From 85f2b61f46ac5b8c5ac3c7e747c803891b8ec9b7 Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Wed, 16 Feb 2022 11:53:44 -0600 Subject: optee-os: Upgrade 3.10.0.imx -> 3.15.0.imx Signed-off-by: Tom Hochstein --- conf/machine/include/imx-base.inc | 2 +- recipes-security/optee-imx/optee-os_3.10.0.imx.bb | 96 ----------------------- recipes-security/optee-imx/optee-os_3.15.0.imx.bb | 95 ++++++++++++++++++++++ 3 files changed, 96 insertions(+), 97 deletions(-) delete mode 100644 recipes-security/optee-imx/optee-os_3.10.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-os_3.15.0.imx.bb diff --git a/conf/machine/include/imx-base.inc b/conf/machine/include/imx-base.inc index b074ec01..471300ca 100644 --- a/conf/machine/include/imx-base.inc +++ b/conf/machine/include/imx-base.inc @@ -428,7 +428,7 @@ PREFERRED_VERSION_libdrm:mx7-nxp-bsp ?= "2.4.107.imx" PREFERRED_VERSION_libdrm:mx8-nxp-bsp ?= "2.4.107.imx" # Use i.MX optee Version -PREFERRED_VERSION_optee-os:mx8-nxp-bsp ?= "3.10.0.imx" +PREFERRED_VERSION_optee-os:mx8-nxp-bsp ?= "3.15.0.imx" PREFERRED_VERSION_optee-client:mx8-nxp-bsp ?= "3.10.0.imx" PREFERRED_VERSION_optee-test:mx8-nxp-bsp ?= "3.10.0.imx" diff --git a/recipes-security/optee-imx/optee-os_3.10.0.imx.bb b/recipes-security/optee-imx/optee-os_3.10.0.imx.bb deleted file mode 100644 index 003aeba2..00000000 --- a/recipes-security/optee-imx/optee-os_3.10.0.imx.bb +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright (C) 2017-2020 NXP - -SUMMARY = "OPTEE OS" -DESCRIPTION = "OPTEE OS" -HOMEPAGE = "http://www.optee.org/" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" - -DEPENDS = "python3-pycryptodomex-native python3-pyelftools-native u-boot-mkimage-native" - -SRCBRANCH = "imx_5.4.70_2.3.0" - -SRC_URI = "\ - git://source.codeaurora.org/external/imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH} \ -" - -SRCREV = "a991c90475bb1c715651e5fe27f7f32cbe61aef9" - -S = "${WORKDIR}/git" - -inherit deploy python3native autotools - -# The platform flavor corresponds to the Yocto machine without the leading 'i'. -PLATFORM_FLAVOR = "${@d.getVar('MACHINE')[1:]}" -PLATFORM_FLAVOR:imx6qdlsabresd = "mx6qsabresd" -PLATFORM_FLAVOR:imx6qdlsabreauto = "mx6qsabreauto" -PLATFORM_FLAVOR:imx6qpdlsolox = "mx6qsabresd" -PLATFORM_FLAVOR:imx6ul = "mx6ulevk" -PLATFORM_FLAVOR:imx6ull = "mx6ullevk" -PLATFORM_FLAVOR:imx6ull = "mx6ullevk" -PLATFORM_FLAVOR:imx6ulz = "mx6ulzevk" -PLATFORM_FLAVOR:mx8mq-nxp-bsp = "mx8mqevk" -PLATFORM_FLAVOR:mx8mm-nxp-bsp = "mx8mmevk" -PLATFORM_FLAVOR:mx8mn-nxp-bsp = "mx8mnevk" -PLATFORM_FLAVOR:mx8mp-nxp-bsp = "mx8mpevk" -PLATFORM_FLAVOR:mx8qm-nxp-bsp = "mx8qmmek" -PLATFORM_FLAVOR:mx8qxp-nxp-bsp = "mx8qxpmek" -PLATFORM_FLAVOR:mx8dx-nxp-bsp = "mx8dxmek" -PLATFORM_FLAVOR:mx8dxl-nxp-bsp = "mx8dxlevk" - -OPTEE_ARCH ?= "arm32" -OPTEE_ARCH:armv7a = "arm32" -OPTEE_ARCH:aarch64 = "arm64" - -# Optee-os can be built for 32 bits and 64 bits at the same time -# as long as the compilers are correctly defined. -# For 64bits, CROSS_COMPILE64 must be set -# When defining CROSS_COMPILE and CROSS_COMPILE64, we assure that -# any 32 or 64 bits builds will pass -EXTRA_OEMAKE = " \ - PLATFORM=imx \ - PLATFORM_FLAVOR=${PLATFORM_FLAVOR} \ - CROSS_COMPILE=${HOST_PREFIX} \ - CROSS_COMPILE64=${HOST_PREFIX} \ - CFG_TEE_TA_LOG_LEVEL=0 \ - CFG_TEE_CORE_LOG_LEVEL=0 \ - -C ${S} O=${B}\ -" - -LDFLAGS = "" -CFLAGS += "--sysroot=${STAGING_DIR_HOST}" -CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" - -do_deploy () { - install -d ${DEPLOYDIR} - ${TARGET_PREFIX}objcopy -O binary ${B}/core/tee.elf ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin - ln -sf tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/tee.bin - - if [ "${OPTEE_ARCH}" != "arm64" ]; then - IMX_LOAD_ADDR=`${TARGET_PREFIX}readelf -h ${B}/core/tee.elf | grep "Entry point address" | awk '{print $4}'` - uboot-mkimage -A arm -O linux -C none -a ${IMX_LOAD_ADDR} -e ${IMX_LOAD_ADDR} \ - -d ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/uTee-${OPTEE_BIN_EXT} - fi -} - -do_install () { - install -d ${D}${nonarch_base_libdir}/firmware/ - install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ - - # Install the TA devkit - install -d ${D}/usr/include/optee/export-user_ta_${OPTEE_ARCH}/ - - for f in ${B}/export-ta_${OPTEE_ARCH}/*; do - cp -aR $f ${D}/usr/include/optee/export-user_ta_${OPTEE_ARCH}/ - done -} - -addtask deploy after do_compile before do_install - - -FILES:${PN} = "${nonarch_base_libdir}/firmware/" -FILES:${PN}-staticdev = "/usr/include/optee/" -RDEPENDS:${PN}-dev += "${PN}-staticdev" - -PACKAGE_ARCH = "${MACHINE_ARCH}" -COMPATIBLE_MACHINE = "(imx-nxp-bsp)" diff --git a/recipes-security/optee-imx/optee-os_3.15.0.imx.bb b/recipes-security/optee-imx/optee-os_3.15.0.imx.bb new file mode 100644 index 00000000..defcf63d --- /dev/null +++ b/recipes-security/optee-imx/optee-os_3.15.0.imx.bb @@ -0,0 +1,95 @@ +# Copyright (C) 2017-2020 NXP + +SUMMARY = "OPTEE OS" +DESCRIPTION = "OPTEE OS" +HOMEPAGE = "http://www.optee.org/" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" + +DEPENDS = "python3-pycryptodomex-native python3-pyelftools-native u-boot-mkimage-native" + +SRCBRANCH = "lf-5.10.72_2.2.0" +SRC_URI = "\ + git://source.codeaurora.org/external/imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH} \ +" + +SRCREV = "c939619d64dea014ad1b8382356eee4d1cbfbb22" + +S = "${WORKDIR}/git" + +inherit deploy python3native autotools + +# The platform flavor corresponds to the Yocto machine without the leading 'i'. +PLATFORM_FLAVOR = "${@d.getVar('MACHINE')[1:]}" +PLATFORM_FLAVOR:imx6qdlsabresd = "mx6qsabresd" +PLATFORM_FLAVOR:imx6qdlsabreauto = "mx6qsabreauto" +PLATFORM_FLAVOR:imx6qpdlsolox = "mx6qsabresd" +PLATFORM_FLAVOR:imx6ul = "mx6ulevk" +PLATFORM_FLAVOR:imx6ull = "mx6ullevk" +PLATFORM_FLAVOR:imx6ull = "mx6ullevk" +PLATFORM_FLAVOR:imx6ulz = "mx6ulzevk" +PLATFORM_FLAVOR:mx8mq-nxp-bsp = "mx8mqevk" +PLATFORM_FLAVOR:mx8mm-nxp-bsp = "mx8mmevk" +PLATFORM_FLAVOR:mx8mn-nxp-bsp = "mx8mnevk" +PLATFORM_FLAVOR:mx8mp-nxp-bsp = "mx8mpevk" +PLATFORM_FLAVOR:mx8qm-nxp-bsp = "mx8qmmek" +PLATFORM_FLAVOR:mx8qxp-nxp-bsp = "mx8qxpmek" +PLATFORM_FLAVOR:mx8dx-nxp-bsp = "mx8dxmek" +PLATFORM_FLAVOR:mx8dxl-nxp-bsp = "mx8dxlevk" + +OPTEE_ARCH ?= "arm32" +OPTEE_ARCH:armv7a = "arm32" +OPTEE_ARCH:aarch64 = "arm64" + +# Optee-os can be built for 32 bits and 64 bits at the same time +# as long as the compilers are correctly defined. +# For 64bits, CROSS_COMPILE64 must be set +# When defining CROSS_COMPILE and CROSS_COMPILE64, we assure that +# any 32 or 64 bits builds will pass +EXTRA_OEMAKE = " \ + PLATFORM=imx \ + PLATFORM_FLAVOR=${PLATFORM_FLAVOR} \ + CROSS_COMPILE=${HOST_PREFIX} \ + CROSS_COMPILE64=${HOST_PREFIX} \ + CFG_TEE_TA_LOG_LEVEL=0 \ + CFG_TEE_CORE_LOG_LEVEL=0 \ + -C ${S} O=${B}\ +" + +LDFLAGS = "" +CFLAGS += "--sysroot=${STAGING_DIR_HOST}" +CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" + +do_deploy () { + install -d ${DEPLOYDIR} + ${TARGET_PREFIX}objcopy -O binary ${B}/core/tee.elf ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin + ln -sf tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/tee.bin + + if [ "${OPTEE_ARCH}" != "arm64" ]; then + IMX_LOAD_ADDR=`${TARGET_PREFIX}readelf -h ${B}/core/tee.elf | grep "Entry point address" | awk '{print $4}'` + uboot-mkimage -A arm -O linux -C none -a ${IMX_LOAD_ADDR} -e ${IMX_LOAD_ADDR} \ + -d ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/uTee-${OPTEE_BIN_EXT} + fi +} + +do_install () { + install -d ${D}${nonarch_base_libdir}/firmware/ + install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ + + # Install the TA devkit + install -d ${D}/usr/include/optee/export-user_ta_${OPTEE_ARCH}/ + + for f in ${B}/export-ta_${OPTEE_ARCH}/*; do + cp -aR $f ${D}/usr/include/optee/export-user_ta_${OPTEE_ARCH}/ + done +} + +addtask deploy after do_compile before do_install + + +FILES:${PN} = "${nonarch_base_libdir}/firmware/" +FILES:${PN}-staticdev = "/usr/include/optee/" +RDEPENDS:${PN}-dev += "${PN}-staticdev" + +PACKAGE_ARCH = "${MACHINE_ARCH}" +COMPATIBLE_MACHINE = "(imx-nxp-bsp)" -- cgit v1.2.3-54-g00ecf From e933d4b9df470210cbbe331c2a91394ac681b15b Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Wed, 16 Feb 2022 12:38:52 -0600 Subject: optee-os: Use tee-raw.bin binary During the optee-os compilation, the gen_tee_bin.py script generates a tee-raw.bin that is more space efficient and could replace the tee.bin binary manually generated in the optee-os recipe by objcpy. This patch greatly reduces the size of tee.bin. On 64 bits platforms, we observe a size descrease of ~68%, and on 32 bits platforms, a size decrease of ~45%. Signed-off-by: Tom Hochstein --- recipes-security/optee-imx/optee-os_3.15.0.imx.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes-security/optee-imx/optee-os_3.15.0.imx.bb b/recipes-security/optee-imx/optee-os_3.15.0.imx.bb index defcf63d..bdc00bc3 100644 --- a/recipes-security/optee-imx/optee-os_3.15.0.imx.bb +++ b/recipes-security/optee-imx/optee-os_3.15.0.imx.bb @@ -1,4 +1,4 @@ -# Copyright (C) 2017-2020 NXP +# Copyright (C) 2017-2021 NXP SUMMARY = "OPTEE OS" DESCRIPTION = "OPTEE OS" @@ -62,7 +62,7 @@ CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" do_deploy () { install -d ${DEPLOYDIR} - ${TARGET_PREFIX}objcopy -O binary ${B}/core/tee.elf ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin + cp ${B}/core/tee-raw.bin ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin ln -sf tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/tee.bin if [ "${OPTEE_ARCH}" != "arm64" ]; then -- cgit v1.2.3-54-g00ecf From f20a803504f049d4504b480a79adf49b18c7f149 Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Wed, 16 Feb 2022 12:46:36 -0600 Subject: optee-os: Use variable for includedir install Signed-off-by: Tom Hochstein --- recipes-security/optee-imx/optee-os_3.15.0.imx.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes-security/optee-imx/optee-os_3.15.0.imx.bb b/recipes-security/optee-imx/optee-os_3.15.0.imx.bb index bdc00bc3..e3b8eff4 100644 --- a/recipes-security/optee-imx/optee-os_3.15.0.imx.bb +++ b/recipes-security/optee-imx/optee-os_3.15.0.imx.bb @@ -77,10 +77,10 @@ do_install () { install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ # Install the TA devkit - install -d ${D}/usr/include/optee/export-user_ta_${OPTEE_ARCH}/ + install -d ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ for f in ${B}/export-ta_${OPTEE_ARCH}/*; do - cp -aR $f ${D}/usr/include/optee/export-user_ta_${OPTEE_ARCH}/ + cp -aR $f ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ done } -- cgit v1.2.3-54-g00ecf From 81b0be2a35572af796126b4b532e1610f2bffc71 Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Wed, 16 Feb 2022 13:01:04 -0600 Subject: optee-os: Install embedded TAs optee-os has some embedded TAs like AVB or PKCS11 that must be installed in the filesystem. Signed-off-by: Tom Hochstein --- recipes-security/optee-imx/optee-os_3.15.0.imx.bb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/recipes-security/optee-imx/optee-os_3.15.0.imx.bb b/recipes-security/optee-imx/optee-os_3.15.0.imx.bb index e3b8eff4..58b238a7 100644 --- a/recipes-security/optee-imx/optee-os_3.15.0.imx.bb +++ b/recipes-security/optee-imx/optee-os_3.15.0.imx.bb @@ -82,12 +82,18 @@ do_install () { for f in ${B}/export-ta_${OPTEE_ARCH}/*; do cp -aR $f ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ done + + # Install embedded TAs + install -d ${D}${nonarch_base_libdir}/optee_armtz + find ${B}/ta -name '*.ta' | while read name; do + install -m 444 $name ${D}${nonarch_base_libdir}/optee_armtz/ + done } addtask deploy after do_compile before do_install -FILES:${PN} = "${nonarch_base_libdir}/firmware/" +FILES:${PN} = "${nonarch_base_libdir}/firmware/ ${nonarch_base_libdir}/optee_armtz/" FILES:${PN}-staticdev = "/usr/include/optee/" RDEPENDS:${PN}-dev += "${PN}-staticdev" -- cgit v1.2.3-54-g00ecf From 767e567cfb0152311ee8ab90c817e37763fde303 Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Wed, 16 Feb 2022 11:54:14 -0600 Subject: optee-client: Upgrade 3.10.0.imx -> 3.15.0.imx Signed-off-by: Tom Hochstein --- conf/machine/include/imx-base.inc | 2 +- .../optee-imx/optee-client_3.10.0.imx.bb | 52 -------------------- .../optee-imx/optee-client_3.15.0.imx.bb | 56 ++++++++++++++++++++++ 3 files changed, 57 insertions(+), 53 deletions(-) delete mode 100644 recipes-security/optee-imx/optee-client_3.10.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-client_3.15.0.imx.bb diff --git a/conf/machine/include/imx-base.inc b/conf/machine/include/imx-base.inc index 471300ca..aa59daba 100644 --- a/conf/machine/include/imx-base.inc +++ b/conf/machine/include/imx-base.inc @@ -429,7 +429,7 @@ PREFERRED_VERSION_libdrm:mx8-nxp-bsp ?= "2.4.107.imx" # Use i.MX optee Version PREFERRED_VERSION_optee-os:mx8-nxp-bsp ?= "3.15.0.imx" -PREFERRED_VERSION_optee-client:mx8-nxp-bsp ?= "3.10.0.imx" +PREFERRED_VERSION_optee-client:mx8-nxp-bsp ?= "3.15.0.imx" PREFERRED_VERSION_optee-test:mx8-nxp-bsp ?= "3.10.0.imx" #Use i.MX opencv Version for mx8 diff --git a/recipes-security/optee-imx/optee-client_3.10.0.imx.bb b/recipes-security/optee-imx/optee-client_3.10.0.imx.bb deleted file mode 100644 index 2ad55a64..00000000 --- a/recipes-security/optee-imx/optee-client_3.10.0.imx.bb +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright (C) 2017-2020 NXP - -SUMMARY = "OPTEE Client libs" -HOMEPAGE = "http://www.optee.org/" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" - -SRCBRANCH = "imx_5.4.70_2.3.0" -SRC_URI = " \ - git://source.codeaurora.org/external/imx/imx-optee-client.git;protocol=https;branch=${SRCBRANCH} \ - file://tee-supplicant.service \ -" - -SRCREV = "2a77cf88d956c34cb4a1c191bea6113e327f5fe0" - -S = "${WORKDIR}/git" -B = "${WORKDIR}/build" - -inherit python3native systemd - -SYSTEMD_SERVICE:${PN} = "tee-supplicant.service" - -OPTEE_ARCH ?= "arm32" -OPTEE_ARCH:armv7a = "arm32" -OPTEE_ARCH:aarch64 = "arm64" - -EXTRA_OEMAKE = "ARCH=${OPTEE_ARCH} O=${B}" - -do_install () { - oe_runmake -C ${S} install - - install -D -p -m0644 ${B}/export/usr/lib/libteec.so.1.0 ${D}${libdir}/libteec.so.1.0 - ln -sf libteec.so.1.0 ${D}${libdir}/libteec.so - ln -sf libteec.so.1.0 ${D}${libdir}/libteec.so.1 - - install -D -p -m0755 ${B}/export/usr/sbin/tee-supplicant ${D}${bindir}/tee-supplicant - - cp -a ${B}/export/usr/include ${D}/usr/ - - sed -i -e s:/etc:${sysconfdir}:g -e s:/usr/bin:${bindir}:g ${WORKDIR}/tee-supplicant.service - install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service -} - -PACKAGES += "tee-supplicant" -FILES:${PN} += "${libdir}/* ${includedir}/*" -FILES:tee-supplicant += "${bindir}/tee-supplicant" - -INSANE_SKIP:${PN} = "ldflags dev-elf" -INSANE_SKIP:${PN}-dev = "ldflags dev-elf" -INSANE_SKIP:tee-supplicant = "ldflags" - -COMPATIBLE_MACHINE = "(imx-nxp-bsp)" diff --git a/recipes-security/optee-imx/optee-client_3.15.0.imx.bb b/recipes-security/optee-imx/optee-client_3.15.0.imx.bb new file mode 100644 index 00000000..dcfee307 --- /dev/null +++ b/recipes-security/optee-imx/optee-client_3.15.0.imx.bb @@ -0,0 +1,56 @@ +# Copyright (C) 2017-2020 NXP + +SUMMARY = "OPTEE Client libs" +HOMEPAGE = "http://www.optee.org/" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" + +SRCBRANCH = "lf-5.10.72_2.2.0" +SRC_URI = " \ + git://source.codeaurora.org/external/imx/imx-optee-client.git;protocol=https;branch=${SRCBRANCH} \ + file://tee-supplicant.service \ +" + +SRCREV = "182874320395787a389e5b0f7df02b32f3c0a1b0" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +inherit python3native systemd + +SYSTEMD_SERVICE:${PN} = "tee-supplicant.service" + +OPTEE_ARCH ?= "arm32" +OPTEE_ARCH:armv7a = "arm32" +OPTEE_ARCH:aarch64 = "arm64" + +EXTRA_OEMAKE = "ARCH=${OPTEE_ARCH} O=${B}" + +do_install () { + oe_runmake -C ${S} install + + install -D -p -m0644 ${B}/export/usr/lib/libteec.so.1.0.0 ${D}${libdir}/libteec.so.1.0.0 + ln -sf libteec.so.1.0.0 ${D}${libdir}/libteec.so.1 + ln -sf libteec.so.1.0.0 ${D}${libdir}/libteec.so + + install -D -p -m0644 ${B}/export/usr/lib/libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0.1.0 + ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0 + ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so + + install -D -p -m0755 ${B}/export/usr/sbin/tee-supplicant ${D}${bindir}/tee-supplicant + + cp -a ${B}/export/usr/include ${D}${includedir} + + sed -i -e s:/etc:${sysconfdir}:g -e s:/usr/bin:${bindir}:g ${WORKDIR}/tee-supplicant.service + install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service +} + +PACKAGES += "tee-supplicant" +FILES:${PN} += "${libdir}/* ${includedir}/*" +FILES:tee-supplicant += "${bindir}/tee-supplicant" + +INSANE_SKIP:${PN} = "ldflags dev-elf" +INSANE_SKIP:${PN}-dev = "ldflags dev-elf" +INSANE_SKIP:tee-supplicant = "ldflags" + +COMPATIBLE_MACHINE = "(imx-nxp-bsp)" -- cgit v1.2.3-54-g00ecf From 71e49a7aef4ed44f085de05f31fa3671a95b80f6 Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Fri, 18 Feb 2022 17:04:22 -0600 Subject: optee-test: Cleanup install and FILES - Use variables properly for the install and FILES - Simplify the FILES update with an append Signed-off-by: Tom Hochstein --- recipes-security/optee-imx/optee-test_3.10.0.imx.bb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/recipes-security/optee-imx/optee-test_3.10.0.imx.bb b/recipes-security/optee-imx/optee-test_3.10.0.imx.bb index 7039d0c4..53951787 100644 --- a/recipes-security/optee-imx/optee-test_3.10.0.imx.bb +++ b/recipes-security/optee-imx/optee-test_3.10.0.imx.bb @@ -49,15 +49,15 @@ do_compile() { do_compile[cleandirs] = "${B}" do_install () { - install -d ${D}/usr/bin - install ${B}/xtest/xtest ${D}/usr/bin/ + install -d ${D}${bindir} + install ${B}/xtest/xtest ${D}${bindir} - install -d ${D}/lib/optee_armtz + install -d ${D}${nonarch_base_libdir}/optee_armtz find ${B}/ta -name '*.ta' | while read name; do - install -m 444 $name ${D}/lib/optee_armtz/ + install -m 444 $name ${D}${nonarch_base_libdir}/optee_armtz/ done } -FILES:${PN} = "/usr/bin/ /lib*/optee_armtz/" +FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/" COMPATIBLE_MACHINE = "(imx-nxp-bsp)" -- cgit v1.2.3-54-g00ecf From 9e67b70994ac094d36b05050cf68552fa5396803 Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Wed, 16 Feb 2022 11:54:36 -0600 Subject: optee-test: Upgrade 3.10.0.imx -> 3.15.0.imx Signed-off-by: Tom Hochstein --- conf/machine/include/imx-base.inc | 2 +- .../optee-imx/optee-test_3.10.0.imx.bb | 63 -------------------- .../optee-imx/optee-test_3.15.0.imx.bb | 67 ++++++++++++++++++++++ 3 files changed, 68 insertions(+), 64 deletions(-) delete mode 100644 recipes-security/optee-imx/optee-test_3.10.0.imx.bb create mode 100644 recipes-security/optee-imx/optee-test_3.15.0.imx.bb diff --git a/conf/machine/include/imx-base.inc b/conf/machine/include/imx-base.inc index aa59daba..fff3c56d 100644 --- a/conf/machine/include/imx-base.inc +++ b/conf/machine/include/imx-base.inc @@ -430,7 +430,7 @@ PREFERRED_VERSION_libdrm:mx8-nxp-bsp ?= "2.4.107.imx" # Use i.MX optee Version PREFERRED_VERSION_optee-os:mx8-nxp-bsp ?= "3.15.0.imx" PREFERRED_VERSION_optee-client:mx8-nxp-bsp ?= "3.15.0.imx" -PREFERRED_VERSION_optee-test:mx8-nxp-bsp ?= "3.10.0.imx" +PREFERRED_VERSION_optee-test:mx8-nxp-bsp ?= "3.15.0.imx" #Use i.MX opencv Version for mx8 PREFERRED_VERSION_opencv:mx8-nxp-bsp ?= "4.5.2.imx" diff --git a/recipes-security/optee-imx/optee-test_3.10.0.imx.bb b/recipes-security/optee-imx/optee-test_3.10.0.imx.bb deleted file mode 100644 index 53951787..00000000 --- a/recipes-security/optee-imx/optee-test_3.10.0.imx.bb +++ /dev/null @@ -1,63 +0,0 @@ -# Copyright (C) 2017-2020 NXP - -SUMMARY = "OPTEE test" -HOMEPAGE = "http://www.optee.org/" - -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" - -DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native optee-os optee-client openssl" - -SRCBRANCH = "imx_5.4.70_2.3.0" - -SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH}" - -S = "${WORKDIR}/git" -B = "${WORKDIR}/build" - -SRCREV = "0c998f42a3fb87b9f2929955cf4b0116cc515091" - -inherit python3native - -OPTEE_ARCH ?= "arm32" -OPTEE_ARCH:armv7a = "arm32" -OPTEE_ARCH:aarch64 = "arm64" - -TA_DEV_KIT_DIR:arm = "${STAGING_INCDIR}/optee/export-user_ta_arm32/" -TA_DEV_KIT_DIR:aarch64 = "${STAGING_INCDIR}/optee/export-user_ta_arm64/" - -CFLAGS += "--sysroot=${STAGING_DIR_HOST}" -CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" - -EXTRA_OEMAKE = " \ - TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ - ARCH=${OPTEE_ARCH} \ - OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}/usr \ - CROSS_COMPILE_HOST=${HOST_PREFIX} \ - CROSS_COMPILE_TA=${HOST_PREFIX} \ - CROSS_COMPILE=${HOST_PREFIX} \ - OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}/ \ - -C ${S} O=${B} \ -" - -do_compile() { - cd ${S} - # Top level makefile doesn't seem to handle parallel make gracefully - oe_runmake xtest - oe_runmake ta -} -do_compile[cleandirs] = "${B}" - -do_install () { - install -d ${D}${bindir} - install ${B}/xtest/xtest ${D}${bindir} - - install -d ${D}${nonarch_base_libdir}/optee_armtz - find ${B}/ta -name '*.ta' | while read name; do - install -m 444 $name ${D}${nonarch_base_libdir}/optee_armtz/ - done -} - -FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/" - -COMPATIBLE_MACHINE = "(imx-nxp-bsp)" diff --git a/recipes-security/optee-imx/optee-test_3.15.0.imx.bb b/recipes-security/optee-imx/optee-test_3.15.0.imx.bb new file mode 100644 index 00000000..7eb11a84 --- /dev/null +++ b/recipes-security/optee-imx/optee-test_3.15.0.imx.bb @@ -0,0 +1,67 @@ +# Copyright (C) 2017-2020 NXP + +SUMMARY = "OPTEE test" +HOMEPAGE = "http://www.optee.org/" + +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" + +DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native optee-os optee-client openssl" + +SRCBRANCH = "lf-5.10.72_2.2.0" + +SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH}" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +SRCREV = "4d81b964a72e89a62d04187b3f055d8346b383c9" + +inherit python3native + +OPTEE_ARCH ?= "arm32" +OPTEE_ARCH:armv7a = "arm32" +OPTEE_ARCH:aarch64 = "arm64" + +TA_DEV_KIT_DIR:arm = "${STAGING_INCDIR}/optee/export-user_ta_arm32/" +TA_DEV_KIT_DIR:aarch64 = "${STAGING_INCDIR}/optee/export-user_ta_arm64/" + +CFLAGS += "--sysroot=${STAGING_DIR_HOST}" +CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" + +EXTRA_OEMAKE = " \ + TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ + ARCH=${OPTEE_ARCH} \ + OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}/usr \ + CROSS_COMPILE_HOST=${HOST_PREFIX} \ + CROSS_COMPILE_TA=${HOST_PREFIX} \ + CROSS_COMPILE=${HOST_PREFIX} \ + OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}/ \ + -C ${S} O=${B} \ +" + +do_compile() { + cd ${S} + # Top level makefile doesn't seem to handle parallel make gracefully + oe_runmake xtest + oe_runmake ta + oe_runmake test_plugin +} +do_compile[cleandirs] = "${B}" + +do_install () { + install -d ${D}${bindir} + install ${B}/xtest/xtest ${D}${bindir} + + install -d ${D}${nonarch_base_libdir}/optee_armtz + find ${B}/ta -name '*.ta' | while read name; do + install -m 444 $name ${D}${nonarch_base_libdir}/optee_armtz/ + done + + install -d ${D}${libdir}/tee-supplicant/plugins/ + install ${B}/supp_plugin/*plugin ${D}${libdir}/tee-supplicant/plugins/ +} + +FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/ ${libdir}/tee-supplicant/plugins/" + +COMPATIBLE_MACHINE = "(imx-nxp-bsp)" -- cgit v1.2.3-54-g00ecf From a9ebace6b8d5d4a849c64e4a133dd24da8f9c8a0 Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Fri, 18 Feb 2022 16:59:22 -0600 Subject: optee-test: Add missing license GPL-2.0 As the license file states, the client applications (optee_test/host/*) are provided under the GPL-2.0 license. Signed-off-by: Tom Hochstein --- recipes-security/optee-imx/optee-test_3.15.0.imx.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-security/optee-imx/optee-test_3.15.0.imx.bb b/recipes-security/optee-imx/optee-test_3.15.0.imx.bb index 7eb11a84..1efd65c5 100644 --- a/recipes-security/optee-imx/optee-test_3.15.0.imx.bb +++ b/recipes-security/optee-imx/optee-test_3.15.0.imx.bb @@ -3,7 +3,7 @@ SUMMARY = "OPTEE test" HOMEPAGE = "http://www.optee.org/" -LICENSE = "BSD-2-Clause" +LICENSE = "BSD-2-Clause & GPL-2.0-only" LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native optee-os optee-client openssl" -- cgit v1.2.3-54-g00ecf From d38cf8527d87673d2df0b91dea690aee354aebaa Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Fri, 18 Feb 2022 17:07:08 -0600 Subject: optee-test: Use openssl embedded in optee-test Building against openssl from Yocto results in a build break: ``` | /opt/work/upstream/fsl-xwayland/tmp/work/cortexa53-crypto-fsl-linux/optee-test/3.15.0.imx-r0/git/host/xtest/regression_8100.c:133:17: error: 'ERR_get_error_line' is deprecated: Since OpeSL 3.0 [-Werror=deprecated-declarations] | 133 | e = ERR_get_error_line(&f, &l); | | ^ | In file included from /opt/work/upstream/fsl-xwayland/tmp/work/cortexa53-crypto-fsl-linux/optee-test/3.15.0.imx-r0/git/host/xtest/regression_8100.c:18: | /opt/work/upstream/fsl-xwayland/tmp/work/cortexa53-crypto-fsl-linux/optee-test/3.15.0.imx-r0/recipe-sysroot/usr/include/openssl/err.h:411:15: note: declared here | 411 | unsigned long ERR_get_error_line(const char **file, int *line); | | ^~~~~~~~~~~~~~~~~~ ``` Configure optee-test to build with its own openssl. Signed-off-by: Tom Hochstein --- recipes-security/optee-imx/optee-test_3.15.0.imx.bb | 1 - 1 file changed, 1 deletion(-) diff --git a/recipes-security/optee-imx/optee-test_3.15.0.imx.bb b/recipes-security/optee-imx/optee-test_3.15.0.imx.bb index 1efd65c5..22194a39 100644 --- a/recipes-security/optee-imx/optee-test_3.15.0.imx.bb +++ b/recipes-security/optee-imx/optee-test_3.15.0.imx.bb @@ -36,7 +36,6 @@ EXTRA_OEMAKE = " \ CROSS_COMPILE_HOST=${HOST_PREFIX} \ CROSS_COMPILE_TA=${HOST_PREFIX} \ CROSS_COMPILE=${HOST_PREFIX} \ - OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}/ \ -C ${S} O=${B} \ " -- cgit v1.2.3-54-g00ecf From 9d374c6460a3f7b6286f795fc47ec578d2b68912 Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Wed, 16 Feb 2022 12:40:17 -0600 Subject: optee-*: For i.MX, require machine feature optee The optee software should be enabled by the machine feature. If the machine feature is not there, but optee is built anyway, then something is wrong and the build should fail. Signed-off-by: Tom Hochstein --- recipes-security/optee-imx/optee-client_3.15.0.imx.bb | 6 ++++-- recipes-security/optee-imx/optee-os_3.15.0.imx.bb | 4 +++- recipes-security/optee-imx/optee-test_3.15.0.imx.bb | 6 ++++-- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/recipes-security/optee-imx/optee-client_3.15.0.imx.bb b/recipes-security/optee-imx/optee-client_3.15.0.imx.bb index dcfee307..68c73727 100644 --- a/recipes-security/optee-imx/optee-client_3.15.0.imx.bb +++ b/recipes-security/optee-imx/optee-client_3.15.0.imx.bb @@ -1,4 +1,4 @@ -# Copyright (C) 2017-2020 NXP +# Copyright (C) 2017-2021 NXP SUMMARY = "OPTEE Client libs" HOMEPAGE = "http://www.optee.org/" @@ -16,7 +16,9 @@ SRCREV = "182874320395787a389e5b0f7df02b32f3c0a1b0" S = "${WORKDIR}/git" B = "${WORKDIR}/build" -inherit python3native systemd +inherit python3native systemd features_check + +REQUIRED_MACHINE_FEATURES = "optee" SYSTEMD_SERVICE:${PN} = "tee-supplicant.service" diff --git a/recipes-security/optee-imx/optee-os_3.15.0.imx.bb b/recipes-security/optee-imx/optee-os_3.15.0.imx.bb index 58b238a7..ffa3cc85 100644 --- a/recipes-security/optee-imx/optee-os_3.15.0.imx.bb +++ b/recipes-security/optee-imx/optee-os_3.15.0.imx.bb @@ -17,7 +17,9 @@ SRCREV = "c939619d64dea014ad1b8382356eee4d1cbfbb22" S = "${WORKDIR}/git" -inherit deploy python3native autotools +inherit deploy python3native autotools features_check + +REQUIRED_MACHINE_FEATURES = "optee" # The platform flavor corresponds to the Yocto machine without the leading 'i'. PLATFORM_FLAVOR = "${@d.getVar('MACHINE')[1:]}" diff --git a/recipes-security/optee-imx/optee-test_3.15.0.imx.bb b/recipes-security/optee-imx/optee-test_3.15.0.imx.bb index 22194a39..fd6ef926 100644 --- a/recipes-security/optee-imx/optee-test_3.15.0.imx.bb +++ b/recipes-security/optee-imx/optee-test_3.15.0.imx.bb @@ -1,4 +1,4 @@ -# Copyright (C) 2017-2020 NXP +# Copyright (C) 2017-2021 NXP SUMMARY = "OPTEE test" HOMEPAGE = "http://www.optee.org/" @@ -17,7 +17,9 @@ B = "${WORKDIR}/build" SRCREV = "4d81b964a72e89a62d04187b3f055d8346b383c9" -inherit python3native +inherit python3native features_check + +REQUIRED_MACHINE_FEATURES = "optee" OPTEE_ARCH ?= "arm32" OPTEE_ARCH:armv7a = "arm32" -- cgit v1.2.3-54-g00ecf From f816e66fe29382d0f966740d616b32622bdcb69b Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Mon, 21 Feb 2022 13:04:46 -0600 Subject: optee-client: Fix incorrect packaging logic - The logic for the tee-supplicant package doesn't work and the package ends up empty. In fact, tee-supplicant belongs in the main package anyway. - The main package already contains ${libdir}, so drop the redundant assignment. - The headers belong in the -dev package, so drop them from the main. - Drop the un-necessary INSANE_SKIP settings. Signed-off-by: Tom Hochstein --- recipes-security/optee-imx/optee-client_3.15.0.imx.bb | 8 -------- 1 file changed, 8 deletions(-) diff --git a/recipes-security/optee-imx/optee-client_3.15.0.imx.bb b/recipes-security/optee-imx/optee-client_3.15.0.imx.bb index 68c73727..6e8f1e54 100644 --- a/recipes-security/optee-imx/optee-client_3.15.0.imx.bb +++ b/recipes-security/optee-imx/optee-client_3.15.0.imx.bb @@ -47,12 +47,4 @@ do_install () { install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service } -PACKAGES += "tee-supplicant" -FILES:${PN} += "${libdir}/* ${includedir}/*" -FILES:tee-supplicant += "${bindir}/tee-supplicant" - -INSANE_SKIP:${PN} = "ldflags dev-elf" -INSANE_SKIP:${PN}-dev = "ldflags dev-elf" -INSANE_SKIP:tee-supplicant = "ldflags" - COMPATIBLE_MACHINE = "(imx-nxp-bsp)" -- cgit v1.2.3-54-g00ecf From c661ec7a177b90a76494a23ecbd44c6a840c97e7 Mon Sep 17 00:00:00 2001 From: Tom Hochstein Date: Thu, 24 Feb 2022 18:08:37 -0600 Subject: optee-test: Add runtime dependency on optee-os The TAs in optee-os are required. Signed-off-by: Tom Hochstein --- recipes-security/optee-imx/optee-test_3.15.0.imx.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-security/optee-imx/optee-test_3.15.0.imx.bb b/recipes-security/optee-imx/optee-test_3.15.0.imx.bb index fd6ef926..1d6de243 100644 --- a/recipes-security/optee-imx/optee-test_3.15.0.imx.bb +++ b/recipes-security/optee-imx/optee-test_3.15.0.imx.bb @@ -65,4 +65,6 @@ do_install () { FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/ ${libdir}/tee-supplicant/plugins/" +RDEPENDS:${PN} = "optee-os" + COMPATIBLE_MACHINE = "(imx-nxp-bsp)" -- cgit v1.2.3-54-g00ecf