From c9e2da32144f44ee9c2cab4d119e75ac5e3b0238 Mon Sep 17 00:00:00 2001
From: Javier Viguera <javier.viguera@digi.com>
Date: Tue, 20 Jan 2026 17:53:31 +0100
Subject: [PATCH] imx-secure-enclave: update to NXP's release lf-6.6.52-2.2.2

https://onedigi.atlassian.net/browse/DEL-9905

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
---
 .../imx-secure-enclave-seco_git.bb            |  1 +
 .../imx-secure-enclave/imx-secure-enclave.inc |  6 +-
 .../recipes-security/smw/itest_git.bb         | 33 +++++++
 .../recipes-security/smw/smw_git.bb           | 86 +++++++++++++++++++
 4 files changed, 123 insertions(+), 3 deletions(-)
 create mode 100644 meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/smw/itest_git.bb
 create mode 100644 meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/smw/smw_git.bb

diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-secure-enclave/imx-secure-enclave-seco_git.bb b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-secure-enclave/imx-secure-enclave-seco_git.bb
index 867d7d55e..52150dff7 100644
--- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-secure-enclave/imx-secure-enclave-seco_git.bb
+++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-secure-enclave/imx-secure-enclave-seco_git.bb
@@ -14,6 +14,7 @@ do_install:append:mx95-nxp-bsp() {
     done
     rm ${D}${datadir}/se/README
     rm ${D}${bindir}/nvmd_conf_setup.sh
+    rm ${D}${bindir}/se_tools
 }
 
 COMPATIBLE_MACHINE = "(mx8x-nxp-bsp|mx95-nxp-bsp)"
diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-secure-enclave/imx-secure-enclave.inc b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-secure-enclave/imx-secure-enclave.inc
index 01cc21ac6..6bb04aa7e 100644
--- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-secure-enclave/imx-secure-enclave.inc
+++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-secure-enclave/imx-secure-enclave.inc
@@ -10,11 +10,11 @@ DEPENDS = " mbedtls openssl"
 
 SRC_URI = "${SECURE_ENCLAVE_LIB_SRC};branch=${SRCBRANCH}"
 SECURE_ENCLAVE_LIB_SRC ?= "git://github.com/NXP/imx-secure-enclave.git;protocol=https"
-SRCBRANCH = "lf-6.6.52_2.2.1"
-SRCREV = "4f0340fb4cf6b16a64c7d65281b4880c5d1cd453"
+SRCBRANCH = "lf-6.6.52_2.2.2"
+SRCREV = "8855a24d1220c88c6e2bcc4b36391a7bce6d0755"
 
 # Set package version to the release, so it overrides the recipe in meta-freescale
-PV = "lf-6.6.52_2.2.1"
+PV = "lf-6.6.52_2.2.2"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/smw/itest_git.bb b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/smw/itest_git.bb
new file mode 100644
index 000000000..211b8c571
--- /dev/null
+++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/smw/itest_git.bb
@@ -0,0 +1,33 @@
+# Copyright 2023-2024 NXP
+SUMMARY = "NXP i.MX Itest"
+DESCRIPTION = "NXP i.MX Itest"
+SECTION = "base"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=8636bd68fc00cc6a3809b7b58b45f982"
+
+SRC_URI = "${ITEST_SRC};branch=${SRCBRANCH}"
+ITEST_SRC ?= "git://github.com/nxp-imx/itest.git;protocol=https"
+SRCBRANCH = "lf-6.6.52_2.2.0"
+SRCREV = "6087762a69fe51bea508b1383d54ff28a10eef9f"
+
+S = "${WORKDIR}/git"
+
+inherit cmake
+
+PACKAGECONFIG:mx8dxl-nxp-bsp ??= "ele-seco"
+PACKAGECONFIG:mx8ulp-nxp-bsp ??= "ele"
+PACKAGECONFIG:mx91-nxp-bsp   ??= "ele"
+PACKAGECONFIG:mx93-nxp-bsp   ??= "ele"
+PACKAGECONFIG:mx95-nxp-bsp   ??= "ele ele-seco"
+
+PACKAGECONFIG[ele]      = "-DELE=1,,imx-secure-enclave"
+PACKAGECONFIG[ele-seco] = "-DV2X=1,,imx-secure-enclave-seco"
+
+EXTRA_OECMAKE = " \
+    -DOPENSSL_PATH="${STAGING_DIR_HOST}/usr" \
+    -DELE_LIB_PATH="${STAGING_DIR_HOST}/usr" \
+    -DLIB_PATH="${STAGING_DIR_HOST}${libdir}""
+
+PACKAGE_ARCH = "${MACHINE_SOCARCH}"
+
+COMPATIBLE_MACHINE = "(mx8dxl-nxp-bsp|mx8ulp-nxp-bsp|mx91-nxp-bsp|mx93-nxp-bsp|mx95-nxp-bsp)"
diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/smw/smw_git.bb b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/smw/smw_git.bb
new file mode 100644
index 000000000..0447600ae
--- /dev/null
+++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-security/smw/smw_git.bb
@@ -0,0 +1,86 @@
+# Copyright 2020-24 NXP
+
+SUMMARY = "NXP i.MX Security Middleware Library"
+DESCRIPTION = "NXP i.MX Security Middleware Library"
+SECTION = "base"
+LICENSE = "BSD-3-Clause"
+LICENSE = "Apache-2.0 & BSD-3-Clause & Zlib"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=6087d19da5441648e33f85ae64cf2a7d \
+                    file://../psa-arch-tests/LICENSE.md;md5=2a944942e1496af1886903d274dedb13"
+
+DEPENDS = " \
+    python3-cryptography-native \
+    json-c \
+    optee-client \
+    optee-os-tadevkit \
+    sqlite3 \
+"
+
+SRC_URI = "${SMW_LIB_SRC};branch=${SRCBRANCH_smw};name=smw;destsuffix=git/smw \
+           ${PSA_LIB_SRC};branch=${SRCBRANCH_psa};name=psa;destsuffix=git/${PSA_ARCH_TESTS_SRC_PATH} \
+           "
+SMW_LIB_SRC ?= "git://github.com/nxp-imx/imx-smw.git;protocol=https"
+PSA_LIB_SRC ?= "git://github.com/ARM-software/psa-arch-tests.git;protocol=https"
+PSA_ARCH_TESTS_SRC_PATH = "psa-arch-tests"
+SRCBRANCH_smw = "release/release_5.x_LF6.6"
+SRCBRANCH_psa = "main"
+SRCREV_smw = "7007a5b3619325a1e87306b0f27761b24418c325"
+SRCREV_psa = "463cb95ada820bc6f758d50066cf8c0ed5cc3a02"
+SRCREV_FORMAT = "smw_psa"
+S = "${WORKDIR}/git/smw"
+
+inherit cmake python3native
+
+PACKAGECONFIG ??= "${PACKAGECONFIG_DRIVERS} ${PACKAGECONFIG_FEATURES}"
+PACKAGECONFIG_DRIVERS                = ""
+PACKAGECONFIG_DRIVERS:mx8qxp-nxp-bsp = "ele-seco"
+PACKAGECONFIG_DRIVERS:mx8dx-nxp-bsp  = "ele-seco"
+PACKAGECONFIG_DRIVERS:mx8ulp-nxp-bsp = "ele"
+PACKAGECONFIG_DRIVERS:mx91-nxp-bsp   = "ele"
+PACKAGECONFIG_DRIVERS:mx93-nxp-bsp   = "ele"
+PACKAGECONFIG_DRIVERS:mx95-nxp-bsp   = "ele"
+
+PACKAGECONFIG_FEATURES              = ""
+PACKAGECONFIG_FEATURES:mx91-nxp-bsp = "tls"
+PACKAGECONFIG_FEATURES:mx93-nxp-bsp = "tls"
+PACKAGECONFIG_FEATURES:mx95-nxp-bsp = "tls"
+
+PACKAGECONFIG[ele] = "-DELE_ROOT=${STAGING_DIR_HOST},,imx-secure-enclave,,,ele-seco"
+PACKAGECONFIG[ele-seco] = "-DSECO_ROOT=${STAGING_DIR_HOST},,imx-secure-enclave-seco,,,ele"
+PACKAGECONFIG[tls] = "-DENABLE_TLS=ON,-DENABLE_TLS=OFF,openssl"
+
+CFLAGS[unexport] = "1"
+CPPFLAGS[unexport] = "1"
+AS[unexport] = "1"
+LD[unexport] = "1"
+
+# setting the linker options
+TARGET_LDFLAGS:remove = "${DEBUG_PREFIX_MAP}"
+
+# DEY: from meta-arm's optee.inc
+TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta"
+export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
+
+EXTRA_OECMAKE = " \
+    -DYOCTO_BUILD=ON \
+    -DTA_DEV_KIT_ROOT=${TA_DEV_KIT_DIR} \
+    -DTEEC_ROOT=${STAGING_DIR_HOST} \
+    -DJSONC_ROOT="${COMPONENTS_DIR}/${TARGET_ARCH}/json-c/usr" \
+    -DPSA_ARCH_TESTS_SRC_PATH=../${PSA_ARCH_TESTS_SRC_PATH} \
+    -DTEE_TA_DESTDIR=${nonarch_base_libdir} \
+"
+
+OECMAKE_TARGET_COMPILE += "build_tests"
+OECMAKE_TARGET_INSTALL += "install_tests"
+
+PACKAGES =+ "${PN}-tests"
+
+FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/*"
+
+FILES:${PN}-tests = "${bindir}/* ${datadir}/${BPN}/*"
+
+RDEPENDS:${PN}-tests += "cmake"
+
+PACKAGE_ARCH = "${MACHINE_SOCARCH}"
+
+COMPATIBLE_MACHINE = "(imx-nxp-bsp)"