From 0c961a51248fc02c6a0bb3691a707495805025a5 Mon Sep 17 00:00:00 2001 From: Andrey Zhizhikin Date: Mon, 31 Aug 2020 08:30:50 +0000 Subject: optee-imx: upgrade to version 3.7.0 Update all recipes to pull sources from imx_5.4.24_2.1.0 branch in NXP upstream and update SRCREV to match release tags. Update PREFERRED_VERSION of optee for mx8 to point to 3.7.0.imx. Following notes are additions to the version update of recipes: -------------------------- optee-os: - Refresh gcc10 patch to resolve the fuzz during apply - Drop python patch as it is already applied upstream - Add new machines to the list optee-client: - Update CFLAGS patch to match 3.7.0 version - Split ${B} from ${S}, this makes build more clear optee-test: - Remove do_compile task and substitute with OEMAKE Signed-off-by: Andrey Zhizhikin --- conf/machine/include/imx-base.inc | 6 +- ...01-flags-do-not-override-CFLAGS-from-host.patch | 17 +- .../optee-imx/optee-client_3.2.0.imx.bb | 52 --- .../optee-imx/optee-client_3.7.0.imx.bb | 52 +++ ...x-gcc10-compilation-issue-and-missing-cc-.patch | 36 +- ...001-scripts-update-scripts-to-use-python3.patch | 427 --------------------- recipes-security/optee-imx/optee-os_3.2.0.imx.bb | 96 ----- recipes-security/optee-imx/optee-os_3.7.0.imx.bb | 100 +++++ recipes-security/optee-imx/optee-test_3.2.0.imx.bb | 58 --- recipes-security/optee-imx/optee-test_3.7.0.imx.bb | 55 +++ 10 files changed, 240 insertions(+), 659 deletions(-) delete mode 100644 recipes-security/optee-imx/optee-client_3.2.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-client_3.7.0.imx.bb delete mode 100644 recipes-security/optee-imx/optee-os/0001-scripts-update-scripts-to-use-python3.patch delete mode 100644 recipes-security/optee-imx/optee-os_3.2.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-os_3.7.0.imx.bb delete mode 100644 recipes-security/optee-imx/optee-test_3.2.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-test_3.7.0.imx.bb diff --git a/conf/machine/include/imx-base.inc b/conf/machine/include/imx-base.inc index 80392f38..0da3f2be 100644 --- a/conf/machine/include/imx-base.inc +++ b/conf/machine/include/imx-base.inc @@ -305,9 +305,9 @@ PREFERRED_VERSION_libdrm_mx7 ?= "2.4.99.imx" PREFERRED_VERSION_libdrm_mx8 ?= "2.4.99.imx" # Use i.MX optee Version -PREFERRED_VERSION_optee-os_mx8 ?= "3.2.0.imx" -PREFERRED_VERSION_optee-client_mx8 ?= "3.2.0.imx" -PREFERRED_VERSION_optee-test_mx8 ?= "3.2.0.imx" +PREFERRED_VERSION_optee-os_mx8 ?= "3.7.0.imx" +PREFERRED_VERSION_optee-client_mx8 ?= "3.7.0.imx" +PREFERRED_VERSION_optee-test_mx8 ?= "3.7.0.imx" # Handle default kernel IMX_DEFAULT_KERNEL = "linux-fslc-imx" diff --git a/recipes-security/optee-imx/optee-client/0001-flags-do-not-override-CFLAGS-from-host.patch b/recipes-security/optee-imx/optee-client/0001-flags-do-not-override-CFLAGS-from-host.patch index 86c360f2..9c6b1069 100644 --- a/recipes-security/optee-imx/optee-client/0001-flags-do-not-override-CFLAGS-from-host.patch +++ b/recipes-security/optee-imx/optee-client/0001-flags-do-not-override-CFLAGS-from-host.patch @@ -1,4 +1,4 @@ -From 6a600c5637c5446ab3d11eb4304a1dd473ec503e Mon Sep 17 00:00:00 2001 +From 591461d6efe51989b4a7f4e875cdf37505eba360 Mon Sep 17 00:00:00 2001 From: Andrey Zhizhikin Date: Thu, 4 Jun 2020 19:24:05 +0000 Subject: [PATCH] flags: do not override CFLAGS from host @@ -19,11 +19,11 @@ Signed-off-by: Andrey Zhizhikin Reviewed-by: Jerome Forissier Reviewed-by: Joakim Bech --- - flags.mk | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) + flags.mk | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flags.mk b/flags.mk -index 71f3d18..faabef9 100644 +index c2f0e1c..65192bc 100644 --- a/flags.mk +++ b/flags.mk @@ -6,7 +6,7 @@ CROSS_COMPILE ?= arm-linux-gnueabihf- @@ -35,10 +35,13 @@ index 71f3d18..faabef9 100644 -Werror-implicit-function-declaration -Wextra \ -Wfloat-equal -Wformat-nonliteral -Wformat-security \ -Wformat=2 -Winit-self -Wmissing-declarations \ -@@ -15,11 +15,11 @@ CFLAGS := -Wall -Wbad-function-cast -Wcast-align \ - -Wpointer-arith -Wshadow -Wstrict-prototypes \ +@@ -16,13 +16,13 @@ CFLAGS := -Wall -Wbad-function-cast -Wcast-align \ -Wswitch-default -Wunsafe-loop-optimizations \ - -Wwrite-strings -Werror + -Wwrite-strings -D_FILE_OFFSET_BITS=64 + ifeq ($(CFG_WERROR),y) +-CFLAGS += -Werror ++override CFLAGS += -Werror + endif -CFLAGS += -c -fPIC +override CFLAGS += -c -fPIC diff --git a/recipes-security/optee-imx/optee-client_3.2.0.imx.bb b/recipes-security/optee-imx/optee-client_3.2.0.imx.bb deleted file mode 100644 index 19770849..00000000 --- a/recipes-security/optee-imx/optee-client_3.2.0.imx.bb +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright (C) 2017-2018 NXP - -SUMMARY = "OPTEE Client libs" -HOMEPAGE = "http://www.optee.org/" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" - -inherit python3native systemd - -SRCBRANCH = "lf-5.4.y" -OPTEE_CLIENT_SRC ?= "git://source.codeaurora.org/external/imx/imx-optee-client.git;protocol=https" -SRC_URI = "${OPTEE_CLIENT_SRC};branch=${SRCBRANCH}" - -SRCREV = "71a9bef78fff2d5d4db8a2307d3b91e2aa671dc9" - -SRC_URI += "file://tee-supplicant.service \ - file://0001-flags-do-not-override-CFLAGS-from-host.patch \ -" - -S = "${WORKDIR}/git" -SYSTEMD_SERVICE_${PN} = "tee-supplicant.service" - -OPTEE_ARCH ?= "arm32" -OPTEE_ARCH_armv7a = "arm32" -OPTEE_ARCH_aarch64 = "arm64" - -EXTRA_OEMAKE = "ARCH=${OPTEE_ARCH}" - -do_install () { - oe_runmake install - - install -D -p -m0644 ${S}/out/export/lib/libteec.so.1.0 ${D}${libdir}/libteec.so.1.0 - ln -sf libteec.so.1.0 ${D}${libdir}/libteec.so - ln -sf libteec.so.1.0 ${D}${libdir}/libteec.so.1 - - install -D -p -m0755 ${S}/out/export/bin/tee-supplicant ${D}${bindir}/tee-supplicant - - cp -a ${S}/out/export/include ${D}/usr/ - - sed -i -e s:/etc:${sysconfdir}:g -e s:/usr/bin:${bindir}:g ${WORKDIR}/tee-supplicant.service - install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service -} - -PACKAGES += "tee-supplicant" -FILES_${PN} += "${libdir}/* ${includedir}/*" -FILES_tee-supplicant += "${bindir}/tee-supplicant" - -INSANE_SKIP_${PN} = "ldflags dev-elf" -INSANE_SKIP_${PN}-dev = "ldflags dev-elf" -INSANE_SKIP_tee-supplicant = "ldflags" - -COMPATIBLE_MACHINE = "(mx6|mx7|mx8)" diff --git a/recipes-security/optee-imx/optee-client_3.7.0.imx.bb b/recipes-security/optee-imx/optee-client_3.7.0.imx.bb new file mode 100644 index 00000000..d83f8a9c --- /dev/null +++ b/recipes-security/optee-imx/optee-client_3.7.0.imx.bb @@ -0,0 +1,52 @@ +# Copyright (C) 2017-2018 NXP + +SUMMARY = "OPTEE Client libs" +HOMEPAGE = "http://www.optee.org/" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" + +inherit python3native systemd + +SRCBRANCH = "imx_5.4.24_2.1.0" +SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-client.git;protocol=https;branch=${SRCBRANCH}" + +SRCREV = "bc0ec8ce1e4dc5ae23f4737ef659338b7cd408fe" + +SRC_URI += "file://tee-supplicant.service \ + file://0001-flags-do-not-override-CFLAGS-from-host.patch \ +" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" +SYSTEMD_SERVICE_${PN} = "tee-supplicant.service" + +OPTEE_ARCH ?= "arm32" +OPTEE_ARCH_armv7a = "arm32" +OPTEE_ARCH_aarch64 = "arm64" + +EXTRA_OEMAKE = "ARCH=${OPTEE_ARCH} O=${B}" + +do_install () { + oe_runmake -C ${S} install + + install -D -p -m0644 ${B}/export/usr/lib/libteec.so.1.0 ${D}${libdir}/libteec.so.1.0 + ln -sf libteec.so.1.0 ${D}${libdir}/libteec.so + ln -sf libteec.so.1.0 ${D}${libdir}/libteec.so.1 + + install -D -p -m0755 ${B}/export/usr/sbin/tee-supplicant ${D}${bindir}/tee-supplicant + + cp -a ${B}/export/usr/include ${D}/usr/ + + sed -i -e s:/etc:${sysconfdir}:g -e s:/usr/bin:${bindir}:g ${WORKDIR}/tee-supplicant.service + install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service +} + +PACKAGES += "tee-supplicant" +FILES_${PN} += "${libdir}/* ${includedir}/*" +FILES_tee-supplicant += "${bindir}/tee-supplicant" + +INSANE_SKIP_${PN} = "ldflags dev-elf" +INSANE_SKIP_${PN}-dev = "ldflags dev-elf" +INSANE_SKIP_tee-supplicant = "ldflags" + +COMPATIBLE_MACHINE = "(mx6|mx7|mx8)" diff --git a/recipes-security/optee-imx/optee-os/0001-optee-os-fix-gcc10-compilation-issue-and-missing-cc-.patch b/recipes-security/optee-imx/optee-os/0001-optee-os-fix-gcc10-compilation-issue-and-missing-cc-.patch index 509c7fb6..ab42d340 100644 --- a/recipes-security/optee-imx/optee-os/0001-optee-os-fix-gcc10-compilation-issue-and-missing-cc-.patch +++ b/recipes-security/optee-imx/optee-os/0001-optee-os-fix-gcc10-compilation-issue-and-missing-cc-.patch @@ -1,4 +1,4 @@ -From 027a3b9a33fbb23e1d1d7ed6411d4d112d2a55a1 Mon Sep 17 00:00:00 2001 +From 109ed8d9a5351c7bb0fdc0953c7e7fb6cedcad9c Mon Sep 17 00:00:00 2001 From: Andrey Zhizhikin Date: Sat, 30 May 2020 22:00:59 +0000 Subject: [PATCH] optee-os: fix gcc10 compilation issue and missing cc-options @@ -14,17 +14,17 @@ Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/3891] Signed-off-by: Andrey Zhizhikin --- - core/arch/arm/arm.mk | 21 ++++++++++++++++----- + core/arch/arm/arm.mk | 22 +++++++++++++++++----- core/core.mk | 5 +---- mk/cc-option.mk | 9 +++++++++ mk/gcc.mk | 2 +- ta/mk/ta_dev_kit.mk | 3 +++ ta/ta.mk | 1 + - 6 files changed, 31 insertions(+), 10 deletions(-) + 6 files changed, 32 insertions(+), 10 deletions(-) create mode 100644 mk/cc-option.mk diff --git a/core/arch/arm/arm.mk b/core/arch/arm/arm.mk -index aa101be8..4123d85d 100644 +index 5defb327..fffa491a 100644 --- a/core/arch/arm/arm.mk +++ b/core/arch/arm/arm.mk @@ -1,3 +1,16 @@ @@ -44,7 +44,7 @@ index aa101be8..4123d85d 100644 CFG_LTC_OPTEE_THREAD ?= y # Size of emulated TrustZone protected SRAM, 448 kB. # Only applicable when paging is enabled. -@@ -88,7 +101,7 @@ arm32-platform-aflags-no-hard-float ?= +@@ -106,7 +119,7 @@ arm32-platform-aflags-no-hard-float ?= arm64-platform-cflags-no-hard-float ?= -mgeneral-regs-only arm64-platform-cflags-hard-float ?= @@ -53,7 +53,7 @@ index aa101be8..4123d85d 100644 ifeq ($(DEBUG),1) # For backwards compatibility -@@ -117,14 +130,12 @@ core-platform-aflags += $(platform-aflags-generic) +@@ -135,14 +148,12 @@ core-platform-aflags += $(platform-aflags-generic) core-platform-aflags += $(platform-aflags-debug-info) ifeq ($(CFG_ARM64_core),y) @@ -68,16 +68,20 @@ index aa101be8..4123d85d 100644 core-platform-cppflags += $(arm32-platform-cppflags) core-platform-cflags += $(arm32-platform-cflags) core-platform-cflags += $(arm32-platform-cflags-no-hard-float) -@@ -196,5 +207,5 @@ ta-mk-file-export-add-ta_arm64 += CROSS_COMPILE64 ?= $$(CROSS_COMPILE)_nl_ - ta-mk-file-export-add-ta_arm64 += CROSS_COMPILE_ta_arm64 ?= $$(CROSS_COMPILE64)_nl_ +@@ -241,8 +252,9 @@ ta-mk-file-export-add-ta_arm64 += COMPILER ?= gcc_nl_ + ta-mk-file-export-add-ta_arm64 += COMPILER_ta_arm64 ?= $$(COMPILER)_nl_ endif -# Set cross compiler prefix for each submodule -$(foreach sm, core $(ta-targets), $(eval CROSS_COMPILE_$(sm) ?= $(CROSS_COMPILE$(arch-bits-$(sm))))) +# Set cross compiler prefix for each TA target +$(foreach sm, $(ta-targets), $(eval CROSS_COMPILE_$(sm) ?= $(CROSS_COMPILE$(arch-bits-$(sm))))) ++ + + arm32-sysreg-txt = core/arch/arm/kernel/arm32_sysreg.txt + arm32-sysregs-$(arm32-sysreg-txt)-h := arm32_sysreg.h diff --git a/core/core.mk b/core/core.mk -index c05815f3..68f45552 100644 +index a51cf847..28c7235c 100644 --- a/core/core.mk +++ b/core/core.mk @@ -8,6 +8,7 @@ arch-dir := core/arch/$(ARCH) @@ -89,7 +93,7 @@ index c05815f3..68f45552 100644 PLATFORM_$(PLATFORM) := y @@ -16,10 +17,6 @@ PLATFORM_FLAVOR_$(PLATFORM_FLAVOR) := y - $(call cfg-depends-all,CFG_PAGED_USER_TA,CFG_WITH_PAGER CFG_WITH_USER_TA) + $(eval $(call cfg-depends-all,CFG_PAGED_USER_TA,CFG_WITH_PAGER CFG_WITH_USER_TA)) include core/crypto.mk -# Setup compiler for this sub module @@ -128,10 +132,10 @@ index 1f2c5990..c53a23b1 100644 # Define these to something to discover accidental use diff --git a/ta/mk/ta_dev_kit.mk b/ta/mk/ta_dev_kit.mk -index fa0bddfe..ae70ef87 100644 +index 04a4f94b..e4b02ea7 100644 --- a/ta/mk/ta_dev_kit.mk +++ b/ta/mk/ta_dev_kit.mk -@@ -78,6 +78,9 @@ clean: +@@ -92,6 +92,9 @@ clean: @$(cmd-echo-silent) ' CLEAN $(O)' ${q}if [ -d "$(O)" ]; then $(RMDIR) $(O); fi @@ -139,16 +143,16 @@ index fa0bddfe..ae70ef87 100644 +include $(ta-dev-kit-dir$(sm))/mk/cc-option.mk + subdirs = . - include $(ta-dev-kit-dir)/mk/subdir.mk + include $(ta-dev-kit-dir$(sm))/mk/subdir.mk diff --git a/ta/ta.mk b/ta/ta.mk -index 32353de3..9c64319d 100644 +index dde7be67..ca17054a 100644 --- a/ta/ta.mk +++ b/ta/ta.mk -@@ -98,6 +98,7 @@ $(foreach f, $(libfiles), \ +@@ -157,6 +157,7 @@ $(foreach f, $(libfiles), \ # Copy .mk files - ta-mkfiles = mk/compile.mk mk/subdir.mk mk/gcc.mk mk/cleandirs.mk \ + ta-mkfiles = mk/compile.mk mk/subdir.mk mk/gcc.mk mk/clang.mk mk/cleandirs.mk \ + mk/cc-option.mk \ ta/arch/$(ARCH)/link.mk ta/arch/$(ARCH)/link_shlib.mk \ ta/mk/ta_dev_kit.mk diff --git a/recipes-security/optee-imx/optee-os/0001-scripts-update-scripts-to-use-python3.patch b/recipes-security/optee-imx/optee-os/0001-scripts-update-scripts-to-use-python3.patch deleted file mode 100644 index 9621cf6c..00000000 --- a/recipes-security/optee-imx/optee-os/0001-scripts-update-scripts-to-use-python3.patch +++ /dev/null @@ -1,427 +0,0 @@ -From 0d4941123b5a88351f5954f6de00892f85ed5abc Mon Sep 17 00:00:00 2001 -From: Andrey Zhizhikin -Date: Mon, 20 Jan 2020 22:32:13 +0000 -Subject: [PATCH] scripts: update scripts to use python3 - -Python2 is deprecated effective Jan. 2020, and is not available in -several distributions. - -Update scripts here to re-target then onto python version 3. - -Upstream-Status: Pending - -Signed-off-by: Andrey Zhizhikin ---- - scripts/gen_hashed_bin.py | 282 ++++++++++++++++++++------------------ - scripts/gen_ld_sects.py | 8 +- - scripts/pem_to_pub_c.py | 2 +- - scripts/sign.py | 2 +- - scripts/symbolize.py | 2 +- - scripts/ta_bin_to_c.py | 2 +- - scripts/tee_bin_parser.py | 2 +- - 7 files changed, 157 insertions(+), 143 deletions(-) - -diff --git a/scripts/gen_hashed_bin.py b/scripts/gen_hashed_bin.py -index 32350a47..a76a62cc 100755 ---- a/scripts/gen_hashed_bin.py -+++ b/scripts/gen_hashed_bin.py -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - # SPDX-License-Identifier: BSD-2-Clause - # - # Copyright (c) 2014-2017, Linaro Limited -@@ -14,163 +14,177 @@ import hashlib - arch_id = {'arm32': 0, 'arm64': 1} - image_id = {'pager': 0, 'paged': 1} - -+ - def write_header_v1(outf, init_size, args, paged_size): -- magic = 0x4554504f # 'OPTE' -- version = 1; -- outf.write(struct.pack(' [...]".format( \ -- sys.argv[0]) -+ print("Usage: {0}
[...]".format( \ -+ sys.argv[0])) - sys.exit (1) - - def main(): -@@ -55,7 +55,7 @@ def main(): - if sect_name in skip_sections : - continue - -- print '\t*({0})'.format(sect_name) -+ print ('\t*({0})'.format(sect_name)) - - if __name__ == "__main__": - main() -diff --git a/scripts/pem_to_pub_c.py b/scripts/pem_to_pub_c.py -index 6b8fa365..0b03d62e 100755 ---- a/scripts/pem_to_pub_c.py -+++ b/scripts/pem_to_pub_c.py -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - # SPDX-License-Identifier: BSD-2-Clause - # - # Copyright (c) 2015, Linaro Limited -diff --git a/scripts/sign.py b/scripts/sign.py -index ad47479b..348b40a2 100755 ---- a/scripts/sign.py -+++ b/scripts/sign.py -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - # - # Copyright (c) 2015, 2017, Linaro Limited - # -diff --git a/scripts/symbolize.py b/scripts/symbolize.py -index 1eecf758..0e9bd3ed 100755 ---- a/scripts/symbolize.py -+++ b/scripts/symbolize.py -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - # SPDX-License-Identifier: BSD-2-Clause - # - # Copyright (c) 2017, Linaro Limited -diff --git a/scripts/ta_bin_to_c.py b/scripts/ta_bin_to_c.py -index cabddbbd..f325fda0 100755 ---- a/scripts/ta_bin_to_c.py -+++ b/scripts/ta_bin_to_c.py -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - # SPDX-License-Identifier: BSD-2-Clause - # - # Copyright (c) 2017, Linaro Limited -diff --git a/scripts/tee_bin_parser.py b/scripts/tee_bin_parser.py -index 5f7dd3f0..07da5791 100755 ---- a/scripts/tee_bin_parser.py -+++ b/scripts/tee_bin_parser.py -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - # SPDX-License-Identifier: BSD-2-Clause - # - # Copyright (c) 2016, Linaro Limited --- -2.17.1 - diff --git a/recipes-security/optee-imx/optee-os_3.2.0.imx.bb b/recipes-security/optee-imx/optee-os_3.2.0.imx.bb deleted file mode 100644 index d2c82940..00000000 --- a/recipes-security/optee-imx/optee-os_3.2.0.imx.bb +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright (C) 2017-2018 NXP - -SUMMARY = "OPTEE OS" -DESCRIPTION = "OPTEE OS" -HOMEPAGE = "http://www.optee.org/" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" - -inherit deploy python3native autotools -DEPENDS = "python3-pycrypto-native u-boot-mkimage-native" - -SRCBRANCH = "lf-5.4.y" -OPTEE_OS_SRC ?= "git://source.codeaurora.org/external/imx/imx-optee-os.git;protocol=https" -SRC_URI = "\ - ${OPTEE_OS_SRC};branch=${SRCBRANCH} \ - file://0001-scripts-update-scripts-to-use-python3.patch \ - file://0001-optee-os-fix-gcc10-compilation-issue-and-missing-cc-.patch \ -" - -SRCREV = "6d99b525af752ecdaabdca6098b2564b2665f2b2" - -S = "${WORKDIR}/git" -B = "${WORKDIR}/build.${PLATFORM_FLAVOR}" - -# The platform flavor corresponds to the Yocto machine without the leading 'i'. -PLATFORM_FLAVOR = "${@d.getVar('MACHINE')[1:]}" -PLATFORM_FLAVOR_imx6qpdlsolox = "mx6qsabresd" -PLATFORM_FLAVOR_imx6ul7d = "mx6ulevk" -PLATFORM_FLAVOR_imx6ull14x14evk = "mx6ullevk" -PLATFORM_FLAVOR_imx6ull9x9evk = "mx6ullevk" -PLATFORM_FLAVOR_imx6ulz14x14evk = "mx6ulzevk" -PLATFORM_FLAVOR_mx8mm = "mx8mmevk" -PLATFORM_FLAVOR_mx8mn = "mx8mnevk" -PLATFORM_FLAVOR_mx8qxp = "mx8qxpmek" - -OPTEE_ARCH ?= "arm32" -OPTEE_ARCH_armv7a = "arm32" -OPTEE_ARCH_aarch64 = "arm64" - -# Optee-os can be built for 32 bits and 64 bits at the same time -# as long as the compilers are correctly defined. -# For 64bits, CROSS_COMPILE64 must be set -# When defining CROSS_COMPILE and CROSS_COMPILE64, we assure that -# any 32 or 64 bits builds will pass -EXTRA_OEMAKE = "PLATFORM=imx PLATFORM_FLAVOR=${PLATFORM_FLAVOR} \ - CROSS_COMPILE=${HOST_PREFIX} \ - CROSS_COMPILE64=${HOST_PREFIX} \ - NOWERROR=1 \ - LDFLAGS= \ - O=${B} \ - " - - -do_compile () { - unset LDFLAGS - export CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST}" - oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 -} - - -do_deploy () { - install -d ${DEPLOYDIR} - ${TARGET_PREFIX}objcopy -O binary ${B}/core/tee.elf ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin - - if [ "${OPTEE_ARCH}" != "arm64" ]; then - IMX_LOAD_ADDR=`cat ${B}/core/tee-init_load_addr.txt` && \ - uboot-mkimage -A arm -O linux -C none -a ${IMX_LOAD_ADDR} -e ${IMX_LOAD_ADDR} \ - -d ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/uTee-${OPTEE_BIN_EXT} - fi - - cd ${DEPLOYDIR} - ln -sf tee.${PLATFORM_FLAVOR}.bin tee.bin - cd - -} - -do_install () { - install -d ${D}${nonarch_base_libdir}/firmware/ - install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ - - # Install the TA devkit - install -d ${D}/usr/include/optee/export-user_ta_${OPTEE_ARCH}/ - - for f in ${B}/export-ta_${OPTEE_ARCH}/*; do - cp -aR $f ${D}/usr/include/optee/export-user_ta_${OPTEE_ARCH}/ - done -} - -addtask deploy after do_compile before do_install - - -FILES_${PN} = "${nonarch_base_libdir}/firmware/" -FILES_${PN}-staticdev = "/usr/include/optee/" -RDEPENDS_${PN}-dev += "${PN}-staticdev" - -PACKAGE_ARCH = "${MACHINE_ARCH}" -COMPATIBLE_MACHINE = "(imx)" diff --git a/recipes-security/optee-imx/optee-os_3.7.0.imx.bb b/recipes-security/optee-imx/optee-os_3.7.0.imx.bb new file mode 100644 index 00000000..1bef749b --- /dev/null +++ b/recipes-security/optee-imx/optee-os_3.7.0.imx.bb @@ -0,0 +1,100 @@ +# Copyright (C) 2017-2020 NXP + +SUMMARY = "OPTEE OS" +DESCRIPTION = "OPTEE OS" +HOMEPAGE = "http://www.optee.org/" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" + +inherit deploy python3native autotools +DEPENDS = "python3-pycrypto-native python3-pyelftools-native u-boot-mkimage-native" + +SRCBRANCH = "imx_5.4.24_2.1.0" + +SRC_URI = "\ + git://source.codeaurora.org/external/imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH} \ + file://0001-optee-os-fix-gcc10-compilation-issue-and-missing-cc-.patch \ +" + +SRCREV = "7a49776de59265500f10a247125429fde1555ac1" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build.${PLATFORM_FLAVOR}" + +# The platform flavor corresponds to the Yocto machine without the leading 'i'. +PLATFORM_FLAVOR = "${@d.getVar('MACHINE')[1:]}" +PLATFORM_FLAVOR_imx6qpdlsolox = "mx6qsabresd" +PLATFORM_FLAVOR_imx6ul7d = "mx6ulevk" +PLATFORM_FLAVOR_imx6ull14x14evk = "mx6ullevk" +PLATFORM_FLAVOR_imx6ull9x9evk = "mx6ullevk" +PLATFORM_FLAVOR_imx6ulz14x14evk = "mx6ulzevk" +PLATFORM_FLAVOR_mx8mm = "mx8mmevk" +PLATFORM_FLAVOR_mx8mn = "mx8mnevk" +PLATFORM_FLAVOR_mx8qxp = "mx8qxpmek" +PLATFORM_FLAVOR_mx8mp = "mx8mpevk" +PLATFORM_FLAVOR_mx8dx = "mx8dxmek" +PLATFORM_FLAVOR_mx8dxl = "mx8dxlevk" +PLATFORM_FLAVOR_mx8phantomdxl = "mx8qxpmek" + +OPTEE_ARCH ?= "arm32" +OPTEE_ARCH_armv7a = "arm32" +OPTEE_ARCH_aarch64 = "arm64" + +# Optee-os can be built for 32 bits and 64 bits at the same time +# as long as the compilers are correctly defined. +# For 64bits, CROSS_COMPILE64 must be set +# When defining CROSS_COMPILE and CROSS_COMPILE64, we assure that +# any 32 or 64 bits builds will pass +EXTRA_OEMAKE = " \ + PLATFORM=imx \ + PLATFORM_FLAVOR=${PLATFORM_FLAVOR} \ + CROSS_COMPILE=${HOST_PREFIX} \ + CROSS_COMPILE64=${HOST_PREFIX} \ + NOWERROR=1 \ + LDFLAGS= \ + O=${B} \ +" + +do_compile () { + unset LDFLAGS + export CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST}" + oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_TEE_CORE_LOG_LEVEL=0 +} + + +do_deploy () { + install -d ${DEPLOYDIR} + ${TARGET_PREFIX}objcopy -O binary ${B}/core/tee.elf ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin + + if [ "${OPTEE_ARCH}" != "arm64" ]; then + IMX_LOAD_ADDR=`cat ${B}/core/tee-init_load_addr.txt` && \ + uboot-mkimage -A arm -O linux -C none -a ${IMX_LOAD_ADDR} -e ${IMX_LOAD_ADDR} \ + -d ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/uTee-${OPTEE_BIN_EXT} + fi + + cd ${DEPLOYDIR} + ln -sf tee.${PLATFORM_FLAVOR}.bin tee.bin + cd - +} + +do_install () { + install -d ${D}${nonarch_base_libdir}/firmware/ + install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ + + # Install the TA devkit + install -d ${D}/usr/include/optee/export-user_ta_${OPTEE_ARCH}/ + + for f in ${B}/export-ta_${OPTEE_ARCH}/*; do + cp -aR $f ${D}/usr/include/optee/export-user_ta_${OPTEE_ARCH}/ + done +} + +addtask deploy after do_compile before do_install + + +FILES_${PN} = "${nonarch_base_libdir}/firmware/" +FILES_${PN}-staticdev = "/usr/include/optee/" +RDEPENDS_${PN}-dev += "${PN}-staticdev" + +PACKAGE_ARCH = "${MACHINE_ARCH}" +COMPATIBLE_MACHINE = "(imx)" diff --git a/recipes-security/optee-imx/optee-test_3.2.0.imx.bb b/recipes-security/optee-imx/optee-test_3.2.0.imx.bb deleted file mode 100644 index c78f9816..00000000 --- a/recipes-security/optee-imx/optee-test_3.2.0.imx.bb +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright (C) 2017-2018 NXP - -SUMMARY = "OPTEE test" -HOMEPAGE = "http://www.optee.org/" - -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" - -DEPENDS = "optee-os optee-client python3-pycrypto-native openssl" -inherit python3native - -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -SRCBRANCH = "lf-5.4.y" -OPTEE_TEST_SRC ?= "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https" - -SRC_URI = "${OPTEE_TEST_SRC};branch=${SRCBRANCH} \ - file://0003-sock_server-fix-compilation-against-musl-sys-errno.h.patch \ - file://0004-build-ignore-declaration-after-statement-warnings.patch \ - file://0005-benchmark_1000-fix-compilation-against-musl-uint.patch \ - file://0006-regression_8100-use-null-terminated-strings-with-fil.patch \ - file://0001-use-python3-instead-of-python.patch \ -" - -S = "${WORKDIR}/git" - -SRCREV = "b7114b828b82f2c0eec124ed424eff1230cc5319" - -OPTEE_ARCH ?= "arm32" -OPTEE_ARCH_armv7a = "arm32" -OPTEE_ARCH_aarch64 = "arm64" - -do_compile () { - export TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_${OPTEE_ARCH}/ - export ARCH=${OPTEE_ARCH} - - export OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}/usr - export CROSS_COMPILE_HOST=${HOST_PREFIX} - export CROSS_COMPILE_TA=${HOST_PREFIX} - export CROSS_COMPILE=${HOST_PREFIX} - export OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}/ - oe_runmake V=1 --warn-undefined-variables -} - -do_install () { - install -d ${D}/usr/bin - install ${S}/out/xtest/xtest ${D}/usr/bin/ - - install -d ${D}/lib/optee_armtz - find ${S}/out/ta -name '*.ta' | while read name; do - install -m 444 $name ${D}/lib/optee_armtz/ - done - -} - -FILES_${PN} = "/usr/bin/ /lib*/optee_armtz/" - -COMPATIBLE_MACHINE = "(mx6|mx7|mx8)" diff --git a/recipes-security/optee-imx/optee-test_3.7.0.imx.bb b/recipes-security/optee-imx/optee-test_3.7.0.imx.bb new file mode 100644 index 00000000..04240ff0 --- /dev/null +++ b/recipes-security/optee-imx/optee-test_3.7.0.imx.bb @@ -0,0 +1,55 @@ +# Copyright (C) 2017-2018 NXP + +SUMMARY = "OPTEE test" +HOMEPAGE = "http://www.optee.org/" + +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" + +DEPENDS = "optee-os optee-client python3-pycrypto-native openssl" +inherit python3native + +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRCBRANCH = "imx_5.4.24_2.1.0" + +SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH} \ + file://0001-use-python3-instead-of-python.patch \ +" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +SRCREV = "227d6f4c40eaa6f84fe049b9e48c7b27ad7fab08" + +OPTEE_ARCH ?= "arm32" +OPTEE_ARCH_armv7a = "arm32" +OPTEE_ARCH_aarch64 = "arm64" + +TA_DEV_KIT_DIR_arm = "${STAGING_INCDIR}/optee/export-user_ta_arm32/" +TA_DEV_KIT_DIR_aarch64 = "${STAGING_INCDIR}/optee/export-user_ta_arm64/" + +EXTRA_OEMAKE = " \ + TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ + ARCH=${OPTEE_ARCH} \ + OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}/usr \ + CROSS_COMPILE_HOST=${HOST_PREFIX} \ + CROSS_COMPILE_TA=${HOST_PREFIX} \ + CROSS_COMPILE=${HOST_PREFIX} \ + OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}/ \ + -C ${S} O=${B} \ +" + +do_install () { + install -d ${D}/usr/bin + install ${B}/xtest/xtest ${D}/usr/bin/ + + install -d ${D}/lib/optee_armtz + find ${B}/ta -name '*.ta' | while read name; do + install -m 444 $name ${D}/lib/optee_armtz/ + done +} + +FILES_${PN} = "/usr/bin/ /lib*/optee_armtz/" + +COMPATIBLE_MACHINE = "(mx6|mx7|mx8)" -- cgit v1.2.3-54-g00ecf