add .note.GNU-stack section
to
.S files
When building for arm32 with GNU binutils 2.39, the linker outputs
warnings when linking Trusted Applications:
arm-unknown-linux-uclibcgnueabihf-ld.bfd: warning: utee_syscalls_a32.o: missing .note.GNU-stack section implies executable stack
arm-unknown-linux-uclibcgnueabihf-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
We could silence the warning by adding the '-z execstack' option to the
TA link flags, like we did in the parent commit for the TEE core and
ldelf. Indeed, ldelf always allocates a non-executable piece of memory
for the TA to use as a stack.
However it seems preferable to comply with the common ELF practices in
this case. A better fix is therefore to add the missing .note.GNU-stack
sections in the assembler files.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
---
lib/libutee/arch/arm/utee_syscalls_a32.S | 2 ++
lib/libutils/ext/arch/arm/atomic_a32.S | 2 ++
lib/libutils/ext/arch/arm/mcount_a32.S | 2 ++
lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S | 2 ++
lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S | 2 ++
lib/libutils/isoc/arch/arm/setjmp_a32.S | 2 ++
ta/arch/arm/ta_entry_a32.S | 2 ++
7 files changed, 14 insertions(+)
diff --git a/lib/libutee/arch/arm/utee_syscalls_a32.S b/lib/libutee/arch/arm/utee_syscalls_a32.S
index 2dea83ab8..668b65a86 100644
--- a/lib/libutee/arch/arm/utee_syscalls_a32.S
+++ b/lib/libutee/arch/arm/utee_syscalls_a32.S
@@ -9,6 +9,8 @@
.section .note.GNU-stack,"",%progbits
+ .section .note.GNU-stack,"",%progbits
+
.section .text
.balign 4
.code 32
diff --git a/lib/libutils/ext/arch/arm/atomic_a32.S b/lib/libutils/ext/arch/arm/atomic_a32.S
index 2be73ffad..87ddf1065 100644
--- a/lib/libutils/ext/arch/arm/atomic_a32.S
+++ b/lib/libutils/ext/arch/arm/atomic_a32.S
@@ -7,6 +7,8 @@
.section .note.GNU-stack,"",%progbits
+ .section .note.GNU-stack,"",%progbits
+
/* uint32_t atomic_inc32(uint32_t *v); */
FUNC atomic_inc32 , :
ldrex r1, [r0]
diff --git a/lib/libutils/ext/arch/arm/mcount_a32.S b/lib/libutils/ext/arch/arm/mcount_a32.S
index 54dc3c02d..2f24632b8 100644
--- a/lib/libutils/ext/arch/arm/mcount_a32.S
+++ b/lib/libutils/ext/arch/arm/mcount_a32.S
@@ -9,6 +9,8 @@
.section .note.GNU-stack,"",%progbits
+ .section .note.GNU-stack,"",%progbits
+
/*
* Convert return address to call site address by subtracting the size of the
* mcount call instruction (blx __gnu_mcount_nc).
diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
index 37ae9ec6f..bc6c48b1a 100644
--- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
@@ -7,6 +7,8 @@
.section .note.GNU-stack,"",%progbits
+ .section .note.GNU-stack,"",%progbits
+
/*
* signed ret_idivmod_values(signed quot, signed rem);
* return quotient and remaining the EABI way (regs r0,r1)
diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
index 5c3353e2c..9fb5e0283 100644
--- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
@@ -7,6 +7,8 @@
.section .note.GNU-stack,"",%progbits
+ .section .note.GNU-stack,"",%progbits
+
/*
* __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d)
*/
diff --git a/lib/libutils/isoc/arch/arm/setjmp_a32.S b/lib/libutils/isoc/arch/arm/setjmp_a32.S
index f8a0b70df..37d7cb88e 100644
--- a/lib/libutils/isoc/arch/arm/setjmp_a32.S
+++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S
@@ -53,6 +53,8 @@
.section .note.GNU-stack,"",%progbits
+ .section .note.GNU-stack,"",%progbits
+
/* Arm/Thumb interworking support:
The interworking scheme expects functions to use a BX instruction
diff --git a/ta/arch/arm/ta_entry_a32.S b/ta/arch/arm/ta_entry_a32.S
index cd9a12f9d..ccdc19928 100644
--- a/ta/arch/arm/ta_entry_a32.S
+++ b/ta/arch/arm/ta_entry_a32.S
@@ -7,6 +7,8 @@
.section .note.GNU-stack,"",%progbits
+ .section .note.GNU-stack,"",%progbits
+
/*
* This function is the bottom of the user call stack. Mark it as such so that
* the unwinding code won't try to go further down.
--
2.43.2

67
meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch
View File

@ -1,67 +0,0 @@
From a63f82f74e015eb662242cdb51ef814e3f576829 Mon Sep 17 00:00:00 2001
From: Jerome Forissier <jerome.forissier@linaro.org>
Date: Fri, 5 Aug 2022 09:48:03 +0200
Subject: [PATCH 4/4] core: link: add --no-warn-rwx-segments
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474]
binutils ld.bfd generates one RWX LOAD segment by merging several sections
with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it
also warns by default when that happens [1], which breaks the build due to
--fatal-warnings. The RWX segment is not a problem for the TEE core, since
that information is not used to set memory permissions. Therefore, silence
the warning.
Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448
Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
---
core/arch/arm/kernel/link.mk | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
index 49e9f4fa1..9e1cc172f 100644
--- a/core/arch/arm/kernel/link.mk
+++ b/core/arch/arm/kernel/link.mk
@@ -37,6 +37,7 @@ link-ldflags += --sort-section=alignment
link-ldflags += --fatal-warnings
link-ldflags += --gc-sections
link-ldflags += $(link-ldflags-common)
+link-ldflags += $(call ld-option,--no-warn-rwx-segments)
link-ldadd = $(LDADD)
link-ldadd += $(ldflags-external)
@@ -61,6 +62,7 @@ link-script-cppflags := \
$(cppflagscore))
ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \
+ $(call ld-option,--no-warn-rwx-segments) \
$(link-ldflags-common) \
$(link-objs) $(link-ldadd) $(libgcccore)
cleanfiles += $(link-out-dir)/all_objs.o
@@ -75,7 +77,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o
$(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@
unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
- $(link-ldflags-common)
+ $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments)
unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore)
cleanfiles += $(link-out-dir)/unpaged.o
$(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt
@@ -104,7 +106,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o
$(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@
init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
- $(link-ldflags-common)
+ $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments)
init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \
$(libgcccore)
cleanfiles += $(link-out-dir)/init.o
--
2.43.2

14
meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch → meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0007-allow-setting-sysroot-for-clang.patch
View File

@ -1,7 +1,7 @@
From 2ba573c9763329fbfdfacc8393d565ab747cac4d Mon Sep 17 00:00:00 2001
From db9e44af75c7cfd3316cab15aaa387383df3e57e Mon Sep 17 00:00:00 2001
From: Brett Warren <brett.warren@arm.com>
Date: Wed, 23 Sep 2020 09:27:34 +0100
Subject: [PATCH 2/4] optee: enable clang support
Subject: [PATCH] optee: enable clang support
When compiling with clang, the LIBGCC_LOCATE_CFLAG variable used
to provide a sysroot wasn't included, which results in not locating
@ -10,17 +10,16 @@ compiler-rt. This is mitigated by including the variable as ammended.
Upstream-Status: Pending
ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701
Signed-off-by: Brett Warren <brett.warren@arm.com>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
---
---
mk/clang.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mk/clang.mk b/mk/clang.mk
index a045beee8..1ebe2f702 100644
index c141a3f2..7d067cc0 100644
--- a/mk/clang.mk
+++ b/mk/clang.mk
@@ -30,7 +30,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
@@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
# Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of
# libgcc for clang
@ -29,6 +28,3 @@ index a045beee8..1ebe2f702 100644
-rtlib=compiler-rt -print-libgcc-file-name 2> /dev/null)
# Core ASLR relies on the executable being ready to run from its preferred load
--
2.43.2

9
meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os_4.4.0.imx.bb
View File

@ -1,9 +0,0 @@
# Copyright (C) 2025, Digi International Inc.
#
# Reuse meta-freescale's optee-os_4.2.0.imx.bb
#
require recipes-security/optee-imx/optee-os_4.2.0.imx.bb
SRCBRANCH = "lf-6.6.52_2.2.0"
SRCREV = "60beb308810f9561a67fdb435388a64c85eb6dcb"

10
meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os_4.4.0.imx.bbappend
View File

@ -21,7 +21,7 @@ PLATFORM_FLAVOR:ccimx91 = "ccimx91dvk"
PLATFORM_FLAVOR:ccimx93 = "ccimx93dvk"
do_compile:append:ccimx93 () {
oe_runmake PLATFORM=imx-${PLATFORM_FLAVOR}_a0 O=${B}-A0 all
oe_runmake -C ${S} PLATFORM=imx-${PLATFORM_FLAVOR}_a0 O=${B}-A0
}
do_compile:ccimx93[cleandirs] += "${B}-A0"
@ -29,10 +29,10 @@ do_deploy:append:ccimx93 () {
cp ${B}-A0/core/tee-raw.bin ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}_a0.bin
}
do_install:append () {
mkdir -p ${D}/environment-setup.d
sed -e "s,#OPTEE_ARCH#,${OPTEE_ARCH},g" ${WORKDIR}/environment.d-optee-sdk.sh > ${D}/environment-setup.d/optee-sdk.sh
do_install:append() {
mkdir -p ${D}/environment-setup.d
sed -e "s,#OPTEE_ARCH#,${OPTEE_ARCH},g" ${WORKDIR}/environment.d-optee-sdk.sh >${D}/environment-setup.d/optee-sdk.sh
}
FILES:${PN}-staticdev += " /environment-setup.d/"
FILES:${PN}-staticdev += "/environment-setup.d/"
INSANE_SKIP:${PN}-staticdev += "buildpaths"

15
meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-test_4.4.0.imx.bb
View File

@ -1,15 +0,0 @@
# Copyright (C) 2025, Digi International Inc.
#
# Reuse meta-freescale's optee-test_4.2.0.imx.bb
#
require recipes-security/optee-imx/optee-test_4.2.0.imx.bb
# The BSD and GPL license files are now included in the source
# https://github.com/OP-TEE/optee_test/commit/a748f5fcd9ec8a574dc86a5aa56d05bc6ac174e7
LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a8fa504109e4cd7ea575bc49ea4be560 \
file://LICENSE-BSD;md5=dca16d6efa93b55d0fd662ae5cd6feeb \
file://LICENSE-GPL;md5=10e86b5d2a6cb0e2b9dcfdd26a9ac58d"
SRCBRANCH = "lf-6.6.52_2.2.0"
SRCREV = "dafc98ed8364d7281a9a7f0788dd0a2067844a59"