optee-os: Upgrade to lf-6.1.55-2.2.0 (4.0)

Upgrade optee-os to 4.0 to be aligned with NXP BSP LF6.1.55_2.2.0. Also update the patch files. Relevant changes: - a303fc80f drivers: crypto: caam: fix job ring interruption number - 2a3787bf4 LFOPTEE-291 drivers: ele: disable ELE RNG at runtime - dca43aa1b drivers: crypto: caam: use job ring 3 on i.mx8dxlevk - c0d2000c1 drivers: imx_snvs: unlock SNVS access for non-secure - 50e946795 LFOPTEE-289 core: pta: imx: Trusted ARM CE: fix serialization bug - 9134bcffa LFOPTEE-289 core: pta: imx: Trusted ARM CE fix build issue - 8bf641926 LFOPTEE-235 core: plat-imx: Add Fast SMC support - 0477a804b LFOPTEE-235 core: pta: imx: add TRUSTED ARM CE - d943197bd LFOPTEE-235 drivers: ele: expose imx_ele_derive_key - e7dadb871 LFOPTEE-235 drivers: ele: rng: Use ELE GetRandom cmd - 9f3218062 LFOPTEE-286 drivers: ele: report error according to ELE response status - c619a4cb2 LFOPTEE-279 drivers: ele: correct typo in imx_ele_generate_key() - 2b0d839e5 LFOPTEE-279 drivers: ele: update imx_ele_delete_key() function - d7e85fad1 LFOPTEE-259 drivers: ele: make special setup for Trust MU communication - 4000b10be LFOPTEE-273 drivers: ele: move key management functions in key_mgmt.h - 4188353a1 LFOPTEE-270 drivers: ele: remove global session and key store handle init from imx_ele_global_init(). - dd79868aa LFOPTEE-270 drivers: ele: key_mgmt: remove unnecessary cache invalidate operation Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
author: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> 2024-02-17 11:01:32 +0200
committer: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> 2024-02-17 11:40:44 +0200
commit: ebdf6d8b5dc45cb2417aefbae5c3c70f47b03cc4 (patch)
tree: 940871c2ad81454449c9deadef8f5aa77cc8b801
parent: 61b0a60c8f503a53abe175768a1554a0b24ab97e (diff)
download: meta-freescale-ebdf6d8b5dc45cb2417aefbae5c3c70f47b03cc4.tar.gz
6 files changed, 45 insertions, 46 deletions
diff --git a/conf/machine/include/imx-base.inc b/conf/machine/include/imx-base.inc
index 87a17153..44cc17ca 100644
--- a/conf/machine/include/imx-base.inc
+++ b/conf/machine/include/imx-base.inc
@@ -593,8 +593,8 @@ PREFERRED_VERSION_vulkan-tools:imxvulkan             ??= "1.3.239.0.imx"
 PREFERRED_VERSION_vulkan-validation-layers:imxvulkan ??= "1.3.239.0.imx"
 # Use i.MX optee Version
-PREFERRED_VERSION_optee-os:mx8-nxp-bsp     ??= "3.21.0.imx"
+PREFERRED_VERSION_optee-os:mx8-nxp-bsp     ??= "4.0.0.imx"
-PREFERRED_VERSION_optee-os:mx9-nxp-bsp     ??= "3.21.0.imx"
+PREFERRED_VERSION_optee-os:mx9-nxp-bsp     ??= "4.0.0.imx"
 PREFERRED_VERSION_optee-client:mx8-nxp-bsp ??= "3.21.0.imx"
 PREFERRED_VERSION_optee-client:mx9-nxp-bsp ??= "3.21.0.imx"
 PREFERRED_VERSION_optee-test:mx8-nxp-bsp   ??= "3.21.0.imx"
diff --git a/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch b/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch
index 8a9062f3..54fbe541 100644
--- a/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch
+++ b/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch
@@ -1,4 +1,4 @@
-From b73c3d2829d3661ca66b5cc6b4181f3bf973b13f Mon Sep 17 00:00:00 2001
+From ef83625c9a5f50610e25aa860c4b9c5e64723a66 Mon Sep 17 00:00:00 2001
 From: Emekcan Aras <emekcan.aras@arm.com>
 Date: Wed, 21 Dec 2022 10:55:58 +0000
 Subject: [PATCH 1/4] core: Define section attributes for clang
@@ -36,15 +36,15 @@ Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
 core/arch/arm/kernel/thread.c    | 19 +++++++++++++++--
 core/arch/arm/mm/core_mmu_lpae.c | 35 +++++++++++++++++++++++++++----
 core/arch/arm/mm/core_mmu_v7.c   | 36 +++++++++++++++++++++++++++++---
- core/arch/arm/mm/pgt_cache.c     | 12 ++++++++++-
 core/kernel/thread.c             | 13 +++++++++++-
+ core/mm/pgt_cache.c              | 12 ++++++++++-
 5 files changed, 104 insertions(+), 11 deletions(-)
 diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
-index 22ef932f9..7a9078d2e 100644
+index 66833b3a0..b3eb9cf9a 100644
 --- a/core/arch/arm/kernel/thread.c
 +++ b/core/arch/arm/kernel/thread.c
-@@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss;
+@@ -45,15 +45,30 @@ static size_t thread_user_kcode_size __nex_bss;
 #if defined(CFG_CORE_UNMAP_CORE_AT_EL0) && \
        defined(CFG_CORE_WORKAROUND_SPECTRE_BP_SEC) && defined(ARM64)
 long thread_user_kdata_sp_offset __nex_bss;
@@ -78,10 +78,10 @@ index 22ef932f9..7a9078d2e 100644
 
 #ifdef ARM32
 diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c
-index 6df2c68cf..a877e4965 100644
+index 4c8b85e39..1885e1d3f 100644
 --- a/core/arch/arm/mm/core_mmu_lpae.c
 +++ b/core/arch/arm/mm/core_mmu_lpae.c
-@@ -238,19 +238,46 @@ typedef uint16_t l1_idx_t;
+@@ -234,19 +234,46 @@ typedef uint16_t l1_idx_t;
 typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES];
 typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES];
 
@@ -133,7 +133,7 @@ index 6df2c68cf..a877e4965 100644
  * TAs page table entry inside a level 1 page table.
  *
 diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c
-index 58596be84..98fa58635 100644
+index 61e703da8..1960c08ca 100644
 --- a/core/arch/arm/mm/core_mmu_v7.c
 +++ b/core/arch/arm/mm/core_mmu_v7.c
 @@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_ENTRIES];
@@ -186,35 +186,11 @@ index 58596be84..98fa58635 100644
 
 struct mmu_partition {
        l1_xlat_tbl_t *l1_table;
-diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c
-index 79553c6d2..b9efdf427 100644
--- a/core/arch/arm/mm/pgt_cache.c
-+++ b/core/arch/arm/mm/pgt_cache.c
-@@ -410,8 +410,18 @@ void pgt_init(void)
-         * has a large alignment, while .bss has a small alignment. The current
-         * link script is optimized for small alignment in .bss
-         */
-+#ifdef __clang__
-+#pragma clang section bss=".nozi.mmu.l2"
-+#endif
-        static uint8_t pgt_tables[PGT_CACHE_SIZE][PGT_SIZE]
-                       __aligned(PGT_SIZE) __section(".nozi.pgt_cache");
-+                       __aligned(PGT_SIZE)
-+#ifndef __clang__
-+                       __section(".nozi.pgt_cache")
-+#endif
-+                       ;
-+#ifdef __clang__
-+#pragma clang section bss=""
-+#endif
-        size_t n;
- 
-        for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) {
 diff --git a/core/kernel/thread.c b/core/kernel/thread.c
-index e48294b3b..8de9064ca 100644
+index 2a1f22dce..5516b6771 100644
 --- a/core/kernel/thread.c
 +++ b/core/kernel/thread.c
-@@ -38,13 +38,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss;
+@@ -39,13 +39,24 @@ static uint32_t end_canary_value = 0xababab00;
        name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1]
 #endif
 
@@ -240,7 +216,30 @@ index e48294b3b..8de9064ca 100644
 #define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack))
 
 DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, STACK_TMP_SIZE,
+diff --git a/core/mm/pgt_cache.c b/core/mm/pgt_cache.c
+index 79553c6d2..b9efdf427 100644
+--- a/core/mm/pgt_cache.c
+++ b/core/mm/pgt_cache.c
+@@ -410,8 +410,18 @@ void pgt_init(void)
+         * has a large alignment, while .bss has a small alignment. The current
+         * link script is optimized for small alignment in .bss
+         */
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.l2"
+#endif
+        static uint8_t pgt_tables[PGT_CACHE_SIZE][PGT_SIZE]
+-                       __aligned(PGT_SIZE) __section(".nozi.pgt_cache");
+                       __aligned(PGT_SIZE)
+#ifndef __clang__
+                       __section(".nozi.pgt_cache")
+#endif
+                       ;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
+        size_t n;
+ 
+        for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) {
 -- 
-2.40.1
+2.43.2
diff --git a/recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch b/recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch
index 096579c0..dbc53542 100644
--- a/recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch
+++ b/recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch
@@ -1,4 +1,4 @@
-From c67f63d4e7bbe7b21b4c9ef49ae84c6725794aa9 Mon Sep 17 00:00:00 2001
+From 2ba573c9763329fbfdfacc8393d565ab747cac4d Mon Sep 17 00:00:00 2001
 From: Brett Warren <brett.warren@arm.com>
 Date: Wed, 23 Sep 2020 09:27:34 +0100
 Subject: [PATCH 2/4] optee: enable clang support
@@ -30,5 +30,5 @@ index a045beee8..1ebe2f702 100644
 
 # Core ASLR relies on the executable being ready to run from its preferred load
 -- 
-2.40.1
+2.43.2
diff --git a/recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch b/recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
index f0fac69f..1c5753c7 100644
--- a/recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
+++ b/recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
@@ -1,4 +1,4 @@
-From f23fb3381422c613890f77c26d11e377234481c6 Mon Sep 17 00:00:00 2001
+From 6f738803a59613ec4a683ddbc1747ebffd75a4e6 Mon Sep 17 00:00:00 2001
 From: Jerome Forissier <jerome.forissier@linaro.org>
 Date: Tue, 23 Aug 2022 12:31:46 +0000
 Subject: [PATCH 3/4] arm32: libutils, libutee, ta: add .note.GNU-stack section
@@ -129,5 +129,5 @@ index cd9a12f9d..ccdc19928 100644
  * This function is the bottom of the user call stack. Mark it as such so that
  * the unwinding code won't try to go further down.
 -- 
-2.40.1
+2.43.2
diff --git a/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch b/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch
index f72d80dc..f32b2284 100644
--- a/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch
+++ b/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch
@@ -1,4 +1,4 @@
-From b53f5542102b8088448134202c30ca563f5b3c04 Mon Sep 17 00:00:00 2001
+From a63f82f74e015eb662242cdb51ef814e3f576829 Mon Sep 17 00:00:00 2001
 From: Jerome Forissier <jerome.forissier@linaro.org>
 Date: Fri, 5 Aug 2022 09:48:03 +0200
 Subject: [PATCH 4/4] core: link: add --no-warn-rwx-segments
@@ -25,7 +25,7 @@ Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
 1 file changed, 4 insertions(+), 2 deletions(-)
 diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
-index e8a518254..60e08966f 100644
+index 49e9f4fa1..9e1cc172f 100644
 --- a/core/arch/arm/kernel/link.mk
 +++ b/core/arch/arm/kernel/link.mk
 @@ -37,6 +37,7 @@ link-ldflags += --sort-section=alignment
@@ -63,5 +63,5 @@ index e8a518254..60e08966f 100644
              $(libgcccore)
 cleanfiles += $(link-out-dir)/init.o
 -- 
-2.40.1
+2.43.2
diff --git a/recipes-security/optee-imx/optee-os_3.21.0.imx.bb b/recipes-security/optee-imx/optee-os_4.0.0.imx.bb
index 89788370..cecfc23c 100644
--- a/recipes-security/optee-imx/optee-os_3.21.0.imx.bb
+++ b/recipes-security/optee-imx/optee-os_4.0.0.imx.bb
@@ -8,5 +8,5 @@ SRC_URI += " \
    file://0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch \
    file://0004-core-link-add-no-warn-rwx-segments.patch \
 "
-SRCBRANCH = "lf-6.1.36_2.1.0"
+SRCBRANCH = "lf-6.1.55_2.2.0"
-SRCREV = "4e32281904b15af9ddbdf00f73e1c08eae21c695"
+SRCREV = "a303fc80f7c4bd713315687a1fa1d6ed136e78ee"
author	Oleksandr Suvorov <oleksandr.suvorov@foundries.io>	2024-02-17 11:01:32 +0200
committer	Oleksandr Suvorov <oleksandr.suvorov@foundries.io>	2024-02-17 11:40:44 +0200
commit	ebdf6d8b5dc45cb2417aefbae5c3c70f47b03cc4 (patch)
tree	940871c2ad81454449c9deadef8f5aa77cc8b801
parent	61b0a60c8f503a53abe175768a1554a0b24ab97e (diff)
download	meta-freescale-ebdf6d8b5dc45cb2417aefbae5c3c70f47b03cc4.tar.gz