From 71bcca683f3f8ae9fcaf1156e7b5add649417ace Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Mon, 31 Oct 2022 15:55:06 -0500 Subject: optee-os: Update lf-5.15.32_2.0.0 -> lf-5.15.52_2.1.0 Changes: ``` 9e86c8b6b LFOPTEE-169 imx_ele: use get_info command to get the soc revision 74f662cf4 LFOPTEE-169 imx_ele: check ELE TRNG status before getting random numbers f74752516 LFOPTEE-196 imx_ele: make the difference ELE_VERSION_BASELINE and ELE_VERSION_HSM c3f658958 LFOPTEE-172 core: imx_ele: cache the die ID 96dc392d7 scripts: nxp_build: remove ls1012afrwy platform 31125f8be core: plat-ls: remove OP-TEE support for LS1012A-FRWY platform bb2173330 core: plat-ls: correct expression CFG_NUM_THREADS ?= CFG_TEE_CORE_NB_CORE 2166caac3 core: plat-ls: set CFG_NUM_THREADS ?= 2 for LS1012ARDB 21059100b drivers: caam: increase the minimum entropy delay the imx6sx a3d4b52b0 drivers: imx: dcp: disable the use of UNIQUE KEY after HUK generation 9162aecfd drivers: imx: dcp: clear OTP_KEY bit for unique key selection d5144e4a9 drivers: imx: dcp: workaround DCP errata 051292 d61caabeb core: pta: return error code when failing to deserialize saved key 198e47860 core: pta: attestation: fix buffer size for generated key c1e398428 drivers: pm: remove file with license issue 2a725689b LF-6067 drivers: caam: map the CAAM registers with the CAAM_SIZE value 639dfbc1f LF-6067 core: ls: add CAAM_SIZE values for LS platforms 42a864fd1 LF-6067 core: imx: add CAAM_SIZE values for i.MX platforms 6ebec0d2a LFOPTEE-159 drivers: imx_snvs: re-work security state for imx8m platforms 588403cd7 LFOPTEE-158 scripts: add imx93evk platform 18e11b984 LFOPTEE-158 core: imx: add support imx93evk platform 813af1a3c LFOPTEE-158 core: imx: add imx93 SoC ID aea51ea0b LFOPTEE-158 core: imx: add imx93 registers ede0b7183 LFOPTEE-158 core: imx: simplify the error macro message 742bee71c drivers: imx_snvs: fix the is_otpmk_valid() logic 6bb686a04 drivers: imx_snvs: fix SNVS register read operation 111482cfe LFOPTEE-146 drivers: imx_ele: add CRC computation and check for ELE calls dd227c6c5 LFOPTEE-146 drivers: imx_ele: reformat code for consistency 907c2f86f LFOPTEE-146 drivers: imx_ele: ask the ELE for the unique device ID b421225d9 LFOPTEE-146 drivers: remove imx_ele_mu_init() function 09e9d1b62 LFOPTEE-146 drivers: imx_mu: increase the message limit size b6c4a695b core: plat-ls: correct CAAM JR interrupt numbers 13ce5deb6 LFOPTEE-147 core: imx: fix uninitialized return value e5ea58a7b LFOPTEE-141 drivers: imx_mu: Disable foreign exception when sending message to MU ``` Signed-off-by: Tom Hochstein (cherry picked from commit 282e2619f00fb7b1a006fa09627fd4d4a74ba107) --- recipes-security/optee-imx/optee-os_3.17.0.imx.bb | 30 ++++++++++++++--------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/recipes-security/optee-imx/optee-os_3.17.0.imx.bb b/recipes-security/optee-imx/optee-os_3.17.0.imx.bb index 93e0ff6e..b6452ef0 100644 --- a/recipes-security/optee-imx/optee-os_3.17.0.imx.bb +++ b/recipes-security/optee-imx/optee-os_3.17.0.imx.bb @@ -8,15 +8,16 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" DEPENDS = "python3-cryptography-native python3-pyelftools-native u-boot-mkimage-native" -SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH}" -SRCBRANCH = "lf-5.15.32_2.0.0" -SRCREV = "984996422c25c99ebfc5194c1bb393028605bb0c" +SRC_URI = "git://github.com/nxp-imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH}" +SRCBRANCH = "lf-5.15.52_2.1.0" +SRCREV = "9e86c8b6b102efa09ada451d0383ea3d11f8fad6" SRC_URI:append = " \ file://0008-no-warn-rwx-segments.patch \ " S = "${WORKDIR}/git" +B = "${WORKDIR}/build" inherit deploy python3native autotools features_check @@ -60,20 +61,29 @@ EXTRA_OEMAKE = " \ -C ${S} O=${B} \ " -LDFLAGS = "" +LDFLAGS[unexport] = "1" CFLAGS += "--sysroot=${STAGING_DIR_HOST}" CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" +do_configure[noexec] = "1" + +do_compile:arm () { + oe_runmake all uTee +} + +do_compile:aarch64 () { + oe_runmake all +} +do_compile[cleandirs] = "${B}" + do_deploy () { install -d ${DEPLOYDIR} cp ${B}/core/tee-raw.bin ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin ln -sf tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/tee.bin +} - if [ "${OPTEE_ARCH}" != "arm64" ]; then - IMX_LOAD_ADDR=`${TARGET_PREFIX}readelf -h ${B}/core/tee.elf | grep "Entry point address" | awk '{print $4}'` - uboot-mkimage -A arm -O linux -C none -a ${IMX_LOAD_ADDR} -e ${IMX_LOAD_ADDR} \ - -d ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/uTee-${OPTEE_BIN_EXT} - fi +do_deploy:append:arm () { + cp ${B}/core/uTee ${DEPLOYDIR}/uTee-${OPTEE_BIN_EXT} } do_install () { @@ -82,7 +92,6 @@ do_install () { # Install the TA devkit install -d ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ - for f in ${B}/export-ta_${OPTEE_ARCH}/*; do cp -aR $f ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ done @@ -96,7 +105,6 @@ do_install () { addtask deploy after do_compile before do_install - FILES:${PN} = "${nonarch_base_libdir}/firmware/ ${nonarch_base_libdir}/optee_armtz/" FILES:${PN}-staticdev = "${includedir}/optee/" RDEPENDS:${PN}-dev += "${PN}-staticdev" -- cgit v1.2.3-54-g00ecf From 91bddd142b76943d70e917fca0e26834939808a4 Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Mon, 31 Oct 2022 15:58:24 -0500 Subject: optee-client: Update lf-5.15.32_2.0.0 -> lf-5.15.52_2.1.0 Changes: ``` 9d8f190 Makefile: Makefile: only preserve links when installing output files 9a33704 public: Fix simple typo in tee_client_api.h 8aed3ed tee-supplicant: accept -r as a short option for --rpmb-cid 5a69d55 tee-supplicant: add --rpmb-cid command line option 88d374e tee-supplicant: rpmb: read CID in one go ba0ed67 tee-supplicant: rpmb: introduce readn() wrapper to the read() syscall 945704e tee-supplicant: fix plugin loading logic edf3072 tee-supplicant: refactor argument parsing in main() 876b1ae tee-supplicant: introduce struct tee_supplicant_params for global config 8b3f7fe libckteec: add support for ECDH derive 06db73b libteec: copy out partial shadow buffer f6e05d3 GitHub actions: fix incorrect version 975fa78 GitHub actions: add a stales.yml file df537dd tee-supplicant: read_with_timeout(): fix non-blocking peeking 6d54f84 tee-supplicant: recv_with_out_flags(): check EINTR f4f54e5 libseteec: Secure Element control e532a51 tee-supplicant: tee_socket_recv(): report truncated datagrams 2a99339 libckteec: check for ckteec_alloc_shm rval b3e9cee tee-supplicant: handle ftell() errors 9876c9c teec_ta_load: replace printfs with DMSGs ae19e95 .gitignore: add tags and TAGS ``` Signed-off-by: Tom Hochstein (cherry picked from commit 9e4dae7a7bbb0135c7c2e009f9345d23ed8b03b5) --- recipes-security/optee-imx/optee-client_3.17.0.imx.bb | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/recipes-security/optee-imx/optee-client_3.17.0.imx.bb b/recipes-security/optee-imx/optee-client_3.17.0.imx.bb index 53ee5bc4..6f0435fe 100644 --- a/recipes-security/optee-imx/optee-client_3.17.0.imx.bb +++ b/recipes-security/optee-imx/optee-client_3.17.0.imx.bb @@ -5,13 +5,11 @@ HOMEPAGE = "http://www.optee.org/" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" -SRCBRANCH = "lf-5.15.5_1.0.0" SRC_URI = " \ - git://source.codeaurora.org/external/imx/imx-optee-client.git;protocol=https;branch=${SRCBRANCH} \ - file://tee-supplicant.service \ -" - -SRCREV = "182874320395787a389e5b0f7df02b32f3c0a1b0" + git://github.com/nxp-imx/imx-optee-client.git;protocol=https;branch=${SRCBRANCH} \ + file://tee-supplicant.service" +SRCBRANCH = "lf-5.15.52_2.1.0" +SRCREV = "9d8f1903bbea3a1e631c8d26ee51c37020569312" S = "${WORKDIR}/git" B = "${WORKDIR}/build" @@ -22,11 +20,9 @@ REQUIRED_MACHINE_FEATURES = "optee" SYSTEMD_SERVICE:${PN} = "tee-supplicant.service" -OPTEE_ARCH ?= "arm32" -OPTEE_ARCH:armv7a = "arm32" -OPTEE_ARCH:aarch64 = "arm64" - -EXTRA_OEMAKE = "ARCH=${OPTEE_ARCH} O=${B}" +EXTRA_OEMAKE = " \ + -C ${S} O=${B} \ +" do_install () { oe_runmake -C ${S} install -- cgit v1.2.3-54-g00ecf From d2cf90c4fc09c13c514ff52648b3c49212aa4847 Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Mon, 31 Oct 2022 15:59:26 -0500 Subject: optee-test: Update lf-5.15.32_2.0.0 -> lf-5.15.52_2.1.0 Changes: ``` 41222c4 Makefile: fix ownership contamination when installing output files ae3b1c6 xtest: create output dir before generating regression_8100 header files ``` Signed-off-by: Tom Hochstein (cherry picked from commit aac88e4d334a3eaf63342bd1cf3a2b4cde8c1fca) --- recipes-security/optee-imx/optee-test_3.17.0.imx.bb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/recipes-security/optee-imx/optee-test_3.17.0.imx.bb b/recipes-security/optee-imx/optee-test_3.17.0.imx.bb index 54f92d72..da56eed7 100644 --- a/recipes-security/optee-imx/optee-test_3.17.0.imx.bb +++ b/recipes-security/optee-imx/optee-test_3.17.0.imx.bb @@ -8,9 +8,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" DEPENDS = "python3-cryptography-native optee-os optee-client openssl" -SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH}" -SRCBRANCH = "lf-5.15.32_2.0.0" -SRCREV = "e064126a9769f168d1d0e178b74955e6648683b4" +SRC_URI = "git://github.com/nxp-imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH}" +SRCBRANCH = "lf-5.15.52_2.1.0" +SRCREV = "41222c4b8df1adc0f0bdc737e5cb824becd25f63" S = "${WORKDIR}/git" B = "${WORKDIR}/build" -- cgit v1.2.3-54-g00ecf