From 74753d8f99e0693da1b8218258a394dfd692072a Mon Sep 17 00:00:00 2001 From: Javier Viguera Date: Fri, 5 Sep 2025 19:38:40 +0200 Subject: [PATCH] imx-boot: update boot artifacts for NXP's lf-6.6.52-2.2.1 release Also, refresh patches on top of new release. https://onedigi.atlassian.net/browse/DEL-9748 Signed-off-by: Javier Viguera --- .../conf/machine/include/imx-digi-base.inc | 8 + .../firmware-imx/firmware-imx-8.26.1.inc | 16 ++ .../imx-boot-firmware-files_8.26.1.bb | 61 +++++ ...93-use-UART6-for-the-default-console.patch | 2 +- ...fine-UART1-as-console-for-boot-stage.patch | 2 +- ...0002-imx8mm-Disable-M4-debug-console.patch | 2 +- ...fine-UART1-as-console-for-boot-stage.patch | 4 +- ...0004-imx8mn-Disable-M7-debug-console.patch | 2 +- .../recipes-bsp/imx-atf/imx-atf_%.bbappend | 2 - ...pture-commands-output-into-a-log-fil.patch | 4 +- .../imx-mkimage/imx-boot_1.0.bbappend | 19 -- .../imx-mkimage/imx-mkimage_git.inc | 6 +- .../recipes-bsp/imx-seco/imx-seco_5.9.4.1.bb | 1 - .../optee-client/tee-supplicant.service | 10 - .../optee-imx/optee-client_4.4.0.imx.bb | 9 - .../optee-imx/optee-client_4.4.0.imx.bbappend | 19 +- ...-Define-section-attributes-for-clang.patch | 245 ------------------ .../0001-core-imx-support-ccimx91-dvk.patch | 4 +- .../0001-core-imx-support-ccimx93-dvk.patch | 4 +- ...3-enable-AES_HUK-trusted-application.patch | 4 +- ...ibutee-ta-add-.note.GNU-stack-sectio.patch | 133 ---------- ...4-core-link-add-no-warn-rwx-segments.patch | 67 ----- ...007-allow-setting-sysroot-for-clang.patch} | 14 +- .../optee-imx/optee-os_4.4.0.imx.bb | 9 - .../optee-imx/optee-os_4.4.0.imx.bbappend | 10 +- .../optee-imx/optee-test_4.4.0.imx.bb | 15 -- 26 files changed, 119 insertions(+), 553 deletions(-) create mode 100644 meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/firmware-imx/firmware-imx-8.26.1.inc create mode 100644 meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/firmware-imx/imx-boot-firmware-files_8.26.1.bb delete mode 100644 meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-client/tee-supplicant.service delete mode 100644 meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-client_4.4.0.imx.bb delete mode 100644 meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch delete mode 100644 meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch delete mode 100644 meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch rename meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/{0002-optee-enable-clang-support.patch => 0007-allow-setting-sysroot-for-clang.patch} (77%) delete mode 100644 meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os_4.4.0.imx.bb delete mode 100644 meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-test_4.4.0.imx.bb diff --git a/meta-digi-arm/conf/machine/include/imx-digi-base.inc b/meta-digi-arm/conf/machine/include/imx-digi-base.inc index 0261b5a08..9c1c58f88 100644 --- a/meta-digi-arm/conf/machine/include/imx-digi-base.inc +++ b/meta-digi-arm/conf/machine/include/imx-digi-base.inc @@ -57,6 +57,11 @@ DEFAULTTUNE:mx93-nxp-bsp ?= "armv8a-crc-crypto" INHERIT += "machine-overrides-extender" +IMX_SOC_REV ??= "A0" +IMX_SOC_REV:mx93-generic-bsp ??= "A1" +IMX_SOC_REV_LOWER = "${@d.getVar('IMX_SOC_REV').lower()}" +IMX_SOC_REV_UPPER = "${@d.getVar('IMX_SOC_REV').upper()}" + ####### ### NXP BSP specific overrides ####### @@ -315,6 +320,9 @@ PREFERRED_VERSION_optee-client:mx9-nxp-bsp ??= "4.4.0.imx" PREFERRED_VERSION_optee-test:mx8-nxp-bsp ??= "4.4.0.imx" PREFERRED_VERSION_optee-test:mx9-nxp-bsp ??= "4.4.0.imx" +# Firmware from NXP's "lf-6.6.52-2.2.1" release +PREFERRED_VERSION_imx-boot-firmware-files:imx-nxp-bsp ??= "8.26.1" + # Optee runtime packages to install OPTEE_PKGS ??= "optee-client optee-os" diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/firmware-imx/firmware-imx-8.26.1.inc b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/firmware-imx/firmware-imx-8.26.1.inc new file mode 100644 index 000000000..b7a035d91 --- /dev/null +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/firmware-imx/firmware-imx-8.26.1.inc @@ -0,0 +1,16 @@ +# Copyright (C) 2012-2016 Freescale Semiconductor +# Copyright 2017-2025 NXP +# Copyright (C) 2018 O.S. Systems Software LTDA. +SECTION = "base" +LICENSE = "Proprietary" +LIC_FILES_CHKSUM = "file://COPYING;md5=bc649096ad3928ec06a8713b8d787eac" + +# Note: This .inc file is used from differently named recipes, so the package +# name must be hard-coded, i.e., ${BPN} cannot be used. +SRC_URI = "${FSL_MIRROR}/firmware-imx-${PV}-${IMX_SRCREV_ABBREV}.bin;fsl-eula=true" +IMX_SRCREV_ABBREV = "410be01" +SRC_URI[sha256sum] = "0c2e2136c1efa544409017f14f07a1412cf8c1702075ed0e4060e903b91fe313" + +S = "${WORKDIR}/firmware-imx-${PV}-${IMX_SRCREV_ABBREV}" + +inherit fsl-eula-unpack diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/firmware-imx/imx-boot-firmware-files_8.26.1.bb b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/firmware-imx/imx-boot-firmware-files_8.26.1.bb new file mode 100644 index 000000000..4c0d51c8a --- /dev/null +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/firmware-imx/imx-boot-firmware-files_8.26.1.bb @@ -0,0 +1,61 @@ +# Copyright (C) 2018-2025 NXP +SUMMARY = "Freescale i.MX Firmware files used for boot" + +require firmware-imx-${PV}.inc + +inherit deploy nopackages + +do_install[noexec] = "1" + +DEPLOY_FOR = "" +DEPLOY_FOR:mx8-generic-bsp = "mx8" +DEPLOY_FOR:mx8m-generic-bsp = "mx8m" +DEPLOY_FOR:mx9-generic-bsp = "mx9" + +deploy_for_mx8() { + # Cadence HDMI + install -m 0644 ${S}/firmware/hdmi/cadence/hdmitxfw.bin ${DEPLOYDIR} + install -m 0644 ${S}/firmware/hdmi/cadence/hdmirxfw.bin ${DEPLOYDIR} + install -m 0644 ${S}/firmware/hdmi/cadence/dpfw.bin ${DEPLOYDIR} +} + +deploy_for_mx8m() { + # Synopsys DDR + for ddr_firmware in ${DDR_FIRMWARE_NAME}; do + install -m 0644 ${S}/firmware/ddr/synopsys/${ddr_firmware} ${DEPLOYDIR} + done + + # Cadence DP and HDMI + install -m 0644 ${S}/firmware/hdmi/cadence/signed_dp_imx8m.bin ${DEPLOYDIR} + install -m 0644 ${S}/firmware/hdmi/cadence/signed_hdmi_imx8m.bin ${DEPLOYDIR} +} + + +deploy_for_mx9() { + # Synopsys DDR + for ddr_firmware in ${DDR_FIRMWARE_NAME}; do + install -m 0644 ${S}/firmware/ddr/synopsys/${ddr_firmware} ${DEPLOYDIR} + done +} + +python () { + # Manually add the required functions as dependencies otherwise they won't be included in the + # final run script. + deploy_for = d.getVar('DEPLOY_FOR', True).split() + for soc in deploy_for: + d.appendVarFlag('do_deploy', 'vardeps', ' deploy_for_%s' % soc) +} + +do_deploy () { + for soc in ${DEPLOY_FOR}; do + bbnote "Running deploy for $soc" + deploy_for_$soc + done +} + +addtask deploy after do_install before do_build + +PACKAGE_ARCH = "${MACHINE_SOCARCH}" + +COMPATIBLE_MACHINE = "(mx8-generic-bsp|mx9-generic-bsp)" +COMPATIBLE_MACHINE:mx8x-generic-bsp = "(^$)" diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0001-ccimx93-use-UART6-for-the-default-console.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0001-ccimx93-use-UART6-for-the-default-console.patch index bee73ebcd..bea255efb 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0001-ccimx93-use-UART6-for-the-default-console.patch +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0001-ccimx93-use-UART6-for-the-default-console.patch @@ -10,7 +10,7 @@ Signed-off-by: Javier Viguera 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plat/imx/imx93/include/platform_def.h b/plat/imx/imx93/include/platform_def.h -index 2d140400d97e..cb5b6eba061c 100644 +index 82e904b2c962..ef74d847decd 100644 --- a/plat/imx/imx93/include/platform_def.h +++ b/plat/imx/imx93/include/platform_def.h @@ -53,7 +53,7 @@ diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0001-imx8mm-Define-UART1-as-console-for-boot-stage.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0001-imx8mm-Define-UART1-as-console-for-boot-stage.patch index a65a1d6c4..60fd9e1b6 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0001-imx8mm-Define-UART1-as-console-for-boot-stage.patch +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0001-imx8mm-Define-UART1-as-console-for-boot-stage.patch @@ -13,7 +13,7 @@ Signed-off-by: Gabriel Valcazar 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plat/imx/imx8m/imx8mm/platform.mk b/plat/imx/imx8m/imx8mm/platform.mk -index 41fc3507f..1de30f40f 100644 +index 41fc3507f796..1de30f40f397 100644 --- a/plat/imx/imx8m/imx8mm/platform.mk +++ b/plat/imx/imx8m/imx8mm/platform.mk @@ -172,7 +172,7 @@ $(eval $(call add_define,BL32_BASE)) diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0002-imx8mm-Disable-M4-debug-console.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0002-imx8mm-Disable-M4-debug-console.patch index 015ea5826..4523fd8a7 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0002-imx8mm-Disable-M4-debug-console.patch +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0002-imx8mm-Disable-M4-debug-console.patch @@ -14,7 +14,7 @@ Signed-off-by: Arturo Buzarra 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c b/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c -index 179b6226f..388deae2b 100644 +index 179b6226f00f..388deae2b0e8 100644 --- a/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c +++ b/plat/imx/imx8m/imx8mm/imx8mm_bl31_setup.c @@ -117,7 +117,7 @@ static const struct imx_rdc_cfg rdc[] = { diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0003-imx8mn-Define-UART1-as-console-for-boot-stage.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0003-imx8mn-Define-UART1-as-console-for-boot-stage.patch index ca6f033ae..a179bddb6 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0003-imx8mn-Define-UART1-as-console-for-boot-stage.patch +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0003-imx8mn-Define-UART1-as-console-for-boot-stage.patch @@ -14,7 +14,7 @@ Signed-off-by: Gabriel Valcazar 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c b/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c -index 312eb32d1..9a82be010 100644 +index 312eb32d1cb5..9a82be010e49 100644 --- a/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c +++ b/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c @@ -110,7 +110,7 @@ static const struct imx_rdc_cfg rdc[] = { @@ -27,7 +27,7 @@ index 312eb32d1..9a82be010 100644 /* memory region */ diff --git a/plat/imx/imx8m/imx8mn/platform.mk b/plat/imx/imx8m/imx8mn/platform.mk -index 84519426c..964ed9e5c 100644 +index 84519426c68a..964ed9e5c2d1 100644 --- a/plat/imx/imx8m/imx8mn/platform.mk +++ b/plat/imx/imx8m/imx8mn/platform.mk @@ -77,7 +77,7 @@ $(eval $(call add_define,BL32_BASE)) diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0004-imx8mn-Disable-M7-debug-console.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0004-imx8mn-Disable-M7-debug-console.patch index f74e227e2..968cb1279 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0004-imx8mn-Disable-M7-debug-console.patch +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf/0004-imx8mn-Disable-M7-debug-console.patch @@ -15,7 +15,7 @@ Signed-off-by: Gabriel Valcazar 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c b/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c -index 9a82be010..7f9a0f5f4 100644 +index 9a82be010e49..7f9a0f5f4c85 100644 --- a/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c +++ b/plat/imx/imx8m/imx8mn/imx8mn_bl31_setup.c @@ -109,7 +109,7 @@ static const struct imx_rdc_cfg rdc[] = { diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf_%.bbappend b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf_%.bbappend index 336f4cf98..5071523ce 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf_%.bbappend +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-atf/imx-atf_%.bbappend @@ -17,8 +17,6 @@ SRC_URI:append:ccimx93 = " \ file://0002-imx93-bring-back-ELE-clock-workaround-for-soc-revisi.patch \ " -SRCREV = "1b27ee3edbb40ef9432c69ccaa744d1ac5d54c5d" - BOOT_TOOLS = "imx-boot-tools" EXTRA_OEMAKE += "${@oe.utils.conditional('TRUSTFENCE_CONSOLE_DISABLE', '1', 'LOG_LEVEL=0', '', d)}" diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0001-imx91-soc.mak-capture-commands-output-into-a-log-fil.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0001-imx91-soc.mak-capture-commands-output-into-a-log-fil.patch index 95e593f58..2376e7871 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0001-imx91-soc.mak-capture-commands-output-into-a-log-fil.patch +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0001-imx91-soc.mak-capture-commands-output-into-a-log-fil.patch @@ -13,7 +13,7 @@ Signed-off-by: Javier Viguera 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/iMX91/soc.mak b/iMX91/soc.mak -index b87a5bef79ce..3db3760c546d 100644 +index fca7fdc447b0..2b884d0b3c69 100644 --- a/iMX91/soc.mak +++ b/iMX91/soc.mak @@ -1,4 +1,5 @@ @@ -48,4 +48,4 @@ index b87a5bef79ce..3db3760c546d 100644 + ./$(MKIMG) -soc IMX9 -append $(AHAB_IMG) -c -ap $(SPL_A55_IMG) a55 $(SPL_LOAD_ADDR) -out flash.bin | tee -a $(MKIMAGE_LOG) $(call append_container,u-boot-atf-container.img,1) - flash_singleboot_no_ahabfw: $(MKIMG) $(SPL_A55_IMG) u-boot-atf-container.img + flash_singleboot_gdet: $(MKIMG) $(AHAB_IMG) $(SPL_A55_IMG) u-boot-atf-container.img diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend index f73e80ea6..91859a213 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend @@ -17,22 +17,12 @@ SRC_URI:append:ccimx93 = " \ file://0001-imx93-soc.mak-capture-commands-output-into-a-log-fil.patch \ file://0002-imx93-soc.mak-add-makefile-target-to-build-A0-revisi.patch \ " -SRCBRANCH = "lf-6.6.52_2.2.0" -SRCREV = "71b8c18af93a5eb972d80fbec290006066cff24f" DEPENDS += "${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'trustfence-sign-tools-native', '', d)}" # Do not tag imx-boot UUU_BOOTLOADER:mx8-generic-bsp = "" UUU_BOOTLOADER:mx9-generic-bsp = "" -BOOT_STAGING:mx91-generic-bsp = "${S}/iMX91" -BOOT_STAGING:mx93-generic-bsp = "${S}/iMX93" - -# Add SOC family -SOC_FAMILY:mx91-generic-bsp = "mx91" - -REV_OPTION:ccimx91 = "REV=A0" -REV_OPTION:ccimx93 = "REV=A1" # Revert compile_mx8m() to how it was in kirkstone branch of meta-freescale, # otherwise, a dead symlink is created in place of the dtb @@ -83,11 +73,6 @@ compile_mx93:append:ccimx93() { fi } -compile_mx91() { - bbnote i.MX 91 boot binary build - compile_mx93 -} - do_compile:append:ccimx8m() { bbnote "building ${IMX_BOOT_SOC_TARGET} - print_fit_hab" make SOC=${IMX_BOOT_SOC_TARGET} dtbs=${UBOOT_DTB_NAME} print_fit_hab @@ -127,10 +112,6 @@ do_install:ccimx8x () { done } -deploy_mx91() { - deploy_mx93 -} - generate_symlinks() { # imx-boot recipe in meta-freescale supports *multiple* build configurations. # We assume here only ONE build configuration for our platforms (otherwise diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-mkimage_git.inc b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-mkimage_git.inc index 90081835e..558c06d29 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-mkimage_git.inc +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-mkimage_git.inc @@ -1,12 +1,14 @@ # Copyright 2017-2023 NXP +# Keep the depends "not-native" so they get properly transformed +# for native/nativesdk packages DEPENDS = "zlib openssl" SRC_URI = "git://github.com/nxp-imx/imx-mkimage.git;protocol=https;branch=${SRCBRANCH} \ file://0001-iMX8M-soc.mak-use-native-mkimage-from-sysroot.patch \ " -SRCBRANCH = "lf-6.6.52_2.2.0" -SRCREV = "71b8c18af93a5eb972d80fbec290006066cff24f" +SRCBRANCH = "lf-6.6.52_2.2.1" +SRCREV = "81fca6434be0610f3f9216a762aadc4dc3e8d8db" S = "${WORKDIR}/git" diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-seco/imx-seco_5.9.4.1.bb b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-seco/imx-seco_5.9.4.1.bb index 916854e94..3126e4729 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-seco/imx-seco_5.9.4.1.bb +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-seco/imx-seco_5.9.4.1.bb @@ -7,7 +7,6 @@ require recipes-bsp/imx-seco/imx-seco_5.9.4.bb LIC_FILES_CHKSUM = "file://COPYING;md5=ca53281cc0caa7e320d4945a896fb837" -SRC_URI[md5sum] = "2a8fcdd322713bc127398ee66bf9b50a" SRC_URI[sha256sum] = "bd8dc01966076836aabff53f2463295294166595006e1db430db21b6ffa6b667" IMX_SRCREV_ABBREV = "0333596" diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-client/tee-supplicant.service b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-client/tee-supplicant.service deleted file mode 100644 index c273832d7..000000000 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-client/tee-supplicant.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=TEE Supplicant - -[Service] -User=root -EnvironmentFile=-@sysconfdir@/default/tee-supplicant -ExecStart=@sbindir@/tee-supplicant $OPTARGS - -[Install] -WantedBy=basic.target diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-client_4.4.0.imx.bb b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-client_4.4.0.imx.bb deleted file mode 100644 index 3227e8633..000000000 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-client_4.4.0.imx.bb +++ /dev/null @@ -1,9 +0,0 @@ -# Copyright (C) 2025, Digi International Inc. - -# -# Reuse meta-freescale's optee-client_4.2.0.imx.bb -# -require recipes-security/optee-imx/optee-client_4.2.0.imx.bb - -SRCBRANCH = "lf-6.6.52_2.2.0" -SRCREV = "d221676a58b305bddbf97db00395205b3038de8e" diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-client_4.4.0.imx.bbappend b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-client_4.4.0.imx.bbappend index 683fe915b..f7176e46b 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-client_4.4.0.imx.bbappend +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-client_4.4.0.imx.bbappend @@ -1,19 +1,12 @@ # Copyright (C) 2024, 2025, Digi International Inc. + FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}:" SRC_URI += "${@oe.utils.vartrue('TRUSTFENCE_FILE_BASED_ENCRYPT', 'file://tee-supplicant', '', d)}" -EXTRA_OEMAKE += "PKG_CONFIG=pkg-config CFG_TEE_FS_PARENT_PATH='${localstatedir}/lib/tee'" - -do_install() { - oe_runmake DESTDIR=${D} install - install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service - sed -i -e s:@sysconfdir@:${sysconfdir}:g \ - -e s:@sbindir@:${sbindir}:g \ - ${D}${systemd_system_unitdir}/tee-supplicant.service - - if ${@oe.utils.vartrue('TRUSTFENCE_FILE_BASED_ENCRYPT', 'true', 'false',d)}; then - install -d ${D}${sysconfdir}/default/ - install -m 0644 ${WORKDIR}/tee-supplicant ${D}${sysconfdir}/default/tee-supplicant - fi +do_install:append(){ + if ${@oe.utils.vartrue('TRUSTFENCE_FILE_BASED_ENCRYPT', 'true', 'false',d)}; then + install -d ${D}${sysconfdir}/default/ + install -m 0644 ${WORKDIR}/tee-supplicant ${D}${sysconfdir}/default/tee-supplicant + fi } diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch deleted file mode 100644 index 54fbe5419..000000000 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch +++ /dev/null @@ -1,245 +0,0 @@ -From ef83625c9a5f50610e25aa860c4b9c5e64723a66 Mon Sep 17 00:00:00 2001 -From: Emekcan Aras -Date: Wed, 21 Dec 2022 10:55:58 +0000 -Subject: [PATCH 1/4] core: Define section attributes for clang - -Clang's attribute section is not same as gcc, here we need to add flags -to sections so they can be eventually collected by linker into final -output segments. Only way to do so with clang is to use - -pragma clang section ... - -The behavious is described here [1], this allows us to define names bss -sections. This was not an issue until clang-15 where LLD linker starts -to detect the section flags before merging them and throws the following -errors - -| ld.lld: error: section type mismatch for .nozi.kdata_page -| >>> /mnt/b/yoe/master/build/tmp/work/qemuarm64-yoe-linux/optee-os-tadevkit/3.17.0-r0/build/core/arch/arm/kernel/thread.o:(.nozi.kdata_page): SHT_PROGBITS -| >>> output section .nozi: SHT_NOBITS -| -| ld.lld: error: section type mismatch for .nozi.mmu.l2 -| >>> /mnt/b/yoe/master/build/tmp/work/qemuarm64-yoe-linux/optee-os-tadevkit/3.17.0-r0/build/core/arch/arm/mm/core_mmu_lpae.o:(.nozi.mmu.l2): SHT_PROGBITS -| >>> output section .nozi: SHT_NOBITS - -These sections should be carrying SHT_NOBITS but so far it was not -possible to do so, this patch tries to use clangs pragma to get this -going and match the functionality with gcc. - -[1] https://intel.github.io/llvm-docs/clang/LanguageExtensions.html#specifying-section-names-for-global-objects-pragma-clang-section - -Upstream-Status: Pending -Signed-off-by: Khem Raj -Signed-off-by: Oleksandr Suvorov ---- - - core/arch/arm/kernel/thread.c | 19 +++++++++++++++-- - core/arch/arm/mm/core_mmu_lpae.c | 35 +++++++++++++++++++++++++++---- - core/arch/arm/mm/core_mmu_v7.c | 36 +++++++++++++++++++++++++++++--- - core/kernel/thread.c | 13 +++++++++++- - core/mm/pgt_cache.c | 12 ++++++++++- - 5 files changed, 104 insertions(+), 11 deletions(-) - -diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c -index 66833b3a0..b3eb9cf9a 100644 ---- a/core/arch/arm/kernel/thread.c -+++ b/core/arch/arm/kernel/thread.c -@@ -45,15 +45,30 @@ static size_t thread_user_kcode_size __nex_bss; - #if defined(CFG_CORE_UNMAP_CORE_AT_EL0) && \ - defined(CFG_CORE_WORKAROUND_SPECTRE_BP_SEC) && defined(ARM64) - long thread_user_kdata_sp_offset __nex_bss; -+#ifdef __clang__ -+#ifndef CFG_VIRTUALIZATION -+#pragma clang section bss=".nozi.kdata_page" -+#else -+#pragma clang section bss=".nex_nozi.kdata_page" -+#endif -+#endif - static uint8_t thread_user_kdata_page[ - ROUNDUP(sizeof(struct thread_core_local) * CFG_TEE_CORE_NB_CORE, - SMALL_PAGE_SIZE)] - __aligned(SMALL_PAGE_SIZE) -+#ifndef __clang__ - #ifndef CFG_NS_VIRTUALIZATION -- __section(".nozi.kdata_page"); -+ __section(".nozi.kdata_page") - #else -- __section(".nex_nozi.kdata_page"); -+ __section(".nex_nozi.kdata_page") - #endif -+#endif -+ ; -+#endif -+ -+/* reset BSS section to default ( .bss ) */ -+#ifdef __clang__ -+#pragma clang section bss="" - #endif - - #ifdef ARM32 -diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c -index 4c8b85e39..1885e1d3f 100644 ---- a/core/arch/arm/mm/core_mmu_lpae.c -+++ b/core/arch/arm/mm/core_mmu_lpae.c -@@ -234,19 +234,46 @@ typedef uint16_t l1_idx_t; - typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES]; - typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES]; - -+#ifdef __clang__ -+#pragma clang section bss=".nozi.mmu.base_table" -+#endif - static base_xlat_tbls_t base_xlation_table[NUM_BASE_TABLES] - __aligned(NUM_BASE_LEVEL_ENTRIES * XLAT_ENTRY_SIZE) -- __section(".nozi.mmu.base_table"); -+#ifndef __clang__ -+ __section(".nozi.mmu.base_table") -+#endif -+; -+#ifdef __clang__ -+#pragma clang section bss="" -+#endif - -+#ifdef __clang__ -+#pragma clang section bss=".nozi.mmu.l2" -+#endif - static xlat_tbl_t xlat_tables[MAX_XLAT_TABLES] -- __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2"); -+ __aligned(XLAT_TABLE_SIZE) -+#ifndef __clang__ -+ __section(".nozi.mmu.l2") -+#endif -+; -+#ifdef __clang__ -+#pragma clang section bss="" -+#endif - - #define XLAT_TABLES_SIZE (sizeof(xlat_tbl_t) * MAX_XLAT_TABLES) - -+#ifdef __clang__ -+#pragma clang section bss=".nozi.mmu.l2" -+#endif - /* MMU L2 table for TAs, one for each thread */ - static xlat_tbl_t xlat_tables_ul1[CFG_NUM_THREADS] -- __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2"); -- -+#ifndef __clang__ -+ __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2") -+#endif -+; -+#ifdef __clang__ -+#pragma clang section bss="" -+#endif - /* - * TAs page table entry inside a level 1 page table. - * -diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c -index 61e703da8..1960c08ca 100644 ---- a/core/arch/arm/mm/core_mmu_v7.c -+++ b/core/arch/arm/mm/core_mmu_v7.c -@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_ENTRIES]; - typedef uint32_t l2_xlat_tbl_t[NUM_L2_ENTRIES]; - typedef uint32_t ul1_xlat_tbl_t[NUM_UL1_ENTRIES]; - -+#ifdef __clang__ -+#pragma clang section bss=".nozi.mmu.l1" -+#endif - static l1_xlat_tbl_t main_mmu_l1_ttb -- __aligned(L1_ALIGNMENT) __section(".nozi.mmu.l1"); -+ __aligned(L1_ALIGNMENT) -+#ifndef __clang__ -+ __section(".nozi.mmu.l1") -+#endif -+; -+#ifdef __clang__ -+#pragma clang section bss="" -+#endif - - /* L2 MMU tables */ -+#ifdef __clang__ -+#pragma clang section bss=".nozi.mmu.l2" -+#endif - static l2_xlat_tbl_t main_mmu_l2_ttb[MAX_XLAT_TABLES] -- __aligned(L2_ALIGNMENT) __section(".nozi.mmu.l2"); -+ __aligned(L2_ALIGNMENT) -+#ifndef __clang__ -+ __section(".nozi.mmu.l2") -+#endif -+; -+#ifdef __clang__ -+#pragma clang section bss="" -+#endif - - /* MMU L1 table for TAs, one for each thread */ -+#ifdef __clang__ -+#pragma clang section bss=".nozi.mmu.ul1" -+#endif - static ul1_xlat_tbl_t main_mmu_ul1_ttb[CFG_NUM_THREADS] -- __aligned(UL1_ALIGNMENT) __section(".nozi.mmu.ul1"); -+ __aligned(UL1_ALIGNMENT) -+#ifndef __clang__ -+ __section(".nozi.mmu.ul1") -+#endif -+; -+#ifdef __clang__ -+#pragma clang section bss="" -+#endif - - struct mmu_partition { - l1_xlat_tbl_t *l1_table; -diff --git a/core/kernel/thread.c b/core/kernel/thread.c -index 2a1f22dce..5516b6771 100644 ---- a/core/kernel/thread.c -+++ b/core/kernel/thread.c -@@ -39,13 +39,24 @@ static uint32_t end_canary_value = 0xababab00; - name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1] - #endif - -+#define DO_PRAGMA(x) _Pragma (#x) -+ -+#ifdef __clang__ -+#define DECLARE_STACK(name, num_stacks, stack_size, linkage) \ -+DO_PRAGMA (clang section bss=".nozi_stack." #name) \ -+linkage uint32_t name[num_stacks] \ -+ [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \ -+ STACK_ALIGNMENT) / sizeof(uint32_t)] \ -+ __attribute__((aligned(STACK_ALIGNMENT))); \ -+DO_PRAGMA(clang section bss="") -+#else - #define DECLARE_STACK(name, num_stacks, stack_size, linkage) \ - linkage uint32_t name[num_stacks] \ - [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \ - STACK_ALIGNMENT) / sizeof(uint32_t)] \ - __attribute__((section(".nozi_stack." # name), \ - aligned(STACK_ALIGNMENT))) -- -+#endif - #define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack)) - - DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, STACK_TMP_SIZE, -diff --git a/core/mm/pgt_cache.c b/core/mm/pgt_cache.c -index 79553c6d2..b9efdf427 100644 ---- a/core/mm/pgt_cache.c -+++ b/core/mm/pgt_cache.c -@@ -410,8 +410,18 @@ void pgt_init(void) - * has a large alignment, while .bss has a small alignment. The current - * link script is optimized for small alignment in .bss - */ -+#ifdef __clang__ -+#pragma clang section bss=".nozi.mmu.l2" -+#endif - static uint8_t pgt_tables[PGT_CACHE_SIZE][PGT_SIZE] -- __aligned(PGT_SIZE) __section(".nozi.pgt_cache"); -+ __aligned(PGT_SIZE) -+#ifndef __clang__ -+ __section(".nozi.pgt_cache") -+#endif -+ ; -+#ifdef __clang__ -+#pragma clang section bss="" -+#endif - size_t n; - - for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) { --- -2.43.2 - diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0001-core-imx-support-ccimx91-dvk.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0001-core-imx-support-ccimx91-dvk.patch index c19a7d443..68d6b8685 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0001-core-imx-support-ccimx91-dvk.patch +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0001-core-imx-support-ccimx91-dvk.patch @@ -11,7 +11,7 @@ Signed-off-by: Javier Viguera 2 files changed, 7 insertions(+) diff --git a/core/arch/arm/plat-imx/conf.mk b/core/arch/arm/plat-imx/conf.mk -index 33647835f2fb..ca0a718ba6e5 100644 +index d1fc2882e598..ffa39129e0be 100644 --- a/core/arch/arm/plat-imx/conf.mk +++ b/core/arch/arm/plat-imx/conf.mk @@ -95,6 +95,7 @@ mx95-flavorlist = \ @@ -22,7 +22,7 @@ index 33647835f2fb..ca0a718ba6e5 100644 mx91evk \ ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx6ul-flavorlist))) -@@ -493,6 +494,11 @@ CFG_DDR_SIZE ?= 0x80000000 +@@ -494,6 +495,11 @@ CFG_DDR_SIZE ?= 0x80000000 CFG_UART_BASE ?= UART1_BASE endif diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0001-core-imx-support-ccimx93-dvk.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0001-core-imx-support-ccimx93-dvk.patch index a892cb8d6..46d4ed89b 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0001-core-imx-support-ccimx93-dvk.patch +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0001-core-imx-support-ccimx93-dvk.patch @@ -13,7 +13,7 @@ Signed-off-by: Javier Viguera 2 files changed, 18 insertions(+) diff --git a/core/arch/arm/plat-imx/conf.mk b/core/arch/arm/plat-imx/conf.mk -index 33647835f2fb..8d065a3d3db3 100644 +index d1fc2882e598..4e7b065ec180 100644 --- a/core/arch/arm/plat-imx/conf.mk +++ b/core/arch/arm/plat-imx/conf.mk @@ -89,6 +89,8 @@ mx8ulp-flavorlist = \ @@ -25,7 +25,7 @@ index 33647835f2fb..8d065a3d3db3 100644 mx93evk \ mx95-flavorlist = \ -@@ -493,6 +495,17 @@ CFG_DDR_SIZE ?= 0x80000000 +@@ -494,6 +496,17 @@ CFG_DDR_SIZE ?= 0x80000000 CFG_UART_BASE ?= UART1_BASE endif diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0002-core-ccimx93-enable-AES_HUK-trusted-application.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0002-core-ccimx93-enable-AES_HUK-trusted-application.patch index 057576a2e..1b75ed07a 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0002-core-ccimx93-enable-AES_HUK-trusted-application.patch +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0002-core-ccimx93-enable-AES_HUK-trusted-application.patch @@ -26,10 +26,10 @@ Signed-off-by: Javier Viguera create mode 100644 ta/aes_huk/user_ta_header_defines.h diff --git a/core/arch/arm/plat-imx/conf.mk b/core/arch/arm/plat-imx/conf.mk -index 8d065a3d3db3..de1cf45ca9b6 100644 +index 4e7b065ec180..4e8b351bd877 100644 --- a/core/arch/arm/plat-imx/conf.mk +++ b/core/arch/arm/plat-imx/conf.mk -@@ -498,12 +498,14 @@ endif +@@ -499,12 +499,14 @@ endif ifneq (,$(filter $(PLATFORM_FLAVOR),ccimx93dvk)) CFG_DDR_SIZE ?= 0x40000000 CFG_UART_BASE ?= UART6_BASE diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch deleted file mode 100644 index 1c5753c7f..000000000 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 6f738803a59613ec4a683ddbc1747ebffd75a4e6 Mon Sep 17 00:00:00 2001 -From: Jerome Forissier -Date: Tue, 23 Aug 2022 12:31:46 +0000 -Subject: [PATCH 3/4] arm32: libutils, libutee, ta: add .note.GNU-stack section - to - - .S files - -When building for arm32 with GNU binutils 2.39, the linker outputs -warnings when linking Trusted Applications: - - arm-unknown-linux-uclibcgnueabihf-ld.bfd: warning: utee_syscalls_a32.o: missing .note.GNU-stack section implies executable stack - arm-unknown-linux-uclibcgnueabihf-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker - -We could silence the warning by adding the '-z execstack' option to the -TA link flags, like we did in the parent commit for the TEE core and -ldelf. Indeed, ldelf always allocates a non-executable piece of memory -for the TA to use as a stack. - -However it seems preferable to comply with the common ELF practices in -this case. A better fix is therefore to add the missing .note.GNU-stack -sections in the assembler files. - -Signed-off-by: Jerome Forissier - -Signed-off-by: Anton Antonov -Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] -Signed-off-by: Oleksandr Suvorov ---- - - lib/libutee/arch/arm/utee_syscalls_a32.S | 2 ++ - lib/libutils/ext/arch/arm/atomic_a32.S | 2 ++ - lib/libutils/ext/arch/arm/mcount_a32.S | 2 ++ - lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S | 2 ++ - lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S | 2 ++ - lib/libutils/isoc/arch/arm/setjmp_a32.S | 2 ++ - ta/arch/arm/ta_entry_a32.S | 2 ++ - 7 files changed, 14 insertions(+) - -diff --git a/lib/libutee/arch/arm/utee_syscalls_a32.S b/lib/libutee/arch/arm/utee_syscalls_a32.S -index 2dea83ab8..668b65a86 100644 ---- a/lib/libutee/arch/arm/utee_syscalls_a32.S -+++ b/lib/libutee/arch/arm/utee_syscalls_a32.S -@@ -9,6 +9,8 @@ - - .section .note.GNU-stack,"",%progbits - -+ .section .note.GNU-stack,"",%progbits -+ - .section .text - .balign 4 - .code 32 -diff --git a/lib/libutils/ext/arch/arm/atomic_a32.S b/lib/libutils/ext/arch/arm/atomic_a32.S -index 2be73ffad..87ddf1065 100644 ---- a/lib/libutils/ext/arch/arm/atomic_a32.S -+++ b/lib/libutils/ext/arch/arm/atomic_a32.S -@@ -7,6 +7,8 @@ - - .section .note.GNU-stack,"",%progbits - -+ .section .note.GNU-stack,"",%progbits -+ - /* uint32_t atomic_inc32(uint32_t *v); */ - FUNC atomic_inc32 , : - ldrex r1, [r0] -diff --git a/lib/libutils/ext/arch/arm/mcount_a32.S b/lib/libutils/ext/arch/arm/mcount_a32.S -index 54dc3c02d..2f24632b8 100644 ---- a/lib/libutils/ext/arch/arm/mcount_a32.S -+++ b/lib/libutils/ext/arch/arm/mcount_a32.S -@@ -9,6 +9,8 @@ - - .section .note.GNU-stack,"",%progbits - -+ .section .note.GNU-stack,"",%progbits -+ - /* - * Convert return address to call site address by subtracting the size of the - * mcount call instruction (blx __gnu_mcount_nc). -diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S -index 37ae9ec6f..bc6c48b1a 100644 ---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S -+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S -@@ -7,6 +7,8 @@ - - .section .note.GNU-stack,"",%progbits - -+ .section .note.GNU-stack,"",%progbits -+ - /* - * signed ret_idivmod_values(signed quot, signed rem); - * return quotient and remaining the EABI way (regs r0,r1) -diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S -index 5c3353e2c..9fb5e0283 100644 ---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S -+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S -@@ -7,6 +7,8 @@ - - .section .note.GNU-stack,"",%progbits - -+ .section .note.GNU-stack,"",%progbits -+ - /* - * __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d) - */ -diff --git a/lib/libutils/isoc/arch/arm/setjmp_a32.S b/lib/libutils/isoc/arch/arm/setjmp_a32.S -index f8a0b70df..37d7cb88e 100644 ---- a/lib/libutils/isoc/arch/arm/setjmp_a32.S -+++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S -@@ -53,6 +53,8 @@ - - .section .note.GNU-stack,"",%progbits - -+ .section .note.GNU-stack,"",%progbits -+ - /* Arm/Thumb interworking support: - - The interworking scheme expects functions to use a BX instruction -diff --git a/ta/arch/arm/ta_entry_a32.S b/ta/arch/arm/ta_entry_a32.S -index cd9a12f9d..ccdc19928 100644 ---- a/ta/arch/arm/ta_entry_a32.S -+++ b/ta/arch/arm/ta_entry_a32.S -@@ -7,6 +7,8 @@ - - .section .note.GNU-stack,"",%progbits - -+ .section .note.GNU-stack,"",%progbits -+ - /* - * This function is the bottom of the user call stack. Mark it as such so that - * the unwinding code won't try to go further down. --- -2.43.2 - diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch deleted file mode 100644 index f32b2284f..000000000 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch +++ /dev/null @@ -1,67 +0,0 @@ -From a63f82f74e015eb662242cdb51ef814e3f576829 Mon Sep 17 00:00:00 2001 -From: Jerome Forissier -Date: Fri, 5 Aug 2022 09:48:03 +0200 -Subject: [PATCH 4/4] core: link: add --no-warn-rwx-segments - -Signed-off-by: Anton Antonov -Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] - -binutils ld.bfd generates one RWX LOAD segment by merging several sections -with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it -also warns by default when that happens [1], which breaks the build due to ---fatal-warnings. The RWX segment is not a problem for the TEE core, since -that information is not used to set memory permissions. Therefore, silence -the warning. - -Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 -Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 -Reported-by: Dominique Martinet -Signed-off-by: Jerome Forissier -Acked-by: Jens Wiklander -Signed-off-by: Oleksandr Suvorov ---- - - core/arch/arm/kernel/link.mk | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index 49e9f4fa1..9e1cc172f 100644 ---- a/core/arch/arm/kernel/link.mk -+++ b/core/arch/arm/kernel/link.mk -@@ -37,6 +37,7 @@ link-ldflags += --sort-section=alignment - link-ldflags += --fatal-warnings - link-ldflags += --gc-sections - link-ldflags += $(link-ldflags-common) -+link-ldflags += $(call ld-option,--no-warn-rwx-segments) - - link-ldadd = $(LDADD) - link-ldadd += $(ldflags-external) -@@ -61,6 +62,7 @@ link-script-cppflags := \ - $(cppflagscore)) - - ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \ -+ $(call ld-option,--no-warn-rwx-segments) \ - $(link-ldflags-common) \ - $(link-objs) $(link-ldadd) $(libgcccore) - cleanfiles += $(link-out-dir)/all_objs.o -@@ -75,7 +77,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o - $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@ - - unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ -- $(link-ldflags-common) -+ $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments) - unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore) - cleanfiles += $(link-out-dir)/unpaged.o - $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt -@@ -104,7 +106,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o - $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@ - - init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ -- $(link-ldflags-common) -+ $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments) - init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \ - $(libgcccore) - cleanfiles += $(link-out-dir)/init.o --- -2.43.2 - diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0007-allow-setting-sysroot-for-clang.patch similarity index 77% rename from meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch rename to meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0007-allow-setting-sysroot-for-clang.patch index dbc53542e..067ba6ebf 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os/0007-allow-setting-sysroot-for-clang.patch @@ -1,7 +1,7 @@ -From 2ba573c9763329fbfdfacc8393d565ab747cac4d Mon Sep 17 00:00:00 2001 +From db9e44af75c7cfd3316cab15aaa387383df3e57e Mon Sep 17 00:00:00 2001 From: Brett Warren Date: Wed, 23 Sep 2020 09:27:34 +0100 -Subject: [PATCH 2/4] optee: enable clang support +Subject: [PATCH] optee: enable clang support When compiling with clang, the LIBGCC_LOCATE_CFLAG variable used to provide a sysroot wasn't included, which results in not locating @@ -10,17 +10,16 @@ compiler-rt. This is mitigated by including the variable as ammended. Upstream-Status: Pending ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701 Signed-off-by: Brett Warren -Signed-off-by: Oleksandr Suvorov ---- +--- mk/clang.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mk/clang.mk b/mk/clang.mk -index a045beee8..1ebe2f702 100644 +index c141a3f2..7d067cc0 100644 --- a/mk/clang.mk +++ b/mk/clang.mk -@@ -30,7 +30,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ +@@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ # Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of # libgcc for clang @@ -29,6 +28,3 @@ index a045beee8..1ebe2f702 100644 -rtlib=compiler-rt -print-libgcc-file-name 2> /dev/null) # Core ASLR relies on the executable being ready to run from its preferred load --- -2.43.2 - diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os_4.4.0.imx.bb b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os_4.4.0.imx.bb deleted file mode 100644 index f3fb5cab5..000000000 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os_4.4.0.imx.bb +++ /dev/null @@ -1,9 +0,0 @@ -# Copyright (C) 2025, Digi International Inc. - -# -# Reuse meta-freescale's optee-os_4.2.0.imx.bb -# -require recipes-security/optee-imx/optee-os_4.2.0.imx.bb - -SRCBRANCH = "lf-6.6.52_2.2.0" -SRCREV = "60beb308810f9561a67fdb435388a64c85eb6dcb" diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os_4.4.0.imx.bbappend b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os_4.4.0.imx.bbappend index be5ab0543..364c33903 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os_4.4.0.imx.bbappend +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-os_4.4.0.imx.bbappend @@ -21,7 +21,7 @@ PLATFORM_FLAVOR:ccimx91 = "ccimx91dvk" PLATFORM_FLAVOR:ccimx93 = "ccimx93dvk" do_compile:append:ccimx93 () { - oe_runmake PLATFORM=imx-${PLATFORM_FLAVOR}_a0 O=${B}-A0 all + oe_runmake -C ${S} PLATFORM=imx-${PLATFORM_FLAVOR}_a0 O=${B}-A0 } do_compile:ccimx93[cleandirs] += "${B}-A0" @@ -29,10 +29,10 @@ do_deploy:append:ccimx93 () { cp ${B}-A0/core/tee-raw.bin ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}_a0.bin } -do_install:append () { - mkdir -p ${D}/environment-setup.d - sed -e "s,#OPTEE_ARCH#,${OPTEE_ARCH},g" ${WORKDIR}/environment.d-optee-sdk.sh > ${D}/environment-setup.d/optee-sdk.sh +do_install:append() { + mkdir -p ${D}/environment-setup.d + sed -e "s,#OPTEE_ARCH#,${OPTEE_ARCH},g" ${WORKDIR}/environment.d-optee-sdk.sh >${D}/environment-setup.d/optee-sdk.sh } -FILES:${PN}-staticdev += " /environment-setup.d/" +FILES:${PN}-staticdev += "/environment-setup.d/" INSANE_SKIP:${PN}-staticdev += "buildpaths" diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-test_4.4.0.imx.bb b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-test_4.4.0.imx.bb deleted file mode 100644 index c171a57c2..000000000 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/optee-imx/optee-test_4.4.0.imx.bb +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (C) 2025, Digi International Inc. - -# -# Reuse meta-freescale's optee-test_4.2.0.imx.bb -# -require recipes-security/optee-imx/optee-test_4.2.0.imx.bb - -# The BSD and GPL license files are now included in the source -# https://github.com/OP-TEE/optee_test/commit/a748f5fcd9ec8a574dc86a5aa56d05bc6ac174e7 -LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a8fa504109e4cd7ea575bc49ea4be560 \ - file://LICENSE-BSD;md5=dca16d6efa93b55d0fd662ae5cd6feeb \ - file://LICENSE-GPL;md5=10e86b5d2a6cb0e2b9dcfdd26a9ac58d" - -SRCBRANCH = "lf-6.6.52_2.2.0" -SRCREV = "dafc98ed8364d7281a9a7f0788dd0a2067844a59"