diff options
author | Otavio Salvador <otavio@ossystems.com.br> | 2022-10-25 19:30:59 -0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-10-25 19:30:59 -0300 |
commit | 3747641f1e71d8e4edd5b587b49d09dc2d243942 (patch) | |
tree | bd3395c664ea7e08bacb2a689f26941a2d7c67ce | |
parent | 9f544ada2af55eebc10dd1cb932cf4899223398a (diff) | |
parent | 0d2e41d1dd60b4f8ba42def0e15b59f01e893677 (diff) | |
download | meta-freescale-3747641f1e71d8e4edd5b587b49d09dc2d243942.tar.gz |
Merge pull request #1281 from nsdrude/kirkstone
[Backport Kirkstone] optee
-rw-r--r-- | conf/machine/include/imx-base.inc | 6 | ||||
-rw-r--r-- | recipes-security/optee-imx/optee-client_3.17.0.imx.bb (renamed from recipes-security/optee-imx/optee-client_3.15.0.imx.bb) | 0 | ||||
-rw-r--r-- | recipes-security/optee-imx/optee-os/0008-no-warn-rwx-segments.patch | 64 | ||||
-rw-r--r-- | recipes-security/optee-imx/optee-os_3.17.0.imx.bb (renamed from recipes-security/optee-imx/optee-os_3.15.0.imx.bb) | 30 | ||||
-rw-r--r-- | recipes-security/optee-imx/optee-test_3.17.0.imx.bb (renamed from recipes-security/optee-imx/optee-test_3.15.0.imx.bb) | 10 |
5 files changed, 87 insertions, 23 deletions
diff --git a/conf/machine/include/imx-base.inc b/conf/machine/include/imx-base.inc index 80027072..e9b751e0 100644 --- a/conf/machine/include/imx-base.inc +++ b/conf/machine/include/imx-base.inc | |||
@@ -490,9 +490,9 @@ PREFERRED_VERSION_vulkan-loader:imxvulkan ??= "1.2.182.0" | |||
490 | PREFERRED_VERSION_vulkan-tools:imxvulkan ??= "1.2.182.0" | 490 | PREFERRED_VERSION_vulkan-tools:imxvulkan ??= "1.2.182.0" |
491 | 491 | ||
492 | # Use i.MX optee Version | 492 | # Use i.MX optee Version |
493 | PREFERRED_VERSION_optee-os:mx8-nxp-bsp ??= "3.15.0.imx" | 493 | PREFERRED_VERSION_optee-os:mx8-nxp-bsp ??= "3.17.0.imx" |
494 | PREFERRED_VERSION_optee-client:mx8-nxp-bsp ??= "3.15.0.imx" | 494 | PREFERRED_VERSION_optee-client:mx8-nxp-bsp ??= "3.17.0.imx" |
495 | PREFERRED_VERSION_optee-test:mx8-nxp-bsp ??= "3.15.0.imx" | 495 | PREFERRED_VERSION_optee-test:mx8-nxp-bsp ??= "3.17.0.imx" |
496 | 496 | ||
497 | #Use i.MX opencv Version for mx8 | 497 | #Use i.MX opencv Version for mx8 |
498 | PREFERRED_VERSION_opencv:mx8-nxp-bsp ??= "4.5.2.imx" | 498 | PREFERRED_VERSION_opencv:mx8-nxp-bsp ??= "4.5.2.imx" |
diff --git a/recipes-security/optee-imx/optee-client_3.15.0.imx.bb b/recipes-security/optee-imx/optee-client_3.17.0.imx.bb index 53ee5bc4..53ee5bc4 100644 --- a/recipes-security/optee-imx/optee-client_3.15.0.imx.bb +++ b/recipes-security/optee-imx/optee-client_3.17.0.imx.bb | |||
diff --git a/recipes-security/optee-imx/optee-os/0008-no-warn-rwx-segments.patch b/recipes-security/optee-imx/optee-os/0008-no-warn-rwx-segments.patch new file mode 100644 index 00000000..1dd70b31 --- /dev/null +++ b/recipes-security/optee-imx/optee-os/0008-no-warn-rwx-segments.patch | |||
@@ -0,0 +1,64 @@ | |||
1 | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> | ||
2 | Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] | ||
3 | |||
4 | From 0b8a917fa51a366806edc0f04b88cd23b24098c4 Mon Sep 17 00:00:00 2001 | ||
5 | From: Jerome Forissier <jerome.forissier@linaro.org> | ||
6 | Date: Fri, 5 Aug 2022 09:48:03 +0200 | ||
7 | Subject: [PATCH] core: link: add --no-warn-rwx-segments | ||
8 | |||
9 | binutils ld.bfd generates one RWX LOAD segment by merging several sections | ||
10 | with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it | ||
11 | also warns by default when that happens [1], which breaks the build due to | ||
12 | --fatal-warnings. The RWX segment is not a problem for the TEE core, since | ||
13 | that information is not used to set memory permissions. Therefore, silence | ||
14 | the warning. | ||
15 | |||
16 | Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 | ||
17 | Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 | ||
18 | Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com> | ||
19 | Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> | ||
20 | Acked-by: Jens Wiklander <jens.wiklander@linaro.org> | ||
21 | --- | ||
22 | core/arch/arm/kernel/link.mk | 8 ++++++-- | ||
23 | 1 file changed, 6 insertions(+), 2 deletions(-) | ||
24 | |||
25 | diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk | ||
26 | index 7eed333a32..c39d43cbfc 100644 | ||
27 | --- a/core/arch/arm/kernel/link.mk | ||
28 | +++ b/core/arch/arm/kernel/link.mk | ||
29 | @@ -31,6 +31,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map | ||
30 | link-ldflags += --sort-section=alignment | ||
31 | link-ldflags += --fatal-warnings | ||
32 | link-ldflags += --gc-sections | ||
33 | +link-ldflags += $(call ld-option,--no-warn-rwx-segments) | ||
34 | |||
35 | link-ldadd = $(LDADD) | ||
36 | link-ldadd += $(ldflags-external) | ||
37 | @@ -55,6 +56,7 @@ link-script-cppflags := \ | ||
38 | $(cppflagscore)) | ||
39 | |||
40 | ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \ | ||
41 | + $(call ld-option,--no-warn-rwx-segments) \ | ||
42 | $(link-objs) $(link-ldadd) $(libgcccore) | ||
43 | cleanfiles += $(link-out-dir)/all_objs.o | ||
44 | $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST) | ||
45 | @@ -67,7 +69,8 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o | ||
46 | $(q)$(NMcore) $< | \ | ||
47 | $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@ | ||
48 | |||
49 | -unpaged-ldargs = -T $(link-script-dummy) --no-check-sections --gc-sections | ||
50 | +unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ | ||
51 | + $(call ld-option,--no-warn-rwx-segments) | ||
52 | unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore) | ||
53 | cleanfiles += $(link-out-dir)/unpaged.o | ||
54 | $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt | ||
55 | @@ -95,7 +98,8 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o | ||
56 | $(q)$(NMcore) $< | \ | ||
57 | $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@ | ||
58 | |||
59 | -init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections | ||
60 | +init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ | ||
61 | + $(call ld-option,--no-warn-rwx-segments) | ||
62 | init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \ | ||
63 | $(libgcccore) | ||
64 | cleanfiles += $(link-out-dir)/init.o | ||
diff --git a/recipes-security/optee-imx/optee-os_3.15.0.imx.bb b/recipes-security/optee-imx/optee-os_3.17.0.imx.bb index 6d10b93d..93e0ff6e 100644 --- a/recipes-security/optee-imx/optee-os_3.15.0.imx.bb +++ b/recipes-security/optee-imx/optee-os_3.17.0.imx.bb | |||
@@ -6,12 +6,15 @@ HOMEPAGE = "http://www.optee.org/" | |||
6 | LICENSE = "BSD-2-Clause" | 6 | LICENSE = "BSD-2-Clause" |
7 | LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" | 7 | LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" |
8 | 8 | ||
9 | DEPENDS = "python3-pycryptodomex-native python3-pyelftools-native u-boot-mkimage-native" | 9 | DEPENDS = "python3-cryptography-native python3-pyelftools-native u-boot-mkimage-native" |
10 | 10 | ||
11 | SRCBRANCH = "lf-5.15.5_1.0.0" | ||
12 | SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH}" | 11 | SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH}" |
12 | SRCBRANCH = "lf-5.15.32_2.0.0" | ||
13 | SRCREV = "984996422c25c99ebfc5194c1bb393028605bb0c" | ||
13 | 14 | ||
14 | SRCREV = "807629a0889ad5e888f1fd187932ab7f701ddf8c" | 15 | SRC_URI:append = " \ |
16 | file://0008-no-warn-rwx-segments.patch \ | ||
17 | " | ||
15 | 18 | ||
16 | S = "${WORKDIR}/git" | 19 | S = "${WORKDIR}/git" |
17 | 20 | ||
@@ -24,10 +27,9 @@ PLATFORM_FLAVOR = "${@d.getVar('MACHINE')[1:]}" | |||
24 | PLATFORM_FLAVOR:imx6qdlsabresd = "mx6qsabresd" | 27 | PLATFORM_FLAVOR:imx6qdlsabresd = "mx6qsabresd" |
25 | PLATFORM_FLAVOR:imx6qdlsabreauto = "mx6qsabreauto" | 28 | PLATFORM_FLAVOR:imx6qdlsabreauto = "mx6qsabreauto" |
26 | PLATFORM_FLAVOR:imx6qpdlsolox = "mx6qsabresd" | 29 | PLATFORM_FLAVOR:imx6qpdlsolox = "mx6qsabresd" |
27 | PLATFORM_FLAVOR:imx6ul = "mx6ulevk" | 30 | PLATFORM_FLAVOR:mx6ul-nxp-bsp = "mx6ulevk" |
28 | PLATFORM_FLAVOR:imx6ull = "mx6ullevk" | 31 | PLATFORM_FLAVOR:mx6ull-nxp-bsp = "mx6ullevk" |
29 | PLATFORM_FLAVOR:imx6ull = "mx6ullevk" | 32 | PLATFORM_FLAVOR:mx6ulz-nxp-bsp = "mx6ulzevk" |
30 | PLATFORM_FLAVOR:imx6ulz = "mx6ulzevk" | ||
31 | PLATFORM_FLAVOR:mx8mq-nxp-bsp = "mx8mqevk" | 33 | PLATFORM_FLAVOR:mx8mq-nxp-bsp = "mx8mqevk" |
32 | PLATFORM_FLAVOR:mx8mm-nxp-bsp = "mx8mmevk" | 34 | PLATFORM_FLAVOR:mx8mm-nxp-bsp = "mx8mmevk" |
33 | PLATFORM_FLAVOR:mx8mn-nxp-bsp = "mx8mnevk" | 35 | PLATFORM_FLAVOR:mx8mn-nxp-bsp = "mx8mnevk" |
@@ -49,13 +51,13 @@ OPTEE_ARCH:aarch64 = "arm64" | |||
49 | # When defining CROSS_COMPILE and CROSS_COMPILE64, we assure that | 51 | # When defining CROSS_COMPILE and CROSS_COMPILE64, we assure that |
50 | # any 32 or 64 bits builds will pass | 52 | # any 32 or 64 bits builds will pass |
51 | EXTRA_OEMAKE = " \ | 53 | EXTRA_OEMAKE = " \ |
52 | PLATFORM=imx \ | 54 | PLATFORM=imx-${PLATFORM_FLAVOR} \ |
53 | PLATFORM_FLAVOR=${PLATFORM_FLAVOR} \ | 55 | CROSS_COMPILE=${HOST_PREFIX} \ |
54 | CROSS_COMPILE=${HOST_PREFIX} \ | 56 | CROSS_COMPILE64=${HOST_PREFIX} \ |
55 | CROSS_COMPILE64=${HOST_PREFIX} \ | 57 | CFG_TEE_TA_LOG_LEVEL=0 \ |
56 | CFG_TEE_TA_LOG_LEVEL=0 \ | 58 | CFG_TEE_CORE_LOG_LEVEL=0 \ |
57 | CFG_TEE_CORE_LOG_LEVEL=0 \ | 59 | OPENSSL_MODULES=${STAGING_LIBDIR_NATIVE}/ossl-modules \ |
58 | -C ${S} O=${B}\ | 60 | -C ${S} O=${B} \ |
59 | " | 61 | " |
60 | 62 | ||
61 | LDFLAGS = "" | 63 | LDFLAGS = "" |
diff --git a/recipes-security/optee-imx/optee-test_3.15.0.imx.bb b/recipes-security/optee-imx/optee-test_3.17.0.imx.bb index a3649d74..54f92d72 100644 --- a/recipes-security/optee-imx/optee-test_3.15.0.imx.bb +++ b/recipes-security/optee-imx/optee-test_3.17.0.imx.bb | |||
@@ -6,17 +6,15 @@ HOMEPAGE = "http://www.optee.org/" | |||
6 | LICENSE = "BSD-2-Clause & GPL-2.0-only" | 6 | LICENSE = "BSD-2-Clause & GPL-2.0-only" |
7 | LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" | 7 | LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" |
8 | 8 | ||
9 | DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native optee-os optee-client openssl" | 9 | DEPENDS = "python3-cryptography-native optee-os optee-client openssl" |
10 | |||
11 | SRCBRANCH = "lf-5.15.5_1.0.0" | ||
12 | 10 | ||
13 | SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH}" | 11 | SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH}" |
12 | SRCBRANCH = "lf-5.15.32_2.0.0" | ||
13 | SRCREV = "e064126a9769f168d1d0e178b74955e6648683b4" | ||
14 | 14 | ||
15 | S = "${WORKDIR}/git" | 15 | S = "${WORKDIR}/git" |
16 | B = "${WORKDIR}/build" | 16 | B = "${WORKDIR}/build" |
17 | 17 | ||
18 | SRCREV = "e9d8bf6ee121d6686e6e409c727caee76496bb86" | ||
19 | |||
20 | inherit python3native features_check | 18 | inherit python3native features_check |
21 | 19 | ||
22 | REQUIRED_MACHINE_FEATURES = "optee" | 20 | REQUIRED_MACHINE_FEATURES = "optee" |
@@ -29,11 +27,11 @@ CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" | |||
29 | 27 | ||
30 | EXTRA_OEMAKE = " \ | 28 | EXTRA_OEMAKE = " \ |
31 | TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_${OPTEE_ARCH}/ \ | 29 | TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_${OPTEE_ARCH}/ \ |
32 | ARCH=${OPTEE_ARCH} \ | ||
33 | OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${exec_prefix} \ | 30 | OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${exec_prefix} \ |
34 | CROSS_COMPILE_HOST=${HOST_PREFIX} \ | 31 | CROSS_COMPILE_HOST=${HOST_PREFIX} \ |
35 | CROSS_COMPILE_TA=${HOST_PREFIX} \ | 32 | CROSS_COMPILE_TA=${HOST_PREFIX} \ |
36 | CROSS_COMPILE=${HOST_PREFIX} \ | 33 | CROSS_COMPILE=${HOST_PREFIX} \ |
34 | OPENSSL_MODULES=${STAGING_LIBDIR_NATIVE}/ossl-modules \ | ||
37 | -C ${S} O=${B} \ | 35 | -C ${S} O=${B} \ |
38 | " | 36 | " |
39 | 37 | ||