diff options
author | Denys Dmytriyenko <denys@konsulko.com> | 2023-05-11 18:43:00 +0000 |
---|---|---|
committer | Ryan Eatmon <reatmon@ti.com> | 2023-05-11 14:42:40 -0500 |
commit | b5913c634442cd6035b16b43d171fb3d44f69a1f (patch) | |
tree | cd27cb4d8a43e7c6470bec82520b656a67adf982 | |
parent | 94635de40288b1ba132d873839704dd43ae96d56 (diff) | |
download | meta-ti-b5913c634442cd6035b16b43d171fb3d44f69a1f.tar.gz |
optee-os: only activate customizations for TI platforms
Avoid inheriting ti-secdev class and adding unconditional dependency
on TI_SECURE_DEV_PKG and other variables, when meta-ti-bsp is in the
bblayers.conf stack, but not building for TI platforms. This solves
yocto-check-layer signature test for Yocto Project compliance.
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
-rw-r--r-- | meta-ti-bsp/recipes-security/optee/optee-os-ti.inc | 114 | ||||
-rw-r--r-- | meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend | 120 |
2 files changed, 119 insertions, 115 deletions
diff --git a/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc b/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc new file mode 100644 index 00000000..4f052996 --- /dev/null +++ b/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc | |||
@@ -0,0 +1,114 @@ | |||
1 | # Use TI SECDEV for signing | ||
2 | inherit ti-secdev | ||
3 | |||
4 | EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}" | ||
5 | |||
6 | EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1" | ||
7 | EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1" | ||
8 | |||
9 | do_compile:append:k3() { | ||
10 | cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin | ||
11 | cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned | ||
12 | cp ${B}/core/tee.elf ${B}/bl32.elf | ||
13 | } | ||
14 | |||
15 | # Signing procedure for legacy HS devices | ||
16 | optee_sign_legacyhs() { | ||
17 | ( cd ${B}/core/; \ | ||
18 | ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \ | ||
19 | normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"` | ||
20 | mv tee.bin.signed ${B}/$normfl.optee; \ | ||
21 | ) | ||
22 | |||
23 | if [ "${OPTEEPAGER}" = "y" ]; then | ||
24 | oe_runmake -C ${S} clean | ||
25 | oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y | ||
26 | ( cd ${B}/core/; \ | ||
27 | ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \ | ||
28 | normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"` | ||
29 | mv tee.bin.signed ${B}/$normfl-pager.optee; \ | ||
30 | ) | ||
31 | fi | ||
32 | } | ||
33 | |||
34 | do_compile:append:ti43x() { | ||
35 | optee_sign_legacyhs | ||
36 | } | ||
37 | |||
38 | do_compile:append:dra7xx() { | ||
39 | optee_sign_legacyhs | ||
40 | } | ||
41 | |||
42 | # Signing procedure for K3 devices | ||
43 | optee_sign_k3hs() { | ||
44 | ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin | ||
45 | cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned | ||
46 | cp ${B}/core/tee.elf ${B}/bl32.elf | ||
47 | } | ||
48 | |||
49 | do_compile:append:am65xx-hs-evm() { | ||
50 | optee_sign_k3hs | ||
51 | } | ||
52 | |||
53 | do_compile:append:am64xx-evm() { | ||
54 | optee_sign_k3hs | ||
55 | } | ||
56 | |||
57 | do_compile:append:am62xx-evm() { | ||
58 | optee_sign_k3hs | ||
59 | } | ||
60 | |||
61 | do_compile:append:am62xx-lp-evm() { | ||
62 | optee_sign_k3hs | ||
63 | } | ||
64 | |||
65 | do_compile:append:am62axx-evm() { | ||
66 | optee_sign_k3hs | ||
67 | } | ||
68 | |||
69 | do_compile:append:j721e-hs-evm() { | ||
70 | optee_sign_k3hs | ||
71 | } | ||
72 | |||
73 | do_compile:append:j7200-hs-evm() { | ||
74 | optee_sign_k3hs | ||
75 | } | ||
76 | |||
77 | do_compile:append:j721s2-hs-evm() { | ||
78 | optee_sign_k3hs | ||
79 | } | ||
80 | |||
81 | do_compile:append:j784s4-hs-evm() { | ||
82 | optee_sign_k3hs | ||
83 | } | ||
84 | |||
85 | do_install:append:ti-soc() { | ||
86 | install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true | ||
87 | install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true | ||
88 | install -m 644 ${B}/bl32.bin.unsigned ${D}${nonarch_base_libdir}/firmware/ || true | ||
89 | install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ || true | ||
90 | } | ||
91 | |||
92 | optee_deploy_legacyhs() { | ||
93 | cd ${DEPLOYDIR}/ | ||
94 | for f in optee/*.optee; do | ||
95 | ln -sf $f ${DEPLOYDIR}/ | ||
96 | done | ||
97 | } | ||
98 | |||
99 | do_deploy:append:ti43x() { | ||
100 | optee_deploy_legacyhs | ||
101 | } | ||
102 | |||
103 | do_deploy:append:dra7xx() { | ||
104 | optee_deploy_legacyhs | ||
105 | } | ||
106 | |||
107 | do_deploy:append:k3() { | ||
108 | ln -sf optee/bl32.bin ${DEPLOYDIR}/ | ||
109 | ln -sf optee/bl32.bin.unsigned ${DEPLOYDIR}/ | ||
110 | ln -sf optee/bl32.elf ${DEPLOYDIR}/ | ||
111 | } | ||
112 | |||
113 | # This is needed for bl32.elf | ||
114 | INSANE_SKIP:${PN}:append:k3 = " textrel" | ||
diff --git a/meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend index e61ebcc7..1ed8e26e 100644 --- a/meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend +++ b/meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend | |||
@@ -1,117 +1,7 @@ | |||
1 | PV:ti-soc = "3.20.0+git${SRCPV}" | 1 | OPTEE_TI = "" |
2 | SRCREV:ti-soc = "8e74d47616a20eaa23ca692f4bbbf917a236ed94" | 2 | OPTEE_TI:ti-soc = "optee-os-ti.inc" |
3 | |||
4 | # Use TI SECDEV for signing | ||
5 | inherit ti-secdev | ||
6 | |||
7 | EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}" | ||
8 | |||
9 | EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1" | ||
10 | EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1" | ||
11 | |||
12 | do_compile:append:k3() { | ||
13 | cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin | ||
14 | cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned | ||
15 | cp ${B}/core/tee.elf ${B}/bl32.elf | ||
16 | } | ||
17 | |||
18 | # Signing procedure for legacy HS devices | ||
19 | optee_sign_legacyhs() { | ||
20 | ( cd ${B}/core/; \ | ||
21 | ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \ | ||
22 | normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"` | ||
23 | mv tee.bin.signed ${B}/$normfl.optee; \ | ||
24 | ) | ||
25 | |||
26 | if [ "${OPTEEPAGER}" = "y" ]; then | ||
27 | oe_runmake -C ${S} clean | ||
28 | oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y | ||
29 | ( cd ${B}/core/; \ | ||
30 | ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \ | ||
31 | normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"` | ||
32 | mv tee.bin.signed ${B}/$normfl-pager.optee; \ | ||
33 | ) | ||
34 | fi | ||
35 | } | ||
36 | |||
37 | do_compile:append:ti43x() { | ||
38 | optee_sign_legacyhs | ||
39 | } | ||
40 | |||
41 | do_compile:append:dra7xx() { | ||
42 | optee_sign_legacyhs | ||
43 | } | ||
44 | |||
45 | # Signing procedure for K3 devices | ||
46 | optee_sign_k3hs() { | ||
47 | ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin | ||
48 | cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned | ||
49 | cp ${B}/core/tee.elf ${B}/bl32.elf | ||
50 | } | ||
51 | |||
52 | do_compile:append:am65xx-hs-evm() { | ||
53 | optee_sign_k3hs | ||
54 | } | ||
55 | |||
56 | do_compile:append:am64xx-evm() { | ||
57 | optee_sign_k3hs | ||
58 | } | ||
59 | 3 | ||
60 | do_compile:append:am62xx-evm() { | 4 | require ${OPTEE_TI} |
61 | optee_sign_k3hs | ||
62 | } | ||
63 | 5 | ||
64 | do_compile:append:am62xx-lp-evm() { | 6 | PV:ti-soc = "3.20.0+git${SRCPV}" |
65 | optee_sign_k3hs | 7 | SRCREV:ti-soc = "8e74d47616a20eaa23ca692f4bbbf917a236ed94" |
66 | } | ||
67 | |||
68 | do_compile:append:am62axx-evm() { | ||
69 | optee_sign_k3hs | ||
70 | } | ||
71 | |||
72 | do_compile:append:j721e-hs-evm() { | ||
73 | optee_sign_k3hs | ||
74 | } | ||
75 | |||
76 | do_compile:append:j7200-hs-evm() { | ||
77 | optee_sign_k3hs | ||
78 | } | ||
79 | |||
80 | do_compile:append:j721s2-hs-evm() { | ||
81 | optee_sign_k3hs | ||
82 | } | ||
83 | |||
84 | do_compile:append:j784s4-hs-evm() { | ||
85 | optee_sign_k3hs | ||
86 | } | ||
87 | |||
88 | do_install:append:ti-soc() { | ||
89 | install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true | ||
90 | install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true | ||
91 | install -m 644 ${B}/bl32.bin.unsigned ${D}${nonarch_base_libdir}/firmware/ || true | ||
92 | install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ || true | ||
93 | } | ||
94 | |||
95 | optee_deploy_legacyhs() { | ||
96 | cd ${DEPLOYDIR}/ | ||
97 | for f in optee/*.optee; do | ||
98 | ln -sf $f ${DEPLOYDIR}/ | ||
99 | done | ||
100 | } | ||
101 | |||
102 | do_deploy:append:ti43x() { | ||
103 | optee_deploy_legacyhs | ||
104 | } | ||
105 | |||
106 | do_deploy:append:dra7xx() { | ||
107 | optee_deploy_legacyhs | ||
108 | } | ||
109 | |||
110 | do_deploy:append:k3() { | ||
111 | ln -sf optee/bl32.bin ${DEPLOYDIR}/ | ||
112 | ln -sf optee/bl32.bin.unsigned ${DEPLOYDIR}/ | ||
113 | ln -sf optee/bl32.elf ${DEPLOYDIR}/ | ||
114 | } | ||
115 | |||
116 | # This is needed for bl32.elf | ||
117 | INSANE_SKIP:${PN}:append:k3 = " textrel" | ||