diff --git a/meta-digi-arm/recipes-security/optee-imx/optee-client.imx.inc b/meta-digi-arm/recipes-security/optee-imx/optee-client.imx.inc new file mode 100644 index 000000000..eeb903c80 --- /dev/null +++ b/meta-digi-arm/recipes-security/optee-imx/optee-client.imx.inc @@ -0,0 +1,28 @@ +# Copyright (C) 2019-2020 NXP + +require recipes-security/optee-imx/optee-client_3.2.0.imx.bb + +SRC_URI_remove = "file://0001-libteec-refactor-_dprintf.patch" + +B = "${WORKDIR}/build" + +EXTRA_OEMAKE_remove = "CFG_SECURE_DATA_PATH=y" +EXTRA_OEMAKE += "O=${B}" + +do_install() { + oe_runmake -C ${S} install + + install -D -p -m0755 ${B}/export/usr/sbin/tee-supplicant ${D}${bindir}/tee-supplicant + + install -D -p -m0644 ${B}/export/usr/lib/libteec.so.1.0 ${D}${libdir}/libteec.so.1.0 + ln -sf libteec.so.1.0 ${D}${libdir}/libteec.so + ln -sf libteec.so.1.0 ${D}${libdir}/libteec.so.1 + + cp -a ${B}/export/usr/include ${D}/usr/ + + sed -i -e s:/etc:${sysconfdir}:g \ + -e s:/usr/bin:${bindir}:g \ + ${WORKDIR}/tee-supplicant.service + + install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service +} diff --git a/meta-digi-arm/recipes-security/optee-imx/optee-client/tee-supplicant.service b/meta-digi-arm/recipes-security/optee-imx/optee-client/tee-supplicant.service new file mode 120000 index 000000000..3e9b85c39 --- /dev/null +++ b/meta-digi-arm/recipes-security/optee-imx/optee-client/tee-supplicant.service @@ -0,0 +1 @@ +../../../../../meta-freescale/recipes-security/optee-imx/optee-client/tee-supplicant.service \ No newline at end of file diff --git a/meta-digi-arm/recipes-security/optee-imx/optee-client_3.10.0.imx.bb b/meta-digi-arm/recipes-security/optee-imx/optee-client_3.10.0.imx.bb new file mode 100644 index 000000000..64145d5cf --- /dev/null +++ b/meta-digi-arm/recipes-security/optee-imx/optee-client_3.10.0.imx.bb @@ -0,0 +1,6 @@ +# Copyright (C) 2020 NXP +require optee-client.imx.inc + +SRCBRANCH = "imx_5.4.47_2.2.0" +SRCREV = "2a77cf88d956c34cb4a1c191bea6113e327f5fe0" + diff --git a/meta-digi-arm/recipes-security/optee-imx/optee-os.imx.inc b/meta-digi-arm/recipes-security/optee-imx/optee-os.imx.inc new file mode 100644 index 000000000..3014ec07f --- /dev/null +++ b/meta-digi-arm/recipes-security/optee-imx/optee-os.imx.inc @@ -0,0 +1,47 @@ +# Copyright (C) 2019-2020 NXP + +require recipes-security/optee-imx/optee-os_3.2.0.imx.bb + +LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" + +inherit python3native +DEPENDS_remove = "python-pycrypto-native" +DEPENDS_append = " python3-pycrypto-native python3-pyelftools-native" + +# The recipe uses Machine overrides variable +# to select the suitable OP-TEE Platform Flavor. +# The reason is that from an OP-TEE point of view there +# are no differences between for example a imx8mnddr4evk +# and a imx8mnevk MACHINE. In this example, the PLATFORM_FLAVOR +# defined is imx8mnevk, the other MACHINE derivatives +# are just using the original one. +PLATFORM_FLAVOR_mx8mn = "mx8mnevk" +PLATFORM_FLAVOR_mx8qxp = "mx8qxpmek" +PLATFORM_FLAVOR_mx8mp = "mx8mpevk" +PLATFORM_FLAVOR_mx8dx = "mx8dxmek" +PLATFORM_FLAVOR_mx8dxl = "mx8dxlevk" +PLATFORM_FLAVOR_mx8phantomdxl = "mx8qxpmek" + +OPTEE_CORE_LOG_LEVEL ?= "1" +OPTEE_TA_LOG_LEVEL ?= "0" + +EXTRA_OEMAKE_remove = "NOWERROR=1 \ + CFG_SECURE_DATA_PATH=y \ + CFG_TEE_SDP_MEM_BASE=0xCC000000 \ + CFG_TEE_SDP_MEM_SIZE=0x02000000 \ + CFG_TEE_SDP_NONCACHE=y \ + " + +EXTRA_OEMAKE += "CFG_WERROR=y \ + CFG_TEE_CORE_LOG_LEVEL=${OPTEE_CORE_LOG_LEVEL} \ + CFG_TEE_TA_LOG_LEVEL=${OPTEE_TA_LOG_LEVEL} \ + CFG_NXPCRYPT=y \ + CFG_GEN_DEK_BLOB=y \ + " + +do_compile () { + unset LDFLAGS + export CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST}" + oe_runmake -C ${S} all +} + diff --git a/meta-digi-arm/recipes-security/optee-imx/optee-os_3.10.0.imx.bb b/meta-digi-arm/recipes-security/optee-imx/optee-os_3.10.0.imx.bb new file mode 100644 index 000000000..03e83340c --- /dev/null +++ b/meta-digi-arm/recipes-security/optee-imx/optee-os_3.10.0.imx.bb @@ -0,0 +1,16 @@ +# Copyright (C) 2020 NXP +require optee-os.imx.inc + +DEPENDS_append = " python3-pycryptodomex-native" + +SRCBRANCH = "imx_5.4.47_2.2.0" +SRCREV = "b3914e547eaf90684b5630921d609126634ce64b" + +# tee-init_load_addr.txt has been remove in lates optee-os version. +# to keep backward compatibility with existing optee-os recipe. +do_compile_append () { + if [ "${OPTEE_ARCH}" != "arm64" ]; then + IMX_LOAD_ADDR=`${TARGET_PREFIX}readelf -h ${B}/core/tee.elf | grep "Entry point address" | awk '{print $4}'` && \ + echo ${IMX_LOAD_ADDR} > ${B}/core/tee-init_load_addr.txt + fi +} diff --git a/meta-digi-arm/recipes-security/optee-imx/optee-test.imx.inc b/meta-digi-arm/recipes-security/optee-imx/optee-test.imx.inc new file mode 100644 index 000000000..37c0e3446 --- /dev/null +++ b/meta-digi-arm/recipes-security/optee-imx/optee-test.imx.inc @@ -0,0 +1,45 @@ +# Copyright (C) 2019-2020 NXP + +require recipes-security/optee-imx/optee-test_3.2.0.imx.bb + +inherit python3native +DEPENDS_remove = "python-pycrypto-native" +DEPENDS_append = " python3-pycrypto-native" + +SRC_URI_remove = "file://0001-regression-4011-correct-potential-overflow.patch \ + file://0001-xtest-prevent-unexpected-build-warning-with-strncpy.patch \ + file://0003-sock_server-fix-compilation-against-musl-sys-errno.h.patch \ + file://0004-build-ignore-declaration-after-statement-warnings.patch \ + file://0005-benchmark_1000-fix-compilation-against-musl-uint.patch \ + file://0006-regression_8100-use-null-terminated-strings-with-fil.patch \ + " +B = "${WORKDIR}/build" + +TA_DEV_KIT_DIR_aarch64 = "${STAGING_INCDIR}/optee/export-user_ta_arm64/" +OPTEE_ARCH_aarch64 = "arm64" +TA_DEV_KIT_DIR_arm = "${STAGING_INCDIR}/optee/export-user_ta_arm32/" +OPTEE_ARCH_arm = "arm" + +EXTRA_OEMAKE = " \ + TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ + ARCH=${OPTEE_ARCH} \ + OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}/usr \ + CROSS_COMPILE_HOST=${HOST_PREFIX} \ + CROSS_COMPILE_TA=${HOST_PREFIX} \ + CROSS_COMPILE=${HOST_PREFIX} \ + OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}/ \ + -C ${S} O=${B} \ +" +do_compile_prepend () { + export CXXFLAGS="${CXXFLAGS} --sysroot=${STAGING_DIR_HOST}" +} + +do_install () { + install -d ${D}/usr/bin + install ${B}/xtest/xtest ${D}/usr/bin/ + + install -d ${D}/lib/optee_armtz + find ${B}/ta -name '*.ta' | while read name; do + install -m 444 $name ${D}/lib/optee_armtz/ + done +} diff --git a/meta-digi-arm/recipes-security/optee-imx/optee-test/0001-fix-build-failure-with-GCC-9.patch b/meta-digi-arm/recipes-security/optee-imx/optee-test/0001-fix-build-failure-with-GCC-9.patch new file mode 100644 index 000000000..9b9127777 --- /dev/null +++ b/meta-digi-arm/recipes-security/optee-imx/optee-test/0001-fix-build-failure-with-GCC-9.patch @@ -0,0 +1,28 @@ +From 79330c8383e02e91a355964a3cc7b932d03c2517 Mon Sep 17 00:00:00 2001 +From: Chunrong Guo +Date: Wed, 10 Jul 2019 11:09:01 +0200 +Subject: [PATCH] fix build failure with GCC 9 + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: C.r. Guo +--- + host/xtest/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/host/xtest/Makefile b/host/xtest/Makefile +index e4e2881..e86e056 100644 +--- a/host/xtest/Makefile ++++ b/host/xtest/Makefile +@@ -152,7 +152,7 @@ CFLAGS += -Wall -Wcast-align -Werror \ + -Wmissing-include-dirs -Wmissing-noreturn \ + -Wmissing-prototypes -Wnested-externs -Wpointer-arith \ + -Wshadow -Wstrict-prototypes -Wswitch-default \ +- -Wwrite-strings \ ++ -Wwrite-strings -Wno-format-overflow \ + -Wno-missing-field-initializers -Wno-format-zero-length + endif + +-- +2.7.4 + diff --git a/meta-digi-arm/recipes-security/optee-imx/optee-test_3.10.0.imx.bb b/meta-digi-arm/recipes-security/optee-imx/optee-test_3.10.0.imx.bb new file mode 100644 index 000000000..e6abb2431 --- /dev/null +++ b/meta-digi-arm/recipes-security/optee-imx/optee-test_3.10.0.imx.bb @@ -0,0 +1,11 @@ +# Copyright (C) 2020 NXP +require optee-test.imx.inc + +DEPENDS_append = " python3-pycryptodomex-native" + +SRCBRANCH = "imx_5.4.47_2.2.0" +SRCREV = "30efcbeaf8864d0f2a5c4be593a5411001fab31b" + +do_compile_prepend () { + export CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST}" +}