diff options
| author | Denys Dmytriyenko <denys@konsulko.com> | 2023-05-11 18:43:00 +0000 |
|---|---|---|
| committer | Ryan Eatmon <reatmon@ti.com> | 2023-05-11 14:42:40 -0500 |
| commit | b5913c634442cd6035b16b43d171fb3d44f69a1f (patch) | |
| tree | cd27cb4d8a43e7c6470bec82520b656a67adf982 | |
| parent | 94635de40288b1ba132d873839704dd43ae96d56 (diff) | |
| download | meta-ti-b5913c634442cd6035b16b43d171fb3d44f69a1f.tar.gz | |
optee-os: only activate customizations for TI platforms
Avoid inheriting ti-secdev class and adding unconditional dependency
on TI_SECURE_DEV_PKG and other variables, when meta-ti-bsp is in the
bblayers.conf stack, but not building for TI platforms. This solves
yocto-check-layer signature test for Yocto Project compliance.
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
| -rw-r--r-- | meta-ti-bsp/recipes-security/optee/optee-os-ti.inc | 114 | ||||
| -rw-r--r-- | meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend | 120 |
2 files changed, 119 insertions, 115 deletions
diff --git a/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc b/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc new file mode 100644 index 00000000..4f052996 --- /dev/null +++ b/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc | |||
| @@ -0,0 +1,114 @@ | |||
| 1 | # Use TI SECDEV for signing | ||
| 2 | inherit ti-secdev | ||
| 3 | |||
| 4 | EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}" | ||
| 5 | |||
| 6 | EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1" | ||
| 7 | EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1" | ||
| 8 | |||
| 9 | do_compile:append:k3() { | ||
| 10 | cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin | ||
| 11 | cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned | ||
| 12 | cp ${B}/core/tee.elf ${B}/bl32.elf | ||
| 13 | } | ||
| 14 | |||
| 15 | # Signing procedure for legacy HS devices | ||
| 16 | optee_sign_legacyhs() { | ||
| 17 | ( cd ${B}/core/; \ | ||
| 18 | ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \ | ||
| 19 | normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"` | ||
| 20 | mv tee.bin.signed ${B}/$normfl.optee; \ | ||
| 21 | ) | ||
| 22 | |||
| 23 | if [ "${OPTEEPAGER}" = "y" ]; then | ||
| 24 | oe_runmake -C ${S} clean | ||
| 25 | oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y | ||
| 26 | ( cd ${B}/core/; \ | ||
| 27 | ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \ | ||
| 28 | normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"` | ||
| 29 | mv tee.bin.signed ${B}/$normfl-pager.optee; \ | ||
| 30 | ) | ||
| 31 | fi | ||
| 32 | } | ||
| 33 | |||
| 34 | do_compile:append:ti43x() { | ||
| 35 | optee_sign_legacyhs | ||
| 36 | } | ||
| 37 | |||
| 38 | do_compile:append:dra7xx() { | ||
| 39 | optee_sign_legacyhs | ||
| 40 | } | ||
| 41 | |||
| 42 | # Signing procedure for K3 devices | ||
| 43 | optee_sign_k3hs() { | ||
| 44 | ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin | ||
| 45 | cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned | ||
| 46 | cp ${B}/core/tee.elf ${B}/bl32.elf | ||
| 47 | } | ||
| 48 | |||
| 49 | do_compile:append:am65xx-hs-evm() { | ||
| 50 | optee_sign_k3hs | ||
| 51 | } | ||
| 52 | |||
| 53 | do_compile:append:am64xx-evm() { | ||
| 54 | optee_sign_k3hs | ||
| 55 | } | ||
| 56 | |||
| 57 | do_compile:append:am62xx-evm() { | ||
| 58 | optee_sign_k3hs | ||
| 59 | } | ||
| 60 | |||
| 61 | do_compile:append:am62xx-lp-evm() { | ||
| 62 | optee_sign_k3hs | ||
| 63 | } | ||
| 64 | |||
| 65 | do_compile:append:am62axx-evm() { | ||
| 66 | optee_sign_k3hs | ||
| 67 | } | ||
| 68 | |||
| 69 | do_compile:append:j721e-hs-evm() { | ||
| 70 | optee_sign_k3hs | ||
| 71 | } | ||
| 72 | |||
| 73 | do_compile:append:j7200-hs-evm() { | ||
| 74 | optee_sign_k3hs | ||
| 75 | } | ||
| 76 | |||
| 77 | do_compile:append:j721s2-hs-evm() { | ||
| 78 | optee_sign_k3hs | ||
| 79 | } | ||
| 80 | |||
| 81 | do_compile:append:j784s4-hs-evm() { | ||
| 82 | optee_sign_k3hs | ||
| 83 | } | ||
| 84 | |||
| 85 | do_install:append:ti-soc() { | ||
| 86 | install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true | ||
| 87 | install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true | ||
| 88 | install -m 644 ${B}/bl32.bin.unsigned ${D}${nonarch_base_libdir}/firmware/ || true | ||
| 89 | install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ || true | ||
| 90 | } | ||
| 91 | |||
| 92 | optee_deploy_legacyhs() { | ||
| 93 | cd ${DEPLOYDIR}/ | ||
| 94 | for f in optee/*.optee; do | ||
| 95 | ln -sf $f ${DEPLOYDIR}/ | ||
| 96 | done | ||
| 97 | } | ||
| 98 | |||
| 99 | do_deploy:append:ti43x() { | ||
| 100 | optee_deploy_legacyhs | ||
| 101 | } | ||
| 102 | |||
| 103 | do_deploy:append:dra7xx() { | ||
| 104 | optee_deploy_legacyhs | ||
| 105 | } | ||
| 106 | |||
| 107 | do_deploy:append:k3() { | ||
| 108 | ln -sf optee/bl32.bin ${DEPLOYDIR}/ | ||
| 109 | ln -sf optee/bl32.bin.unsigned ${DEPLOYDIR}/ | ||
| 110 | ln -sf optee/bl32.elf ${DEPLOYDIR}/ | ||
| 111 | } | ||
| 112 | |||
| 113 | # This is needed for bl32.elf | ||
| 114 | INSANE_SKIP:${PN}:append:k3 = " textrel" | ||
diff --git a/meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend index e61ebcc7..1ed8e26e 100644 --- a/meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend +++ b/meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend | |||
| @@ -1,117 +1,7 @@ | |||
| 1 | PV:ti-soc = "3.20.0+git${SRCPV}" | 1 | OPTEE_TI = "" |
| 2 | SRCREV:ti-soc = "8e74d47616a20eaa23ca692f4bbbf917a236ed94" | 2 | OPTEE_TI:ti-soc = "optee-os-ti.inc" |
| 3 | |||
| 4 | # Use TI SECDEV for signing | ||
| 5 | inherit ti-secdev | ||
| 6 | |||
| 7 | EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}" | ||
| 8 | |||
| 9 | EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1" | ||
| 10 | EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1" | ||
| 11 | |||
| 12 | do_compile:append:k3() { | ||
| 13 | cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin | ||
| 14 | cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned | ||
| 15 | cp ${B}/core/tee.elf ${B}/bl32.elf | ||
| 16 | } | ||
| 17 | |||
| 18 | # Signing procedure for legacy HS devices | ||
| 19 | optee_sign_legacyhs() { | ||
| 20 | ( cd ${B}/core/; \ | ||
| 21 | ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \ | ||
| 22 | normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"` | ||
| 23 | mv tee.bin.signed ${B}/$normfl.optee; \ | ||
| 24 | ) | ||
| 25 | |||
| 26 | if [ "${OPTEEPAGER}" = "y" ]; then | ||
| 27 | oe_runmake -C ${S} clean | ||
| 28 | oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y | ||
| 29 | ( cd ${B}/core/; \ | ||
| 30 | ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \ | ||
| 31 | normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"` | ||
| 32 | mv tee.bin.signed ${B}/$normfl-pager.optee; \ | ||
| 33 | ) | ||
| 34 | fi | ||
| 35 | } | ||
| 36 | |||
| 37 | do_compile:append:ti43x() { | ||
| 38 | optee_sign_legacyhs | ||
| 39 | } | ||
| 40 | |||
| 41 | do_compile:append:dra7xx() { | ||
| 42 | optee_sign_legacyhs | ||
| 43 | } | ||
| 44 | |||
| 45 | # Signing procedure for K3 devices | ||
| 46 | optee_sign_k3hs() { | ||
| 47 | ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin | ||
| 48 | cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned | ||
| 49 | cp ${B}/core/tee.elf ${B}/bl32.elf | ||
| 50 | } | ||
| 51 | |||
| 52 | do_compile:append:am65xx-hs-evm() { | ||
| 53 | optee_sign_k3hs | ||
| 54 | } | ||
| 55 | |||
| 56 | do_compile:append:am64xx-evm() { | ||
| 57 | optee_sign_k3hs | ||
| 58 | } | ||
| 59 | 3 | ||
| 60 | do_compile:append:am62xx-evm() { | 4 | require ${OPTEE_TI} |
| 61 | optee_sign_k3hs | ||
| 62 | } | ||
| 63 | 5 | ||
| 64 | do_compile:append:am62xx-lp-evm() { | 6 | PV:ti-soc = "3.20.0+git${SRCPV}" |
| 65 | optee_sign_k3hs | 7 | SRCREV:ti-soc = "8e74d47616a20eaa23ca692f4bbbf917a236ed94" |
| 66 | } | ||
| 67 | |||
| 68 | do_compile:append:am62axx-evm() { | ||
| 69 | optee_sign_k3hs | ||
| 70 | } | ||
| 71 | |||
| 72 | do_compile:append:j721e-hs-evm() { | ||
| 73 | optee_sign_k3hs | ||
| 74 | } | ||
| 75 | |||
| 76 | do_compile:append:j7200-hs-evm() { | ||
| 77 | optee_sign_k3hs | ||
| 78 | } | ||
| 79 | |||
| 80 | do_compile:append:j721s2-hs-evm() { | ||
| 81 | optee_sign_k3hs | ||
| 82 | } | ||
| 83 | |||
| 84 | do_compile:append:j784s4-hs-evm() { | ||
| 85 | optee_sign_k3hs | ||
| 86 | } | ||
| 87 | |||
| 88 | do_install:append:ti-soc() { | ||
| 89 | install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true | ||
| 90 | install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true | ||
| 91 | install -m 644 ${B}/bl32.bin.unsigned ${D}${nonarch_base_libdir}/firmware/ || true | ||
| 92 | install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ || true | ||
| 93 | } | ||
| 94 | |||
| 95 | optee_deploy_legacyhs() { | ||
| 96 | cd ${DEPLOYDIR}/ | ||
| 97 | for f in optee/*.optee; do | ||
| 98 | ln -sf $f ${DEPLOYDIR}/ | ||
| 99 | done | ||
| 100 | } | ||
| 101 | |||
| 102 | do_deploy:append:ti43x() { | ||
| 103 | optee_deploy_legacyhs | ||
| 104 | } | ||
| 105 | |||
| 106 | do_deploy:append:dra7xx() { | ||
| 107 | optee_deploy_legacyhs | ||
| 108 | } | ||
| 109 | |||
| 110 | do_deploy:append:k3() { | ||
| 111 | ln -sf optee/bl32.bin ${DEPLOYDIR}/ | ||
| 112 | ln -sf optee/bl32.bin.unsigned ${DEPLOYDIR}/ | ||
| 113 | ln -sf optee/bl32.elf ${DEPLOYDIR}/ | ||
| 114 | } | ||
| 115 | |||
| 116 | # This is needed for bl32.elf | ||
| 117 | INSANE_SKIP:${PN}:append:k3 = " textrel" | ||