optee-os: Only sign files for platforms that support it

We are seeing some testing issues where the new code that signs all of the files at all times is causing issues. So rollback the logic and only sign for platforms that support it. Signed-off-by: Ryan Eatmon <reatmon@ti.com>
author: Ryan Eatmon <reatmon@ti.com> 2023-03-29 15:35:01 -0500
committer: Ryan Eatmon <reatmon@ti.com> 2023-03-31 09:25:19 -0500
commit: 72cd51fa11b1f5cc9f252163792cdf495a5b1090 (patch)
tree: 67fc2442064209775390328648d4cac5dabd0936 /meta-ti-bsp/recipes-security
parent: aeb44bbe5335aa9b84b9315744c3a7dee4454a6d (diff)
download: meta-ti-72cd51fa11b1f5cc9f252163792cdf495a5b1090.tar.gz
1 files changed, 43 insertions, 1 deletions
diff --git a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend
index 0c5a6b21..4f052996 100644
--- a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend
+++ b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend
@@ -6,6 +6,12 @@ EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') i
 EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1"
 EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1"
+do_compile:append:k3() {
+    cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
+    cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
+    cp ${B}/core/tee.elf ${B}/bl32.elf
+}
 # Signing procedure for legacy HS devices
 optee_sign_legacyhs() {
    ( cd ${B}/core/; \
@@ -34,12 +40,48 @@ do_compile:append:dra7xx() {
 }
 # Signing procedure for K3 devices
-do_compile:append:k3() {
+optee_sign_k3hs() {
    ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
    cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
    cp ${B}/core/tee.elf ${B}/bl32.elf
 }
+do_compile:append:am65xx-hs-evm() {
+    optee_sign_k3hs
+}
+do_compile:append:am64xx-evm() {
+    optee_sign_k3hs
+}
+do_compile:append:am62xx-evm() {
+    optee_sign_k3hs
+}
+do_compile:append:am62xx-lp-evm() {
+    optee_sign_k3hs
+}
+do_compile:append:am62axx-evm() {
+    optee_sign_k3hs
+}
+do_compile:append:j721e-hs-evm() {
+    optee_sign_k3hs
+}
+do_compile:append:j7200-hs-evm() {
+    optee_sign_k3hs
+}
+do_compile:append:j721s2-hs-evm() {
+    optee_sign_k3hs
+}
+do_compile:append:j784s4-hs-evm() {
+    optee_sign_k3hs
+}
 do_install:append:ti-soc() {
    install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true
    install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true
author	Ryan Eatmon <reatmon@ti.com>	2023-03-29 15:35:01 -0500
committer	Ryan Eatmon <reatmon@ti.com>	2023-03-31 09:25:19 -0500
commit	72cd51fa11b1f5cc9f252163792cdf495a5b1090 (patch)
tree	67fc2442064209775390328648d4cac5dabd0936 /meta-ti-bsp/recipes-security
parent	aeb44bbe5335aa9b84b9315744c3a7dee4454a6d (diff)
download	meta-ti-72cd51fa11b1f5cc9f252163792cdf495a5b1090.tar.gz

diff --git a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend index 0c5a6b21..4f052996 100644 --- a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend +++ b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend
@@ -6,6 +6,12 @@ EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') i
6	EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1"	6	EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1"
7	EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1"	7	EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1"
8		8
		9	do_compile:append:k3() {
		10	cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
		11	cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
		12	cp ${B}/core/tee.elf ${B}/bl32.elf
		13	}
		14
9	# Signing procedure for legacy HS devices	15	# Signing procedure for legacy HS devices
10	optee_sign_legacyhs() {	16	optee_sign_legacyhs() {
11	( cd ${B}/core/; \	17	( cd ${B}/core/; \
@@ -34,12 +40,48 @@ do_compile:append:dra7xx() {
34	}	40	}
35		41
36	# Signing procedure for K3 devices	42	# Signing procedure for K3 devices
37	do_compile:append:k3() {	43	optee_sign_k3hs() {
38	${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin	44	${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
39	cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned	45	cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
40	cp ${B}/core/tee.elf ${B}/bl32.elf	46	cp ${B}/core/tee.elf ${B}/bl32.elf
41	}	47	}
42		48
		49	do_compile:append:am65xx-hs-evm() {
		50	optee_sign_k3hs
		51	}
		52
		53	do_compile:append:am64xx-evm() {
		54	optee_sign_k3hs
		55	}
		56
		57	do_compile:append:am62xx-evm() {
		58	optee_sign_k3hs
		59	}
		60
		61	do_compile:append:am62xx-lp-evm() {
		62	optee_sign_k3hs
		63	}
		64
		65	do_compile:append:am62axx-evm() {
		66	optee_sign_k3hs
		67	}
		68
		69	do_compile:append:j721e-hs-evm() {
		70	optee_sign_k3hs
		71	}
		72
		73	do_compile:append:j7200-hs-evm() {
		74	optee_sign_k3hs
		75	}
		76
		77	do_compile:append:j721s2-hs-evm() {
		78	optee_sign_k3hs
		79	}
		80
		81	do_compile:append:j784s4-hs-evm() {
		82	optee_sign_k3hs
		83	}
		84
43	do_install:append:ti-soc() {	85	do_install:append:ti-soc() {
44	install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ \|\| true	86	install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ \|\| true
45	install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ \|\| true	87	install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ \|\| true