optee-os: add TI signing calls via TI_SECURE_DEV_PKG

It was originally residing in meta-arago due to earlier dependency on meta-optee layer from meta-linaro. Now optee is in meta-arm and this code can move to meta-ti. Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Dan Murphy <dmurphy@ti.com>
author: Denys Dmytriyenko <denys@ti.com> 2020-10-10 02:11:49 +0000
committer: Dan Murphy <dmurphy@ti.com> 2020-10-10 11:46:29 -0500
commit: 896afdb67dc12544ae7367fe675f5858349dfc10 (patch)
tree: 4ba9632bb26bf3d120d4808db86f88ec04e19736
parent: 5c5fc6c2aa5444adc449a82c84ad725de316ea42 (diff)
download: meta-ti-896afdb67dc12544ae7367fe675f5858349dfc10.tar.gz
1 files changed, 83 insertions, 0 deletions
diff --git a/recipes-security/optee/optee-os_%.bbappend b/recipes-security/optee/optee-os_%.bbappend
new file mode 100644
index 00000000..2846d0ad
--- /dev/null
+++ b/recipes-security/optee/optee-os_%.bbappend
@@ -0,0 +1,83 @@
+do_compile_prepend_ti-soc() {
+    export TI_SECURE_DEV_PKG=${TI_SECURE_DEV_PKG}
+}
+do_compile_append_k3() {
+    ( cd out/arm-plat-${OPTEEOUTPUTMACHINE}/core/; \
+        cp tee-pager_v2.bin ${B}/bl32.bin; \
+        cp tee.elf ${B}/bl32.elf; \
+    )
+}
+# Signing procedure for legacy HS devices
+optee_sign_legacyhs() {
+    ( cd out/arm-plat-${OPTEEOUTPUTMACHINE}/core/; \
+        ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
+        normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"`
+        mv tee.bin.signed ${B}/$normfl.optee; \
+    )
+    if [ "${OPTEEPAGER}" = "y" ]; then
+        rm -rf out/
+        oe_runmake all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y
+        ( cd out/arm-plat-${OPTEEOUTPUTMACHINE}/core/; \
+            ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
+            normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"`
+            mv tee.bin.signed ${B}/$normfl-pager.optee; \
+        )
+    fi
+}
+# Signing procedure for K3 HS devices
+optee_sign_k3hs() {
+    ( cd out/arm-plat-${OPTEEOUTPUTMACHINE}/core/; \
+        ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee-pager_v2.bin tee-pager.bin.signed; \
+        mv tee-pager.bin.signed ${B}/bl32.bin; \
+        cp tee.elf ${B}/bl32.elf; \
+    )
+}
+do_compile_append_ti43x() {
+    optee_sign_legacyhs
+}
+do_compile_append_dra7xx() {
+    optee_sign_legacyhs
+}
+do_compile_append_am65xx-hs-evm() {
+    optee_sign_k3hs
+}
+do_compile_append_j7-hs-evm() {
+    optee_sign_k3hs
+}
+do_install_append_ti-soc() {
+    install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true
+    install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true
+    install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ || true
+}
+optee_deploy_legacyhs() {
+    cd ${DEPLOYDIR}/
+    for f in optee/*.optee; do
+        ln -sf $f ${DEPLOYDIR}/
+    done
+}
+do_deploy_append_ti43x() {
+    optee_deploy_legacyhs
+}
+do_deploy_append_dra7xx() {
+    optee_deploy_legacyhs
+}
+do_deploy_append_k3() {
+    ln -sf optee/bl32.bin ${DEPLOYDIR}/
+    ln -sf optee/bl32.elf ${DEPLOYDIR}/
+}
+# This is needed for bl32.elf
+INSANE_SKIP_${PN}_append_k3 = " textrel"
author	Denys Dmytriyenko <denys@ti.com>	2020-10-10 02:11:49 +0000
committer	Dan Murphy <dmurphy@ti.com>	2020-10-10 11:46:29 -0500
commit	896afdb67dc12544ae7367fe675f5858349dfc10 (patch)
tree	4ba9632bb26bf3d120d4808db86f88ec04e19736
parent	5c5fc6c2aa5444adc449a82c84ad725de316ea42 (diff)
download	meta-ti-896afdb67dc12544ae7367fe675f5858349dfc10.tar.gz

diff --git a/recipes-security/optee/optee-os_%.bbappend b/recipes-security/optee/optee-os_%.bbappend new file mode 100644 index 00000000..2846d0ad --- /dev/null +++ b/recipes-security/optee/optee-os_%.bbappend
@@ -0,0 +1,83 @@
	1	do_compile_prepend_ti-soc() {
	2	export TI_SECURE_DEV_PKG=${TI_SECURE_DEV_PKG}
	3	}
	4
	5	do_compile_append_k3() {
	6	( cd out/arm-plat-${OPTEEOUTPUTMACHINE}/core/; \
	7	cp tee-pager_v2.bin ${B}/bl32.bin; \
	8	cp tee.elf ${B}/bl32.elf; \
	9	)
	10	}
	11
	12	# Signing procedure for legacy HS devices
	13	optee_sign_legacyhs() {
	14	( cd out/arm-plat-${OPTEEOUTPUTMACHINE}/core/; \
	15	${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
	16	normfl=`echo ${OPTEEFLAVOR} \| tr "_" "-"`
	17	mv tee.bin.signed ${B}/$normfl.optee; \
	18	)
	19
	20	if [ "${OPTEEPAGER}" = "y" ]; then
	21	rm -rf out/
	22	oe_runmake all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y
	23	( cd out/arm-plat-${OPTEEOUTPUTMACHINE}/core/; \
	24	${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
	25	normfl=`echo ${OPTEEFLAVOR} \| tr "_" "-"`
	26	mv tee.bin.signed ${B}/$normfl-pager.optee; \
	27	)
	28	fi
	29	}
	30
	31	# Signing procedure for K3 HS devices
	32	optee_sign_k3hs() {
	33	( cd out/arm-plat-${OPTEEOUTPUTMACHINE}/core/; \
	34	${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee-pager_v2.bin tee-pager.bin.signed; \
	35	mv tee-pager.bin.signed ${B}/bl32.bin; \
	36	cp tee.elf ${B}/bl32.elf; \
	37	)
	38	}
	39
	40	do_compile_append_ti43x() {
	41	optee_sign_legacyhs
	42	}
	43
	44	do_compile_append_dra7xx() {
	45	optee_sign_legacyhs
	46	}
	47
	48	do_compile_append_am65xx-hs-evm() {
	49	optee_sign_k3hs
	50	}
	51
	52	do_compile_append_j7-hs-evm() {
	53	optee_sign_k3hs
	54	}
	55
	56	do_install_append_ti-soc() {
	57	install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ \|\| true
	58	install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ \|\| true
	59	install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ \|\| true
	60	}
	61
	62	optee_deploy_legacyhs() {
	63	cd ${DEPLOYDIR}/
	64	for f in optee/*.optee; do
	65	ln -sf $f ${DEPLOYDIR}/
	66	done
	67	}
	68
	69	do_deploy_append_ti43x() {
	70	optee_deploy_legacyhs
	71	}
	72
	73	do_deploy_append_dra7xx() {
	74	optee_deploy_legacyhs
	75	}
	76
	77	do_deploy_append_k3() {
	78	ln -sf optee/bl32.bin ${DEPLOYDIR}/
	79	ln -sf optee/bl32.elf ${DEPLOYDIR}/
	80	}
	81
	82	# This is needed for bl32.elf
	83	INSANE_SKIP_${PN}_append_k3 = " textrel"