summaryrefslogtreecommitdiffstats
path: root/recipes-security
Commit message (Collapse)AuthorAgeFilesLines
* optee-qoriq: upgrade to 3.13Ting Liu2021-10-1512-212/+247
| | | | Signed-off-by: Ting Liu <ting.liu@nxp.com>
* optee-os-qoriq: fix wrong overridesTing Liu2021-10-131-1/+1
| | | | Signed-off-by: Ting Liu <ting.liu@nxp.com>
* optee-os: Add support for imx6qdlsabre* machinesTom Hochstein2021-08-211-0/+2
| | | | Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* layer: Convert to new override syntaxKhem Raj2021-08-125-42/+42
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* optee-os: Remove unneeded dependency on python3-pycrptoOtavio Salvador2021-03-241-1/+1
| | | | | | | The python3-pycrpto is provided by python3-pycryptodomex, and in fact is not provided on OpenEmbedded anymore so it cannot be used. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
* optee-os: Cleanup build optionsTom Hochstein2021-03-181-13/+7
| | | | | | | | | | | - Move log level variables to EXTRA_OEMAKE to simplify overriding - Set LDFLAGS and CFLAGS globally, like normal - Set -C in EXTRA_OEMAKE - Drop do_compile after all of the above - Drop un-necessary override of B variable - Simplify creation of tee.bin link in DEPLOYDIR Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-imx: add compatibility with imx-boot-containerAndrey Zhizhikin2021-03-171-1/+1
| | | | | | | | | | NXP version of OP-TEE is required to be packed in the boot container if optee feature is enabled in machine features. Add compatibility with imx-boot-container in order to pick up binaries produced by this package. Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
* optee-imx: Upgrade to 3.10.0Tom Hochstein2021-03-1610-542/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Update all recipes to pull sources from imx_5.4.70_2.3.0 branch in NXP upstream and update SRCREV to match release tags. Update PREFERRED_VERSION of optee for mx8 to point to 3.10.0.imx. Following notes are additions to the version update of recipes: -------------------------- optee-client: - Drop CFLAGS patch as it is already applied upstream optee-os: - Drop gcc10 patch as it is already applied upstream - Add dependency on python3-pycryptodomex-native - Drop NOWERROR flag as package is reworked to disable warnings by default - Rework mkimage load address since tee-init_load_addr.txt is no longer created optee-test: - Drop python3 patch as it is already applied upstream - Remove unused patch files from layer - Add dependency on python3-pycryptodomex-native - Add sysroot to C and C++ flags Fixes #686, fixes #689. Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-os_3.7.0.imx.bb: Fix platform flavor for imx8mq-evkCristinel Panfir2021-02-151-0/+1
| | | | | | | | | Due to machine renaming the PLATFORM_FLAVOR need to be updated according makefile. ... | core/arch/arm/plat-imx/conf.mk:211: *** Unsupported PLATFORM_FLAVOR "mx8mq-evk". Stop. ... Signed-off-by: Cristinel Panfir <cristinel.panfir@nxp.com>
* optee-os: Fix the platform for imx8qm-mekTom Hochstein2021-02-131-1/+2
| | | | | | | | | | | | | After the machine name change, the default setting for PLATFORM_FLAVOR no longer works. ``` | core/arch/arm/plat-imx/conf.mk:211: *** Unsupported PLATFORM_FLAVOR "mx8qm-mek". Stop. ``` Set the correct name again manually with SOC override. Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-os: Fix 6ULZ EVK override, drop 8 DXL Phantom overrideTom Hochstein2021-01-211-13/+12
| | | | Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
* optee-test-qoriq: DEPENDS python3-pycryptodomex-nativeTing Liu2020-12-171-1/+1
| | | | | | | | | Fix: | /usr/include/optee/export-user_ta/scripts/sign_encrypt.py", line 131, in main | from Cryptodome.Signature import pss | ModuleNotFoundError: No module named 'Cryptodome' Signed-off-by: Ting Liu <ting.liu@nxp.com>
* optee-os-qoriq: upgrade to 3.8.0Ting Liu2020-12-165-395/+50
| | | | Signed-off-by: Ting Liu <ting.liu@nxp.com>
* optee-client-qoriq: upgrade to 3.8.0Ting Liu2020-12-164-92/+28
| | | | | | | Switch to use codes from https://github.com/OP-TEE/optee_client, tag: 3.8.0 Signed-off-by: Ting Liu <ting.liu@nxp.com>
* optee-test-qoriq: upgrade to 3.8.0Ting Liu2020-12-163-84/+5
| | | | | | | Switch to use codes from https://github.com/OP-TEE/optee_test, tag: 3.8.0 Signed-off-by: Ting Liu <ting.liu@nxp.com>
* optee-test_3.7.0.imx: fix optee-test buildPeter Griffin2020-12-151-0/+7
| | | | | | | | | | | Currently nothing is built for optee-test which means do_install() fails copying xtest binary. Align the do_compile() with upstream meta-arm optee-test recipe. With this patch the build then completes OK. Fixes: a66dc98 Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
* optee-imx: upgrade to version 3.7.0Andrey Zhizhikin2020-09-237-537/+118
| | | | | | | | | | | | | | | | | | | | | | | Update all recipes to pull sources from imx_5.4.24_2.1.0 branch in NXP upstream and update SRCREV to match release tags. Update PREFERRED_VERSION of optee for mx8 to point to 3.7.0.imx. Following notes are additions to the version update of recipes: -------------------------- optee-os: - Refresh gcc10 patch to resolve the fuzz during apply - Drop python patch as it is already applied upstream - Add new machines to the list optee-client: - Update CFLAGS patch to match 3.7.0 version - Split ${B} from ${S}, this makes build more clear optee-test: - Remove do_compile task and substitute with OEMAKE Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
* optee-os: backport to fix gcc10 compilation issueTing Liu2020-09-092-0/+162
| | | | Signed-off-by: Ting Liu <ting.liu@nxp.com>
* optee-client: refresh patch applied upstreamAndrey Zhizhikin2020-06-231-9/+29
| | | | | | | | | | | PR has been closed upstream with modifications to originally submitted patch. Later implementation implied more modification, which are not compatible with current version, therefore accepted patch has been backported to this fork. Refresh patch file with updated version from upstream. Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
* optee-os: backport gcc10 compilation fix from upstreamAndrey Zhizhikin2020-06-233-65/+159
| | | | | | | | | | | | | | Backport PR 3891 [1] from OP-TEE upstream repository. This PR solves GCC10 compilation issue when new compiler option `outline-atomics` is not implemented and causes the linker error. In addition, above upstream PR solves issue with 'cc-option` macro, which is necessary to be used to provide comptibility with GCC <10 to disable the `outline-atomics` option, since it is present only in GCC10. [1]: https://github.com/OP-TEE/optee_os/pull/3891 Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
* optee-client: add patch to avoid CFLAGS overridesAndrey Zhizhikin2020-05-312-1/+37
| | | | | | | | | | | Base optee-client implementation uses immediate assignment of CFLAGS variable in it's build structure, which causes Yocto CFLAGS to be overridden and not properly propagated into the build system. Introduce a patch which uses append operator intead of immediate assignment to have both CFLAGS variables to be combined. Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
* optee-client: fix build architecture for aarch64Andrey Zhizhikin2020-05-311-9/+5
| | | | | | | | | | | | | | | Overridden do_compile() task relies on an old DEFAULTTUNE set to identify if the build should target arm32 or arm64 architecture, and has a direct comparison to the generic tune. Since aarch64 tune for some derivatives has been switched to a more specialized types (cortexa53-crypto), this causes the check to fail and build defaults to arm32, which is not desired behavior. Define OPTEE_ARCH to a proper value based on machine overrides, drop the task override and use standard Yocto mechanisms to provide additional parameters to make. Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
* optee-os: fix gcc10 build for imx forkAndrey Zhizhikin2020-05-262-0/+65
| | | | | | | | | | | | | | | | | | | | | | | | | OP-TEE OS component fails to build on gcc10 due to missing __getauxval function. This can be resolved via disabling of outline-atomics feature in gcc10. Backport upstream patch [1] with adaptions to optee-imx version. Original patch uses $(call cc-option,-mno-outline-atomics,) to disable outline-atomics which itself is broken and required 4 additional patches to be compatible with gcc and clang. This is resolved in the upstream PR [2], which is applicable to the latest upstream version. NXP fork contains old version of OP-TEE, and therefore would receive the update for Makefiles with new version. Since it is not required to make current NXP version compatible with old compiler versions on master branch - outline-atomics are disabled directly. [1]: https://github.com/OP-TEE/optee_os/pull/3891/commits/e07c2b062846df4385542f4e4fe08b40cf7d8191 [2]: https://github.com/OP-TEE/optee_os/pull/3891 Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
* optee-test-qoriq: add patch to use python3Ting Liu2020-05-062-0/+49
| | | | | | python2 is EOL January 2020. This fixes build failure due to python2. Signed-off-by: Ting Liu <ting.liu@nxp.com>
* optee-os: Replace /lib by ${nonarch_base_libdir} in do_installantznin2020-05-051-2/+2
| | | | | | | | | | | This fixes a do_package error when using `usrmerge` in `DISTRO_FEATURES`. In that case the bin files should have been installed in /usr/lib. Using ${nonarch_base_libdir} makes the location specific to distro settings. Signed-off-by: antznin <agodard@witekio.com> Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Change-Id: I9d6c015975b093f74f29927a7e8bdfd87fd3dc09
* optee-test_3.2.0.imx: fix TA_DEV_KIT_DIR is not correctly defined errorPeter Griffin2020-04-231-7/+7
| | | | | | | | | | | | | | | | | DEFAULTTUNE is no longer aarch64 which means optee-test build fails. Update to use the same mechanism as optee-os recipe for setting arch. Build now passes on imx8mq-evk and optee xtest suite passes +----------------------------------------------------- 16078 subtests of which 3 failed 74 test cases of which 3 failed 0 test case was skipped TEE test application done! Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
* optee-os-qoriq: add patch to use python3Ting Liu2020-04-202-0/+81
| | | | | | python2 is EOL January 2020. This fixes build failure due to python2. Signed-off-by: Ting Liu <ting.liu@nxp.com>
* optee-test_3.2.0.imx: add patch to use python3, backported from v3.8.0Peter Griffin2020-04-172-0/+49
| | | | | | | | This avoids build errors such as optee-test/3.2.0.imx-r0/git/out/ta/crypt//mid_crt.c] Error 127 | /usr/bin/env: ‘python’: No such file or directory Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
* optee-imx: upgrade to lf-5.4.yAndrey Zhizhikin2020-04-163-13/+6
| | | | | | | | | | Upgrade optee recipes to fetch sources from lf-5.4.y branch, this is aligned with new kernel release from NXP. optee-os and optee-client has build defines dropped, this is originated in NXP fork. Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
* optee-test-qoriq: update to python3-pycrypto-native dependencyChunrong Guo2020-02-111-1/+1
| | | | Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com>
* optee-os-qoriq: update to python3-pycrypto-native dependencyChunrong Guo2020-02-111-1/+1
| | | | Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com>
* optee-test: update to python3-pycrypto-native dependencyPeter Griffin2020-02-031-1/+1
| | | | | | As python2 packages are now dropped in oe-core. Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
* optee[-imx]: update recipes to use python3Andrey Zhizhikin2020-01-237-8/+439
| | | | | | | | | | Since Python2 is dropped in oe-core and classes are not available anymore, optee components should be updated to utilize python3. optee-os recipe received an additionl patch to re-target the Python version in the source tree to python3. Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
* optee-test_3.2.0.imx: remove no longer required gcc fixesPeter Griffin2020-01-143-140/+0
| | | | | | | These are now present in the new op-tee fork version. Fixes: 020d818 Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
* optee-client_3.2.0.imx: remove 0001-libteec-refactor-_dprintf.patchPeter Griffin2020-01-142-173/+1
| | | | | | | | This patch no longer applies as it is already included in the new optee-client tag. Fixes: 020d818 Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
* optee-imx: add (backported) patches for GCC 9 & muslAndré Draszik2020-01-085-0/+252
| | | | | | | See the individual patches - all patches are simply backports from optee upstream releases. Signed-off-by: André Draszik <andre.draszik@jci.com>
* optee-[client,test]: upgrade to 4.19.35_1.1.0Andrey Zhizhikin2020-01-082-4/+4
| | | | | | | This upgrade is required to support new i.MX8M Nano SoC and is also aligned with all optee-imx components. Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
* optee-os: update to 4.19.35_1.1.0 and introduce imx8mn configAndrey Zhizhikin2020-01-081-2/+3
| | | | | | | | | | | In order to support new i.MX8M Nano SoC, optee-os should be upgraded to use the imx_4.19.35_1.1.0 branch, which contains the support for new machine. In addition, introduce additional PLATFORM_FLAVOR for new imx8mnevk machine. Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
* optee-os_3.2.0: change PLATFORM_FLAVOR for imx6ulz14x14evkClement Faure2019-11-261-1/+1
| | | | | | The platform flavor 'mx6ulzevk' has been added to Optee-OS. Signed-off-by: Clement Faure <clement.faure@nxp.com>
* optee-imx: Make it imx specificKhem Raj2019-11-101-0/+1
| | | | | | | Fails to build on qemu | core/arch/arm/plat-imx/conf.mk:112: *** Unsupported PLATFORM_FLAVOR "emuarm". Stop. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* optee-client: Add support for optee-client imx forkPeter Griffin2019-11-083-0/+239
| | | | | | This also includes some backported gcc 8 fixes from upstream. Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
* optee-test: add optee-test imx forkPeter Griffin2019-11-083-0/+195
| | | | | | | This also includes some backported gcc 8 fixes from upstream. Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
* optee-os: add optee-os imx forkPeter Griffin2019-11-081-0/+92
| | | | Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
* optee-os-qoriq: update to 4e8d2e5Chunrong Guo2019-10-211-1/+1
| | | | | | | | | | | *update to lsdk 1909 tag include the following changes: 4e8d2e5 - Merge pull request #19 in DASH/optee_os from ~NXA19713/optee_os:master to master 94bd7cc - Copyright header update. 9c09a28 - Merge pull request #18 in DASH/optee_os from ~NXA19713/optee_os:master to master 587183a - plat-ls:add LS1028ARDB platform Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com>
* optee-os-qoriq: Fix alignment of data for mempool_alloc_pool()Chunrong Guo2019-09-042-0/+149
| | | | Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com>
* optee-test-qoriq: fix build failure with GCC9Chunrong Guo2019-07-123-40/+29
| | | | | | | *fix the below error: |error: '%*s' directive argument is not a nul-terminated string [-Werror=format-overflow=] Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com>
* optee-os-qoriq: add OPTEEMACHINE for ls1088ardb-pb and ls1046afrwyChunrong Guo2019-07-121-0/+2
| | | | Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com>
* optee-test-qoriq:update to 6690584Chunrong Guo2019-04-111-2/+1
| | | | | | | | | | | | | | | | | *update to lsdk 1903 tag include the following changes: 6690584 - cmake: locate files WRT to project home directory f6f68a2 - regression 6000: fix uninitialized local variables 0cf4cfe - regression 4100: fix uninitialized local variable 481c660 - regression 4000: fix uninitialized local variable a410edb - xtest --aes-perf: add -u option to process buffer in several steps 5401161 - improve xtest summary message a8c8f87 - regression: split 4007 into key types 0953bf0 - regression 4011: correct potential overflow 493574a - xtest: prevent unexpected build warning with strncpy 7dbf877 - regression: 6010: add rename conflict case (with close) Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com>
* optee-os-qoriq:update to b7a1527Chunrong Guo2019-04-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | *update to lsdk 1903 tag include the following changes: b7a1527 - Merge pull request #15 in DASH/optee_os from ~NXA18717/optee_os:master to master 6fac599 - plat-ls: Corrected GIC configuration for GIVv3 SoCs b3f7be2 - plat-ls: Corrected GIC configuration for ls1043ardb. a0bfef6 - plat-ls: updated conf.mk to set CFG_USER_TA_TARGETS 406c609 - Update CHANGELOG.md for 3.4.0 86b8b34 - core: arm32: fix gicv3 fiq race 41b2940 - core: syscall_storage_obj_create(): fix a memory leak 4198578 - plat-vexpress: disable uart IT with TF-A and GICv3 84e9c40 - core: svc_cryp: fix truncated buffer length d5c5b0b - core: svc: always check ta parameters c6edc12 - core: entry_std: check value of num_params c4f75cc - core: optee_msg.h: define OPTEE_MSG_MAX_NUM_PARAMS 95f36d6 - core: tee_mmu_check_access_rights() check all pages 359324a - svc: Initialize tmp_va_buf to prevent a TOCTOU attack e3adcf5 - core: ensure that supplied range matches MOBJ 99e8a8c - svc: fix NULL pointer dereference during storage enumeration ea8357c - svc: check for overflow when allocating a BigNum buffer 54ebc3a - svc: avoid TOCTOU issue in syscall_hash_final 70697bf - svc: check for allocation overflow in crypto calls part 2 a637243 - svc: check for allocation overflow in crypto calls b60e1ce - svc: check for allocation overflow in syscall_cryp_obj_populate Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com>
* optee-client-qoriq:update to 0842873Chunrong Guo2019-04-111-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | *update to lsdk 1903 tag include the following changes: 0842873 - flags: add -D_FILE_OFFSET_BITS=64 to support large files 28eea17 - libteec: Makefile: Generate .so files the same way as CMake 656e427 - tee_supplicant: gprof: fix compile error c48bc3b - tee-supplicant: cmake: enable RPMB emulation by default b6bfce9 - Makefile and config.mk: remove export in config.mk 66cdd5d - tee-supplicant: add daemon mode (-d) 5355fdb - Do not set -Werror by default 9c5e24c - tee-supplicant: rpmb.c: add __attribute__((fallthrough)) 0361f9b - libteec: refactor _dprintf() 8742233 - benchmark: fix computation of page address bd0e7c8 - Android related files: changes to work with Treble enabled build 9a63135 - Android.mk & config.mk: move teec.log/teesupp.log under /data/tee 6b4ca04 - benchmark: fix compilation issues 2d542f2 - Do not export CMakeLists.txt when running install 0fc28f2 - libteec: Fix incorrect SOVERSION number 3f16662 - tee-supplicant: cast sizeof(x) to socklen_t 23b22b1 - tee-supplicant: fix gcc warning e0a12e2 - cmake: Initial CMake support 33fa3c1 - tee-supplicant: fix use of mem after it's freed 09b69af - libteec/tee-supplicant: respect LDFLAGS set from distribution toolchain 9681680 - libteec/Makefile: generate static library (libteec.a) 73b4e49 - tee-supplicant: REE fs open file with O_SYNC flag 075c56e - tee_supplicant: add register memory feature *remove patch Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com>