diff options
author | Oleksandr Suvorov <oleksandr.suvorov@foundries.io> | 2023-07-26 13:28:32 +0300 |
---|---|---|
committer | Oleksandr Suvorov <oleksandr.suvorov@foundries.io> | 2023-07-28 16:39:03 +0300 |
commit | 4ae12b59af79ade0293da21b24433e79bd80d09c (patch) | |
tree | ebc498f05c1b7058cafd21df29d4194e2ee832c4 /recipes-security/optee-imx | |
parent | 166bef5ec76438d4a1fe9aa192081e97c8acc022 (diff) | |
download | meta-freescale-4ae12b59af79ade0293da21b24433e79bd80d09c.tar.gz |
optee-os: Upgrade to lf-6.1.22-2.0.0 (3.21)
Upgrade optee-os to be aligned with NXP BSP LF6.1.22_2.0.0.
Reapply and refresh patch files.
Drop patches that provided correct sysroot. Instead, use CFLAGS{32,64}
to pass --sysroot, this option is available since optee-os 3.16.
Relevant changes:
- 1962aec95 LFOPTEE-238 drivers: ele: use the baseline API to retrieve the UID
- 7e7b93ac1 LFOPTEE-238 drivers: ele: add msb and lsb to imx_ele_buf object
- 086b65048 LF-8999 drivers: ele: disable ASLR for imx8ulp
- fa3174b61 LF-8995 drivers: ele: keystore: change global key store id
- 1ae8545a4 LF-8995 drivers: ele: disable imx_ele_global_init() if CFG_IMX_ELE_ECC_DRV is disabled
- c15e21b07 LFOPTEE-243 Rework ELE MU mapping
- fb5eaa07f drivers: ele: retain the return value in case imx_ele_generate_key(), imx_ele_signature_generate() and imx_ele_signature_verification() returns an error
- 6e706ee51 drivers: ele: change RNG command ID
- 9492fa474 LFOPTEE-242 drivers: ele: use the new derive key API for HUK generation
- 4d4bd4340 core: ls: enable CFG_PKCS11_TA
- cf2cc646a core: imx: enable CFG_PKCS11_TA
- 4c8281883 drivers: ele: fix ELE_COMMAND_SUCCEED
- 5363154ed core: imx: move tzc380.c to plat-imx
- ccf5dc690 core: imx: allow CFG_CRYPTO_DRIVER enablement for imx93evk
- 735c01acf LFOPTEE-178 drivers: ele: Change OP-TEE MU memory mapping from Secure to Non-Secure
- 093318267 LFOPTEE-178 drivers: ele: Add support for ECC operations
- fa58e94e1 LFOPTEE-178 drivers: ele: Add Generate/Delete Key APIs
- 09badc46e LFOPTEE-178 drivers: ele: Add Key Management APIs
- 0cd738b0d LFOPTEE-178 drivers: ele: Create a global key store handle for all subsequent calls
- c93839af6 LFOPTEE-178 drivers: ele: Create a global session handle for all subsequent calls
- c1b29579d LFOPTEE-178 drivers: ele: add memory management functions
- c61f273fd LFOPTEE-178 drivers: ele: getting common macros and functions in header file
- b5f423f49 LFOPTEE-178 drivers: ele: move ELE to a dedicated directory
- afa1dd7bc drivers: caam: disable CFG_CRYPTO_SM2_* when ECC CAAM driver is enabled
- c723025d5 core: imx: fix CFG_TZDRAM_START
- 80b25f59f LF-7525 drivers: dcp: do not modify DCP node status in the DTB
- 425ed1fbb LFU-368: core: imx93: enable trusted_keys as early TA
- 1924712ff LFOPTEE-85 core: plat-ls: Enabled DTB overlay feature for LS platforms
- e98f5c77d LFOPTEE-85 drivers: caam: add DTB_JR_PATH for LS platforms
- 4a98ea70c core: imx: enable attestation PTA
- a654afb61 drivers: caam: add device tree JR path for mx8ulp
- e155b164e core: imx: enable CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID by default
- 3a3ddf85b core: imx: enable TZASC driver for all i.MX platforms
- 8a1984cb1 TEE-639 drivers: caam: skip JR init of CFG_JR_HAB_INDEX
- 992f6b93b LFOPTEE-17: core: plat-ls: add PTA for I2C RTC test
- 519bfab46 core: imx: disable CSU protection for the DCP
- 484138b3f core: ls: enabled CFG_ENABLE_EMBEDDED_TESTS by default
- 299d2d7ad core: imx: enabled CFG_ENABLE_EMBEDDED_TESTS by default
- e79c46c9d core: ls: enable CAAM driver by default.
- 18cca2b72 core: ls: disable CAAM for ls1088 and ls2088
- 9315f5d1e LFOPTEE-9 plat-ls: Increase heap size
- dc2ddcf86 TEE-598 core: imx: increase heap size to 128k
- 0cd1cf295 TEE-526 drivers: caam: add SDP Memory cacheability verification
- 54edf5b70 TEE-526 core: arm: retrieve SDP Memory cacheability
- d5d6e8c85 core: imx: enable CAAM driver by default
- b1b2f83cc core: imx: add resume capability to CSU driver
- 6130b501e core: imx: allow NS world to change SMP bit
- 40006fb93 core: imx: remove SC_IPC_BASE_SECURE definition
- cb115caf6 LFOPTEE-37: core_mmu_lpae: clear L2 tables and indexes
- 546ed42ac LFOPTEE-37: imx8qm: bget_malloc: reset malloc_poolset at runtime
- e8e4b9761 LFOPTEE-37: imx8qm: gic: avoid GICD re-configuration
- 5eebee811 LFOPTEE-37: plat-imx: add platforms mx8qm mek cockpit a53 and a72
- ad9310fbb pta: imx: add DEK blob encapsulation
- 9fe4ecdba drivers: caam: add secure memory and blob drivers
- 4d6df4796 core: imx: add SECMEM definitions for imx8m platforms
- c3b7c47f3 TEE-482 Add .clang-format
- c48eeb2c6 MLK-22073 core: generic_entry_a32: change L1 invalidation at secondary boot
- aa26586bf scripts: add build script for imx and ls
- f5e685f71 drivers: imx_snvs: unlock SNVS access for non-secure
- d328f3a08 drivers: caam: skip the JR device tree disablement for imx8 platforms
- 85feed23e core: imx: enable DT overlay for imx8 platforms
- ebfaab628 drivers: caam: disable job ring via DT overlay
- f4f575781 core: add device tree overlay subnode disable
- a3e52ba26 drivers: caam: rework the CAAM crypto makefile
- 3cb66cb83 core: ls: remove CFG_WITH_SOFTWARE_PRNG default definition for LS platforms
- 55af337cd core: imx: remove CFG_WITH_SOFTWARE_PRNG default definition for i.MX platforms
- f06709794 core: move CFG_WITH_SOFTWARE_PRNG default definition
- 54493021c drivers: caam: remove CFG_NXP_CAAM_ACIPHER compilation flag
- 5dec4ebbf core: crypto: give the platform configuration a higher priority
- 294f91f32 drivers: imx_scu: add resume capabilities
- 851e73b1d core: imx: add plat_cpu_wakeup_late() on arm32
- 93e8838ca TEE-272 Cortex-A9 add PL310 Linux/Optee Mutex
- 711fea086 drivers: imx_scu: move i.MX SCU driver
- b0ef56504 drivers: imx_csu: move i.MX CSU driver
- 0fc481338 drivers: imx_caam: move i.MX CAAM driver
- 3cabf823d core: imx: enable busfreq on imx6 and imx7 platforms
- 11d7fc300 core: pm: imx: export busfreq_change() function
- be238d4ac core: imx: enable the compilation of sm_platform_handler.c for busfreq
- c390bfbb5 core: imx: add busfreq SIP calls
- 9df964338 pm: imx: add power management drivers
- 70af7a82a pm: imx: add suspend source files
- 2a1a3cee8 pm: imx: add cpuidle source files
- c292e6239 pm: imx: add busfreq source files
- fc00b1f35 core: imx: enable CFG_PM_ARM32 and CFG_IMX_PM for power management
- fc0a35a03 core: imx: remove SRC and GPC functions from imx.h
- f0f51a260 core: imx: add imx7ulp registers
- a1cbd6256 core: imx: add imx7 DDRC and IOMUX registers
- ac51cdba4 core: imx: add imx6 MMDC and IOMUX registers
- d7844a1ad core: imx: add pl310_enabled()
- 3dcdade81 core: imx: remove imx_sip.h
- 1e79f969e core: imx: remove power management code for imx7 platforms
- c7b15f67e allow setting sysroot for libgcc lookup
- e8abbcfbd Update CHANGELOG for 3.21.0
- 50666c141 plat-zynqmp: fixes interrupt controller
- b031393cd core: tee_ta_instance_stats(): correct the allocation size of dump_ctx
- 32b94ed4b drivers: caam: fix MP abstraction layer functions
- 4a0740da2 drivers: caam: math: add CFG_NXP_CAAM_MATH_DRV compilation flag
- 44220a36a libtomcrypt: fix pkcs_1_v1_5_decode() when empty message
- 3fb72c226 drivers: crypto: add support for SM2_DSA_SM3
- 163a7c9e8 core: imx: remove duplicate driver_init() call
- 31b31015b build: ta: add RISC-V linker script
- de4176748 core: mm: Fix idx truncation bug
- 9eabc2b44 core: fix loading of encrypted TA
- 9901df47d core: dump_ta_memstats(): check TA initialization completion before accessing it
- 66370233e ci: se05x crypto driver: update plug-and-trust
- fb559031c drivers: se050: allow configuring the Secure Element applet
- 7723564b9 dts: stm32: add OTP index for HUK on stm32mp15 platform
- b0946e1d9 drivers: stm32mp15_huk: use DT HUK NVMEM layout API
- db8ca286e se050: ecc: SE050-F shared secret
- b300b5a37 ci: compile-test as many PTAs as possible on QEMU/QEMUv8
- eb238769a pta: attestation: fix compilation incompatible pointer warning
- 552d5e40d core: ffa: Allow multiple SPs with same UUID
- f60c6b9c1 drivers: imx_ele: add ELE driver
- 8cd1171e9 drivers: imx_mu: add MU base address and size for imx93
- 4f89aed3d drivers: imx_mu: add MU base address and size for imx8ulp
- 753e6fe4f drivers: imx_mu: increase maximum MU message size
- 088116c9c drivers: imx_mu: add support for imx93
- abbe1d51f core: spmc: move FIP SP deinit call
- 6d7c8c3d8 core: spmc: fix FIP SP loading
- 1478437e6 core: ltc: use SHA-3 crypto accelerated function
- c60ed582e core: arm64: SHAKE128 using ARMv8.2-A cryptographic extensions
- bfedef0ce core: arm64: SHA-3 using ARMv8.2-A cryptographic extensions
- 2be3770e8 core: arm64: SM4 CE optimization for ARMv8.2
- 8b5fb12e2 core: arm64: SM4-AESE optimization for ARMv8
- 2fb9e950b Revert "ci: disable QEMUv8_check_rust job"
- 557fea2de Remove checked in .checkpatch-camelcase.git.
- fdc4a8bef ldelf: syscall: support RISC-V ldelf sycall
- 28849defb libutee: increase MPI_MEMPOOL_SIZE to 14Kb
- 6e99433ed core: remove keep pager directive on core_init_mmu_regs()
- dd884cc27 plat-stm32mp1: conf: support 32bit MMU
- 1a3d47c53 clk: stm32mp15: embed clock names only in debug mode
- 41d9f6c2b libutee: add TEE_ALG_ECDSA_SHA* to TEE_ALG_GET_DIGEST_SIZE()
- 7bd215a7b core: mbedtls: ecc_get_keysize(): do not check algorithm against curve
- 9cf576a9f drivers: crypto: versal: do not use deprecated algorithm macros
- 53af8d704 drivers: crypto: se050: do not use deprecated algorithm macros
- fa40bed51 core: fix out-of-bounds access of dump_ctx
- 442c670a2 drivers: atmel_tcb: Use matrix_dt_get_id() to correctly retrieve the id
- 9a28dbc4f plat-sam: matrix: add matrix_dt_get_id() to parse matrix id from dt
- 0db298206 core: pta: imx: add manufacturing protection
- d538d2936 drivers: caam: add manufacturing protection feature
- f5c3d85a5 core: crypto: add support MD5 hashes in RSA sign/verify/cipher
- 2c9522664 core: drivers: zynqmp_csu_puf.c: increase regen time to 6ms
- 3d70a9743 core: crypto: change supported HMAC key size ranges
- 200eb7bd8 plat-totalcompute: remap console logs
- f4f85ac77 drivers: crypto: add SM2 ECC encrypt and decrypt
- 769cbbd70 drivers: crypto: add SM2 curve in crypto API
- 9655e48e7 ci: qemuv8: build with maximum log level
- 9894fdb48 ta: pkcs11: fix trace compilation warning
- a3cfa14ac drivers: caam: enable the CAAM clock when submitting a new job
- 316fd6e9c drivers: caam: add missing header file
- cd857358b core: imx: use register_ddr() to register dynamic shared memory
- 9740df775 drivers: clk: sam: remove hard coded USB clock setup
- 5ff81ad89 dts: sama5d2: add assigned-clocks properties for usb
- 90dee57ac drivers: clk: sam: export audiopll_fracck and usbck
- c0e9e857f drivers: clk: sam: add a macro for count of main clocks
- 8ac3cb374 core: drivers: crypto: caam: Check PKCS_V1_5 decryption buffer size
- 97eb91680 drivers: imx: tzc380: re-configure TZ380 upon PM resume
- 83857db53 drivers: imx: tzc380: do not dump TZASC state before lockdown
- 92f496916 drivers: imx: tzc380: add support for 8mscale platforms
- 809fa817a core: ffa: add TOS_FW_CONFIG handling
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Diffstat (limited to 'recipes-security/optee-imx')
-rw-r--r-- | recipes-security/optee-imx/optee-os-fslc.inc | 2 | ||||
-rw-r--r-- | recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch | 142 | ||||
-rw-r--r-- | recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch | 34 | ||||
-rw-r--r-- | recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch (renamed from recipes-security/optee-imx/optee-os/0010-add-note-GNU-stack-section.patch) | 25 | ||||
-rw-r--r-- | recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch | 67 | ||||
-rw-r--r-- | recipes-security/optee-imx/optee-os_3.19.0.imx.bb | 10 | ||||
-rw-r--r-- | recipes-security/optee-imx/optee-os_3.21.0.imx.bb | 12 |
7 files changed, 216 insertions, 76 deletions
diff --git a/recipes-security/optee-imx/optee-os-fslc.inc b/recipes-security/optee-imx/optee-os-fslc.inc index faa8c993..19ca7b3c 100644 --- a/recipes-security/optee-imx/optee-os-fslc.inc +++ b/recipes-security/optee-imx/optee-os-fslc.inc | |||
@@ -21,6 +21,8 @@ EXTRA_OEMAKE += " \ | |||
21 | PLATFORM=imx-${PLATFORM_FLAVOR} \ | 21 | PLATFORM=imx-${PLATFORM_FLAVOR} \ |
22 | CROSS_COMPILE=${HOST_PREFIX} \ | 22 | CROSS_COMPILE=${HOST_PREFIX} \ |
23 | CROSS_COMPILE64=${HOST_PREFIX} \ | 23 | CROSS_COMPILE64=${HOST_PREFIX} \ |
24 | CFLAGS32=--sysroot=${STAGING_DIR_HOST} \ | ||
25 | CFLAGS64=--sysroot=${STAGING_DIR_HOST} \ | ||
24 | CFG_TEE_TA_LOG_LEVEL=0 \ | 26 | CFG_TEE_TA_LOG_LEVEL=0 \ |
25 | CFG_TEE_CORE_LOG_LEVEL=0 \ | 27 | CFG_TEE_CORE_LOG_LEVEL=0 \ |
26 | " | 28 | " |
diff --git a/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch b/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch index 2abd78a8..8a9062f3 100644 --- a/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch +++ b/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From f189457b79989543f65b8a4e8729eff2cdf9a758 Mon Sep 17 00:00:00 2001 | 1 | From b73c3d2829d3661ca66b5cc6b4181f3bf973b13f Mon Sep 17 00:00:00 2001 |
2 | From: Khem Raj <raj.khem@gmail.com> | 2 | From: Emekcan Aras <emekcan.aras@arm.com> |
3 | Date: Sat, 13 Aug 2022 19:24:55 -0700 | 3 | Date: Wed, 21 Dec 2022 10:55:58 +0000 |
4 | Subject: [PATCH] core: Define section attributes for clang | 4 | Subject: [PATCH 1/4] core: Define section attributes for clang |
5 | 5 | ||
6 | Clang's attribute section is not same as gcc, here we need to add flags | 6 | Clang's attribute section is not same as gcc, here we need to add flags |
7 | to sections so they can be eventually collected by linker into final | 7 | to sections so they can be eventually collected by linker into final |
@@ -30,16 +30,21 @@ going and match the functionality with gcc. | |||
30 | 30 | ||
31 | Upstream-Status: Pending | 31 | Upstream-Status: Pending |
32 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | 32 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
33 | Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> | ||
33 | --- | 34 | --- |
35 | |||
34 | core/arch/arm/kernel/thread.c | 19 +++++++++++++++-- | 36 | core/arch/arm/kernel/thread.c | 19 +++++++++++++++-- |
35 | core/arch/arm/mm/core_mmu_lpae.c | 35 ++++++++++++++++++++++++++++---- | 37 | core/arch/arm/mm/core_mmu_lpae.c | 35 +++++++++++++++++++++++++++---- |
38 | core/arch/arm/mm/core_mmu_v7.c | 36 +++++++++++++++++++++++++++++--- | ||
36 | core/arch/arm/mm/pgt_cache.c | 12 ++++++++++- | 39 | core/arch/arm/mm/pgt_cache.c | 12 ++++++++++- |
37 | core/kernel/thread.c | 13 +++++++++++- | 40 | core/kernel/thread.c | 13 +++++++++++- |
38 | 4 files changed, 71 insertions(+), 8 deletions(-) | 41 | 5 files changed, 104 insertions(+), 11 deletions(-) |
39 | 42 | ||
43 | diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c | ||
44 | index 22ef932f9..7a9078d2e 100644 | ||
40 | --- a/core/arch/arm/kernel/thread.c | 45 | --- a/core/arch/arm/kernel/thread.c |
41 | +++ b/core/arch/arm/kernel/thread.c | 46 | +++ b/core/arch/arm/kernel/thread.c |
42 | @@ -44,16 +44,31 @@ static size_t thread_user_kcode_size __n | 47 | @@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss; |
43 | #if defined(CFG_CORE_UNMAP_CORE_AT_EL0) && \ | 48 | #if defined(CFG_CORE_UNMAP_CORE_AT_EL0) && \ |
44 | defined(CFG_CORE_WORKAROUND_SPECTRE_BP_SEC) && defined(ARM64) | 49 | defined(CFG_CORE_WORKAROUND_SPECTRE_BP_SEC) && defined(ARM64) |
45 | long thread_user_kdata_sp_offset __nex_bss; | 50 | long thread_user_kdata_sp_offset __nex_bss; |
@@ -55,27 +60,28 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> | |||
55 | SMALL_PAGE_SIZE)] | 60 | SMALL_PAGE_SIZE)] |
56 | __aligned(SMALL_PAGE_SIZE) | 61 | __aligned(SMALL_PAGE_SIZE) |
57 | +#ifndef __clang__ | 62 | +#ifndef __clang__ |
58 | #ifndef CFG_VIRTUALIZATION | 63 | #ifndef CFG_NS_VIRTUALIZATION |
59 | - __section(".nozi.kdata_page"); | 64 | - __section(".nozi.kdata_page"); |
60 | + __section(".nozi.kdata_page") | 65 | + __section(".nozi.kdata_page") |
61 | #else | 66 | #else |
62 | - __section(".nex_nozi.kdata_page"); | 67 | - __section(".nex_nozi.kdata_page"); |
63 | + __section(".nex_nozi.kdata_page") | 68 | + __section(".nex_nozi.kdata_page") |
64 | #endif | 69 | #endif |
65 | #endif | 70 | +#endif |
66 | + ; | 71 | + ; |
67 | +#endif | 72 | +#endif |
68 | + | 73 | + |
69 | +/* reset BSS section to default ( .bss ) */ | 74 | +/* reset BSS section to default ( .bss ) */ |
70 | +#ifdef __clang__ | 75 | +#ifdef __clang__ |
71 | +#pragma clang section bss="" | 76 | +#pragma clang section bss="" |
72 | +#endif | 77 | #endif |
73 | 78 | ||
74 | #ifdef ARM32 | 79 | #ifdef ARM32 |
75 | uint32_t __nostackcheck thread_get_exceptions(void) | 80 | diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c |
81 | index 6df2c68cf..a877e4965 100644 | ||
76 | --- a/core/arch/arm/mm/core_mmu_lpae.c | 82 | --- a/core/arch/arm/mm/core_mmu_lpae.c |
77 | +++ b/core/arch/arm/mm/core_mmu_lpae.c | 83 | +++ b/core/arch/arm/mm/core_mmu_lpae.c |
78 | @@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t; | 84 | @@ -238,19 +238,46 @@ typedef uint16_t l1_idx_t; |
79 | typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES]; | 85 | typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES]; |
80 | typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES]; | 86 | typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES]; |
81 | 87 | ||
@@ -126,59 +132,11 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> | |||
126 | /* | 132 | /* |
127 | * TAs page table entry inside a level 1 page table. | 133 | * TAs page table entry inside a level 1 page table. |
128 | * | 134 | * |
129 | --- a/core/arch/arm/mm/pgt_cache.c | 135 | diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c |
130 | +++ b/core/arch/arm/mm/pgt_cache.c | 136 | index 58596be84..98fa58635 100644 |
131 | @@ -410,8 +410,18 @@ void pgt_init(void) | ||
132 | * has a large alignment, while .bss has a small alignment. The current | ||
133 | * link script is optimized for small alignment in .bss | ||
134 | */ | ||
135 | +#ifdef __clang__ | ||
136 | +#pragma clang section bss=".nozi.mmu.l2" | ||
137 | +#endif | ||
138 | static uint8_t pgt_tables[PGT_CACHE_SIZE][PGT_SIZE] | ||
139 | - __aligned(PGT_SIZE) __section(".nozi.pgt_cache"); | ||
140 | + __aligned(PGT_SIZE) | ||
141 | +#ifndef __clang__ | ||
142 | + __section(".nozi.pgt_cache") | ||
143 | +#endif | ||
144 | + ; | ||
145 | +#ifdef __clang__ | ||
146 | +#pragma clang section bss="" | ||
147 | +#endif | ||
148 | size_t n; | ||
149 | |||
150 | for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) { | ||
151 | --- a/core/kernel/thread.c | ||
152 | +++ b/core/kernel/thread.c | ||
153 | @@ -38,13 +38,24 @@ struct thread_core_local thread_core_loc | ||
154 | name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1] | ||
155 | #endif | ||
156 | |||
157 | +#define DO_PRAGMA(x) _Pragma (#x) | ||
158 | + | ||
159 | +#ifdef __clang__ | ||
160 | +#define DECLARE_STACK(name, num_stacks, stack_size, linkage) \ | ||
161 | +DO_PRAGMA (clang section bss=".nozi_stack." #name) \ | ||
162 | +linkage uint32_t name[num_stacks] \ | ||
163 | + [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \ | ||
164 | + STACK_ALIGNMENT) / sizeof(uint32_t)] \ | ||
165 | + __attribute__((aligned(STACK_ALIGNMENT))); \ | ||
166 | +DO_PRAGMA(clang section bss="") | ||
167 | +#else | ||
168 | #define DECLARE_STACK(name, num_stacks, stack_size, linkage) \ | ||
169 | linkage uint32_t name[num_stacks] \ | ||
170 | [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \ | ||
171 | STACK_ALIGNMENT) / sizeof(uint32_t)] \ | ||
172 | __attribute__((section(".nozi_stack." # name), \ | ||
173 | aligned(STACK_ALIGNMENT))) | ||
174 | - | ||
175 | +#endif | ||
176 | #define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack)) | ||
177 | |||
178 | DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, STACK_TMP_SIZE, | ||
179 | --- a/core/arch/arm/mm/core_mmu_v7.c | 137 | --- a/core/arch/arm/mm/core_mmu_v7.c |
180 | +++ b/core/arch/arm/mm/core_mmu_v7.c | 138 | +++ b/core/arch/arm/mm/core_mmu_v7.c |
181 | @@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_EN | 139 | @@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_ENTRIES]; |
182 | typedef uint32_t l2_xlat_tbl_t[NUM_L2_ENTRIES]; | 140 | typedef uint32_t l2_xlat_tbl_t[NUM_L2_ENTRIES]; |
183 | typedef uint32_t ul1_xlat_tbl_t[NUM_UL1_ENTRIES]; | 141 | typedef uint32_t ul1_xlat_tbl_t[NUM_UL1_ENTRIES]; |
184 | 142 | ||
@@ -228,3 +186,61 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> | |||
228 | 186 | ||
229 | struct mmu_partition { | 187 | struct mmu_partition { |
230 | l1_xlat_tbl_t *l1_table; | 188 | l1_xlat_tbl_t *l1_table; |
189 | diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c | ||
190 | index 79553c6d2..b9efdf427 100644 | ||
191 | --- a/core/arch/arm/mm/pgt_cache.c | ||
192 | +++ b/core/arch/arm/mm/pgt_cache.c | ||
193 | @@ -410,8 +410,18 @@ void pgt_init(void) | ||
194 | * has a large alignment, while .bss has a small alignment. The current | ||
195 | * link script is optimized for small alignment in .bss | ||
196 | */ | ||
197 | +#ifdef __clang__ | ||
198 | +#pragma clang section bss=".nozi.mmu.l2" | ||
199 | +#endif | ||
200 | static uint8_t pgt_tables[PGT_CACHE_SIZE][PGT_SIZE] | ||
201 | - __aligned(PGT_SIZE) __section(".nozi.pgt_cache"); | ||
202 | + __aligned(PGT_SIZE) | ||
203 | +#ifndef __clang__ | ||
204 | + __section(".nozi.pgt_cache") | ||
205 | +#endif | ||
206 | + ; | ||
207 | +#ifdef __clang__ | ||
208 | +#pragma clang section bss="" | ||
209 | +#endif | ||
210 | size_t n; | ||
211 | |||
212 | for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) { | ||
213 | diff --git a/core/kernel/thread.c b/core/kernel/thread.c | ||
214 | index e48294b3b..8de9064ca 100644 | ||
215 | --- a/core/kernel/thread.c | ||
216 | +++ b/core/kernel/thread.c | ||
217 | @@ -38,13 +38,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss; | ||
218 | name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1] | ||
219 | #endif | ||
220 | |||
221 | +#define DO_PRAGMA(x) _Pragma (#x) | ||
222 | + | ||
223 | +#ifdef __clang__ | ||
224 | +#define DECLARE_STACK(name, num_stacks, stack_size, linkage) \ | ||
225 | +DO_PRAGMA (clang section bss=".nozi_stack." #name) \ | ||
226 | +linkage uint32_t name[num_stacks] \ | ||
227 | + [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \ | ||
228 | + STACK_ALIGNMENT) / sizeof(uint32_t)] \ | ||
229 | + __attribute__((aligned(STACK_ALIGNMENT))); \ | ||
230 | +DO_PRAGMA(clang section bss="") | ||
231 | +#else | ||
232 | #define DECLARE_STACK(name, num_stacks, stack_size, linkage) \ | ||
233 | linkage uint32_t name[num_stacks] \ | ||
234 | [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \ | ||
235 | STACK_ALIGNMENT) / sizeof(uint32_t)] \ | ||
236 | __attribute__((section(".nozi_stack." # name), \ | ||
237 | aligned(STACK_ALIGNMENT))) | ||
238 | - | ||
239 | +#endif | ||
240 | #define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack)) | ||
241 | |||
242 | DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, STACK_TMP_SIZE, | ||
243 | -- | ||
244 | 2.40.1 | ||
245 | |||
246 | |||
diff --git a/recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch b/recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch new file mode 100644 index 00000000..096579c0 --- /dev/null +++ b/recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | From c67f63d4e7bbe7b21b4c9ef49ae84c6725794aa9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Brett Warren <brett.warren@arm.com> | ||
3 | Date: Wed, 23 Sep 2020 09:27:34 +0100 | ||
4 | Subject: [PATCH 2/4] optee: enable clang support | ||
5 | |||
6 | When compiling with clang, the LIBGCC_LOCATE_CFLAG variable used | ||
7 | to provide a sysroot wasn't included, which results in not locating | ||
8 | compiler-rt. This is mitigated by including the variable as ammended. | ||
9 | |||
10 | Upstream-Status: Pending | ||
11 | ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701 | ||
12 | Signed-off-by: Brett Warren <brett.warren@arm.com> | ||
13 | Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> | ||
14 | --- | ||
15 | |||
16 | mk/clang.mk | 2 +- | ||
17 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
18 | |||
19 | diff --git a/mk/clang.mk b/mk/clang.mk | ||
20 | index a045beee8..1ebe2f702 100644 | ||
21 | --- a/mk/clang.mk | ||
22 | +++ b/mk/clang.mk | ||
23 | @@ -30,7 +30,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ | ||
24 | |||
25 | # Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of | ||
26 | # libgcc for clang | ||
27 | -libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \ | ||
28 | +libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \ | ||
29 | -rtlib=compiler-rt -print-libgcc-file-name 2> /dev/null) | ||
30 | |||
31 | # Core ASLR relies on the executable being ready to run from its preferred load | ||
32 | -- | ||
33 | 2.40.1 | ||
34 | |||
diff --git a/recipes-security/optee-imx/optee-os/0010-add-note-GNU-stack-section.patch b/recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch index b82aabdc..f0fac69f 100644 --- a/recipes-security/optee-imx/optee-os/0010-add-note-GNU-stack-section.patch +++ b/recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch | |||
@@ -1,7 +1,8 @@ | |||
1 | From ec30e84671aac9a2e9549754eb7bc6201728db4c Mon Sep 17 00:00:00 2001 | 1 | From f23fb3381422c613890f77c26d11e377234481c6 Mon Sep 17 00:00:00 2001 |
2 | From: Jerome Forissier <jerome.forissier@linaro.org> | 2 | From: Jerome Forissier <jerome.forissier@linaro.org> |
3 | Date: Tue, 23 Aug 2022 12:31:46 +0000 | 3 | Date: Tue, 23 Aug 2022 12:31:46 +0000 |
4 | Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to | 4 | Subject: [PATCH 3/4] arm32: libutils, libutee, ta: add .note.GNU-stack section |
5 | to | ||
5 | 6 | ||
6 | .S files | 7 | .S files |
7 | 8 | ||
@@ -24,8 +25,9 @@ Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> | |||
24 | 25 | ||
25 | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> | 26 | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> |
26 | Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] | 27 | Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] |
27 | 28 | Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> | |
28 | --- | 29 | --- |
30 | |||
29 | lib/libutee/arch/arm/utee_syscalls_a32.S | 2 ++ | 31 | lib/libutee/arch/arm/utee_syscalls_a32.S | 2 ++ |
30 | lib/libutils/ext/arch/arm/atomic_a32.S | 2 ++ | 32 | lib/libutils/ext/arch/arm/atomic_a32.S | 2 ++ |
31 | lib/libutils/ext/arch/arm/mcount_a32.S | 2 ++ | 33 | lib/libutils/ext/arch/arm/mcount_a32.S | 2 ++ |
@@ -35,6 +37,8 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] | |||
35 | ta/arch/arm/ta_entry_a32.S | 2 ++ | 37 | ta/arch/arm/ta_entry_a32.S | 2 ++ |
36 | 7 files changed, 14 insertions(+) | 38 | 7 files changed, 14 insertions(+) |
37 | 39 | ||
40 | diff --git a/lib/libutee/arch/arm/utee_syscalls_a32.S b/lib/libutee/arch/arm/utee_syscalls_a32.S | ||
41 | index 2dea83ab8..668b65a86 100644 | ||
38 | --- a/lib/libutee/arch/arm/utee_syscalls_a32.S | 42 | --- a/lib/libutee/arch/arm/utee_syscalls_a32.S |
39 | +++ b/lib/libutee/arch/arm/utee_syscalls_a32.S | 43 | +++ b/lib/libutee/arch/arm/utee_syscalls_a32.S |
40 | @@ -9,6 +9,8 @@ | 44 | @@ -9,6 +9,8 @@ |
@@ -46,6 +50,8 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] | |||
46 | .section .text | 50 | .section .text |
47 | .balign 4 | 51 | .balign 4 |
48 | .code 32 | 52 | .code 32 |
53 | diff --git a/lib/libutils/ext/arch/arm/atomic_a32.S b/lib/libutils/ext/arch/arm/atomic_a32.S | ||
54 | index 2be73ffad..87ddf1065 100644 | ||
49 | --- a/lib/libutils/ext/arch/arm/atomic_a32.S | 55 | --- a/lib/libutils/ext/arch/arm/atomic_a32.S |
50 | +++ b/lib/libutils/ext/arch/arm/atomic_a32.S | 56 | +++ b/lib/libutils/ext/arch/arm/atomic_a32.S |
51 | @@ -7,6 +7,8 @@ | 57 | @@ -7,6 +7,8 @@ |
@@ -57,6 +63,8 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] | |||
57 | /* uint32_t atomic_inc32(uint32_t *v); */ | 63 | /* uint32_t atomic_inc32(uint32_t *v); */ |
58 | FUNC atomic_inc32 , : | 64 | FUNC atomic_inc32 , : |
59 | ldrex r1, [r0] | 65 | ldrex r1, [r0] |
66 | diff --git a/lib/libutils/ext/arch/arm/mcount_a32.S b/lib/libutils/ext/arch/arm/mcount_a32.S | ||
67 | index 54dc3c02d..2f24632b8 100644 | ||
60 | --- a/lib/libutils/ext/arch/arm/mcount_a32.S | 68 | --- a/lib/libutils/ext/arch/arm/mcount_a32.S |
61 | +++ b/lib/libutils/ext/arch/arm/mcount_a32.S | 69 | +++ b/lib/libutils/ext/arch/arm/mcount_a32.S |
62 | @@ -9,6 +9,8 @@ | 70 | @@ -9,6 +9,8 @@ |
@@ -68,6 +76,8 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] | |||
68 | /* | 76 | /* |
69 | * Convert return address to call site address by subtracting the size of the | 77 | * Convert return address to call site address by subtracting the size of the |
70 | * mcount call instruction (blx __gnu_mcount_nc). | 78 | * mcount call instruction (blx __gnu_mcount_nc). |
79 | diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S | ||
80 | index 37ae9ec6f..bc6c48b1a 100644 | ||
71 | --- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S | 81 | --- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S |
72 | +++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S | 82 | +++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S |
73 | @@ -7,6 +7,8 @@ | 83 | @@ -7,6 +7,8 @@ |
@@ -79,6 +89,8 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] | |||
79 | /* | 89 | /* |
80 | * signed ret_idivmod_values(signed quot, signed rem); | 90 | * signed ret_idivmod_values(signed quot, signed rem); |
81 | * return quotient and remaining the EABI way (regs r0,r1) | 91 | * return quotient and remaining the EABI way (regs r0,r1) |
92 | diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S | ||
93 | index 5c3353e2c..9fb5e0283 100644 | ||
82 | --- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S | 94 | --- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S |
83 | +++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S | 95 | +++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S |
84 | @@ -7,6 +7,8 @@ | 96 | @@ -7,6 +7,8 @@ |
@@ -90,6 +102,8 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] | |||
90 | /* | 102 | /* |
91 | * __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d) | 103 | * __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d) |
92 | */ | 104 | */ |
105 | diff --git a/lib/libutils/isoc/arch/arm/setjmp_a32.S b/lib/libutils/isoc/arch/arm/setjmp_a32.S | ||
106 | index f8a0b70df..37d7cb88e 100644 | ||
93 | --- a/lib/libutils/isoc/arch/arm/setjmp_a32.S | 107 | --- a/lib/libutils/isoc/arch/arm/setjmp_a32.S |
94 | +++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S | 108 | +++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S |
95 | @@ -53,6 +53,8 @@ | 109 | @@ -53,6 +53,8 @@ |
@@ -101,6 +115,8 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] | |||
101 | /* Arm/Thumb interworking support: | 115 | /* Arm/Thumb interworking support: |
102 | 116 | ||
103 | The interworking scheme expects functions to use a BX instruction | 117 | The interworking scheme expects functions to use a BX instruction |
118 | diff --git a/ta/arch/arm/ta_entry_a32.S b/ta/arch/arm/ta_entry_a32.S | ||
119 | index cd9a12f9d..ccdc19928 100644 | ||
104 | --- a/ta/arch/arm/ta_entry_a32.S | 120 | --- a/ta/arch/arm/ta_entry_a32.S |
105 | +++ b/ta/arch/arm/ta_entry_a32.S | 121 | +++ b/ta/arch/arm/ta_entry_a32.S |
106 | @@ -7,6 +7,8 @@ | 122 | @@ -7,6 +7,8 @@ |
@@ -112,3 +128,6 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] | |||
112 | /* | 128 | /* |
113 | * This function is the bottom of the user call stack. Mark it as such so that | 129 | * This function is the bottom of the user call stack. Mark it as such so that |
114 | * the unwinding code won't try to go further down. | 130 | * the unwinding code won't try to go further down. |
131 | -- | ||
132 | 2.40.1 | ||
133 | |||
diff --git a/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch b/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch new file mode 100644 index 00000000..f72d80dc --- /dev/null +++ b/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch | |||
@@ -0,0 +1,67 @@ | |||
1 | From b53f5542102b8088448134202c30ca563f5b3c04 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jerome Forissier <jerome.forissier@linaro.org> | ||
3 | Date: Fri, 5 Aug 2022 09:48:03 +0200 | ||
4 | Subject: [PATCH 4/4] core: link: add --no-warn-rwx-segments | ||
5 | |||
6 | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> | ||
7 | Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] | ||
8 | |||
9 | binutils ld.bfd generates one RWX LOAD segment by merging several sections | ||
10 | with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it | ||
11 | also warns by default when that happens [1], which breaks the build due to | ||
12 | --fatal-warnings. The RWX segment is not a problem for the TEE core, since | ||
13 | that information is not used to set memory permissions. Therefore, silence | ||
14 | the warning. | ||
15 | |||
16 | Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 | ||
17 | Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 | ||
18 | Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com> | ||
19 | Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> | ||
20 | Acked-by: Jens Wiklander <jens.wiklander@linaro.org> | ||
21 | Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> | ||
22 | --- | ||
23 | |||
24 | core/arch/arm/kernel/link.mk | 6 ++++-- | ||
25 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
26 | |||
27 | diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk | ||
28 | index e8a518254..60e08966f 100644 | ||
29 | --- a/core/arch/arm/kernel/link.mk | ||
30 | +++ b/core/arch/arm/kernel/link.mk | ||
31 | @@ -37,6 +37,7 @@ link-ldflags += --sort-section=alignment | ||
32 | link-ldflags += --fatal-warnings | ||
33 | link-ldflags += --gc-sections | ||
34 | link-ldflags += $(link-ldflags-common) | ||
35 | +link-ldflags += $(call ld-option,--no-warn-rwx-segments) | ||
36 | |||
37 | link-ldadd = $(LDADD) | ||
38 | link-ldadd += $(ldflags-external) | ||
39 | @@ -61,6 +62,7 @@ link-script-cppflags := \ | ||
40 | $(cppflagscore)) | ||
41 | |||
42 | ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \ | ||
43 | + $(call ld-option,--no-warn-rwx-segments) \ | ||
44 | $(link-ldflags-common) \ | ||
45 | $(link-objs) $(link-ldadd) $(libgcccore) | ||
46 | cleanfiles += $(link-out-dir)/all_objs.o | ||
47 | @@ -75,7 +77,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o | ||
48 | $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@ | ||
49 | |||
50 | unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ | ||
51 | - $(link-ldflags-common) | ||
52 | + $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments) | ||
53 | unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore) | ||
54 | cleanfiles += $(link-out-dir)/unpaged.o | ||
55 | $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt | ||
56 | @@ -104,7 +106,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o | ||
57 | $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@ | ||
58 | |||
59 | init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ | ||
60 | - $(link-ldflags-common) | ||
61 | + $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments) | ||
62 | init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \ | ||
63 | $(libgcccore) | ||
64 | cleanfiles += $(link-out-dir)/init.o | ||
65 | -- | ||
66 | 2.40.1 | ||
67 | |||
diff --git a/recipes-security/optee-imx/optee-os_3.19.0.imx.bb b/recipes-security/optee-imx/optee-os_3.19.0.imx.bb deleted file mode 100644 index aec204c6..00000000 --- a/recipes-security/optee-imx/optee-os_3.19.0.imx.bb +++ /dev/null | |||
@@ -1,10 +0,0 @@ | |||
1 | # Copyright (C) 2017-2021 NXP | ||
2 | |||
3 | require optee-os-fslc-imx.inc | ||
4 | |||
5 | SRC_URI += "file://0001-core-Define-section-attributes-for-clang.patch \ | ||
6 | file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \ | ||
7 | file://0007-allow-setting-sysroot-for-clang.patch \ | ||
8 | file://0010-add-note-GNU-stack-section.patch" | ||
9 | SRCBRANCH = "lf-6.1.1_1.0.0" | ||
10 | SRCREV = "ad4e8389bb2c38efe39853925eec571ac778c575" | ||
diff --git a/recipes-security/optee-imx/optee-os_3.21.0.imx.bb b/recipes-security/optee-imx/optee-os_3.21.0.imx.bb new file mode 100644 index 00000000..f158441f --- /dev/null +++ b/recipes-security/optee-imx/optee-os_3.21.0.imx.bb | |||
@@ -0,0 +1,12 @@ | |||
1 | # Copyright (C) 2017-2021 NXP | ||
2 | |||
3 | require optee-os-fslc-imx.inc | ||
4 | |||
5 | SRC_URI += " \ | ||
6 | file://0001-core-Define-section-attributes-for-clang.patch \ | ||
7 | file://0002-optee-enable-clang-support.patch \ | ||
8 | file://0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch \ | ||
9 | file://0004-core-link-add-no-warn-rwx-segments.patch \ | ||
10 | " | ||
11 | SRCBRANCH = "lf-6.1.22_2.0.0" | ||
12 | SRCREV = "1962aec9581760803b1485d455cd62cb11c14870" | ||