1 files changed, 32 insertions, 18 deletions
diff --git a/recipes-security/optee-imx/optee-fslc.inc b/recipes-security/optee-imx/optee-fslc.inc
index 6c96dc2bc..c89746dc4 100644
--- a/recipes-security/optee-imx/optee-fslc.inc
+++ b/recipes-security/optee-imx/optee-fslc.inc
@@ -1,26 +1,40 @@
-HOMEPAGE = "http://www.optee.org/"
+# Copied from meta-arm/recipes-security/optee/optee.inc.
+# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L30
-inherit python3native features_check
+UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$"
-REQUIRED_MACHINE_FEATURES = "optee"
+COMPATIBLE_MACHINE ?= "invalid"
+COMPATIBLE_MACHINE:qemuarm64 ?= "qemuarm64"
+COMPATIBLE_MACHINE:qemuarm ?= "qemuarm"
+# Please add supported machines below or set it in .bbappend or .conf
-DEPENDS = "python3-cryptography-native"
+OPTEEMACHINE ?= "${MACHINE}"
+OPTEEMACHINE:aarch64:qemuall ?= "vexpress-qemu_armv8a"
+OPTEEMACHINE:arm:qemuall ?= "vexpress-qemu_virt"
-S = "${WORKDIR}/git"
+OPTEE_ARCH = "null"
-B = "${WORKDIR}/build"
+OPTEE_ARCH:arm = "arm32"
-OPTEE_ARCH:arm     = "arm32"
 OPTEE_ARCH:aarch64 = "arm64"
+OPTEE_CORE = "${@d.getVar('OPTEE_ARCH').upper()}"
+OPTEE_TOOLCHAIN = "${@d.getVar('TOOLCHAIN') or 'gcc'}"
+OPTEE_COMPILER = "${@bb.utils.contains("BBFILE_COLLECTIONS", "clang-layer", "${OPTEE_TOOLCHAIN}", "gcc", d)}"
-COMPILER ?= "gcc"
+# Set here but not passed to EXTRA_OEMAKE by default as that breaks
-COMPILER:toolchain-clang = "clang"
+# the optee-os build
+TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta"
+EXTRA_OEMAKE += "V=1 \
+                 LIBGCC_LOCATE_CFLAGS='${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS}' \
+                 COMPILER=${OPTEE_COMPILER} \
+                 OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \
+                 TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \
+                "
+# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
+# right path until this is relocated automatically.
+export OPENSSL_MODULES = "${STAGING_LIBDIR_NATIVE}/ossl-modules"
 CFLAGS += "--sysroot=${STAGING_DIR_HOST}"
-CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}"
+# See the rationale in https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt.
-EXTRA_OEMAKE = " \
+CVE_STATUS[CVE-2021-36133] = "disputed: devices shipped open for development purposes"
-    COMPILER=${COMPILER} \
-    OPENSSL_MODULES=${STAGING_LIBDIR_NATIVE}/ossl-modules \
-    OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${exec_prefix} \
-    -C ${S} O=${B} \
-"

diff --git a/recipes-security/optee-imx/optee-fslc.inc b/recipes-security/optee-imx/optee-fslc.inc index 6c96dc2bc..c89746dc4 100644 --- a/recipes-security/optee-imx/optee-fslc.inc +++ b/recipes-security/optee-imx/optee-fslc.inc
@@ -1,26 +1,40 @@
1	HOMEPAGE = "http://www.optee.org/"	1	# Copied from meta-arm/recipes-security/optee/optee.inc.
		2	# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L30
2		3
3	inherit python3native features_check	4	UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$"
4		5
5	REQUIRED_MACHINE_FEATURES = "optee"	6	COMPATIBLE_MACHINE ?= "invalid"
		7	COMPATIBLE_MACHINE:qemuarm64 ?= "qemuarm64"
		8	COMPATIBLE_MACHINE:qemuarm ?= "qemuarm"
		9	# Please add supported machines below or set it in .bbappend or .conf
6		10
7	DEPENDS = "python3-cryptography-native"	11	OPTEEMACHINE ?= "${MACHINE}"
		12	OPTEEMACHINE:aarch64:qemuall ?= "vexpress-qemu_armv8a"
		13	OPTEEMACHINE:arm:qemuall ?= "vexpress-qemu_virt"
8		14
9	S = "${WORKDIR}/git"	15	OPTEE_ARCH = "null"
10	B = "${WORKDIR}/build"	16	OPTEE_ARCH:arm = "arm32"
11
12	OPTEE_ARCH:arm = "arm32"
13	OPTEE_ARCH:aarch64 = "arm64"	17	OPTEE_ARCH:aarch64 = "arm64"
		18	OPTEE_CORE = "${@d.getVar('OPTEE_ARCH').upper()}"
		19
		20	OPTEE_TOOLCHAIN = "${@d.getVar('TOOLCHAIN') or 'gcc'}"
		21	OPTEE_COMPILER = "${@bb.utils.contains("BBFILE_COLLECTIONS", "clang-layer", "${OPTEE_TOOLCHAIN}", "gcc", d)}"
14		22
15	COMPILER ?= "gcc"	23	# Set here but not passed to EXTRA_OEMAKE by default as that breaks
16	COMPILER:toolchain-clang = "clang"	24	# the optee-os build
		25	TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta"
		26
		27	EXTRA_OEMAKE += "V=1 \
		28	LIBGCC_LOCATE_CFLAGS='${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS}' \
		29	COMPILER=${OPTEE_COMPILER} \
		30	OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \
		31	TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \
		32	"
		33	# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
		34	# right path until this is relocated automatically.
		35	export OPENSSL_MODULES = "${STAGING_LIBDIR_NATIVE}/ossl-modules"
17		36
18	CFLAGS += "--sysroot=${STAGING_DIR_HOST}"	37	CFLAGS += "--sysroot=${STAGING_DIR_HOST}"
19	CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}"	38
20		39	# See the rationale in https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt.
21	EXTRA_OEMAKE = " \	40	CVE_STATUS[CVE-2021-36133] = "disputed: devices shipped open for development purposes"
22	COMPILER=${COMPILER} \
23	OPENSSL_MODULES=${STAGING_LIBDIR_NATIVE}/ossl-modules \
24	OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${exec_prefix} \
25	-C ${S} O=${B} \
26	"