From e9c4a09bf0c26a4b2f12606e3bbdda81e0bde1b4 Mon Sep 17 00:00:00 2001 From: Mike Engel Date: Mon, 1 Feb 2021 09:46:50 +0100 Subject: [PATCH] recipes-security: optee-imx: Update recipes to new BSP release imx_5.4.70_2.3.0 Signed-off-by: Mike Engel --- .../optee-imx/optee-client.imx.inc | 38 +++++- .../optee-imx/optee-client_3.10.0.imx.bb | 2 +- .../optee-imx/optee-os.imx.inc | 112 +++++++++++++----- .../optee-imx/optee-os_3.10.0.imx.bb | 4 +- .../optee-imx/optee-test.imx.inc | 48 ++++++-- .../optee-imx/optee-test_3.10.0.imx.bb | 4 +- 6 files changed, 156 insertions(+), 52 deletions(-) diff --git a/meta-digi-arm/recipes-security/optee-imx/optee-client.imx.inc b/meta-digi-arm/recipes-security/optee-imx/optee-client.imx.inc index eeb903c80..7d9f8d2d3 100644 --- a/meta-digi-arm/recipes-security/optee-imx/optee-client.imx.inc +++ b/meta-digi-arm/recipes-security/optee-imx/optee-client.imx.inc @@ -1,14 +1,34 @@ -# Copyright (C) 2019-2020 NXP +# Copyright (C) 2017-2020 NXP -require recipes-security/optee-imx/optee-client_3.2.0.imx.bb +SUMMARY = "OPTEE Client libs" +HOMEPAGE = "http://www.optee.org/" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" -SRC_URI_remove = "file://0001-libteec-refactor-_dprintf.patch" +inherit pythonnative systemd +OPTEE_CLIENT_SRC ?= "git://source.codeaurora.org/external/imx/imx-optee-client.git;protocol=https" +SRC_URI = "${OPTEE_CLIENT_SRC};branch=${SRCBRANCH}" + +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI_append = " file://tee-supplicant.service" + +S = "${WORKDIR}/git" B = "${WORKDIR}/build" -EXTRA_OEMAKE_remove = "CFG_SECURE_DATA_PATH=y" +SYSTEMD_SERVICE_${PN} = "tee-supplicant.service" + EXTRA_OEMAKE += "O=${B}" +do_compile () { + if [ ${DEFAULTTUNE} = "aarch64" ]; then + oe_runmake -C ${S} ARCH=arm64 + else + oe_runmake -C ${S} ARCH=arm + fi +} + do_install() { oe_runmake -C ${S} install @@ -26,3 +46,13 @@ do_install() { install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service } + +PACKAGES += "tee-supplicant" +FILES_${PN} += "${libdir}/* ${includedir}/*" +FILES_tee-supplicant += "${bindir}/tee-supplicant" + +INSANE_SKIP_${PN} = "ldflags dev-elf" +INSANE_SKIP_${PN}-dev = "ldflags dev-elf" +INSANE_SKIP_tee-supplicant = "ldflags" + +COMPATIBLE_MACHINE = "(mx6|mx7|mx8)" diff --git a/meta-digi-arm/recipes-security/optee-imx/optee-client_3.10.0.imx.bb b/meta-digi-arm/recipes-security/optee-imx/optee-client_3.10.0.imx.bb index 64145d5cf..fabd66b7d 100644 --- a/meta-digi-arm/recipes-security/optee-imx/optee-client_3.10.0.imx.bb +++ b/meta-digi-arm/recipes-security/optee-imx/optee-client_3.10.0.imx.bb @@ -1,6 +1,6 @@ # Copyright (C) 2020 NXP require optee-client.imx.inc -SRCBRANCH = "imx_5.4.47_2.2.0" +SRCBRANCH = "imx_5.4.70_2.3.0" SRCREV = "2a77cf88d956c34cb4a1c191bea6113e327f5fe0" diff --git a/meta-digi-arm/recipes-security/optee-imx/optee-os.imx.inc b/meta-digi-arm/recipes-security/optee-imx/optee-os.imx.inc index 3014ec07f..8bb44fb62 100644 --- a/meta-digi-arm/recipes-security/optee-imx/optee-os.imx.inc +++ b/meta-digi-arm/recipes-security/optee-imx/optee-os.imx.inc @@ -1,43 +1,57 @@ -# Copyright (C) 2019-2020 NXP - -require recipes-security/optee-imx/optee-os_3.2.0.imx.bb +# Copyright (C) 2017-2020 NXP +SUMMARY = "OPTEE OS" +DESCRIPTION = "OPTEE OS" +HOMEPAGE = "http://www.optee.org/" +LICENSE = "BSD" LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" -inherit python3native -DEPENDS_remove = "python-pycrypto-native" -DEPENDS_append = " python3-pycrypto-native python3-pyelftools-native" +inherit deploy python3native autotools +DEPENDS = "python3-pycrypto-native python3-pyelftools-native u-boot-mkimage-native" -# The recipe uses Machine overrides variable -# to select the suitable OP-TEE Platform Flavor. -# The reason is that from an OP-TEE point of view there -# are no differences between for example a imx8mnddr4evk -# and a imx8mnevk MACHINE. In this example, the PLATFORM_FLAVOR -# defined is imx8mnevk, the other MACHINE derivatives -# are just using the original one. -PLATFORM_FLAVOR_mx8mn = "mx8mnevk" -PLATFORM_FLAVOR_mx8qxp = "mx8qxpmek" -PLATFORM_FLAVOR_mx8mp = "mx8mpevk" -PLATFORM_FLAVOR_mx8dx = "mx8dxmek" -PLATFORM_FLAVOR_mx8dxl = "mx8dxlevk" -PLATFORM_FLAVOR_mx8phantomdxl = "mx8qxpmek" +OPTEE_OS_SRC ?= "git://source.codeaurora.org/external/imx/imx-optee-os.git;protocol=https" +SRC_URI = "${OPTEE_OS_SRC};branch=${SRCBRANCH}" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build.${PLATFORM_FLAVOR}" + +# The platform flavor corresponds to the Yocto machine without the leading 'i'. +PLATFORM_FLAVOR = "${@d.getVar('MACHINE')[1:]}" +PLATFORM_FLAVOR_imx6qpdlsolox = "mx6qsabresd" +PLATFORM_FLAVOR_imx6ul7d = "mx6ulevk" +PLATFORM_FLAVOR_imx6ull14x14evk = "mx6ullevk" +PLATFORM_FLAVOR_imx6ull9x9evk = "mx6ullevk" +PLATFORM_FLAVOR_imx6ulz14x14evk = "mx6ulzevk" +PLATFORM_FLAVOR_mx8mm = "mx8mmevk" +PLATFORM_FLAVOR_mx8mn = "mx8mnevk" +PLATFORM_FLAVOR_mx8mnlite = "mx8mnevk" +PLATFORM_FLAVOR_mx8qxp = "mx8qxpmek" +PLATFORM_FLAVOR_mx8mp = "mx8mpevk" +PLATFORM_FLAVOR_mx8dx = "mx8dxmek" +PLATFORM_FLAVOR_mx8dxl = "mx8dxlevk" +PLATFORM_FLAVOR_mx8phantomdxl = "mx8qxpmek" OPTEE_CORE_LOG_LEVEL ?= "1" OPTEE_TA_LOG_LEVEL ?= "0" -EXTRA_OEMAKE_remove = "NOWERROR=1 \ - CFG_SECURE_DATA_PATH=y \ - CFG_TEE_SDP_MEM_BASE=0xCC000000 \ - CFG_TEE_SDP_MEM_SIZE=0x02000000 \ - CFG_TEE_SDP_NONCACHE=y \ - " +OPTEE_ARCH ?= "arm32" +OPTEE_ARCH_armv7a = "arm32" +OPTEE_ARCH_aarch64 = "arm64" -EXTRA_OEMAKE += "CFG_WERROR=y \ - CFG_TEE_CORE_LOG_LEVEL=${OPTEE_CORE_LOG_LEVEL} \ - CFG_TEE_TA_LOG_LEVEL=${OPTEE_TA_LOG_LEVEL} \ - CFG_NXPCRYPT=y \ - CFG_GEN_DEK_BLOB=y \ - " +# Optee-os can be built for 32 bits and 64 bits at the same time +# as long as the compilers are correctly defined. +# For 64bits, CROSS_COMPILE64 must be set +# When defining CROSS_COMPILE and CROSS_COMPILE64, we assure that +# any 32 or 64 bits builds will pass +EXTRA_OEMAKE = "PLATFORM=imx PLATFORM_FLAVOR=${PLATFORM_FLAVOR} \ + CROSS_COMPILE=${HOST_PREFIX} \ + CROSS_COMPILE64=${HOST_PREFIX} \ + LDFLAGS= \ + O=${B} \ + CFG_WERROR=y \ + CFG_TEE_CORE_LOG_LEVEL=${OPTEE_CORE_LOG_LEVEL} \ + CFG_TEE_TA_LOG_LEVEL=${OPTEE_TA_LOG_LEVEL} \ +" do_compile () { unset LDFLAGS @@ -45,3 +59,39 @@ do_compile () { oe_runmake -C ${S} all } +do_deploy () { + install -d ${DEPLOYDIR} + ${TARGET_PREFIX}objcopy -O binary ${B}/core/tee.elf ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin + + if [ "${OPTEE_ARCH}" != "arm64" ]; then + IMX_LOAD_ADDR=`cat ${B}/core/tee-init_load_addr.txt` && \ + uboot-mkimage -A arm -O linux -C none -a ${IMX_LOAD_ADDR} -e ${IMX_LOAD_ADDR} \ + -d ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/uTee-${OPTEE_BIN_EXT} + fi + + cd ${DEPLOYDIR} + ln -sf tee.${PLATFORM_FLAVOR}.bin tee.bin + cd - +} + +do_install () { + install -d ${D}${nonarch_base_libdir}/firmware/ + install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ + + # Install the TA devkit + install -d ${D}/usr/include/optee/export-user_ta_${OPTEE_ARCH}/ + + for f in ${B}/export-ta_${OPTEE_ARCH}/*; do + cp -aR $f ${D}/usr/include/optee/export-user_ta_${OPTEE_ARCH}/ + done +} + +addtask deploy after do_compile before do_install + + +FILES_${PN} = "${nonarch_base_libdir}/firmware/" +FILES_${PN}-staticdev = "/usr/include/optee/" +RDEPENDS_${PN}-dev += "${PN}-staticdev" + +PACKAGE_ARCH = "${MACHINE_ARCH}" +COMPATIBLE_MACHINE = "(imx)" diff --git a/meta-digi-arm/recipes-security/optee-imx/optee-os_3.10.0.imx.bb b/meta-digi-arm/recipes-security/optee-imx/optee-os_3.10.0.imx.bb index 03e83340c..21979620b 100644 --- a/meta-digi-arm/recipes-security/optee-imx/optee-os_3.10.0.imx.bb +++ b/meta-digi-arm/recipes-security/optee-imx/optee-os_3.10.0.imx.bb @@ -3,8 +3,8 @@ require optee-os.imx.inc DEPENDS_append = " python3-pycryptodomex-native" -SRCBRANCH = "imx_5.4.47_2.2.0" -SRCREV = "b3914e547eaf90684b5630921d609126634ce64b" +SRCBRANCH = "imx_5.4.70_2.3.0" +SRCREV = "a991c90475bb1c715651e5fe27f7f32cbe61aef9" # tee-init_load_addr.txt has been remove in lates optee-os version. # to keep backward compatibility with existing optee-os recipe. diff --git a/meta-digi-arm/recipes-security/optee-imx/optee-test.imx.inc b/meta-digi-arm/recipes-security/optee-imx/optee-test.imx.inc index 37c0e3446..10cd63809 100644 --- a/meta-digi-arm/recipes-security/optee-imx/optee-test.imx.inc +++ b/meta-digi-arm/recipes-security/optee-imx/optee-test.imx.inc @@ -1,18 +1,23 @@ -# Copyright (C) 2019-2020 NXP +# Copyright (C) 2017-2020 NXP -require recipes-security/optee-imx/optee-test_3.2.0.imx.bb +SUMMARY = "OPTEE test" +HOMEPAGE = "http://www.optee.org/" + +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" inherit python3native -DEPENDS_remove = "python-pycrypto-native" -DEPENDS_append = " python3-pycrypto-native" -SRC_URI_remove = "file://0001-regression-4011-correct-potential-overflow.patch \ - file://0001-xtest-prevent-unexpected-build-warning-with-strncpy.patch \ - file://0003-sock_server-fix-compilation-against-musl-sys-errno.h.patch \ - file://0004-build-ignore-declaration-after-statement-warnings.patch \ - file://0005-benchmark_1000-fix-compilation-against-musl-uint.patch \ - file://0006-regression_8100-use-null-terminated-strings-with-fil.patch \ - " +DEPENDS = "optee-os optee-client python3-pycrypto-native openssl" + +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +OPTEE_TEST_SRC ?= "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https" + +SRC_URI = "${OPTEE_TEST_SRC};branch=${SRCBRANCH} \ +" + +S = "${WORKDIR}/git" B = "${WORKDIR}/build" TA_DEV_KIT_DIR_aarch64 = "${STAGING_INCDIR}/optee/export-user_ta_arm64/" @@ -30,8 +35,23 @@ EXTRA_OEMAKE = " \ OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}/ \ -C ${S} O=${B} \ " -do_compile_prepend () { + +do_compile () { export CXXFLAGS="${CXXFLAGS} --sysroot=${STAGING_DIR_HOST}" + + if [ ${DEFAULTTUNE} = "aarch64" ];then + export TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_arm64/ + export ARCH=arm64 + else + export TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_arm32/ + export ARCH=arm + fi + export OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}/usr + export CROSS_COMPILE_HOST=${HOST_PREFIX} + export CROSS_COMPILE_TA=${HOST_PREFIX} + export CROSS_COMPILE=${HOST_PREFIX} + export OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}/ + oe_runmake V=1 } do_install () { @@ -43,3 +63,7 @@ do_install () { install -m 444 $name ${D}/lib/optee_armtz/ done } + +FILES_${PN} = "/usr/bin/ /lib*/optee_armtz/" + +COMPATIBLE_MACHINE = "(mx6|mx7|mx8)" diff --git a/meta-digi-arm/recipes-security/optee-imx/optee-test_3.10.0.imx.bb b/meta-digi-arm/recipes-security/optee-imx/optee-test_3.10.0.imx.bb index e6abb2431..66867f26e 100644 --- a/meta-digi-arm/recipes-security/optee-imx/optee-test_3.10.0.imx.bb +++ b/meta-digi-arm/recipes-security/optee-imx/optee-test_3.10.0.imx.bb @@ -3,8 +3,8 @@ require optee-test.imx.inc DEPENDS_append = " python3-pycryptodomex-native" -SRCBRANCH = "imx_5.4.47_2.2.0" -SRCREV = "30efcbeaf8864d0f2a5c4be593a5411001fab31b" +SRCBRANCH = "imx_5.4.70_2.3.0" +SRCREV = "0c998f42a3fb87b9f2929955cf4b0116cc515091" do_compile_prepend () { export CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST}"