optee-imx: upgrade to version 3.7.0

Update all recipes to pull sources from imx_5.4.24_2.1.0 branch in NXP
upstream and update SRCREV to match release tags.

Update PREFERRED_VERSION of optee for mx8 to point to 3.7.0.imx.

Following notes are additions to the version update of recipes:
--------------------------
optee-os:
- Refresh gcc10 patch to resolve the fuzz during apply
- Drop python patch as it is already applied upstream
- Add new machines to the list

optee-client:
- Update CFLAGS patch to match 3.7.0 version
- Split ${B} from ${S}, this makes build more clear

optee-test:
- Remove do_compile task and substitute with OEMAKE

Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>

7 files changed, 118 insertions, 537 deletions

diff --git a/recipes-security/optee-imx/optee-client/0001-flags-do-not-override-CFLAGS-from-host.patch b/recipes-security/optee-imx/optee-client/0001-flags-do-not-override-CFLAGS-from-host.patch
index 86c360f2..9c6b1069 100644
--- a/recipes-security/optee-imx/optee-client/0001-flags-do-not-override-CFLAGS-from-host.patch
+++ b/recipes-security/optee-imx/optee-client/0001-flags-do-not-override-CFLAGS-from-host.patch
@@ -1,4 +1,4 @@
-From 6a600c5637c5446ab3d11eb4304a1dd473ec503e Mon Sep 17 00:00:00 2001
+From 591461d6efe51989b4a7f4e875cdf37505eba360 Mon Sep 17 00:00:00 2001
 From: Andrey Zhizhikin <andrey.z@gmail.com>
 Date: Thu, 4 Jun 2020 19:24:05 +0000
 Subject: [PATCH] flags: do not override CFLAGS from host
@@ -19,11 +19,11 @@ Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
 Reviewed-by: Jerome Forissier <jerome@forissier.org>
 Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
 ---
- flags.mk | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
+ flags.mk | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
 
 diff --git a/flags.mk b/flags.mk
-index 71f3d18..faabef9 100644
+index c2f0e1c..65192bc 100644
 --- a/flags.mk
 +++ b/flags.mk
 @@ -6,7 +6,7 @@ CROSS_COMPILE   ?= arm-linux-gnueabihf-
@@ -35,10 +35,13 @@ index 71f3d18..faabef9 100644
                    -Werror-implicit-function-declaration -Wextra \
                    -Wfloat-equal -Wformat-nonliteral -Wformat-security \
                    -Wformat=2 -Winit-self -Wmissing-declarations \
-@@ -15,11 +15,11 @@ CFLAGS          := -Wall -Wbad-function-cast -Wcast-align \
-                   -Wpointer-arith -Wshadow -Wstrict-prototypes \
+@@ -16,13 +16,13 @@ CFLAGS          := -Wall -Wbad-function-cast -Wcast-align \
                    -Wswitch-default -Wunsafe-loop-optimizations \
-                   -Wwrite-strings -Werror
+                   -Wwrite-strings -D_FILE_OFFSET_BITS=64
+ ifeq ($(CFG_WERROR),y)
+-CFLAGS         += -Werror
++override CFLAGS += -Werror
+ endif
 -CFLAGS          += -c -fPIC
 +override CFLAGS += -c -fPIC
  
diff --git a/recipes-security/optee-imx/optee-client_3.2.0.imx.bb b/recipes-security/optee-imx/optee-client_3.7.0.imx.bb
index 19770849..d83f8a9c 100644
--- a/recipes-security/optee-imx/optee-client_3.2.0.imx.bb
+++ b/recipes-security/optee-imx/optee-client_3.7.0.imx.bb
@@ -7,35 +7,35 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b"
 
 inherit python3native systemd
 
-SRCBRANCH = "lf-5.4.y"
-OPTEE_CLIENT_SRC ?= "git://source.codeaurora.org/external/imx/imx-optee-client.git;protocol=https"
-SRC_URI = "${OPTEE_CLIENT_SRC};branch=${SRCBRANCH}"
+SRCBRANCH = "imx_5.4.24_2.1.0"
+SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-client.git;protocol=https;branch=${SRCBRANCH}"
 
-SRCREV = "71a9bef78fff2d5d4db8a2307d3b91e2aa671dc9"
+SRCREV = "bc0ec8ce1e4dc5ae23f4737ef659338b7cd408fe"
 
 SRC_URI += "file://tee-supplicant.service \
             file://0001-flags-do-not-override-CFLAGS-from-host.patch \
 "
 
 S = "${WORKDIR}/git"
+B = "${WORKDIR}/build"
 SYSTEMD_SERVICE_${PN} = "tee-supplicant.service"
 
 OPTEE_ARCH ?= "arm32"
 OPTEE_ARCH_armv7a = "arm32"
 OPTEE_ARCH_aarch64 = "arm64"
 
-EXTRA_OEMAKE = "ARCH=${OPTEE_ARCH}"
+EXTRA_OEMAKE = "ARCH=${OPTEE_ARCH} O=${B}"
 
 do_install () {
-        oe_runmake install
+        oe_runmake -C ${S} install
 
-        install -D -p -m0644 ${S}/out/export/lib/libteec.so.1.0 ${D}${libdir}/libteec.so.1.0
+        install -D -p -m0644 ${B}/export/usr/lib/libteec.so.1.0 ${D}${libdir}/libteec.so.1.0
         ln -sf libteec.so.1.0 ${D}${libdir}/libteec.so
         ln -sf libteec.so.1.0 ${D}${libdir}/libteec.so.1
 
-        install -D -p -m0755 ${S}/out/export/bin/tee-supplicant ${D}${bindir}/tee-supplicant
+        install -D -p -m0755 ${B}/export/usr/sbin/tee-supplicant ${D}${bindir}/tee-supplicant
 
-        cp -a ${S}/out/export/include ${D}/usr/
+        cp -a ${B}/export/usr/include ${D}/usr/
 
         sed -i -e s:/etc:${sysconfdir}:g -e s:/usr/bin:${bindir}:g ${WORKDIR}/tee-supplicant.service
         install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service
diff --git a/recipes-security/optee-imx/optee-os/0001-optee-os-fix-gcc10-compilation-issue-and-missing-cc-.patch b/recipes-security/optee-imx/optee-os/0001-optee-os-fix-gcc10-compilation-issue-and-missing-cc-.patch
index 509c7fb6..ab42d340 100644
--- a/recipes-security/optee-imx/optee-os/0001-optee-os-fix-gcc10-compilation-issue-and-missing-cc-.patch
+++ b/recipes-security/optee-imx/optee-os/0001-optee-os-fix-gcc10-compilation-issue-and-missing-cc-.patch
@@ -1,4 +1,4 @@
-From 027a3b9a33fbb23e1d1d7ed6411d4d112d2a55a1 Mon Sep 17 00:00:00 2001
+From 109ed8d9a5351c7bb0fdc0953c7e7fb6cedcad9c Mon Sep 17 00:00:00 2001
 From: Andrey Zhizhikin <andrey.z@gmail.com>
 Date: Sat, 30 May 2020 22:00:59 +0000
 Subject: [PATCH] optee-os: fix gcc10 compilation issue and missing cc-options
@@ -14,17 +14,17 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/3891]
 
 Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
 ---
- core/arch/arm/arm.mk | 21 ++++++++++++++++-----
+ core/arch/arm/arm.mk | 22 +++++++++++++++++-----
  core/core.mk         |  5 +----
  mk/cc-option.mk      |  9 +++++++++
  mk/gcc.mk            |  2 +-
  ta/mk/ta_dev_kit.mk  |  3 +++
  ta/ta.mk             |  1 +
- 6 files changed, 31 insertions(+), 10 deletions(-)
+ 6 files changed, 32 insertions(+), 10 deletions(-)
  create mode 100644 mk/cc-option.mk
 
 diff --git a/core/arch/arm/arm.mk b/core/arch/arm/arm.mk
-index aa101be8..4123d85d 100644
+index 5defb327..fffa491a 100644
 --- a/core/arch/arm/arm.mk
 +++ b/core/arch/arm/arm.mk
 @@ -1,3 +1,16 @@
@@ -44,7 +44,7 @@ index aa101be8..4123d85d 100644
  CFG_LTC_OPTEE_THREAD ?= y
  # Size of emulated TrustZone protected SRAM, 448 kB.
  # Only applicable when paging is enabled.
-@@ -88,7 +101,7 @@ arm32-platform-aflags-no-hard-float ?=
+@@ -106,7 +119,7 @@ arm32-platform-aflags-no-hard-float ?=
  
  arm64-platform-cflags-no-hard-float ?= -mgeneral-regs-only
  arm64-platform-cflags-hard-float ?=
@@ -53,7 +53,7 @@ index aa101be8..4123d85d 100644
  
  ifeq ($(DEBUG),1)
  # For backwards compatibility
-@@ -117,14 +130,12 @@ core-platform-aflags += $(platform-aflags-generic)
+@@ -135,14 +148,12 @@ core-platform-aflags += $(platform-aflags-generic)
  core-platform-aflags += $(platform-aflags-debug-info)
  
  ifeq ($(CFG_ARM64_core),y)
@@ -68,16 +68,20 @@ index aa101be8..4123d85d 100644
  core-platform-cppflags += $(arm32-platform-cppflags)
  core-platform-cflags += $(arm32-platform-cflags)
  core-platform-cflags += $(arm32-platform-cflags-no-hard-float)
-@@ -196,5 +207,5 @@ ta-mk-file-export-add-ta_arm64 += CROSS_COMPILE64 ?= $$(CROSS_COMPILE)_nl_
- ta-mk-file-export-add-ta_arm64 += CROSS_COMPILE_ta_arm64 ?= $$(CROSS_COMPILE64)_nl_
+@@ -241,8 +252,9 @@ ta-mk-file-export-add-ta_arm64 += COMPILER ?= gcc_nl_
+ ta-mk-file-export-add-ta_arm64 += COMPILER_ta_arm64 ?= $$(COMPILER)_nl_
  endif
  
 -# Set cross compiler prefix for each submodule
 -$(foreach sm, core $(ta-targets), $(eval CROSS_COMPILE_$(sm) ?= $(CROSS_COMPILE$(arch-bits-$(sm)))))
 +# Set cross compiler prefix for each TA target
 +$(foreach sm, $(ta-targets), $(eval CROSS_COMPILE_$(sm) ?= $(CROSS_COMPILE$(arch-bits-$(sm)))))
++
+ 
+ arm32-sysreg-txt = core/arch/arm/kernel/arm32_sysreg.txt
+ arm32-sysregs-$(arm32-sysreg-txt)-h := arm32_sysreg.h
 diff --git a/core/core.mk b/core/core.mk
-index c05815f3..68f45552 100644
+index a51cf847..28c7235c 100644
 --- a/core/core.mk
 +++ b/core/core.mk
 @@ -8,6 +8,7 @@ arch-dir        := core/arch/$(ARCH)
@@ -89,7 +93,7 @@ index c05815f3..68f45552 100644
  
  PLATFORM_$(PLATFORM) := y
 @@ -16,10 +17,6 @@ PLATFORM_FLAVOR_$(PLATFORM_FLAVOR) := y
- $(call cfg-depends-all,CFG_PAGED_USER_TA,CFG_WITH_PAGER CFG_WITH_USER_TA)
+ $(eval $(call cfg-depends-all,CFG_PAGED_USER_TA,CFG_WITH_PAGER CFG_WITH_USER_TA))
  include core/crypto.mk
  
 -# Setup compiler for this sub module
@@ -128,10 +132,10 @@ index 1f2c5990..c53a23b1 100644
  
  # Define these to something to discover accidental use
 diff --git a/ta/mk/ta_dev_kit.mk b/ta/mk/ta_dev_kit.mk
-index fa0bddfe..ae70ef87 100644
+index 04a4f94b..e4b02ea7 100644
 --- a/ta/mk/ta_dev_kit.mk
 +++ b/ta/mk/ta_dev_kit.mk
-@@ -78,6 +78,9 @@ clean:
+@@ -92,6 +92,9 @@ clean:
         @$(cmd-echo-silent) '  CLEAN   $(O)'
         ${q}if [ -d "$(O)" ]; then $(RMDIR) $(O); fi
  
@@ -139,16 +143,16 @@ index fa0bddfe..ae70ef87 100644
 +include  $(ta-dev-kit-dir$(sm))/mk/cc-option.mk
 +
  subdirs = .
- include  $(ta-dev-kit-dir)/mk/subdir.mk
+ include  $(ta-dev-kit-dir$(sm))/mk/subdir.mk
  
 diff --git a/ta/ta.mk b/ta/ta.mk
-index 32353de3..9c64319d 100644
+index dde7be67..ca17054a 100644
 --- a/ta/ta.mk
 +++ b/ta/ta.mk
-@@ -98,6 +98,7 @@ $(foreach f, $(libfiles), \
+@@ -157,6 +157,7 @@ $(foreach f, $(libfiles), \
  
  # Copy .mk files
- ta-mkfiles = mk/compile.mk mk/subdir.mk mk/gcc.mk mk/cleandirs.mk \
+ ta-mkfiles = mk/compile.mk mk/subdir.mk mk/gcc.mk mk/clang.mk mk/cleandirs.mk \
 +       mk/cc-option.mk \
         ta/arch/$(ARCH)/link.mk ta/arch/$(ARCH)/link_shlib.mk \
         ta/mk/ta_dev_kit.mk
diff --git a/recipes-security/optee-imx/optee-os/0001-scripts-update-scripts-to-use-python3.patch b/recipes-security/optee-imx/optee-os/0001-scripts-update-scripts-to-use-python3.patch
deleted file mode 100644
index 9621cf6c..00000000
--- a/recipes-security/optee-imx/optee-os/0001-scripts-update-scripts-to-use-python3.patch
+++ /dev/null
@@ -1,427 +0,0 @@
-From 0d4941123b5a88351f5954f6de00892f85ed5abc Mon Sep 17 00:00:00 2001
-From: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
-Date: Mon, 20 Jan 2020 22:32:13 +0000
-Subject: [PATCH] scripts: update scripts to use python3
-
-Python2 is deprecated effective Jan. 2020, and is not available in
-several distributions.
-
-Update scripts here to re-target then onto python version 3.
-
-Upstream-Status: Pending
-
-Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
----
- scripts/gen_hashed_bin.py | 282 ++++++++++++++++++++------------------
- scripts/gen_ld_sects.py   |   8 +-
- scripts/pem_to_pub_c.py   |   2 +-
- scripts/sign.py           |   2 +-
- scripts/symbolize.py      |   2 +-
- scripts/ta_bin_to_c.py    |   2 +-
- scripts/tee_bin_parser.py |   2 +-
- 7 files changed, 157 insertions(+), 143 deletions(-)
-
-diff --git a/scripts/gen_hashed_bin.py b/scripts/gen_hashed_bin.py
-index 32350a47..a76a62cc 100755
---- a/scripts/gen_hashed_bin.py
-+++ b/scripts/gen_hashed_bin.py
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- # SPDX-License-Identifier: BSD-2-Clause
- #
- # Copyright (c) 2014-2017, Linaro Limited
-@@ -14,163 +14,177 @@ import hashlib
- arch_id = {'arm32': 0, 'arm64': 1}
- image_id = {'pager': 0, 'paged': 1}
- 
-+
- def write_header_v1(outf, init_size, args, paged_size):
--       magic = 0x4554504f # 'OPTE'
--       version = 1;
--       outf.write(struct.pack('<IBBHIIIII', \
--               magic, version, arch_id[args.arch], args.flags, init_size, \
--               args.init_load_addr_hi, args.init_load_addr_lo, \
--               args.init_mem_usage, paged_size))
-+    magic = 0x4554504f  # 'OPTE'
-+    version = 1
-+    outf.write(struct.pack('<IBBHIIIII',
-+                           magic,
-+                           version,
-+                           arch_id[args.arch],
-+                           args.flags,
-+                           init_size,
-+                           args.init_load_addr_hi,
-+                           args.init_load_addr_lo,
-+                           args.init_mem_usage,
-+                           paged_size))
-+
- 
- def write_header_v2(outf, init_size, args, paged_size):
--       magic = 0x4554504f # 'OPTE'
--       version = 2
--       nb_images = 1 if paged_size == 0 else 2
--       outf.write(struct.pack('<IBBHI', \
--               magic, version, arch_id[args.arch], args.flags, nb_images))
--       outf.write(struct.pack('<IIII', \
--               args.init_load_addr_hi, args.init_load_addr_lo, \
--               image_id['pager'], init_size))
--       if nb_images == 2:
--               outf.write(struct.pack('<IIII', \
--               0xffffffff, 0xffffffff, image_id['paged'], paged_size))
-+    magic = 0x4554504f  # 'OPTE'
-+    version = 2
-+    nb_images = 1 if paged_size == 0 else 2
-+    outf.write(struct.pack('<IBBHI', magic, version,
-+                           arch_id[args.arch], args.flags, nb_images))
-+    outf.write(struct.pack('<IIII',
-+                           args.init_load_addr_hi, args.init_load_addr_lo,
-+                           image_id['pager'], init_size))
-+    if nb_images == 2:
-+        outf.write(
-+            struct.pack(
-+                '<IIII',
-+                0xffffffff,
-+                0xffffffff,
-+                image_id['paged'],
-+                paged_size))
-+
- 
- def append_to(outf, start_offs, in_fname, max_bytes=0xffffffff):
--       #print "Appending %s@0x%x 0x%x bytes at position 0x%x" % \
--               #( in_fname, start_offs, max_bytes, int(outf.tell()) )
--       inf = open(in_fname, 'rb');
--       inf.seek(start_offs)
--       while True :
--               nbytes = min(16 * 1024, max_bytes)
--               if nbytes == 0 :
--                       break
--               #print "Reading %s %d bytes" % (in_fname, nbytes)
--               buf = inf.read(nbytes)
--               if not buf :
--                       break
--               outf.write(buf)
--               max_bytes -= len(buf)
--       inf.close()
-+    inf = open(in_fname, 'rb')
-+    inf.seek(start_offs)
-+    while True:
-+        nbytes = min(16 * 1024, max_bytes)
-+        if nbytes == 0:
-+            break
-+        buf = inf.read(nbytes)
-+        if not buf:
-+            break
-+        outf.write(buf)
-+        max_bytes -= len(buf)
-+    inf.close()
-+
- 
- def append_hashes(outf, in_fname):
--       page_size = 4 * 1024
--
--       inf = open(in_fname, 'r')
--       while True :
--               page = inf.read(page_size)
--               if len(page) == page_size :
--                       #print "Writing hash at position 0x%x" % \
--                               #int(outf.tell())
--                       outf.write(hashlib.sha256(page).digest())
--               elif len(page) == 0 :
--                       break
--               else :
--                       print("Error: short read, got " + repr(len(page)))
--                       sys.exit(1)
--
--       inf.close()
-+    page_size = 4 * 1024
-+
-+    inf = open(in_fname, 'rb')
-+    while True:
-+        page = inf.read(page_size)
-+        if len(page) == page_size:
-+            outf.write(hashlib.sha256(page).digest())
-+        elif len(page) == 0:
-+            break
-+        else:
-+            print("Error: short read, got {}".format(len(page)))
-+            sys.exit(1)
-+
-+    inf.close()
-+
- 
- def int_parse(str):
--       return int(str, 0)
-+    return int(str, 0)
-+
- 
- def get_args():
--       parser = argparse.ArgumentParser()
--       parser.add_argument('--arch', required=True, \
--               choices=arch_id.keys(), \
--               help='Architecture')
-+    parser = argparse.ArgumentParser()
-+    parser.add_argument('--arch', required=True,
-+                        choices=list(arch_id.keys()),
-+                        help='Architecture')
- 
--       parser.add_argument('--flags', \
--               type=int, default=0, \
--               help='Flags, currently none defined')
-+    parser.add_argument('--flags',
-+                        type=int, default=0,
-+                        help='Flags, currently none defined')
- 
--       parser.add_argument('--init_size', \
--               required=True, type=int_parse, \
--               help='Size of initialization part of binary')
-+    parser.add_argument('--init_size',
-+                        required=True, type=int_parse,
-+                        help='Size of initialization part of binary')
- 
--       parser.add_argument('--init_load_addr_hi', \
--               type=int_parse, default=0, \
--               help='Upper 32 bits of load address of binary')
-+    parser.add_argument('--init_load_addr_hi',
-+                        type=int_parse, default=0,
-+                        help='Upper 32 bits of load address of binary')
- 
--       parser.add_argument('--init_load_addr_lo', \
--               required=True, type=int_parse, \
--               help='Lower 32 bits of load address of binary')
-+    parser.add_argument('--init_load_addr_lo',
-+                        required=True, type=int_parse,
-+                        help='Lower 32 bits of load address of binary')
- 
--       parser.add_argument('--init_mem_usage', \
--               required=True, type=int_parse, \
--               help='Total amount of used memory when initializing');
-+    parser.add_argument('--init_mem_usage',
-+                        required=True, type=int_parse,
-+                        help='Total amount of used memory when initializing')
- 
--       parser.add_argument('--tee_pager_bin', \
--               required=True, \
--               help='The input tee_pager.bin')
-+    parser.add_argument('--tee_pager_bin',
-+                        required=True,
-+                        help='The input tee_pager.bin')
- 
--       parser.add_argument('--tee_pageable_bin', \
--               required=True, \
--               help='The input tee_pageable.bin')
-+    parser.add_argument('--tee_pageable_bin',
-+                        required=True,
-+                        help='The input tee_pageable.bin')
- 
--       parser.add_argument('--out', \
--               required=False, type=argparse.FileType('wb'), \
--               help='The output tee.bin')
-+    parser.add_argument('--out',
-+                        required=False, type=argparse.FileType('wb'),
-+                        help='The output tee.bin')
- 
--       parser.add_argument('--out_header_v2', \
--               required=False, type=argparse.FileType('wb'), \
--               help='The output tee_header_v2.bin')
-+    parser.add_argument('--out_header_v2',
-+                        required=False, type=argparse.FileType('wb'),
-+                        help='The output tee_header_v2.bin')
- 
--       parser.add_argument('--out_pager_v2', \
--               required=False, type=argparse.FileType('wb'), \
--               help='The output tee_pager_v2.bin')
-+    parser.add_argument('--out_pager_v2',
-+                        required=False, type=argparse.FileType('wb'),
-+                        help='The output tee_pager_v2.bin')
- 
--       parser.add_argument('--out_pageable_v2', \
--               required=False, type=argparse.FileType('wb'), \
--               help='The output tee_pageable_v2.bin')
-+    parser.add_argument('--out_pageable_v2',
-+                        required=False, type=argparse.FileType('wb'),
-+                        help='The output tee_pageable_v2.bin')
-+
-+    return parser.parse_args()
- 
--       return parser.parse_args();
- 
- def main():
--       args = get_args()
--       init_bin_size      = args.init_size
--       tee_pager_fname    = args.tee_pager_bin
--       tee_pageable_fname = args.tee_pageable_bin
--       pager_input_size   = os.path.getsize(tee_pager_fname);
--       paged_input_size   = os.path.getsize(tee_pageable_fname);
--       hash_size          = paged_input_size / (4 * 1024) * \
--                            hashlib.sha256().digest_size
--
--       if paged_input_size % (4 * 1024) != 0:
--               print("Error: pageable size not a multiple of 4K:" + \
--                       repr(paged_input_size))
--               sys.exit(1)
--
--       init_size         = pager_input_size + \
--                           min(init_bin_size, paged_input_size) + \
--                           hash_size
--       paged_size        = paged_input_size - \
--                           min(init_bin_size, paged_input_size)
--
--       if args.out is not None:
--               outf = args.out
--               write_header_v1(outf, init_size, args, paged_size)
--               append_to(outf, 0, tee_pager_fname)
--               append_to(outf, 0, tee_pageable_fname, init_bin_size)
--               append_hashes(outf, tee_pageable_fname)
--               append_to(outf, init_bin_size, tee_pageable_fname)
--               outf.close()
--
--       if args.out_header_v2 is not None:
--               outf = args.out_header_v2
--               write_header_v2(outf, init_size, args, paged_size)
--               outf.close()
--
--       if args.out_pager_v2 is not None:
--               outf = args.out_pager_v2
--               append_to(outf, 0, tee_pager_fname)
--               append_to(outf, 0, tee_pageable_fname, init_bin_size)
--               append_hashes(outf, tee_pageable_fname)
--               outf.close()
--
--       if args.out_pageable_v2 is not None:
--               outf = args.out_pageable_v2
--               append_to(outf, init_bin_size, tee_pageable_fname)
--               outf.close()
-+    args = get_args()
-+    init_bin_size = args.init_size
-+    tee_pager_fname = args.tee_pager_bin
-+    tee_pageable_fname = args.tee_pageable_bin
-+    pager_input_size = os.path.getsize(tee_pager_fname)
-+    paged_input_size = os.path.getsize(tee_pageable_fname)
-+    hash_size = paged_input_size // (4 * 1024) * \
-+        hashlib.sha256().digest_size
-+
-+    if paged_input_size % (4 * 1024) != 0:
-+        print("Error: pageable size not a multiple of 4K: {}".format(
-+            paged_input_size))
-+        sys.exit(1)
-+
-+    init_size = pager_input_size + \
-+        min(init_bin_size, paged_input_size) + \
-+        hash_size
-+    paged_size = paged_input_size - \
-+        min(init_bin_size, paged_input_size)
-+
-+    if args.out is not None:
-+        outf = args.out
-+        write_header_v1(outf, init_size, args, paged_size)
-+        append_to(outf, 0, tee_pager_fname)
-+        append_to(outf, 0, tee_pageable_fname, init_bin_size)
-+        append_hashes(outf, tee_pageable_fname)
-+        append_to(outf, init_bin_size, tee_pageable_fname)
-+        outf.close()
-+
-+    if args.out_header_v2 is not None:
-+        outf = args.out_header_v2
-+        write_header_v2(outf, init_size, args, paged_size)
-+        outf.close()
-+
-+    if args.out_pager_v2 is not None:
-+        outf = args.out_pager_v2
-+        append_to(outf, 0, tee_pager_fname)
-+        append_to(outf, 0, tee_pageable_fname, init_bin_size)
-+        append_hashes(outf, tee_pageable_fname)
-+        outf.close()
-+
-+    if args.out_pageable_v2 is not None:
-+        outf = args.out_pageable_v2
-+        append_to(outf, init_bin_size, tee_pageable_fname)
-+        outf.close()
-+
- 
- if __name__ == "__main__":
--       main()
-+    main()
-diff --git a/scripts/gen_ld_sects.py b/scripts/gen_ld_sects.py
-index c5dc3a7b..2bdbb192 100755
---- a/scripts/gen_ld_sects.py
-+++ b/scripts/gen_ld_sects.py
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- # SPDX-License-Identifier: BSD-2-Clause
- #
- # Copyright (c) 2017, Linaro Limited
-@@ -8,8 +8,8 @@ import sys
- import re
- 
- def usage():
--       print "Usage: {0} <section reg exp match> [<skip section>...]".format( \
--               sys.argv[0])
-+       print("Usage: {0} <section reg exp match> [<skip section>...]".format( \
-+               sys.argv[0]))
-        sys.exit (1)
- 
- def main():
-@@ -55,7 +55,7 @@ def main():
-                if sect_name in skip_sections :
-                        continue
- 
--               print '\t*({0})'.format(sect_name)
-+               print ('\t*({0})'.format(sect_name))
- 
- if __name__ == "__main__":
-         main()
-diff --git a/scripts/pem_to_pub_c.py b/scripts/pem_to_pub_c.py
-index 6b8fa365..0b03d62e 100755
---- a/scripts/pem_to_pub_c.py
-+++ b/scripts/pem_to_pub_c.py
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- # SPDX-License-Identifier: BSD-2-Clause
- #
- # Copyright (c) 2015, Linaro Limited
-diff --git a/scripts/sign.py b/scripts/sign.py
-index ad47479b..348b40a2 100755
---- a/scripts/sign.py
-+++ b/scripts/sign.py
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- #
- # Copyright (c) 2015, 2017, Linaro Limited
- #
-diff --git a/scripts/symbolize.py b/scripts/symbolize.py
-index 1eecf758..0e9bd3ed 100755
---- a/scripts/symbolize.py
-+++ b/scripts/symbolize.py
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- # SPDX-License-Identifier: BSD-2-Clause
- #
- # Copyright (c) 2017, Linaro Limited
-diff --git a/scripts/ta_bin_to_c.py b/scripts/ta_bin_to_c.py
-index cabddbbd..f325fda0 100755
---- a/scripts/ta_bin_to_c.py
-+++ b/scripts/ta_bin_to_c.py
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- # SPDX-License-Identifier: BSD-2-Clause
- #
- # Copyright (c) 2017, Linaro Limited
-diff --git a/scripts/tee_bin_parser.py b/scripts/tee_bin_parser.py
-index 5f7dd3f0..07da5791 100755
---- a/scripts/tee_bin_parser.py
-+++ b/scripts/tee_bin_parser.py
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- # SPDX-License-Identifier: BSD-2-Clause
- #
- # Copyright (c) 2016, Linaro Limited
--- 
-2.17.1
-
diff --git a/recipes-security/optee-imx/optee-os_3.2.0.imx.bb b/recipes-security/optee-imx/optee-os_3.7.0.imx.bb
index d2c82940..1bef749b 100644
--- a/recipes-security/optee-imx/optee-os_3.2.0.imx.bb
+++ b/recipes-security/optee-imx/optee-os_3.7.0.imx.bb
@@ -1,23 +1,22 @@
-# Copyright (C) 2017-2018 NXP
+# Copyright (C) 2017-2020 NXP
 
 SUMMARY = "OPTEE OS"
 DESCRIPTION = "OPTEE OS"
 HOMEPAGE = "http://www.optee.org/"
 LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173"
 
 inherit deploy python3native autotools
-DEPENDS = "python3-pycrypto-native u-boot-mkimage-native"
+DEPENDS = "python3-pycrypto-native python3-pyelftools-native u-boot-mkimage-native"
+
+SRCBRANCH = "imx_5.4.24_2.1.0"
 
-SRCBRANCH = "lf-5.4.y"
-OPTEE_OS_SRC ?= "git://source.codeaurora.org/external/imx/imx-optee-os.git;protocol=https"
 SRC_URI = "\
-        ${OPTEE_OS_SRC};branch=${SRCBRANCH} \
-        file://0001-scripts-update-scripts-to-use-python3.patch \
+        git://source.codeaurora.org/external/imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH} \
         file://0001-optee-os-fix-gcc10-compilation-issue-and-missing-cc-.patch \
 "
 
-SRCREV = "6d99b525af752ecdaabdca6098b2564b2665f2b2"
+SRCREV = "7a49776de59265500f10a247125429fde1555ac1"
 
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build.${PLATFORM_FLAVOR}"
@@ -29,9 +28,13 @@ PLATFORM_FLAVOR_imx6ul7d        = "mx6ulevk"
 PLATFORM_FLAVOR_imx6ull14x14evk = "mx6ullevk"
 PLATFORM_FLAVOR_imx6ull9x9evk   = "mx6ullevk"
 PLATFORM_FLAVOR_imx6ulz14x14evk = "mx6ulzevk"
-PLATFORM_FLAVOR_mx8mm   = "mx8mmevk"
-PLATFORM_FLAVOR_mx8mn   = "mx8mnevk"
-PLATFORM_FLAVOR_mx8qxp  = "mx8qxpmek"
+PLATFORM_FLAVOR_mx8mm           = "mx8mmevk"
+PLATFORM_FLAVOR_mx8mn           = "mx8mnevk"
+PLATFORM_FLAVOR_mx8qxp          = "mx8qxpmek"
+PLATFORM_FLAVOR_mx8mp           = "mx8mpevk"
+PLATFORM_FLAVOR_mx8dx           = "mx8dxmek"
+PLATFORM_FLAVOR_mx8dxl          = "mx8dxlevk"
+PLATFORM_FLAVOR_mx8phantomdxl   = "mx8qxpmek"
 
 OPTEE_ARCH ?= "arm32"
 OPTEE_ARCH_armv7a = "arm32"
@@ -42,19 +45,20 @@ OPTEE_ARCH_aarch64 = "arm64"
 # For 64bits, CROSS_COMPILE64 must be set
 # When defining CROSS_COMPILE and CROSS_COMPILE64, we assure that
 # any 32 or 64 bits builds will pass
-EXTRA_OEMAKE = "PLATFORM=imx PLATFORM_FLAVOR=${PLATFORM_FLAVOR} \
-                CROSS_COMPILE=${HOST_PREFIX} \
-                CROSS_COMPILE64=${HOST_PREFIX} \
-                NOWERROR=1 \
-                LDFLAGS= \
-                O=${B} \
-                "
-
+EXTRA_OEMAKE = " \
+        PLATFORM=imx \
+        PLATFORM_FLAVOR=${PLATFORM_FLAVOR} \
+        CROSS_COMPILE=${HOST_PREFIX} \
+        CROSS_COMPILE64=${HOST_PREFIX} \
+        NOWERROR=1 \
+        LDFLAGS= \
+        O=${B} \
+"
 
 do_compile () {
     unset LDFLAGS
     export CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST}"
-    oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0
+    oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_TEE_CORE_LOG_LEVEL=0
 }
 
 
diff --git a/recipes-security/optee-imx/optee-test_3.2.0.imx.bb b/recipes-security/optee-imx/optee-test_3.2.0.imx.bb
deleted file mode 100644
index c78f9816..00000000
--- a/recipes-security/optee-imx/optee-test_3.2.0.imx.bb
+++ /dev/null
@@ -1,58 +0,0 @@
-# Copyright (C) 2017-2018 NXP
-
-SUMMARY = "OPTEE test"
-HOMEPAGE = "http://www.optee.org/"
-
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa"
-
-DEPENDS = "optee-os optee-client python3-pycrypto-native openssl"
-inherit python3native
-
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-
-SRCBRANCH = "lf-5.4.y"
-OPTEE_TEST_SRC ?= "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https"
-
-SRC_URI = "${OPTEE_TEST_SRC};branch=${SRCBRANCH} \
-           file://0003-sock_server-fix-compilation-against-musl-sys-errno.h.patch \
-           file://0004-build-ignore-declaration-after-statement-warnings.patch \
-           file://0005-benchmark_1000-fix-compilation-against-musl-uint.patch \
-           file://0006-regression_8100-use-null-terminated-strings-with-fil.patch \
-           file://0001-use-python3-instead-of-python.patch \
-"
-
-S = "${WORKDIR}/git"
-
-SRCREV = "b7114b828b82f2c0eec124ed424eff1230cc5319"
-
-OPTEE_ARCH ?= "arm32"
-OPTEE_ARCH_armv7a = "arm32"
-OPTEE_ARCH_aarch64 = "arm64"
-
-do_compile () {
-    export TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_${OPTEE_ARCH}/
-    export ARCH=${OPTEE_ARCH}
-
-    export OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}/usr
-    export CROSS_COMPILE_HOST=${HOST_PREFIX}
-    export CROSS_COMPILE_TA=${HOST_PREFIX}
-    export CROSS_COMPILE=${HOST_PREFIX}
-    export OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}/
-    oe_runmake V=1  --warn-undefined-variables
-}
-
-do_install () {
-    install -d ${D}/usr/bin
-    install ${S}/out/xtest/xtest ${D}/usr/bin/
-
-    install -d ${D}/lib/optee_armtz
-    find ${S}/out/ta -name '*.ta' | while read name; do
-    install -m 444 $name ${D}/lib/optee_armtz/
-    done
-
-}
-
-FILES_${PN} = "/usr/bin/ /lib*/optee_armtz/"
-
-COMPATIBLE_MACHINE = "(mx6|mx7|mx8)"
diff --git a/recipes-security/optee-imx/optee-test_3.7.0.imx.bb b/recipes-security/optee-imx/optee-test_3.7.0.imx.bb
new file mode 100644
index 00000000..04240ff0
--- /dev/null
+++ b/recipes-security/optee-imx/optee-test_3.7.0.imx.bb
@@ -0,0 +1,55 @@
+# Copyright (C) 2017-2018 NXP
+
+SUMMARY = "OPTEE test"
+HOMEPAGE = "http://www.optee.org/"
+
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa"
+
+DEPENDS = "optee-os optee-client python3-pycrypto-native openssl"
+inherit python3native
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
+SRCBRANCH = "imx_5.4.24_2.1.0"
+
+SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH} \
+           file://0001-use-python3-instead-of-python.patch \
+"
+
+S = "${WORKDIR}/git"
+B = "${WORKDIR}/build"
+
+SRCREV = "227d6f4c40eaa6f84fe049b9e48c7b27ad7fab08"
+
+OPTEE_ARCH ?= "arm32"
+OPTEE_ARCH_armv7a = "arm32"
+OPTEE_ARCH_aarch64 = "arm64"
+
+TA_DEV_KIT_DIR_arm = "${STAGING_INCDIR}/optee/export-user_ta_arm32/"
+TA_DEV_KIT_DIR_aarch64 = "${STAGING_INCDIR}/optee/export-user_ta_arm64/"
+
+EXTRA_OEMAKE = " \
+    TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
+    ARCH=${OPTEE_ARCH} \
+    OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}/usr \
+    CROSS_COMPILE_HOST=${HOST_PREFIX} \
+    CROSS_COMPILE_TA=${HOST_PREFIX} \
+    CROSS_COMPILE=${HOST_PREFIX} \
+    OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}/ \
+    -C ${S} O=${B} \
+"
+
+do_install () {
+        install -d ${D}/usr/bin
+        install ${B}/xtest/xtest ${D}/usr/bin/
+
+        install -d ${D}/lib/optee_armtz
+        find ${B}/ta -name '*.ta' | while read name; do
+                install -m 444 $name ${D}/lib/optee_armtz/
+        done
+}
+
+FILES_${PN} = "/usr/bin/ /lib*/optee_armtz/"
+
+COMPATIBLE_MACHINE = "(mx6|mx7|mx8)"