diff options
| author | Oleksandr Suvorov <oleksandr.suvorov@foundries.io> | 2023-01-06 11:17:58 +0200 |
|---|---|---|
| committer | Oleksandr Suvorov <oleksandr.suvorov@foundries.io> | 2023-01-06 14:33:00 +0200 |
| commit | 667a28c32f118ca64cbc88eaea9dcc2fa2a4cd1c (patch) | |
| tree | 41a4af3db490d047e2912479409a73ee0f2f926d /recipes-security | |
| parent | 3099ed6a03a2f9a8295638c74e2c54b3c68c461d (diff) | |
| download | meta-freescale-667a28c32f118ca64cbc88eaea9dcc2fa2a4cd1c.tar.gz | |
optee: Upgrade 3.17.0.imx to 3.19.0.imx
NXP BSP lf-5.15.71_2.2.0 uses op-tee 3.19.0.imx.
Upgrade optee-os, optee-client, and optee-test accordingly.
Add missed support for imx93evk platform.
Relevant changes for optee-os:
- 00919403f LF-7525 drivers: dcp: do not modify DCP node status in the DTB
- 842961521 core: mm: fix error flushing unused pgt's
- 96d9b4c19 libutils: util.h: fix the ROUNDUP_OVERFLOW() macro
- 2885fd08e LFOPTEE-203 drivers: ele: align HUK output buffer
- 7e41f6603 drivers: imx_ele: add HUK support for imx93
- ab1525d14 core: imx: remove SC_IPC_BASE_SECURE definition
- 382a7ae57 LFOPTEE-181 drivers: imx_ele: re-work imx_ele_session_get_device_info()
- b27da7b0d LFOPTEE-181 drivers: imx_ele: remove RNG support for 8ulp A0
- 4a9f3e387 LFOPTEE-181 drivers: imx_ele: add MU infos for imx93
- 8c4caec41 LFOPTEE-181 core: imx: enable MU and ELE drivers for imx93
- f5bc45d6d LFOPTEE-181 core: imx: add MU_BASE and MU_SIZE for imx93
- b19786dfb LFOPTEE-181 drivers: imx_mu: add support for imx93
- 4c598c905 core: imx_ele: remove addition of word for CRC
- 9f9fb3899 LFU-368: core: imx93: enable trusted_keys as early TA
- 23889478f LFU-368: core: imx: enabled dynamic share memory for i.MX93
Relevant changes in optee-client:
- 644022f teeacl: fix include path
- 140bf46 libckteec: Add EDDSA attribute serialization
- 1fc38c6 libteeacl: Add function to resolve name to gid_t
- 1560582 libteeacl: function to encode a group login UUID
- e58b158 libteeacl: Add new ACL helper library
- 5364e61 tee-supplicant: read rpmb dev info from sysfs
- a46239c tee-supplicant: android: make RPMB_EMU a conditional assignment
- 30abe6c cmake: Use separate generator expression for lib targets
- f2755fe cmake: Don't set teec include_directory from libseteec
- 1dcb80a Use CMake project command to set version
- 492410d tee-supplicant: -d: return after TEE device is opened
- d59ed2d cmake: fix log level don't take effect
- e7cba71 tee-supplicant: fs: use errno instead of returning TEEC_ERROR_GENERIC
- f7ed8e3 tee-supplicant: support multiple TA load paths
- a5c30b1 Makefile: Makefile: only preserve links when installing output files
- dc58de2 tee-supplicant: close shm fd before freeing memory
- f2a7c94 tee-supplicant/src/tee_supplicant.c: fix build without plugins
Relevant changes in optee-test:
- 5c1dbb5 LFOPTEE-129 Make MP test use embedded crypto instead of openssl
- 661a7b3 LFOPTEE-131 Fix ta_keygen compilation warnings
- 6fcbcb1 LFOPTEE-123 Reset the handle when freed
- 980dbbb LFOPTEE-123 Handle benchmark logging for key generation measures
- ebf619a LFOPTEE-95 Add performance measure of key generation
- 28ba903 LFOPTEE-93 Check MP is functional
- d7f6c03 LFOPTEE-84 xtest: Add test of MP feature
- d928ce2 LFOPTEE-84 ta: Add test of MP
- b060fc4 MMIOT-789 xtest: crypto_perf: fix resource leak in read_random
- f9d2ab0 TEE-641 regression_nxp: add AES CTR in place tests
- dd158a7 LFOPTEE-65 xtest: add DIGPROG tests
- e1492fa LFOPTEE-65 xtest: add OCOTP tests
- c520c98 YOCIMX-5658 regression_nxp: replace malloc() calls with calloc() calls
- 09dbac1 LFOPTEE-55: crypto-perf: RSA: Fix for RSA Encryption/Decryption error
- 63dcd10 LFOPTEE-55: crypto-perf: add domain parameters for dsa
- c88fb78 LFOPTEE-55: crypto-perf: DH: Remove non-essential attributes passed during key generation
- b7b285a LFOPTEE-55: crypto-perf: ta: ECDSA, ECDH: Remove non-essential attributes passed during key generation
- 8350e03 LFOPTEE-55: crypto-perf: xtest: ECDH: RoundUp key size
- 7a9c375 LFOPTEE-39 regression_nxp: Add test of DEK blob generation
- 61e5ede MMIOT-723 regression_nxp: crypto: Fixing memory corruption in nxp_crypto_003
- 7d9ff08 LFOPTEE-17: xtest: regression_nxp: add test case for I2C driver testing
- 6ae8e95 xtest: enable PKCS11 tests
- 35173ba regression_nxp: enable CFG_REGRESSION_NXP flag
- cfb6e7b LFOPTEE-16: fix warning where uint32_t is expected
- a740498 LFOPTEE-16: fix trace compilation warnings
- 0fa4d73 LFOPTEE-13 crypto-perf: fix command line algorithm search
- 6a28f3c LFOPTEE-13 crypto-perf: fix compilation warnings
- e78f18d TEE-127 CAAM Crypto Performance
- 5ec9bce TEE-606 xtest: define a 'regression_nxp' test suite in xtest
- e562b26 TEE-606 xtest: add CFG_REGRESSION_NXP flag
- d9d73a8 TEE-367 crypto: cipher memory leakage verification
- f3e776b TEE-548 regression_nxp: Cipher operation with a big buffer
- 5312feb TEE-577 regression_nxp: AES CTR streaming byte per byte
- 6df2c3f TEE-418 regression_nxp: add cipher streaming byte incremental
- ab9863c Add ED25519 test cases
- eb3d01f xtest: Add FF-A memory test
- 252faa9 xtest: SPMC Add basic test
- 13cce36 xtest: remove ADBG_REQUIRE* macros
- d9d269e xtest: fix compilation issue
- 2055d75 xtest: fix compilation issue
- c7f733c xtest: fix compilation issue
- d09b43b host: supp_plugin: fix cross compilation
- da5282a sdp: Add dmabuf support
- 366179c regression 4007_x25519: do not fail if X25519 is not supported
- 00b3f2c Add x25519 test cases
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Diffstat (limited to 'recipes-security')
| -rw-r--r-- | recipes-security/optee-imx/optee-client_3.19.0.imx.bb (renamed from recipes-security/optee-imx/optee-client_3.17.0.imx.bb) | 8 | ||||
| -rw-r--r-- | recipes-security/optee-imx/optee-os/0008-no-warn-rwx-segments.patch | 64 | ||||
| -rw-r--r-- | recipes-security/optee-imx/optee-os_3.19.0.imx.bb (renamed from recipes-security/optee-imx/optee-os_3.17.0.imx.bb) | 27 | ||||
| -rw-r--r-- | recipes-security/optee-imx/optee-test_3.19.0.imx.bb (renamed from recipes-security/optee-imx/optee-test_3.17.0.imx.bb) | 4 |
4 files changed, 18 insertions, 85 deletions
diff --git a/recipes-security/optee-imx/optee-client_3.17.0.imx.bb b/recipes-security/optee-imx/optee-client_3.19.0.imx.bb index 6f0435fe..b0fb9178 100644 --- a/recipes-security/optee-imx/optee-client_3.17.0.imx.bb +++ b/recipes-security/optee-imx/optee-client_3.19.0.imx.bb | |||
| @@ -8,13 +8,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" | |||
| 8 | SRC_URI = " \ | 8 | SRC_URI = " \ |
| 9 | git://github.com/nxp-imx/imx-optee-client.git;protocol=https;branch=${SRCBRANCH} \ | 9 | git://github.com/nxp-imx/imx-optee-client.git;protocol=https;branch=${SRCBRANCH} \ |
| 10 | file://tee-supplicant.service" | 10 | file://tee-supplicant.service" |
| 11 | SRCBRANCH = "lf-5.15.52_2.1.0" | 11 | SRCBRANCH = "lf-5.15.71_2.2.0" |
| 12 | SRCREV = "9d8f1903bbea3a1e631c8d26ee51c37020569312" | 12 | SRCREV = "644022f8970c832a40be00747fcec70c7b5d488c" |
| 13 | 13 | ||
| 14 | S = "${WORKDIR}/git" | 14 | S = "${WORKDIR}/git" |
| 15 | B = "${WORKDIR}/build" | 15 | B = "${WORKDIR}/build" |
| 16 | 16 | ||
| 17 | inherit python3native systemd features_check | 17 | inherit python3native systemd features_check pkgconfig |
| 18 | |||
| 19 | DEPENDS = "util-linux-libuuid" | ||
| 18 | 20 | ||
| 19 | REQUIRED_MACHINE_FEATURES = "optee" | 21 | REQUIRED_MACHINE_FEATURES = "optee" |
| 20 | 22 | ||
diff --git a/recipes-security/optee-imx/optee-os/0008-no-warn-rwx-segments.patch b/recipes-security/optee-imx/optee-os/0008-no-warn-rwx-segments.patch deleted file mode 100644 index 1dd70b31..00000000 --- a/recipes-security/optee-imx/optee-os/0008-no-warn-rwx-segments.patch +++ /dev/null | |||
| @@ -1,64 +0,0 @@ | |||
| 1 | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> | ||
| 2 | Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] | ||
| 3 | |||
| 4 | From 0b8a917fa51a366806edc0f04b88cd23b24098c4 Mon Sep 17 00:00:00 2001 | ||
| 5 | From: Jerome Forissier <jerome.forissier@linaro.org> | ||
| 6 | Date: Fri, 5 Aug 2022 09:48:03 +0200 | ||
| 7 | Subject: [PATCH] core: link: add --no-warn-rwx-segments | ||
| 8 | |||
| 9 | binutils ld.bfd generates one RWX LOAD segment by merging several sections | ||
| 10 | with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it | ||
| 11 | also warns by default when that happens [1], which breaks the build due to | ||
| 12 | --fatal-warnings. The RWX segment is not a problem for the TEE core, since | ||
| 13 | that information is not used to set memory permissions. Therefore, silence | ||
| 14 | the warning. | ||
| 15 | |||
| 16 | Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 | ||
| 17 | Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 | ||
| 18 | Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com> | ||
| 19 | Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> | ||
| 20 | Acked-by: Jens Wiklander <jens.wiklander@linaro.org> | ||
| 21 | --- | ||
| 22 | core/arch/arm/kernel/link.mk | 8 ++++++-- | ||
| 23 | 1 file changed, 6 insertions(+), 2 deletions(-) | ||
| 24 | |||
| 25 | diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk | ||
| 26 | index 7eed333a32..c39d43cbfc 100644 | ||
| 27 | --- a/core/arch/arm/kernel/link.mk | ||
| 28 | +++ b/core/arch/arm/kernel/link.mk | ||
| 29 | @@ -31,6 +31,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map | ||
| 30 | link-ldflags += --sort-section=alignment | ||
| 31 | link-ldflags += --fatal-warnings | ||
| 32 | link-ldflags += --gc-sections | ||
| 33 | +link-ldflags += $(call ld-option,--no-warn-rwx-segments) | ||
| 34 | |||
| 35 | link-ldadd = $(LDADD) | ||
| 36 | link-ldadd += $(ldflags-external) | ||
| 37 | @@ -55,6 +56,7 @@ link-script-cppflags := \ | ||
| 38 | $(cppflagscore)) | ||
| 39 | |||
| 40 | ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \ | ||
| 41 | + $(call ld-option,--no-warn-rwx-segments) \ | ||
| 42 | $(link-objs) $(link-ldadd) $(libgcccore) | ||
| 43 | cleanfiles += $(link-out-dir)/all_objs.o | ||
| 44 | $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST) | ||
| 45 | @@ -67,7 +69,8 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o | ||
| 46 | $(q)$(NMcore) $< | \ | ||
| 47 | $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@ | ||
| 48 | |||
| 49 | -unpaged-ldargs = -T $(link-script-dummy) --no-check-sections --gc-sections | ||
| 50 | +unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ | ||
| 51 | + $(call ld-option,--no-warn-rwx-segments) | ||
| 52 | unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore) | ||
| 53 | cleanfiles += $(link-out-dir)/unpaged.o | ||
| 54 | $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt | ||
| 55 | @@ -95,7 +98,8 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o | ||
| 56 | $(q)$(NMcore) $< | \ | ||
| 57 | $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@ | ||
| 58 | |||
| 59 | -init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections | ||
| 60 | +init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ | ||
| 61 | + $(call ld-option,--no-warn-rwx-segments) | ||
| 62 | init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \ | ||
| 63 | $(libgcccore) | ||
| 64 | cleanfiles += $(link-out-dir)/init.o | ||
diff --git a/recipes-security/optee-imx/optee-os_3.17.0.imx.bb b/recipes-security/optee-imx/optee-os_3.19.0.imx.bb index f759e40c..9e491bac 100644 --- a/recipes-security/optee-imx/optee-os_3.17.0.imx.bb +++ b/recipes-security/optee-imx/optee-os_3.19.0.imx.bb | |||
| @@ -6,15 +6,12 @@ HOMEPAGE = "http://www.optee.org/" | |||
| 6 | LICENSE = "BSD-2-Clause" | 6 | LICENSE = "BSD-2-Clause" |
| 7 | LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" | 7 | LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" |
| 8 | 8 | ||
| 9 | DEPENDS = "python3-cryptography-native python3-pyelftools-native u-boot-mkimage-native" | 9 | DEPENDS = "python3-pyelftools-native u-boot-mkimage-native \ |
| 10 | python3-cryptography-native" | ||
| 10 | 11 | ||
| 11 | SRC_URI = "git://github.com/nxp-imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH}" | 12 | SRC_URI = "git://github.com/nxp-imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH}" |
| 12 | SRCBRANCH = "lf-5.15.52_2.1.0" | 13 | SRCBRANCH = "lf-5.15.71_2.2.0" |
| 13 | SRCREV = "9e86c8b6b102efa09ada451d0383ea3d11f8fad6" | 14 | SRCREV = "00919403f040fad4f8603e605932281ff8451b1d" |
| 14 | |||
| 15 | SRC_URI:append = " \ | ||
| 16 | file://0008-no-warn-rwx-segments.patch \ | ||
| 17 | " | ||
| 18 | 15 | ||
| 19 | S = "${WORKDIR}/git" | 16 | S = "${WORKDIR}/git" |
| 20 | B = "${WORKDIR}/build" | 17 | B = "${WORKDIR}/build" |
| @@ -42,6 +39,7 @@ PLATFORM_FLAVOR:mx8qxp-nxp-bsp = "mx8qxpmek" | |||
| 42 | PLATFORM_FLAVOR:mx8dx-nxp-bsp = "mx8dxmek" | 39 | PLATFORM_FLAVOR:mx8dx-nxp-bsp = "mx8dxmek" |
| 43 | PLATFORM_FLAVOR:mx8dxl-nxp-bsp = "mx8dxlevk" | 40 | PLATFORM_FLAVOR:mx8dxl-nxp-bsp = "mx8dxlevk" |
| 44 | PLATFORM_FLAVOR:mx8ulp-nxp-bsp = "mx8ulpevk" | 41 | PLATFORM_FLAVOR:mx8ulp-nxp-bsp = "mx8ulpevk" |
| 42 | PLATFORM_FLAVOR:mx93-nxp-bsp = "mx93evk" | ||
| 45 | 43 | ||
| 46 | OPTEE_ARCH:arm = "arm32" | 44 | OPTEE_ARCH:arm = "arm32" |
| 47 | OPTEE_ARCH:aarch64 = "arm64" | 45 | OPTEE_ARCH:aarch64 = "arm64" |
| @@ -90,17 +88,14 @@ do_install () { | |||
| 90 | install -d ${D}${nonarch_base_libdir}/firmware/ | 88 | install -d ${D}${nonarch_base_libdir}/firmware/ |
| 91 | install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ | 89 | install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ |
| 92 | 90 | ||
| 91 | # Install embedded TAs | ||
| 92 | install -d ${D}${nonarch_base_libdir}/optee_armtz/ | ||
| 93 | install -m 444 ${B}/ta/*/*.ta ${D}${nonarch_base_libdir}/optee_armtz/ | ||
| 94 | |||
| 93 | # Install the TA devkit | 95 | # Install the TA devkit |
| 94 | install -d ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ | 96 | install -d ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ |
| 95 | for f in ${B}/export-ta_${OPTEE_ARCH}/*; do | 97 | cp -aR ${B}/export-ta_${OPTEE_ARCH}/* \ |
| 96 | cp -aR $f ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ | 98 | ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ |
| 97 | done | ||
| 98 | |||
| 99 | # Install embedded TAs | ||
| 100 | install -d ${D}${nonarch_base_libdir}/optee_armtz | ||
| 101 | find ${B}/ta -name '*.ta' | while read name; do | ||
| 102 | install -m 444 $name ${D}${nonarch_base_libdir}/optee_armtz/ | ||
| 103 | done | ||
| 104 | } | 99 | } |
| 105 | 100 | ||
| 106 | addtask deploy after do_compile before do_install | 101 | addtask deploy after do_compile before do_install |
diff --git a/recipes-security/optee-imx/optee-test_3.17.0.imx.bb b/recipes-security/optee-imx/optee-test_3.19.0.imx.bb index e1b831f1..25cd86dd 100644 --- a/recipes-security/optee-imx/optee-test_3.17.0.imx.bb +++ b/recipes-security/optee-imx/optee-test_3.19.0.imx.bb | |||
| @@ -9,8 +9,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" | |||
| 9 | DEPENDS = "python3-cryptography-native optee-os optee-client openssl" | 9 | DEPENDS = "python3-cryptography-native optee-os optee-client openssl" |
| 10 | 10 | ||
| 11 | SRC_URI = "git://github.com/nxp-imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH}" | 11 | SRC_URI = "git://github.com/nxp-imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH}" |
| 12 | SRCBRANCH = "lf-5.15.52_2.1.0" | 12 | SRCBRANCH = "lf-5.15.71_2.2.0" |
| 13 | SRCREV = "41222c4b8df1adc0f0bdc737e5cb824becd25f63" | 13 | SRCREV = "5c1dbb531b304f7ae100958f6261b6cefea49b62" |
| 14 | 14 | ||
| 15 | S = "${WORKDIR}/git" | 15 | S = "${WORKDIR}/git" |
| 16 | B = "${WORKDIR}/build" | 16 | B = "${WORKDIR}/build" |