optee-os: only activate customizations for TI platforms

Avoid inheriting ti-secdev class and adding unconditional dependency on TI_SECURE_DEV_PKG and other variables, when meta-ti-bsp is in the bblayers.conf stack, but not building for TI platforms. This solves yocto-check-layer signature test for Yocto Project compliance. Signed-off-by: Denys Dmytriyenko <denys@konsulko.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
author: Denys Dmytriyenko <denys@konsulko.com> 2023-05-11 18:43:00 +0000
committer: Ryan Eatmon <reatmon@ti.com> 2023-05-11 14:27:59 -0500
commit: 55c90c0aae7aebfddb55f38d93402df38172ff57 (patch)
tree: 54a35ff410b2d3b13fdb349f891e60e2d296d8a7 /meta-ti-bsp/recipes-security
parent: 24e9324551ecd853b7fa5326fadface547b96652 (diff)
download: meta-ti-55c90c0aae7aebfddb55f38d93402df38172ff57.tar.gz
2 files changed, 117 insertions, 113 deletions
diff --git a/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc b/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc
new file mode 100644
index 00000000..4f052996
--- /dev/null
+++ b/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc
@@ -0,0 +1,114 @@
+# Use TI SECDEV for signing
+inherit ti-secdev
+EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}"
+EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1"
+EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1"
+do_compile:append:k3() {
+    cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
+    cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
+    cp ${B}/core/tee.elf ${B}/bl32.elf
+}
+# Signing procedure for legacy HS devices
+optee_sign_legacyhs() {
+    ( cd ${B}/core/; \
+        ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
+        normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"`
+        mv tee.bin.signed ${B}/$normfl.optee; \
+    )
+    if [ "${OPTEEPAGER}" = "y" ]; then
+        oe_runmake -C ${S} clean
+        oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y
+        ( cd ${B}/core/; \
+            ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
+            normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"`
+            mv tee.bin.signed ${B}/$normfl-pager.optee; \
+        )
+    fi
+}
+do_compile:append:ti43x() {
+    optee_sign_legacyhs
+}
+do_compile:append:dra7xx() {
+    optee_sign_legacyhs
+}
+# Signing procedure for K3 devices
+optee_sign_k3hs() {
+    ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
+    cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
+    cp ${B}/core/tee.elf ${B}/bl32.elf
+}
+do_compile:append:am65xx-hs-evm() {
+    optee_sign_k3hs
+}
+do_compile:append:am64xx-evm() {
+    optee_sign_k3hs
+}
+do_compile:append:am62xx-evm() {
+    optee_sign_k3hs
+}
+do_compile:append:am62xx-lp-evm() {
+    optee_sign_k3hs
+}
+do_compile:append:am62axx-evm() {
+    optee_sign_k3hs
+}
+do_compile:append:j721e-hs-evm() {
+    optee_sign_k3hs
+}
+do_compile:append:j7200-hs-evm() {
+    optee_sign_k3hs
+}
+do_compile:append:j721s2-hs-evm() {
+    optee_sign_k3hs
+}
+do_compile:append:j784s4-hs-evm() {
+    optee_sign_k3hs
+}
+do_install:append:ti-soc() {
+    install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true
+    install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true
+    install -m 644 ${B}/bl32.bin.unsigned ${D}${nonarch_base_libdir}/firmware/ || true
+    install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ || true
+}
+optee_deploy_legacyhs() {
+    cd ${DEPLOYDIR}/
+    for f in optee/*.optee; do
+        ln -sf $f ${DEPLOYDIR}/
+    done
+}
+do_deploy:append:ti43x() {
+    optee_deploy_legacyhs
+}
+do_deploy:append:dra7xx() {
+    optee_deploy_legacyhs
+}
+do_deploy:append:k3() {
+    ln -sf optee/bl32.bin ${DEPLOYDIR}/
+    ln -sf optee/bl32.bin.unsigned ${DEPLOYDIR}/
+    ln -sf optee/bl32.elf ${DEPLOYDIR}/
+}
+# This is needed for bl32.elf
+INSANE_SKIP:${PN}:append:k3 = " textrel"
diff --git a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend
index 4f052996..0067cdc7 100644
--- a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend
+++ b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend
@@ -1,114 +1,4 @@
-# Use TI SECDEV for signing
+OPTEE_TI = ""
-inherit ti-secdev
+OPTEE_TI:ti-soc = "optee-os-ti.inc"
-EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}"
+require ${OPTEE_TI}
-EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1"
-EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1"
-do_compile:append:k3() {
-    cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
-    cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
-    cp ${B}/core/tee.elf ${B}/bl32.elf
-}
-# Signing procedure for legacy HS devices
-optee_sign_legacyhs() {
-    ( cd ${B}/core/; \
-        ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
-        normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"`
-        mv tee.bin.signed ${B}/$normfl.optee; \
-    )
-    if [ "${OPTEEPAGER}" = "y" ]; then
-        oe_runmake -C ${S} clean
-        oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y
-        ( cd ${B}/core/; \
-            ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
-            normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"`
-            mv tee.bin.signed ${B}/$normfl-pager.optee; \
-        )
-    fi
-}
-do_compile:append:ti43x() {
-    optee_sign_legacyhs
-}
-do_compile:append:dra7xx() {
-    optee_sign_legacyhs
-}
-# Signing procedure for K3 devices
-optee_sign_k3hs() {
-    ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
-    cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
-    cp ${B}/core/tee.elf ${B}/bl32.elf
-}
-do_compile:append:am65xx-hs-evm() {
-    optee_sign_k3hs
-}
-do_compile:append:am64xx-evm() {
-    optee_sign_k3hs
-}
-do_compile:append:am62xx-evm() {
-    optee_sign_k3hs
-}
-do_compile:append:am62xx-lp-evm() {
-    optee_sign_k3hs
-}
-do_compile:append:am62axx-evm() {
-    optee_sign_k3hs
-}
-do_compile:append:j721e-hs-evm() {
-    optee_sign_k3hs
-}
-do_compile:append:j7200-hs-evm() {
-    optee_sign_k3hs
-}
-do_compile:append:j721s2-hs-evm() {
-    optee_sign_k3hs
-}
-do_compile:append:j784s4-hs-evm() {
-    optee_sign_k3hs
-}
-do_install:append:ti-soc() {
-    install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true
-    install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true
-    install -m 644 ${B}/bl32.bin.unsigned ${D}${nonarch_base_libdir}/firmware/ || true
-    install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ || true
-}
-optee_deploy_legacyhs() {
-    cd ${DEPLOYDIR}/
-    for f in optee/*.optee; do
-        ln -sf $f ${DEPLOYDIR}/
-    done
-}
-do_deploy:append:ti43x() {
-    optee_deploy_legacyhs
-}
-do_deploy:append:dra7xx() {
-    optee_deploy_legacyhs
-}
-do_deploy:append:k3() {
-    ln -sf optee/bl32.bin ${DEPLOYDIR}/
-    ln -sf optee/bl32.bin.unsigned ${DEPLOYDIR}/
-    ln -sf optee/bl32.elf ${DEPLOYDIR}/
-}
-# This is needed for bl32.elf
-INSANE_SKIP:${PN}:append:k3 = " textrel"
author	Denys Dmytriyenko <denys@konsulko.com>	2023-05-11 18:43:00 +0000
committer	Ryan Eatmon <reatmon@ti.com>	2023-05-11 14:27:59 -0500
commit	55c90c0aae7aebfddb55f38d93402df38172ff57 (patch)
tree	54a35ff410b2d3b13fdb349f891e60e2d296d8a7 /meta-ti-bsp/recipes-security
parent	24e9324551ecd853b7fa5326fadface547b96652 (diff)
download	meta-ti-55c90c0aae7aebfddb55f38d93402df38172ff57.tar.gz

diff --git a/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc b/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc new file mode 100644 index 00000000..4f052996 --- /dev/null +++ b/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc
@@ -0,0 +1,114 @@
		1	# Use TI SECDEV for signing
		2	inherit ti-secdev
		3
		4	EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}"
		5
		6	EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1"
		7	EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1"
		8
		9	do_compile:append:k3() {
		10	cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
		11	cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
		12	cp ${B}/core/tee.elf ${B}/bl32.elf
		13	}
		14
		15	# Signing procedure for legacy HS devices
		16	optee_sign_legacyhs() {
		17	( cd ${B}/core/; \
		18	${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
		19	normfl=`echo ${OPTEEFLAVOR} \| tr "_" "-"`
		20	mv tee.bin.signed ${B}/$normfl.optee; \
		21	)
		22
		23	if [ "${OPTEEPAGER}" = "y" ]; then
		24	oe_runmake -C ${S} clean
		25	oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y
		26	( cd ${B}/core/; \
		27	${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
		28	normfl=`echo ${OPTEEFLAVOR} \| tr "_" "-"`
		29	mv tee.bin.signed ${B}/$normfl-pager.optee; \
		30	)
		31	fi
		32	}
		33
		34	do_compile:append:ti43x() {
		35	optee_sign_legacyhs
		36	}
		37
		38	do_compile:append:dra7xx() {
		39	optee_sign_legacyhs
		40	}
		41
		42	# Signing procedure for K3 devices
		43	optee_sign_k3hs() {
		44	${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
		45	cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
		46	cp ${B}/core/tee.elf ${B}/bl32.elf
		47	}
		48
		49	do_compile:append:am65xx-hs-evm() {
		50	optee_sign_k3hs
		51	}
		52
		53	do_compile:append:am64xx-evm() {
		54	optee_sign_k3hs
		55	}
		56
		57	do_compile:append:am62xx-evm() {
		58	optee_sign_k3hs
		59	}
		60
		61	do_compile:append:am62xx-lp-evm() {
		62	optee_sign_k3hs
		63	}
		64
		65	do_compile:append:am62axx-evm() {
		66	optee_sign_k3hs
		67	}
		68
		69	do_compile:append:j721e-hs-evm() {
		70	optee_sign_k3hs
		71	}
		72
		73	do_compile:append:j7200-hs-evm() {
		74	optee_sign_k3hs
		75	}
		76
		77	do_compile:append:j721s2-hs-evm() {
		78	optee_sign_k3hs
		79	}
		80
		81	do_compile:append:j784s4-hs-evm() {
		82	optee_sign_k3hs
		83	}
		84
		85	do_install:append:ti-soc() {
		86	install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ \|\| true
		87	install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ \|\| true
		88	install -m 644 ${B}/bl32.bin.unsigned ${D}${nonarch_base_libdir}/firmware/ \|\| true
		89	install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ \|\| true
		90	}
		91
		92	optee_deploy_legacyhs() {
		93	cd ${DEPLOYDIR}/
		94	for f in optee/*.optee; do
		95	ln -sf $f ${DEPLOYDIR}/
		96	done
		97	}
		98
		99	do_deploy:append:ti43x() {
		100	optee_deploy_legacyhs
		101	}
		102
		103	do_deploy:append:dra7xx() {
		104	optee_deploy_legacyhs
		105	}
		106
		107	do_deploy:append:k3() {
		108	ln -sf optee/bl32.bin ${DEPLOYDIR}/
		109	ln -sf optee/bl32.bin.unsigned ${DEPLOYDIR}/
		110	ln -sf optee/bl32.elf ${DEPLOYDIR}/
		111	}
		112
		113	# This is needed for bl32.elf
		114	INSANE_SKIP:${PN}:append:k3 = " textrel"


diff --git a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend index 4f052996..0067cdc7 100644 --- a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend +++ b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend
@@ -1,114 +1,4 @@
1	# Use TI SECDEV for signing	1	OPTEE_TI = ""
2	inherit ti-secdev	2	OPTEE_TI:ti-soc = "optee-os-ti.inc"
3		3
4	EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}"	4	require ${OPTEE_TI}
5
6	EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1"
7	EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1"
8
9	do_compile:append:k3() {
10	cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
11	cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
12	cp ${B}/core/tee.elf ${B}/bl32.elf
13	}
14
15	# Signing procedure for legacy HS devices
16	optee_sign_legacyhs() {
17	( cd ${B}/core/; \
18	${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
19	normfl=`echo ${OPTEEFLAVOR} \| tr "_" "-"`
20	mv tee.bin.signed ${B}/$normfl.optee; \
21	)
22
23	if [ "${OPTEEPAGER}" = "y" ]; then
24	oe_runmake -C ${S} clean
25	oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y
26	( cd ${B}/core/; \
27	${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
28	normfl=`echo ${OPTEEFLAVOR} \| tr "_" "-"`
29	mv tee.bin.signed ${B}/$normfl-pager.optee; \
30	)
31	fi
32	}
33
34	do_compile:append:ti43x() {
35	optee_sign_legacyhs
36	}
37
38	do_compile:append:dra7xx() {
39	optee_sign_legacyhs
40	}
41
42	# Signing procedure for K3 devices
43	optee_sign_k3hs() {
44	${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
45	cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
46	cp ${B}/core/tee.elf ${B}/bl32.elf
47	}
48
49	do_compile:append:am65xx-hs-evm() {
50	optee_sign_k3hs
51	}
52
53	do_compile:append:am64xx-evm() {
54	optee_sign_k3hs
55	}
56
57	do_compile:append:am62xx-evm() {
58	optee_sign_k3hs
59	}
60
61	do_compile:append:am62xx-lp-evm() {
62	optee_sign_k3hs
63	}
64
65	do_compile:append:am62axx-evm() {
66	optee_sign_k3hs
67	}
68
69	do_compile:append:j721e-hs-evm() {
70	optee_sign_k3hs
71	}
72
73	do_compile:append:j7200-hs-evm() {
74	optee_sign_k3hs
75	}
76
77	do_compile:append:j721s2-hs-evm() {
78	optee_sign_k3hs
79	}
80
81	do_compile:append:j784s4-hs-evm() {
82	optee_sign_k3hs
83	}
84
85	do_install:append:ti-soc() {
86	install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ \|\| true
87	install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ \|\| true
88	install -m 644 ${B}/bl32.bin.unsigned ${D}${nonarch_base_libdir}/firmware/ \|\| true
89	install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ \|\| true
90	}
91
92	optee_deploy_legacyhs() {
93	cd ${DEPLOYDIR}/
94	for f in optee/*.optee; do
95	ln -sf $f ${DEPLOYDIR}/
96	done
97	}
98
99	do_deploy:append:ti43x() {
100	optee_deploy_legacyhs
101	}
102
103	do_deploy:append:dra7xx() {
104	optee_deploy_legacyhs
105	}
106
107	do_deploy:append:k3() {
108	ln -sf optee/bl32.bin ${DEPLOYDIR}/
109	ln -sf optee/bl32.bin.unsigned ${DEPLOYDIR}/
110	ln -sf optee/bl32.elf ${DEPLOYDIR}/
111	}
112
113	# This is needed for bl32.elf
114	INSANE_SKIP:${PN}:append:k3 = " textrel"