Merge pull request #1628 from MrCry0/master-optee

Upgrade optee-* to lf-6.1.22-2.0.0

12 files changed, 207 insertions, 125 deletions

diff --git a/conf/machine/include/imx-base.inc b/conf/machine/include/imx-base.inc
index 1492c467..1a1b7c50 100644
--- a/conf/machine/include/imx-base.inc
+++ b/conf/machine/include/imx-base.inc
@@ -547,12 +547,12 @@ PREFERRED_VERSION_vulkan-tools:imxvulkan             ??= "1.2.182.0.imx"
 PREFERRED_VERSION_vulkan-validation-layers:imxvulkan ??= "1.2.182.0.imx"
 
 # Use i.MX optee Version
-PREFERRED_VERSION_optee-os:mx8-nxp-bsp     ??= "3.19.0.imx"
-PREFERRED_VERSION_optee-os:mx9-nxp-bsp     ??= "3.19.0.imx"
-PREFERRED_VERSION_optee-client:mx8-nxp-bsp ??= "3.19.0.imx"
-PREFERRED_VERSION_optee-client:mx9-nxp-bsp ??= "3.19.0.imx"
-PREFERRED_VERSION_optee-test:mx8-nxp-bsp   ??= "3.19.0.imx"
-PREFERRED_VERSION_optee-test:mx9-nxp-bsp   ??= "3.19.0.imx"
+PREFERRED_VERSION_optee-os:mx8-nxp-bsp     ??= "3.21.0.imx"
+PREFERRED_VERSION_optee-os:mx9-nxp-bsp     ??= "3.21.0.imx"
+PREFERRED_VERSION_optee-client:mx8-nxp-bsp ??= "3.21.0.imx"
+PREFERRED_VERSION_optee-client:mx9-nxp-bsp ??= "3.21.0.imx"
+PREFERRED_VERSION_optee-test:mx8-nxp-bsp   ??= "3.21.0.imx"
+PREFERRED_VERSION_optee-test:mx9-nxp-bsp   ??= "3.21.0.imx"
 
 # Use i.MX opencv Version
 PREFERRED_VERSION_opencv:mx8-nxp-bsp ??= "4.6.0.imx"
diff --git a/recipes-security/optee-imx/optee-client_3.19.0.imx.bb b/recipes-security/optee-imx/optee-client_3.19.0.imx.bb
deleted file mode 100644
index 102b3ce9..00000000
--- a/recipes-security/optee-imx/optee-client_3.19.0.imx.bb
+++ /dev/null
@@ -1,4 +0,0 @@
-require optee-client-fslc-imx.inc
-
-SRCBRANCH = "lf-6.1.1_1.0.0"
-SRCREV = "01231b7a7ce03cdf9d3f48e7baa0bce17aac28f7"
diff --git a/recipes-security/optee-imx/optee-client_3.21.0.imx.bb b/recipes-security/optee-imx/optee-client_3.21.0.imx.bb
new file mode 100644
index 00000000..5d508911
--- /dev/null
+++ b/recipes-security/optee-imx/optee-client_3.21.0.imx.bb
@@ -0,0 +1,7 @@
+require optee-client-fslc-imx.inc
+
+SRCBRANCH = "lf-6.1.22_2.0.0"
+SRCREV = "8533e0e6329840ee96cf81b6453f257204227e6c"
+
+DEPENDS += "util-linux"
+EXTRA_OEMAKE += "PKG_CONFIG=pkg-config"
diff --git a/recipes-security/optee-imx/optee-os-fslc.inc b/recipes-security/optee-imx/optee-os-fslc.inc
index faa8c993..19ca7b3c 100644
--- a/recipes-security/optee-imx/optee-os-fslc.inc
+++ b/recipes-security/optee-imx/optee-os-fslc.inc
@@ -21,6 +21,8 @@ EXTRA_OEMAKE += " \
     PLATFORM=imx-${PLATFORM_FLAVOR} \
     CROSS_COMPILE=${HOST_PREFIX} \
     CROSS_COMPILE64=${HOST_PREFIX} \
+    CFLAGS32=--sysroot=${STAGING_DIR_HOST} \
+    CFLAGS64=--sysroot=${STAGING_DIR_HOST} \
     CFG_TEE_TA_LOG_LEVEL=0 \
     CFG_TEE_CORE_LOG_LEVEL=0 \
 "
diff --git a/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch b/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch
index 2abd78a8..8a9062f3 100644
--- a/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch
+++ b/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch
@@ -1,7 +1,7 @@
-From f189457b79989543f65b8a4e8729eff2cdf9a758 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 13 Aug 2022 19:24:55 -0700
-Subject: [PATCH] core: Define section attributes for clang
+From b73c3d2829d3661ca66b5cc6b4181f3bf973b13f Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Wed, 21 Dec 2022 10:55:58 +0000
+Subject: [PATCH 1/4] core: Define section attributes for clang
 
 Clang's attribute section is not same as gcc, here we need to add flags
 to sections so they can be eventually collected by linker into final
@@ -30,16 +30,21 @@ going and match the functionality with gcc.
 
 Upstream-Status: Pending
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
 ---
+
  core/arch/arm/kernel/thread.c    | 19 +++++++++++++++--
- core/arch/arm/mm/core_mmu_lpae.c | 35 ++++++++++++++++++++++++++++----
+ core/arch/arm/mm/core_mmu_lpae.c | 35 +++++++++++++++++++++++++++----
+ core/arch/arm/mm/core_mmu_v7.c   | 36 +++++++++++++++++++++++++++++---
  core/arch/arm/mm/pgt_cache.c     | 12 ++++++++++-
  core/kernel/thread.c             | 13 +++++++++++-
- 4 files changed, 71 insertions(+), 8 deletions(-)
+ 5 files changed, 104 insertions(+), 11 deletions(-)
 
+diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
+index 22ef932f9..7a9078d2e 100644
 --- a/core/arch/arm/kernel/thread.c
 +++ b/core/arch/arm/kernel/thread.c
-@@ -44,16 +44,31 @@ static size_t thread_user_kcode_size __n
+@@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss;
  #if defined(CFG_CORE_UNMAP_CORE_AT_EL0) && \
         defined(CFG_CORE_WORKAROUND_SPECTRE_BP_SEC) && defined(ARM64)
  long thread_user_kdata_sp_offset __nex_bss;
@@ -55,27 +60,28 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
                 SMALL_PAGE_SIZE)]
         __aligned(SMALL_PAGE_SIZE)
 +#ifndef __clang__
- #ifndef CFG_VIRTUALIZATION
+ #ifndef CFG_NS_VIRTUALIZATION
 -       __section(".nozi.kdata_page");
 +       __section(".nozi.kdata_page")
  #else
 -       __section(".nex_nozi.kdata_page");
 +       __section(".nex_nozi.kdata_page")
  #endif
- #endif
++#endif
 +    ;
 +#endif
 +
 +/* reset BSS section to default ( .bss ) */
 +#ifdef __clang__
 +#pragma clang section bss=""
-+#endif
+ #endif
  
  #ifdef ARM32
- uint32_t __nostackcheck thread_get_exceptions(void)
+diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c
+index 6df2c68cf..a877e4965 100644
 --- a/core/arch/arm/mm/core_mmu_lpae.c
 +++ b/core/arch/arm/mm/core_mmu_lpae.c
-@@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t;
+@@ -238,19 +238,46 @@ typedef uint16_t l1_idx_t;
  typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES];
  typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES];
  
@@ -126,59 +132,11 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  /*
   * TAs page table entry inside a level 1 page table.
   *
---- a/core/arch/arm/mm/pgt_cache.c
-+++ b/core/arch/arm/mm/pgt_cache.c
-@@ -410,8 +410,18 @@ void pgt_init(void)
-         * has a large alignment, while .bss has a small alignment. The current
-         * link script is optimized for small alignment in .bss
-         */
-+#ifdef __clang__
-+#pragma clang section bss=".nozi.mmu.l2"
-+#endif
-        static uint8_t pgt_tables[PGT_CACHE_SIZE][PGT_SIZE]
--                       __aligned(PGT_SIZE) __section(".nozi.pgt_cache");
-+                       __aligned(PGT_SIZE)
-+#ifndef __clang__
-+                       __section(".nozi.pgt_cache")
-+#endif
-+                       ;
-+#ifdef __clang__
-+#pragma clang section bss=""
-+#endif
-        size_t n;
- 
-        for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) {
---- a/core/kernel/thread.c
-+++ b/core/kernel/thread.c
-@@ -38,13 +38,24 @@ struct thread_core_local thread_core_loc
-        name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1]
- #endif
- 
-+#define DO_PRAGMA(x) _Pragma (#x)
-+
-+#ifdef __clang__
-+#define DECLARE_STACK(name, num_stacks, stack_size, linkage) \
-+DO_PRAGMA (clang section bss=".nozi_stack." #name) \
-+linkage uint32_t name[num_stacks] \
-+               [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \
-+                        STACK_ALIGNMENT) / sizeof(uint32_t)] \
-+               __attribute__((aligned(STACK_ALIGNMENT))); \
-+DO_PRAGMA(clang section bss="")
-+#else
- #define DECLARE_STACK(name, num_stacks, stack_size, linkage) \
- linkage uint32_t name[num_stacks] \
-                [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \
-                         STACK_ALIGNMENT) / sizeof(uint32_t)] \
-                __attribute__((section(".nozi_stack." # name), \
-                               aligned(STACK_ALIGNMENT)))
--
-+#endif
- #define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack))
- 
- DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, STACK_TMP_SIZE,
+diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c
+index 58596be84..98fa58635 100644
 --- a/core/arch/arm/mm/core_mmu_v7.c
 +++ b/core/arch/arm/mm/core_mmu_v7.c
-@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_EN
+@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_ENTRIES];
  typedef uint32_t l2_xlat_tbl_t[NUM_L2_ENTRIES];
  typedef uint32_t ul1_xlat_tbl_t[NUM_UL1_ENTRIES];
  
@@ -228,3 +186,61 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  
  struct mmu_partition {
         l1_xlat_tbl_t *l1_table;
+diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c
+index 79553c6d2..b9efdf427 100644
+--- a/core/arch/arm/mm/pgt_cache.c
++++ b/core/arch/arm/mm/pgt_cache.c
+@@ -410,8 +410,18 @@ void pgt_init(void)
+         * has a large alignment, while .bss has a small alignment. The current
+         * link script is optimized for small alignment in .bss
+         */
++#ifdef __clang__
++#pragma clang section bss=".nozi.mmu.l2"
++#endif
+        static uint8_t pgt_tables[PGT_CACHE_SIZE][PGT_SIZE]
+-                       __aligned(PGT_SIZE) __section(".nozi.pgt_cache");
++                       __aligned(PGT_SIZE)
++#ifndef __clang__
++                       __section(".nozi.pgt_cache")
++#endif
++                       ;
++#ifdef __clang__
++#pragma clang section bss=""
++#endif
+        size_t n;
+ 
+        for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) {
+diff --git a/core/kernel/thread.c b/core/kernel/thread.c
+index e48294b3b..8de9064ca 100644
+--- a/core/kernel/thread.c
++++ b/core/kernel/thread.c
+@@ -38,13 +38,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss;
+        name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1]
+ #endif
+ 
++#define DO_PRAGMA(x) _Pragma (#x)
++
++#ifdef __clang__
++#define DECLARE_STACK(name, num_stacks, stack_size, linkage) \
++DO_PRAGMA (clang section bss=".nozi_stack." #name) \
++linkage uint32_t name[num_stacks] \
++               [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \
++                        STACK_ALIGNMENT) / sizeof(uint32_t)] \
++               __attribute__((aligned(STACK_ALIGNMENT))); \
++DO_PRAGMA(clang section bss="")
++#else
+ #define DECLARE_STACK(name, num_stacks, stack_size, linkage) \
+ linkage uint32_t name[num_stacks] \
+                [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \
+                         STACK_ALIGNMENT) / sizeof(uint32_t)] \
+                __attribute__((section(".nozi_stack." # name), \
+                               aligned(STACK_ALIGNMENT)))
+-
++#endif
+ #define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack))
+ 
+ DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, STACK_TMP_SIZE,
+-- 
+2.40.1
+
+
diff --git a/recipes-security/optee-imx/optee-os/0007-allow-setting-sysroot-for-clang.patch b/recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch
index dc6d5517..096579c0 100644
--- a/recipes-security/optee-imx/optee-os/0007-allow-setting-sysroot-for-clang.patch
+++ b/recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch
@@ -1,7 +1,7 @@
-From db9e44af75c7cfd3316cab15aaa387383df3e57e Mon Sep 17 00:00:00 2001
+From c67f63d4e7bbe7b21b4c9ef49ae84c6725794aa9 Mon Sep 17 00:00:00 2001
 From: Brett Warren <brett.warren@arm.com>
 Date: Wed, 23 Sep 2020 09:27:34 +0100
-Subject: [PATCH] optee: enable clang support
+Subject: [PATCH 2/4] optee: enable clang support
 
 When compiling with clang, the LIBGCC_LOCATE_CFLAG variable used
 to provide a sysroot wasn't included, which results in not locating
@@ -10,14 +10,17 @@ compiler-rt. This is mitigated by including the variable as ammended.
 Upstream-Status: Pending
 ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701
 Signed-off-by: Brett Warren <brett.warren@arm.com>
-
+Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
 ---
+
  mk/clang.mk | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
+diff --git a/mk/clang.mk b/mk/clang.mk
+index a045beee8..1ebe2f702 100644
 --- a/mk/clang.mk
 +++ b/mk/clang.mk
-@@ -30,7 +30,7 @@ comp-cflags-warns-clang := -Wno-language
+@@ -30,7 +30,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
  
  # Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of
  # libgcc for clang
@@ -26,3 +29,6 @@ Signed-off-by: Brett Warren <brett.warren@arm.com>
                         -rtlib=compiler-rt -print-libgcc-file-name 2> /dev/null)
  
  # Core ASLR relies on the executable being ready to run from its preferred load
+-- 
+2.40.1
+
diff --git a/recipes-security/optee-imx/optee-os/0010-add-note-GNU-stack-section.patch b/recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
index b82aabdc..f0fac69f 100644
--- a/recipes-security/optee-imx/optee-os/0010-add-note-GNU-stack-section.patch
+++ b/recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
@@ -1,7 +1,8 @@
-From ec30e84671aac9a2e9549754eb7bc6201728db4c Mon Sep 17 00:00:00 2001
+From f23fb3381422c613890f77c26d11e377234481c6 Mon Sep 17 00:00:00 2001
 From: Jerome Forissier <jerome.forissier@linaro.org>
 Date: Tue, 23 Aug 2022 12:31:46 +0000
-Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to
+Subject: [PATCH 3/4] arm32: libutils, libutee, ta: add .note.GNU-stack section
+ to
 
  .S files
 
@@ -24,8 +25,9 @@ Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
 
 Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
 Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
-
+Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
 ---
+
  lib/libutee/arch/arm/utee_syscalls_a32.S             | 2 ++
  lib/libutils/ext/arch/arm/atomic_a32.S               | 2 ++
  lib/libutils/ext/arch/arm/mcount_a32.S               | 2 ++
@@ -35,6 +37,8 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
  ta/arch/arm/ta_entry_a32.S                           | 2 ++
  7 files changed, 14 insertions(+)
 
+diff --git a/lib/libutee/arch/arm/utee_syscalls_a32.S b/lib/libutee/arch/arm/utee_syscalls_a32.S
+index 2dea83ab8..668b65a86 100644
 --- a/lib/libutee/arch/arm/utee_syscalls_a32.S
 +++ b/lib/libutee/arch/arm/utee_syscalls_a32.S
 @@ -9,6 +9,8 @@
@@ -46,6 +50,8 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
          .section .text
          .balign 4
          .code 32
+diff --git a/lib/libutils/ext/arch/arm/atomic_a32.S b/lib/libutils/ext/arch/arm/atomic_a32.S
+index 2be73ffad..87ddf1065 100644
 --- a/lib/libutils/ext/arch/arm/atomic_a32.S
 +++ b/lib/libutils/ext/arch/arm/atomic_a32.S
 @@ -7,6 +7,8 @@
@@ -57,6 +63,8 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
  /* uint32_t atomic_inc32(uint32_t *v); */
  FUNC atomic_inc32 , :
         ldrex   r1, [r0]
+diff --git a/lib/libutils/ext/arch/arm/mcount_a32.S b/lib/libutils/ext/arch/arm/mcount_a32.S
+index 54dc3c02d..2f24632b8 100644
 --- a/lib/libutils/ext/arch/arm/mcount_a32.S
 +++ b/lib/libutils/ext/arch/arm/mcount_a32.S
 @@ -9,6 +9,8 @@
@@ -68,6 +76,8 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
  /*
   * Convert return address to call site address by subtracting the size of the
   * mcount call instruction (blx __gnu_mcount_nc).
+diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
+index 37ae9ec6f..bc6c48b1a 100644
 --- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
 +++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
 @@ -7,6 +7,8 @@
@@ -79,6 +89,8 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
  /*
   * signed ret_idivmod_values(signed quot, signed rem);
   * return quotient and remaining the EABI way (regs r0,r1)
+diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
+index 5c3353e2c..9fb5e0283 100644
 --- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
 +++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
 @@ -7,6 +7,8 @@
@@ -90,6 +102,8 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
  /*
   * __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d)
   */
+diff --git a/lib/libutils/isoc/arch/arm/setjmp_a32.S b/lib/libutils/isoc/arch/arm/setjmp_a32.S
+index f8a0b70df..37d7cb88e 100644
 --- a/lib/libutils/isoc/arch/arm/setjmp_a32.S
 +++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S
 @@ -53,6 +53,8 @@
@@ -101,6 +115,8 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
  /* Arm/Thumb interworking support:
  
     The interworking scheme expects functions to use a BX instruction
+diff --git a/ta/arch/arm/ta_entry_a32.S b/ta/arch/arm/ta_entry_a32.S
+index cd9a12f9d..ccdc19928 100644
 --- a/ta/arch/arm/ta_entry_a32.S
 +++ b/ta/arch/arm/ta_entry_a32.S
 @@ -7,6 +7,8 @@
@@ -112,3 +128,6 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
  /*
   * This function is the bottom of the user call stack. Mark it as such so that
   * the unwinding code won't try to go further down.
+-- 
+2.40.1
+
diff --git a/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch b/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch
new file mode 100644
index 00000000..f72d80dc
--- /dev/null
+++ b/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch
@@ -0,0 +1,67 @@
+From b53f5542102b8088448134202c30ca563f5b3c04 Mon Sep 17 00:00:00 2001
+From: Jerome Forissier <jerome.forissier@linaro.org>
+Date: Fri, 5 Aug 2022 09:48:03 +0200
+Subject: [PATCH 4/4] core: link: add --no-warn-rwx-segments
+
+Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
+Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474]
+
+binutils ld.bfd generates one RWX LOAD segment by merging several sections
+with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it
+also warns by default when that happens [1], which breaks the build due to
+--fatal-warnings. The RWX segment is not a problem for the TEE core, since
+that information is not used to set memory permissions. Therefore, silence
+the warning.
+
+Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
+Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448
+Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
+Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
+Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
+---
+
+ core/arch/arm/kernel/link.mk | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
+index e8a518254..60e08966f 100644
+--- a/core/arch/arm/kernel/link.mk
++++ b/core/arch/arm/kernel/link.mk
+@@ -37,6 +37,7 @@ link-ldflags += --sort-section=alignment
+ link-ldflags += --fatal-warnings
+ link-ldflags += --gc-sections
+ link-ldflags += $(link-ldflags-common)
++link-ldflags += $(call ld-option,--no-warn-rwx-segments)
+ 
+ link-ldadd  = $(LDADD)
+ link-ldadd += $(ldflags-external)
+@@ -61,6 +62,7 @@ link-script-cppflags := \
+                $(cppflagscore))
+ 
+ ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \
++                  $(call ld-option,--no-warn-rwx-segments) \
+                   $(link-ldflags-common) \
+                   $(link-objs) $(link-ldadd) $(libgcccore)
+ cleanfiles += $(link-out-dir)/all_objs.o
+@@ -75,7 +77,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o
+                $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@
+ 
+ unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
+-                $(link-ldflags-common)
++                $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments)
+ unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore)
+ cleanfiles += $(link-out-dir)/unpaged.o
+ $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt
+@@ -104,7 +106,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o
+                $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@
+ 
+ init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
+-              $(link-ldflags-common)
++              $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments)
+ init-ldadd := $(link-objs-init) $(link-out-dir)/version.o  $(link-ldadd) \
+              $(libgcccore)
+ cleanfiles += $(link-out-dir)/init.o
+-- 
+2.40.1
+
diff --git a/recipes-security/optee-imx/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/recipes-security/optee-imx/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch
deleted file mode 100644
index c07d0482..00000000
--- a/recipes-security/optee-imx/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 528aeb42652a3159c1bfd51d6c1442c3ff27b84c Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@arm.com>
-Date: Tue, 26 May 2020 14:38:02 -0500
-Subject: [PATCH] allow setting sysroot for libgcc lookup
-
-Explicitly pass the new variable LIBGCC_LOCATE_CFLAGS variable when searching
-for the compiler libraries as there's no easy way to reliably pass --sysroot
-otherwise.
-
-Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
----
- mk/gcc.mk | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
---- a/mk/gcc.mk
-+++ b/mk/gcc.mk
-@@ -13,11 +13,11 @@ nostdinc$(sm)       := -nostdinc -isystem $(sh
-                        -print-file-name=include 2> /dev/null)
- 
- # Get location of libgcc from gcc
--libgcc$(sm)    := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
-+libgcc$(sm)    := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
-                        -print-libgcc-file-name 2> /dev/null)
--libstdc++$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
-+libstdc++$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
-                        -print-file-name=libstdc++.a 2> /dev/null)
--libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
-+libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
-                        -print-file-name=libgcc_eh.a 2> /dev/null)
- 
- # Define these to something to discover accidental use
diff --git a/recipes-security/optee-imx/optee-os_3.19.0.imx.bb b/recipes-security/optee-imx/optee-os_3.19.0.imx.bb
deleted file mode 100644
index aec204c6..00000000
--- a/recipes-security/optee-imx/optee-os_3.19.0.imx.bb
+++ /dev/null
@@ -1,10 +0,0 @@
-# Copyright (C) 2017-2021 NXP
-
-require optee-os-fslc-imx.inc
-
-SRC_URI += "file://0001-core-Define-section-attributes-for-clang.patch \
-            file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \
-            file://0007-allow-setting-sysroot-for-clang.patch \
-            file://0010-add-note-GNU-stack-section.patch"
-SRCBRANCH = "lf-6.1.1_1.0.0"
-SRCREV = "ad4e8389bb2c38efe39853925eec571ac778c575"
diff --git a/recipes-security/optee-imx/optee-os_3.21.0.imx.bb b/recipes-security/optee-imx/optee-os_3.21.0.imx.bb
new file mode 100644
index 00000000..f158441f
--- /dev/null
+++ b/recipes-security/optee-imx/optee-os_3.21.0.imx.bb
@@ -0,0 +1,12 @@
+# Copyright (C) 2017-2021 NXP
+
+require optee-os-fslc-imx.inc
+
+SRC_URI += " \
+    file://0001-core-Define-section-attributes-for-clang.patch \
+    file://0002-optee-enable-clang-support.patch \
+    file://0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch \
+    file://0004-core-link-add-no-warn-rwx-segments.patch \
+"
+SRCBRANCH = "lf-6.1.22_2.0.0"
+SRCREV = "1962aec9581760803b1485d455cd62cb11c14870"
diff --git a/recipes-security/optee-imx/optee-test_3.19.0.imx.bb b/recipes-security/optee-imx/optee-test_3.21.0.imx.bb
index 1ef4cad5..56ed2aa2 100644
--- a/recipes-security/optee-imx/optee-test_3.19.0.imx.bb
+++ b/recipes-security/optee-imx/optee-test_3.21.0.imx.bb
@@ -4,7 +4,7 @@ require optee-test-fslc.inc
 
 SRC_URI = "git://github.com/nxp-imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH}"
 
-SRCBRANCH = "lf-6.1.1_1.0.0"
-SRCREV = "7c314e6a0cec0ba19246eb4f1959859d7a6536d6"
+SRCBRANCH = "lf-6.1.22_2.0.0"
+SRCREV = "c2c9f922044d2c8a7ab384812bb124c6da2b7888"
 
 COMPATIBLE_MACHINE = "(imx-nxp-bsp)"