summaryrefslogtreecommitdiffstats
path: root/recipes-security
Commit message (Collapse)AuthorAgeFilesLines
* optee-test: Update lf-5.15.32_2.0.0 -> lf-5.15.52_2.1.0backport-1284-to-kirkstoneTom Hochstein2022-11-011-3/+3
| | | | | | | | | | | Changes: ``` 41222c4 Makefile: fix ownership contamination when installing output files ae3b1c6 xtest: create output dir before generating regression_8100 header files ``` Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com> (cherry picked from commit aac88e4d334a3eaf63342bd1cf3a2b4cde8c1fca)
* optee-client: Update lf-5.15.32_2.0.0 -> lf-5.15.52_2.1.0Tom Hochstein2022-11-011-11/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: ``` 9d8f190 Makefile: Makefile: only preserve links when installing output files 9a33704 public: Fix simple typo in tee_client_api.h 8aed3ed tee-supplicant: accept -r as a short option for --rpmb-cid 5a69d55 tee-supplicant: add --rpmb-cid command line option 88d374e tee-supplicant: rpmb: read CID in one go ba0ed67 tee-supplicant: rpmb: introduce readn() wrapper to the read() syscall 945704e tee-supplicant: fix plugin loading logic edf3072 tee-supplicant: refactor argument parsing in main() 876b1ae tee-supplicant: introduce struct tee_supplicant_params for global config 8b3f7fe libckteec: add support for ECDH derive 06db73b libteec: copy out partial shadow buffer f6e05d3 GitHub actions: fix incorrect version 975fa78 GitHub actions: add a stales.yml file df537dd tee-supplicant: read_with_timeout(): fix non-blocking peeking 6d54f84 tee-supplicant: recv_with_out_flags(): check EINTR f4f54e5 libseteec: Secure Element control e532a51 tee-supplicant: tee_socket_recv(): report truncated datagrams 2a99339 libckteec: check for ckteec_alloc_shm rval b3e9cee tee-supplicant: handle ftell() errors 9876c9c teec_ta_load: replace printfs with DMSGs ae19e95 .gitignore: add tags and TAGS ``` Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com> (cherry picked from commit 9e4dae7a7bbb0135c7c2e009f9345d23ed8b03b5)
* optee-os: Update lf-5.15.32_2.0.0 -> lf-5.15.52_2.1.0Tom Hochstein2022-11-011-11/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: ``` 9e86c8b6b LFOPTEE-169 imx_ele: use get_info command to get the soc revision 74f662cf4 LFOPTEE-169 imx_ele: check ELE TRNG status before getting random numbers f74752516 LFOPTEE-196 imx_ele: make the difference ELE_VERSION_BASELINE and ELE_VERSION_HSM c3f658958 LFOPTEE-172 core: imx_ele: cache the die ID 96dc392d7 scripts: nxp_build: remove ls1012afrwy platform 31125f8be core: plat-ls: remove OP-TEE support for LS1012A-FRWY platform bb2173330 core: plat-ls: correct expression CFG_NUM_THREADS ?= CFG_TEE_CORE_NB_CORE 2166caac3 core: plat-ls: set CFG_NUM_THREADS ?= 2 for LS1012ARDB 21059100b drivers: caam: increase the minimum entropy delay the imx6sx a3d4b52b0 drivers: imx: dcp: disable the use of UNIQUE KEY after HUK generation 9162aecfd drivers: imx: dcp: clear OTP_KEY bit for unique key selection d5144e4a9 drivers: imx: dcp: workaround DCP errata 051292 d61caabeb core: pta: return error code when failing to deserialize saved key 198e47860 core: pta: attestation: fix buffer size for generated key c1e398428 drivers: pm: remove file with license issue 2a725689b LF-6067 drivers: caam: map the CAAM registers with the CAAM_SIZE value 639dfbc1f LF-6067 core: ls: add CAAM_SIZE values for LS platforms 42a864fd1 LF-6067 core: imx: add CAAM_SIZE values for i.MX platforms 6ebec0d2a LFOPTEE-159 drivers: imx_snvs: re-work security state for imx8m platforms 588403cd7 LFOPTEE-158 scripts: add imx93evk platform 18e11b984 LFOPTEE-158 core: imx: add support imx93evk platform 813af1a3c LFOPTEE-158 core: imx: add imx93 SoC ID aea51ea0b LFOPTEE-158 core: imx: add imx93 registers ede0b7183 LFOPTEE-158 core: imx: simplify the error macro message 742bee71c drivers: imx_snvs: fix the is_otpmk_valid() logic 6bb686a04 drivers: imx_snvs: fix SNVS register read operation 111482cfe LFOPTEE-146 drivers: imx_ele: add CRC computation and check for ELE calls dd227c6c5 LFOPTEE-146 drivers: imx_ele: reformat code for consistency 907c2f86f LFOPTEE-146 drivers: imx_ele: ask the ELE for the unique device ID b421225d9 LFOPTEE-146 drivers: remove imx_ele_mu_init() function 09e9d1b62 LFOPTEE-146 drivers: imx_mu: increase the message limit size b6c4a695b core: plat-ls: correct CAAM JR interrupt numbers 13ce5deb6 LFOPTEE-147 core: imx: fix uninitialized return value e5ea58a7b LFOPTEE-141 drivers: imx_mu: Disable foreign exception when sending message to MU ``` Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com> (cherry picked from commit 282e2619f00fb7b1a006fa09627fd4d4a74ba107)
* optee-os: fix build with binutils 2.39Andrey Zhizhikin2022-10-252-0/+68
| | | | | | | | | | | | | | | | | binutils 2.39 started to produce warning on RWX LOAD segments, which breaks the linking process of optee-os. Upstream optee-os package has patch ac425901 ("arm/optee-os: backport RWX permission error patch") [1] integrated, which has been backported in OP-TEE from PR #5475 [2] targeting master in upstream. Port upstream optee-os commit into NXP fork of optee-os. Link: [1]: https://github.com/jonmason/meta-arm/commit/ac4259011f4c8cec01191828014487ccc5de73ca Link: [2]: https://github.com/OP-TEE/optee_os/pull/5474 Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com> Cc: Tom Hochstein <tom.hochstein@nxp.com> (cherry picked from commit 42a054f5e3d18bdf0092dd29eff5980ba9af8db1)
* optee-os: Fix PLATFORM_FLAVOR overrides for 6UL, 6ULL, and 6ULZTom Hochstein2022-10-251-4/+3
| | | | | | | | | The PLATFORM_FLAVOR overrides for 6UL, 6ULL, and 6ULZ SOCs were mistakenly added with a leading 'i'. Fixes: b937d5b Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com> (cherry picked from commit dbcc587ed8ed2a70b9581db9059365ced1704812)
* optee: Upgrade 3.15.0.imx -> 3.17.0.imxTom Hochstein2022-10-253-17/+14
| | | | | Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com> (cherry picked from commit d5abe2b1f7afccc879671ca0fba212eca369e825)
* optee-qoriq: rename directory so it maps to the recipeOtavio Salvador2022-07-257-0/+0
| | | | | Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> (cherry picked from commit 237f04e8b1967ef5615fa888657f8766bd52c287)
* optee-test: Rework the OPTEE_ARCH logicTom Hochstein2022-06-161-6/+2
| | | | | | | | | | | For 32-bit ARM the OPTEE_ARCH assignment using the armv7a override is redundant to the default assignment. Replace both with a single assignment using the arm override. Also, rework the TA_DEV_KIT_DIR build variable using OPTEE_ARCH. Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com> (cherry picked from commit 1d9eb0fc2443414014be964b6353710439be5226)
* optee-os: Simplify OPTEE_ARCH assignment for 32-bitTom Hochstein2022-06-161-2/+1
| | | | | | | | | For 32-bit ARM the OPTEE_ARCH assignment using the armv7a override is redundant to the default assignment. Replace both with a single assignment using the arm override. Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com> (cherry picked from commit f7dae734e2e9c2aef17d3b0329bdf4e65b215786)
* optee-test: Upgrade to NXP 5.15.5-1.0.0Tom Hochstein2022-05-121-8/+4
| | | | | | | | - Fix hard-coded /usr with exec_prefix variable - Parallel make works, remove work around Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com> (cherry picked from commit a11a0895a4b16ba5ae31693feff379e3de646045)
* optee-client: Update branch, same SRCREVTom Hochstein2022-05-121-1/+1
| | | | | | | SRCREV is the same for NXP 5.15.5-1.0.0. Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com> (cherry picked from commit f51ff30cb96c31866fca8ca89bb17511b45efe35)
* optee-os: Upgrade to NXP 5.15.5-1.0.0Tom Hochstein2022-05-122-36/+7
| | | | | | | | | - Drop patch 0001-arm-imx-fix-RPMB-header-include.patch that is now upstream - Update platform list - Fix hard-coded /usr/include with includedir variable Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com> (cherry picked from commit 5956fb99eb99866425f163c7083dc3a28c87e0f8)
* mx8dx: Normalize MACHINEOVERRIDES implementationTom Hochstein2022-03-311-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | The imx8dx-mek machine is similar to imx8qxp-mek and so the mx8qxp override was included in the MACHINEOVERRIDES hierarchy. This is non-standard, and the rework of the SOC overrides didn't handle it properly, leading to a build break: ``` Log data follows: | DEBUG: Executing shell function do_compile | NOTE: 8QX boot binary build | cp: failed to access '/home/aquino/src/ossystems/oel-platform/build/tmp/work/imx8dx_mek-oel-linux/imx-boot/1.0-r0/git/iMX8DX/scfw_tcm.bin': Not a directory | WARNING: /home/aquino/src/ossystems/oel-platform/build/tmp/work/imx8dx_mek-oel-linux/imx-boot/1.0-r0/temp/run.do_compile.1809636:179 exit 1 from 'cp /home/aquino/src/ossystems/oel-platform/build/tmp/deploy/images/imx8dx-mek/imx-boot$ tools/scfw_tcm.bin /home/aquino/src/ossystems/oel-platform/build/tmp/work/imx8dx_mek-oel-linux/imx-boot/1.0-r0/git/iMX8DX/scfw_tcm.bin' | WARNING: Backtrace (BB generated script): | #1: compile_mx8x, /home/aquino/src/ossystems/oel-platform/build/tmp/work/imx8dx_mek-oel-linux/imx-boot/1.0-r0/temp/run.do_compile.1809636, line 179 | #2: do_compile, /home/aquino/src/ossystems/oel-platform/build/tmp/work/imx8dx_mek-oel-linux/imx-boot/1.0-r0/temp/run.do_compile.1809636, line 151 | #3: main, /home/aquino/src/ossystems/oel-platform/build/tmp/work/imx8dx_mek-oel-linux/imx-boot/1.0-r0/temp/run.do_compile.1809636, line 189 ERROR: Task (/home/aquino/src/ossystems/oel-platform/sources/meta-freescale/recipes-bsp/imx-mkimage/imx-boot_1.0.bb:do_compile) failed with exit code '1' ``` Fix the problem by removing mx8qxp from the mx8dx hierarchy and adapting existing mx8qxp overrides appropriately. Fixes: #1027 Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-os: Fix RPMB build breakTom Hochstein2022-03-072-0/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | When CFG_RPMB_FS=y, OP-TEE os no longer compiles because imx_rpmb.c tries to include a header that doesn't exist. This issue seems linked to a rework that allows to compile i.MX Secure Non-Volatile Storage driver without RPMB. ``` | CC optee-os/3.15.0.imx-r0/build/core/arch/arm/plat-imx/imx_rpmb.o | core/arch/arm/plat-imx/imx_rpmb.c:5:10: fatal error: drivers/imx_snvs.h: No such file or directory | 5 | #include <drivers/imx_snvs.h> | | ^~~~~~~~~~~~~~~~~~~~ | compilation terminated. | make: *** [mk/compile.mk:159: optee-os/3.15.0.imx-r0/build/core/arch/arm/plat-imx/imx_rpmb.o] Error 1 | make: *** Waiting for unfinished jobs.... | CC optee-os/3.15.0.imx-r0/build/core/crypto/crypto.o | CC optee-os/3.15.0.imx-r0/build/core/arch/arm/plat-imx/imx_dt.o | make: Leaving directory 'optee-os/3.15.0.imx-r0/git' | ERROR: oe_runmake failed | WARNING: exit code 1 from a shell command. ERROR: Task (optee-imx/optee-os_3.15.0.imx.bb:do_compile) failed with exit code '1' ``` This is fixed in the upcoming release NXP 5.15.5-1.0.0. Backport the patch. Fixes: #997 Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* layer: Update LICENSE variable to use SPDX license identifiersAndrey Zhizhikin2022-03-031-1/+1
| | | | | | | | | | | | Since OE-Core commit 9379f80f48 ("license/insane: Show warning for obsolete license usage"), LICENSE field not containing SPDX identifiers are treated with WARNING. An automated conversion using scripts/contrib/convert-spdx-licenses.py to convert to use the standard SPDX license identifiers has been done on the entire layer. Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
* optee-test: Add runtime dependency on optee-osTom Hochstein2022-02-241-0/+2
| | | | | | The TAs in optee-os are required. Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-client: Fix incorrect packaging logicTom Hochstein2022-02-241-8/+0
| | | | | | | | | | | - The logic for the tee-supplicant package doesn't work and the package ends up empty. In fact, tee-supplicant belongs in the main package anyway. - The main package already contains ${libdir}, so drop the redundant assignment. - The headers belong in the -dev package, so drop them from the main. - Drop the un-necessary INSANE_SKIP settings. Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-*: For i.MX, require machine feature opteeTom Hochstein2022-02-243-5/+11
| | | | | | | | The optee software should be enabled by the machine feature. If the machine feature is not there, but optee is built anyway, then something is wrong and the build should fail. Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-test: Use openssl embedded in optee-testTom Hochstein2022-02-241-1/+0
| | | | | | | | | | | | | | | | | | Building against openssl from Yocto results in a build break: ``` | /opt/work/upstream/fsl-xwayland/tmp/work/cortexa53-crypto-fsl-linux/optee-test/3.15.0.imx-r0/git/host/xtest/regression_8100.c:133:17: error: 'ERR_get_error_line' is deprecated: Since OpeSL 3.0 [-Werror=deprecated-declarations] | 133 | e = ERR_get_error_line(&f, &l); | | ^ | In file included from /opt/work/upstream/fsl-xwayland/tmp/work/cortexa53-crypto-fsl-linux/optee-test/3.15.0.imx-r0/git/host/xtest/regression_8100.c:18: | /opt/work/upstream/fsl-xwayland/tmp/work/cortexa53-crypto-fsl-linux/optee-test/3.15.0.imx-r0/recipe-sysroot/usr/include/openssl/err.h:411:15: note: declared here | 411 | unsigned long ERR_get_error_line(const char **file, int *line); | | ^~~~~~~~~~~~~~~~~~ ``` Configure optee-test to build with its own openssl. Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-test: Add missing license GPL-2.0Tom Hochstein2022-02-241-1/+1
| | | | | | | As the license file states, the client applications (optee_test/host/*) are provided under the GPL-2.0 license. Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-test: Upgrade 3.10.0.imx -> 3.15.0.imxTom Hochstein2022-02-241-3/+7
| | | | Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-test: Cleanup install and FILESTom Hochstein2022-02-241-5/+5
| | | | | | | - Use variables properly for the install and FILES - Simplify the FILES update with an append Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-client: Upgrade 3.10.0.imx -> 3.15.0.imxTom Hochstein2022-02-241-6/+10
| | | | Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-os: Install embedded TAsTom Hochstein2022-02-241-1/+7
| | | | | | | optee-os has some embedded TAs like AVB or PKCS11 that must be installed in the filesystem. Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-os: Use variable for includedir installTom Hochstein2022-02-241-2/+2
| | | | Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-os: Use tee-raw.bin binaryTom Hochstein2022-02-241-2/+2
| | | | | | | | | | | | | During the optee-os compilation, the gen_tee_bin.py script generates a tee-raw.bin that is more space efficient and could replace the tee.bin binary manually generated in the optee-os recipe by objcpy. This patch greatly reduces the size of tee.bin. On 64 bits platforms, we observe a size descrease of ~68%, and on 32 bits platforms, a size decrease of ~45%. Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-os: Upgrade 3.10.0.imx -> 3.15.0.imxTom Hochstein2022-02-241-3/+2
| | | | Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-os: Use SoC override for i.MX6UL, i.MX6ULL and i.MX6ULZtopic/generalize-soc-overridesOtavio Salvador2022-02-211-4/+4
| | | | Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
* Rework recipes to use imx-nxp-bsp more extensivelyOtavio Salvador2022-02-212-2/+2
| | | | | | | | | | | | | | | | | | | | | | This rework the recipes making use of new imx-nxp-bsp override; it has been applied to: - gstreamer1.0 - gstreamer1.0-plugins-bad - gstreamer1.0-plugins-base - gstreamer1.0-plugins-good - imx-alsa-plugins - imx-codec - imx-gst1.0-plugin - imx-parser - libdrm - libimxdmabuffer - linux-fslc-imx - linux-imx - optee-client - optee-test Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
* Generalize overrides subsystem for NXP and Mainline supportOtavio Salvador2022-02-213-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Essentially, we extend the overrides to a generic-bsp, nxp-bsp, and mainline-bsp. So, for example, the mx8mq override is split into: - imx-generic-bsp: compatible with every i.MX SoC and both BSP variants - imx-nxp-bsp: compatible with every i.MX SoC but specific to NXP BSP - imx-mainline-bsp: compatible with every i.MX SoC but specific to Mainline BSP - mx8-generic-bsp: compatible with every i.MX8 SoC and both BSP variants - mx8-nxp-bsp: compatible with every i.MX8 SoC but specific to NXP BSP - mx8-mainline-bsp: compatible with every i.MX8 SoC but specific to Mainline BSP - mx8m-generic-bsp: compatible with every i.MX8M SoC and both BSP variants - mx8m-nxp-bsp: compatible with every i.MX8M SoC but specific to NXP BSP - mx8m-mainline-bsp: compatible with every i.MX8M SoC but specific to Mainline BSP - mx8mq-generic-bsp: compatible with every i.MX8MQ SoC and both BSP variants - mx8mq-nxp-bsp: compatible with every i.MX8MQ SoC8 but specific to NXP BSP - mx8mq-mainline-bsp: compatible with every i.MX8MQ SoC but specific to Mainline BSP The extender mechanism is responsible for extending the override list to include the generic overrides. We can then use the three different variants to handle the metadata correctly. Generically speaking, the conversion mainly was automated (with a lot of back and forth until getting it right). To convert an existing layer, the following script can be used: ```sh git ls-files classes recipes-* \ | xargs sed -i \ -e 's,:\(mx[6-8]\w*\),:\1-nxp-bsp,g' \ -e 's,(\(mx[6-8]\w*\)),(\1-nxp-bsp),g' \ -e 's,\(mx[6-8]\w*\)|,\1-nxp-bsp|,g' \ -e 's,|\(mx[6-8]\w*\)),|\1-nxp-bsp),g' \ \ -e 's,:\(mx[5s]\w*\),:\1-generic-bsp,g' \ -e 's,(\(mx[5s]\w*\)),(\1-generic-bsp),g' \ -e 's,\(mx[5s]\w*\)|,\1-generic-bsp|,g' \ -e 's,|\(mx[5s]\w*\)),|\1-generic-bsp),g' \ \ -e 's,:\(vf\w*\),:\1-generic-bsp,g' \ -e 's,:\(vf[56]0\w*\),:\1-generic-bsp,g' \ -e 's,\(vf\w*\)|,\1-generic-bsp|,g' \ -e 's,|\(vf\w*\)),|\1-generic-bsp),g' \ -e 's,\(vf[56]0\w*\)|,\1-generic-bsp|,g' \ -e 's,|\(vf[56]0\w*\)),|\1-generic-bsp),g' \ \ -e 's,:\(imx\) ,:\1-nxp-bsp ,g' \ -e 's,(\(imx\)),(\1-nxp-bsp),g' \ -e 's,\(imx\)|,\1-nxp-bsp|,g' \ -e 's,|\(imx\)),|\1-nxp-bsp),g' for d in $(find -type d | egrep '/mx[6-8]w*'); do git mv $d $d-nxp-bsp done for d in $(find -type d | egrep '/imx$'); do git mv $d $d-nxp-bsp done for d in $(find -type d | egrep '/mx[5s]w*'); do git mv $d $d-generic-bsp done ``` Fixes: #791. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
* optee-imx: clarify BSD licenseAndrey Zhizhikin2022-02-183-3/+3
| | | | | | | | | | | | | | | | Since upstream commit 14d4c007c4 ("common-licences: remove ambiguous "BSD" license"), ambiguous "BSD" license has been removed from OE-Core. This triggers the warning message in QA: do_populate_lic_deploy: QA Issue: The license listed BSD was not in the licenses collected for recipe optee-os [license-file-missing] OP-TEE is licensed under "BSD-2-Clause" and license text clearly identifies it. Correct LICENSE variable to indicate proper License SPDX identifier. Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
* Merge pull request #970 from tprrt/tprrt/fix-optee-overridesOtavio Salvador2022-02-023-5/+4
|\ | | | | optee: fix override syntax
| * optee-test: correct TA_DEV_KIT_DIRThomas Perrot2022-02-021-2/+2
| | | | | | | | | | | | | | The value is either ${STAGING_INCDIR}/optee/export-user_ta_arm32/ or ${STAGING_INCDIR}/optee/export-user_ta_arm64/ Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
| * optee-os: fix an override syntaxThomas Perrot2022-02-021-2/+1
| | | | | | | | | | | | Correct a forgotten change when switching to the new syntax. Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
| * optee-client: fix an override syntaxThomas Perrot2022-02-021-1/+1
| | | | | | | | | | | | Correct a forgotten change when switching to the new syntax. Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
* | optee-test: replace old pycrypto with pycryptodomeThomas Perrot2022-02-021-1/+1
|/ | | | | | | For security reason, pycrypto is no longer available, but it can be replaced by pycryptodome. Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
* optee-qoriq: upgrade to 3.13Ting Liu2021-10-1512-212/+247
| | | | Signed-off-by: Ting Liu <ting.liu@nxp.com>
* optee-os-qoriq: fix wrong overridesTing Liu2021-10-131-1/+1
| | | | Signed-off-by: Ting Liu <ting.liu@nxp.com>
* optee-os: Add support for imx6qdlsabre* machinesTom Hochstein2021-08-211-0/+2
| | | | Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* layer: Convert to new override syntaxKhem Raj2021-08-125-42/+42
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* optee-os: Remove unneeded dependency on python3-pycrptoOtavio Salvador2021-03-241-1/+1
| | | | | | | The python3-pycrpto is provided by python3-pycryptodomex, and in fact is not provided on OpenEmbedded anymore so it cannot be used. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
* optee-os: Cleanup build optionsTom Hochstein2021-03-181-13/+7
| | | | | | | | | | | - Move log level variables to EXTRA_OEMAKE to simplify overriding - Set LDFLAGS and CFLAGS globally, like normal - Set -C in EXTRA_OEMAKE - Drop do_compile after all of the above - Drop un-necessary override of B variable - Simplify creation of tee.bin link in DEPLOYDIR Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-imx: add compatibility with imx-boot-containerAndrey Zhizhikin2021-03-171-1/+1
| | | | | | | | | | NXP version of OP-TEE is required to be packed in the boot container if optee feature is enabled in machine features. Add compatibility with imx-boot-container in order to pick up binaries produced by this package. Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
* optee-imx: Upgrade to 3.10.0Tom Hochstein2021-03-1610-542/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Update all recipes to pull sources from imx_5.4.70_2.3.0 branch in NXP upstream and update SRCREV to match release tags. Update PREFERRED_VERSION of optee for mx8 to point to 3.10.0.imx. Following notes are additions to the version update of recipes: -------------------------- optee-client: - Drop CFLAGS patch as it is already applied upstream optee-os: - Drop gcc10 patch as it is already applied upstream - Add dependency on python3-pycryptodomex-native - Drop NOWERROR flag as package is reworked to disable warnings by default - Rework mkimage load address since tee-init_load_addr.txt is no longer created optee-test: - Drop python3 patch as it is already applied upstream - Remove unused patch files from layer - Add dependency on python3-pycryptodomex-native - Add sysroot to C and C++ flags Fixes #686, fixes #689. Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-os_3.7.0.imx.bb: Fix platform flavor for imx8mq-evkCristinel Panfir2021-02-151-0/+1
| | | | | | | | | Due to machine renaming the PLATFORM_FLAVOR need to be updated according makefile. ... | core/arch/arm/plat-imx/conf.mk:211: *** Unsupported PLATFORM_FLAVOR "mx8mq-evk". Stop. ... Signed-off-by: Cristinel Panfir <cristinel.panfir@nxp.com>
* optee-os: Fix the platform for imx8qm-mekTom Hochstein2021-02-131-1/+2
| | | | | | | | | | | | | After the machine name change, the default setting for PLATFORM_FLAVOR no longer works. ``` | core/arch/arm/plat-imx/conf.mk:211: *** Unsupported PLATFORM_FLAVOR "mx8qm-mek". Stop. ``` Set the correct name again manually with SOC override. Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-os: Fix 6ULZ EVK override, drop 8 DXL Phantom overrideTom Hochstein2021-01-211-13/+12
| | | | Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-test-qoriq: DEPENDS python3-pycryptodomex-nativeTing Liu2020-12-171-1/+1
| | | | | | | | | Fix: | /usr/include/optee/export-user_ta/scripts/sign_encrypt.py", line 131, in main | from Cryptodome.Signature import pss | ModuleNotFoundError: No module named 'Cryptodome' Signed-off-by: Ting Liu <ting.liu@nxp.com>
* optee-os-qoriq: upgrade to 3.8.0Ting Liu2020-12-165-395/+50
| | | | Signed-off-by: Ting Liu <ting.liu@nxp.com>
* optee-client-qoriq: upgrade to 3.8.0Ting Liu2020-12-164-92/+28
| | | | | | | Switch to use codes from https://github.com/OP-TEE/optee_client, tag: 3.8.0 Signed-off-by: Ting Liu <ting.liu@nxp.com>