optee-os: upgrade to upstream 3.11.0

As meta-arm has this version in master, but not in dunfell, temporarily overlay corresponding patches locally - could be removed for the next release. Need to alter FILESEXTRAPATHS for bbappend to locate local patches. Since meta-arm/dunfell has 3.8-specific patches in SRC_URI, let's redefine it completely to match 3.11-specific patch list in meta-arm/master. Last, but not least, guard all upstream recipe varibales with "ti-soc" override to only affect platforms in meta-ti, but not any other BSPs. Signed-off-by: Denys Dmytriyenko <denis@denix.org> Signed-off-by: Dan Murphy <dmurphy@ti.com>
author: Denys Dmytriyenko <denis@denix.org> 2020-12-18 03:40:34 +0000
committer: Dan Murphy <dmurphy@ti.com> 2021-01-08 06:34:55 -0600
commit: be0396863b0ebb368e43526e4a643d380dc34b71 (patch)
tree: 8d793b49ac836c7f9f62f7f198e03cbb87cf3905 /recipes-security/optee
parent: 89402b1230533444fa1f96138d98a6e037996ed2 (diff)
download: meta-ti-be0396863b0ebb368e43526e4a643d380dc34b71.tar.gz
6 files changed, 239 insertions, 0 deletions
diff --git a/recipes-security/optee/optee-os/0001-libutils-provide-empty-__getauxval-implementation.patch b/recipes-security/optee/optee-os/0001-libutils-provide-empty-__getauxval-implementation.patch
new file mode 100644
index 00000000..0120f5c2
--- /dev/null
+++ b/recipes-security/optee/optee-os/0001-libutils-provide-empty-__getauxval-implementation.patch
@@ -0,0 +1,62 @@
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+From 36e784f621bf5d5be9183beba35f39426277c110 Mon Sep 17 00:00:00 2001
+From: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
+Date: Tue, 13 Oct 2020 22:45:39 +0300
+Subject: [PATCH 1/3] libutils: provide empty __getauxval() implementation
+Never version of libgcc are built with LSE implementation in mind. To
+determine if LSE is available on platform it calls __getauxval(), so in
+some cases we can get undefined reference to __getauxval() error.
+Prominent case is libgcc_eh.a library, which is used by C++ TAs. Exception
+handler depends on atomic operations, so it tries to call
+init_have_lse_atomics() first. This function in turn calls __getauxval(),
+which causes linking error.
+In the future we can make __getauxval() to return actual platform
+capabilities.
+Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
+Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
+Reviewed-by: Jerome Forissier <jerome@forissier.org>
+---
+ lib/libutils/ext/arch/arm/auxval.c | 12 ++++++++++++
+ lib/libutils/ext/arch/arm/sub.mk   |  1 +
+ 2 files changed, 13 insertions(+)
+ create mode 100644 lib/libutils/ext/arch/arm/auxval.c
+diff --git a/lib/libutils/ext/arch/arm/auxval.c b/lib/libutils/ext/arch/arm/auxval.c
+new file mode 100644
+index 00000000..98bca850
+--- /dev/null
+++ b/lib/libutils/ext/arch/arm/auxval.c
+@@ -0,0 +1,12 @@
+// SPDX-License-Identifier: BSD-2-Clause
+/*
+ * Copyright (c) 2020, EPAM Systems
+ */
+
+#include <compiler.h>
+
+unsigned long int __getauxval (unsigned long int type);
+unsigned long int __getauxval (unsigned long int type __unused)
+{
+       return 0;
+}
+diff --git a/lib/libutils/ext/arch/arm/sub.mk b/lib/libutils/ext/arch/arm/sub.mk
+index dc5eed67..2e779066 100644
+--- a/lib/libutils/ext/arch/arm/sub.mk
+++ b/lib/libutils/ext/arch/arm/sub.mk
+@@ -3,6 +3,7 @@ srcs-$(CFG_ARM32_$(sm)) += aeabi_unwind.c
+ endif
+ srcs-$(CFG_ARM32_$(sm)) += atomic_a32.S
+ srcs-$(CFG_ARM64_$(sm)) += atomic_a64.S
+srcs-y += auxval.c
+ ifneq ($(sm),ldelf) # TA, core
+ srcs-$(CFG_ARM32_$(sm)) += mcount_a32.S
+ srcs-$(CFG_ARM64_$(sm)) += mcount_a64.S
+-- 
+2.25.1
diff --git a/recipes-security/optee/optee-os/0002-link.mk-implement-support-for-libnames-after-libgcc-.patch b/recipes-security/optee/optee-os/0002-link.mk-implement-support-for-libnames-after-libgcc-.patch
new file mode 100644
index 00000000..11296c8c
--- /dev/null
+++ b/recipes-security/optee/optee-os/0002-link.mk-implement-support-for-libnames-after-libgcc-.patch
@@ -0,0 +1,55 @@
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+From 73196b58ea6978ffa5e581738030f51c5789ef73 Mon Sep 17 00:00:00 2001
+From: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
+Date: Tue, 13 Oct 2020 22:54:13 +0300
+Subject: [PATCH 2/3] link.mk: implement support for libnames-after-libgcc
+ variable
+Newer versions of libgcc depend on external __getauxval() symbol, which is
+now provided by libutils. But libgcc is linked after libutils, so linker
+can't resolve that symbol. We can't include libgcc into linking group with
+libtutils, because libgcc provides symbols that conflict with libutil's
+ones, like __aeabi_idiv with friends for instance.
+So, to resolve libgcc dependency on libutils we need to link with libutils
+second time. To make things more generic, we will introduce
+$(libnames-after-libgcc) variable for libraries that should be linked after
+libgcc.
+Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
+Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
+Reviewed-by: Jerome Forissier <jerome@forissier.org>
+---
+ ta/arch/arm/link.mk | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+diff --git a/ta/arch/arm/link.mk b/ta/arch/arm/link.mk
+index 445c285d..3025acb1 100644
+--- a/ta/arch/arm/link.mk
+++ b/ta/arch/arm/link.mk
+@@ -55,8 +55,11 @@ link-ldflags += --eh-frame-hdr
+ link-ldadd += $(libstdc++$(sm)) $(libgcc_eh$(sm))
+ endif
+ link-ldadd += --end-group
+-ldargs-$(user-ta-uuid).elf := $(link-ldflags) $(objs) $(link-ldadd) $(libgcc$(sm))
+ 
+link-ldadd-after-libgcc += $(addprefix -l,$(libnames-after-libgcc))
+
+ldargs-$(user-ta-uuid).elf := $(link-ldflags) $(objs) $(link-ldadd) \
+                               $(libgcc$(sm)) $(link-ldadd-after-libgcc)
+ 
+ link-script-cppflags-$(sm) := \
+        $(filter-out $(CPPFLAGS_REMOVE) $(cppflags-remove), \
+@@ -76,6 +79,7 @@ $(link-script-pp$(sm)): $(link-script$(sm)) $(conf-file) $(link-script-pp-makefi
+                $(link-script-cppflags-$(sm)) $$< -o $$@
+ 
+ $(link-out-dir$(sm))/$(user-ta-uuid).elf: $(objs) $(libdeps) \
+                                         $(libdeps-after-libgcc) \
+                                          $(link-script-pp$(sm)) \
+                                          $(dynlistdep) \
+                                          $(additional-link-deps)
+-- 
+2.25.1
diff --git a/recipes-security/optee/optee-os/0003-ta_dev_kit.mk-make-sure-that-libutils-is-linked-seco.patch b/recipes-security/optee/optee-os/0003-ta_dev_kit.mk-make-sure-that-libutils-is-linked-seco.patch
new file mode 100644
index 00000000..88ba5f85
--- /dev/null
+++ b/recipes-security/optee/optee-os/0003-ta_dev_kit.mk-make-sure-that-libutils-is-linked-seco.patch
@@ -0,0 +1,44 @@
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+From f50962e3f56f0932662b2ffa10afe53339a335dd Mon Sep 17 00:00:00 2001
+From: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
+Date: Fri, 16 Oct 2020 16:36:08 +0300
+Subject: [PATCH 3/3] ta_dev_kit.mk: make sure that libutils is linked second
+ time
+libgcc depends on __getauxval symbol from libuils. As, generally libutils
+is linked before libgcc, we will get "unresolved symbol" error. To resolve
+this dependency we need to link libutils second time - after libgcc.
+Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
+Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
+Reviewed-by: Jerome Forissier <jerome@forissier.org>
+---
+ ta/mk/ta_dev_kit.mk | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+diff --git a/ta/mk/ta_dev_kit.mk b/ta/mk/ta_dev_kit.mk
+index e28be677..d0e66317 100644
+--- a/ta/mk/ta_dev_kit.mk
+++ b/ta/mk/ta_dev_kit.mk
+@@ -78,6 +78,16 @@ endif
+ libnames += dl
+ libdeps += $(ta-dev-kit-dir$(sm))/lib/libdl.a
+ 
+# libutils provides __getauxval symbol which is needed by libgcc 10.x. We can't
+# link libutils after libgcc, because libgcc will replace some symbols provided
+# by libutils, which will cause further linking issues.
+#
+# But if we place libutils before libgcc, linker will not be able to resolve
+# __getauxval. So we need to link with libutils twice: before and after libgcc.
+# Hence it included both in $(libnames) and in $(libnames-after-libgcc)
+libnames-after-libgcc += utils
+libdeps-after-libgcc += $(ta-dev-kit-dir$(sm))/lib/libutils.a
+
+ # Pass config variable (CFG_) from conf.mk on the command line
+ cppflags$(sm) += $(strip \
+        $(foreach var, $(filter CFG_%,$(.VARIABLES)), \
+-- 
+2.25.1
diff --git a/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch
new file mode 100644
index 00000000..17005396
--- /dev/null
+++ b/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch
@@ -0,0 +1,34 @@
+From 0bab935695ebcf0c533b49896ab18ff33d4a47d1 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Tue, 26 May 2020 14:38:02 -0500
+Subject: [PATCH] allow setting sysroot for libgcc lookup
+Explicitly pass the new variable LIBGCC_LOCATE_CFLAGS variable when searching
+for the compiler libraries as there's no easy way to reliably pass --sysroot
+otherwise.
+Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ mk/gcc.mk | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+diff --git a/mk/gcc.mk b/mk/gcc.mk
+index adc77a24..81bfa78a 100644
+--- a/mk/gcc.mk
+++ b/mk/gcc.mk
+@@ -13,11 +13,11 @@ nostdinc$(sm)       := -nostdinc -isystem $(shell $(CC$(sm)) \
+                        -print-file-name=include 2> /dev/null)
+ 
+ # Get location of libgcc from gcc
+-libgcc$(sm)    := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
+libgcc$(sm)    := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
+                        -print-libgcc-file-name 2> /dev/null)
+-libstdc++$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
+libstdc++$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
+                        -print-file-name=libstdc++.a 2> /dev/null)
+-libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
+libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
+                        -print-file-name=libgcc_eh.a 2> /dev/null)
+ 
+ # Define these to something to discover accidental use
diff --git a/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch b/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch
new file mode 100644
index 00000000..5c0d0a56
--- /dev/null
+++ b/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch
@@ -0,0 +1,29 @@
+From 3167f2c0dba4db59d61b60a8fe66f969d20aafa9 Mon Sep 17 00:00:00 2001
+From: Brett Warren <brett.warren@arm.com>
+Date: Wed, 23 Sep 2020 09:27:34 +0100
+Subject: [PATCH] optee: enable clang support
+When compiling with clang, the LIBGCC_LOCATE_CFLAG variable used
+to provide a sysroot wasn't included, which results in not locating
+compiler-rt. This is mitigated by including the variable as ammended.
+Upstream-Status: Pending
+ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701
+Signed-off-by: Brett Warren <brett.warren@arm.com>
+---
+ mk/clang.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/mk/clang.mk b/mk/clang.mk
+index 0f48c836..47465523 100644
+--- a/mk/clang.mk
+++ b/mk/clang.mk
+@@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
+ 
+ # Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of
+ # libgcc for clang
+-libgcc$(sm)    := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
+libgcc$(sm)    := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
+                        -rtlib=compiler-rt -print-libgcc-file-name 2> /dev/null)
+ 
+ # Core ASLR relies on the executable being ready to run from its preferred load
diff --git a/recipes-security/optee/optee-os_%.bbappend b/recipes-security/optee/optee-os_%.bbappend
index 2846d0ad..8072490f 100644
--- a/recipes-security/optee/optee-os_%.bbappend
+++ b/recipes-security/optee/optee-os_%.bbappend
@@ -1,3 +1,18 @@
+FILESEXTRAPATHS_prepend_ti-soc := "${THISDIR}/${PN}:"
+PV_ti-soc = "3.11.0+git${SRCPV}"
+SRCREV_ti-soc = "c4def2a8262a03244d9a88461699b9b8e43c6b55"
+SRC_URI_ti-soc = " \
+    git://github.com/OP-TEE/optee_os.git \
+    file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \
+    file://0007-allow-setting-sysroot-for-clang.patch \
+    file://0001-libutils-provide-empty-__getauxval-implementation.patch \
+    file://0002-link.mk-implement-support-for-libnames-after-libgcc-.patch \
+    file://0003-ta_dev_kit.mk-make-sure-that-libutils-is-linked-seco.patch \
+"
 do_compile_prepend_ti-soc() {
    export TI_SECURE_DEV_PKG=${TI_SECURE_DEV_PKG}
 }
author	Denys Dmytriyenko <denis@denix.org>	2020-12-18 03:40:34 +0000
committer	Dan Murphy <dmurphy@ti.com>	2021-01-08 06:34:55 -0600
commit	be0396863b0ebb368e43526e4a643d380dc34b71 (patch)
tree	8d793b49ac836c7f9f62f7f198e03cbb87cf3905 /recipes-security/optee
parent	89402b1230533444fa1f96138d98a6e037996ed2 (diff)
download	meta-ti-be0396863b0ebb368e43526e4a643d380dc34b71.tar.gz

diff --git a/recipes-security/optee/optee-os/0001-libutils-provide-empty-__getauxval-implementation.patch b/recipes-security/optee/optee-os/0001-libutils-provide-empty-__getauxval-implementation.patch new file mode 100644 index 00000000..0120f5c2 --- /dev/null +++ b/recipes-security/optee/optee-os/0001-libutils-provide-empty-__getauxval-implementation.patch
@@ -0,0 +1,62 @@
		1	Upstream-Status: Backport
		2	Signed-off-by: Ross Burton <ross.burton@arm.com>
		3
		4	From 36e784f621bf5d5be9183beba35f39426277c110 Mon Sep 17 00:00:00 2001
		5	From: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
		6	Date: Tue, 13 Oct 2020 22:45:39 +0300
		7	Subject: [PATCH 1/3] libutils: provide empty __getauxval() implementation
		8
		9	Never version of libgcc are built with LSE implementation in mind. To
		10	determine if LSE is available on platform it calls __getauxval(), so in
		11	some cases we can get undefined reference to __getauxval() error.
		12
		13	Prominent case is libgcc_eh.a library, which is used by C++ TAs. Exception
		14	handler depends on atomic operations, so it tries to call
		15	init_have_lse_atomics() first. This function in turn calls __getauxval(),
		16	which causes linking error.
		17
		18	In the future we can make __getauxval() to return actual platform
		19	capabilities.
		20
		21	Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
		22	Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
		23	Reviewed-by: Jerome Forissier <jerome@forissier.org>
		24	---
		25	lib/libutils/ext/arch/arm/auxval.c \| 12 ++++++++++++
		26	lib/libutils/ext/arch/arm/sub.mk \| 1 +
		27	2 files changed, 13 insertions(+)
		28	create mode 100644 lib/libutils/ext/arch/arm/auxval.c
		29
		30	diff --git a/lib/libutils/ext/arch/arm/auxval.c b/lib/libutils/ext/arch/arm/auxval.c
		31	new file mode 100644
		32	index 00000000..98bca850
		33	--- /dev/null
		34	+++ b/lib/libutils/ext/arch/arm/auxval.c
		35	@@ -0,0 +1,12 @@
		36	+// SPDX-License-Identifier: BSD-2-Clause
		37	+/*
		38	+ * Copyright (c) 2020, EPAM Systems
		39	+ */
		40	+
		41	+#include <compiler.h>
		42	+
		43	+unsigned long int __getauxval (unsigned long int type);
		44	+unsigned long int __getauxval (unsigned long int type __unused)
		45	+{
		46	+ return 0;
		47	+}
		48	diff --git a/lib/libutils/ext/arch/arm/sub.mk b/lib/libutils/ext/arch/arm/sub.mk
		49	index dc5eed67..2e779066 100644
		50	--- a/lib/libutils/ext/arch/arm/sub.mk
		51	+++ b/lib/libutils/ext/arch/arm/sub.mk
		52	@@ -3,6 +3,7 @@ srcs-$(CFG_ARM32_$(sm)) += aeabi_unwind.c
		53	endif
		54	srcs-$(CFG_ARM32_$(sm)) += atomic_a32.S
		55	srcs-$(CFG_ARM64_$(sm)) += atomic_a64.S
		56	+srcs-y += auxval.c
		57	ifneq ($(sm),ldelf) # TA, core
		58	srcs-$(CFG_ARM32_$(sm)) += mcount_a32.S
		59	srcs-$(CFG_ARM64_$(sm)) += mcount_a64.S
		60	--
		61	2.25.1
		62


diff --git a/recipes-security/optee/optee-os/0002-link.mk-implement-support-for-libnames-after-libgcc-.patch b/recipes-security/optee/optee-os/0002-link.mk-implement-support-for-libnames-after-libgcc-.patch new file mode 100644 index 00000000..11296c8c --- /dev/null +++ b/recipes-security/optee/optee-os/0002-link.mk-implement-support-for-libnames-after-libgcc-.patch
@@ -0,0 +1,55 @@
		1	Upstream-Status: Backport
		2	Signed-off-by: Ross Burton <ross.burton@arm.com>
		3
		4	From 73196b58ea6978ffa5e581738030f51c5789ef73 Mon Sep 17 00:00:00 2001
		5	From: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
		6	Date: Tue, 13 Oct 2020 22:54:13 +0300
		7	Subject: [PATCH 2/3] link.mk: implement support for libnames-after-libgcc
		8	variable
		9
		10	Newer versions of libgcc depend on external __getauxval() symbol, which is
		11	now provided by libutils. But libgcc is linked after libutils, so linker
		12	can't resolve that symbol. We can't include libgcc into linking group with
		13	libtutils, because libgcc provides symbols that conflict with libutil's
		14	ones, like __aeabi_idiv with friends for instance.
		15
		16	So, to resolve libgcc dependency on libutils we need to link with libutils
		17	second time. To make things more generic, we will introduce
		18	$(libnames-after-libgcc) variable for libraries that should be linked after
		19	libgcc.
		20
		21	Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
		22	Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
		23	Reviewed-by: Jerome Forissier <jerome@forissier.org>
		24	---
		25	ta/arch/arm/link.mk \| 6 +++++-
		26	1 file changed, 5 insertions(+), 1 deletion(-)
		27
		28	diff --git a/ta/arch/arm/link.mk b/ta/arch/arm/link.mk
		29	index 445c285d..3025acb1 100644
		30	--- a/ta/arch/arm/link.mk
		31	+++ b/ta/arch/arm/link.mk
		32	@@ -55,8 +55,11 @@ link-ldflags += --eh-frame-hdr
		33	link-ldadd += $(libstdc++$(sm)) $(libgcc_eh$(sm))
		34	endif
		35	link-ldadd += --end-group
		36	-ldargs-$(user-ta-uuid).elf := $(link-ldflags) $(objs) $(link-ldadd) $(libgcc$(sm))
		37
		38	+link-ldadd-after-libgcc += $(addprefix -l,$(libnames-after-libgcc))
		39	+
		40	+ldargs-$(user-ta-uuid).elf := $(link-ldflags) $(objs) $(link-ldadd) \
		41	+ $(libgcc$(sm)) $(link-ldadd-after-libgcc)
		42
		43	link-script-cppflags-$(sm) := \
		44	$(filter-out $(CPPFLAGS_REMOVE) $(cppflags-remove), \
		45	@@ -76,6 +79,7 @@ $(link-script-pp$(sm)): $(link-script$(sm)) $(conf-file) $(link-script-pp-makefi
		46	$(link-script-cppflags-$(sm)) $$< -o $$@
		47
		48	$(link-out-dir$(sm))/$(user-ta-uuid).elf: $(objs) $(libdeps) \
		49	+ $(libdeps-after-libgcc) \
		50	$(link-script-pp$(sm)) \
		51	$(dynlistdep) \
		52	$(additional-link-deps)
		53	--
		54	2.25.1
		55


diff --git a/recipes-security/optee/optee-os/0003-ta_dev_kit.mk-make-sure-that-libutils-is-linked-seco.patch b/recipes-security/optee/optee-os/0003-ta_dev_kit.mk-make-sure-that-libutils-is-linked-seco.patch new file mode 100644 index 00000000..88ba5f85 --- /dev/null +++ b/recipes-security/optee/optee-os/0003-ta_dev_kit.mk-make-sure-that-libutils-is-linked-seco.patch
@@ -0,0 +1,44 @@
		1	Upstream-Status: Backport
		2	Signed-off-by: Ross Burton <ross.burton@arm.com>
		3
		4	From f50962e3f56f0932662b2ffa10afe53339a335dd Mon Sep 17 00:00:00 2001
		5	From: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
		6	Date: Fri, 16 Oct 2020 16:36:08 +0300
		7	Subject: [PATCH 3/3] ta_dev_kit.mk: make sure that libutils is linked second
		8	time
		9
		10	libgcc depends on __getauxval symbol from libuils. As, generally libutils
		11	is linked before libgcc, we will get "unresolved symbol" error. To resolve
		12	this dependency we need to link libutils second time - after libgcc.
		13
		14	Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
		15	Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
		16	Reviewed-by: Jerome Forissier <jerome@forissier.org>
		17	---
		18	ta/mk/ta_dev_kit.mk \| 10 ++++++++++
		19	1 file changed, 10 insertions(+)
		20
		21	diff --git a/ta/mk/ta_dev_kit.mk b/ta/mk/ta_dev_kit.mk
		22	index e28be677..d0e66317 100644
		23	--- a/ta/mk/ta_dev_kit.mk
		24	+++ b/ta/mk/ta_dev_kit.mk
		25	@@ -78,6 +78,16 @@ endif
		26	libnames += dl
		27	libdeps += $(ta-dev-kit-dir$(sm))/lib/libdl.a
		28
		29	+# libutils provides __getauxval symbol which is needed by libgcc 10.x. We can't
		30	+# link libutils after libgcc, because libgcc will replace some symbols provided
		31	+# by libutils, which will cause further linking issues.
		32	+#
		33	+# But if we place libutils before libgcc, linker will not be able to resolve
		34	+# __getauxval. So we need to link with libutils twice: before and after libgcc.
		35	+# Hence it included both in $(libnames) and in $(libnames-after-libgcc)
		36	+libnames-after-libgcc += utils
		37	+libdeps-after-libgcc += $(ta-dev-kit-dir$(sm))/lib/libutils.a
		38	+
		39	# Pass config variable (CFG_) from conf.mk on the command line
		40	cppflags$(sm) += $(strip \
		41	$(foreach var, $(filter CFG_%,$(.VARIABLES)), \
		42	--
		43	2.25.1
		44


diff --git a/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch new file mode 100644 index 00000000..17005396 --- /dev/null +++ b/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch
@@ -0,0 +1,34 @@
		1	From 0bab935695ebcf0c533b49896ab18ff33d4a47d1 Mon Sep 17 00:00:00 2001
		2	From: Ross Burton <ross.burton@arm.com>
		3	Date: Tue, 26 May 2020 14:38:02 -0500
		4	Subject: [PATCH] allow setting sysroot for libgcc lookup
		5
		6	Explicitly pass the new variable LIBGCC_LOCATE_CFLAGS variable when searching
		7	for the compiler libraries as there's no easy way to reliably pass --sysroot
		8	otherwise.
		9
		10	Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188]
		11	Signed-off-by: Ross Burton <ross.burton@arm.com>
		12	---
		13	mk/gcc.mk \| 6 +++---
		14	1 file changed, 3 insertions(+), 3 deletions(-)
		15
		16	diff --git a/mk/gcc.mk b/mk/gcc.mk
		17	index adc77a24..81bfa78a 100644
		18	--- a/mk/gcc.mk
		19	+++ b/mk/gcc.mk
		20	@@ -13,11 +13,11 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \
		21	-print-file-name=include 2> /dev/null)
		22
		23	# Get location of libgcc from gcc
		24	-libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
		25	+libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
		26	-print-libgcc-file-name 2> /dev/null)
		27	-libstdc++$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
		28	+libstdc++$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
		29	-print-file-name=libstdc++.a 2> /dev/null)
		30	-libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
		31	+libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
		32	-print-file-name=libgcc_eh.a 2> /dev/null)
		33
		34	# Define these to something to discover accidental use


diff --git a/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch b/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch new file mode 100644 index 00000000..5c0d0a56 --- /dev/null +++ b/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch
@@ -0,0 +1,29 @@
		1	From 3167f2c0dba4db59d61b60a8fe66f969d20aafa9 Mon Sep 17 00:00:00 2001
		2	From: Brett Warren <brett.warren@arm.com>
		3	Date: Wed, 23 Sep 2020 09:27:34 +0100
		4	Subject: [PATCH] optee: enable clang support
		5
		6	When compiling with clang, the LIBGCC_LOCATE_CFLAG variable used
		7	to provide a sysroot wasn't included, which results in not locating
		8	compiler-rt. This is mitigated by including the variable as ammended.
		9
		10	Upstream-Status: Pending
		11	ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701
		12	Signed-off-by: Brett Warren <brett.warren@arm.com>
		13	---
		14	mk/clang.mk \| 2 +-
		15	1 file changed, 1 insertion(+), 1 deletion(-)
		16
		17	diff --git a/mk/clang.mk b/mk/clang.mk
		18	index 0f48c836..47465523 100644
		19	--- a/mk/clang.mk
		20	+++ b/mk/clang.mk
		21	@@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
		22
		23	# Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of
		24	# libgcc for clang
		25	-libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
		26	+libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
		27	-rtlib=compiler-rt -print-libgcc-file-name 2> /dev/null)
		28
		29	# Core ASLR relies on the executable being ready to run from its preferred load


diff --git a/recipes-security/optee/optee-os_%.bbappend b/recipes-security/optee/optee-os_%.bbappend index 2846d0ad..8072490f 100644 --- a/recipes-security/optee/optee-os_%.bbappend +++ b/recipes-security/optee/optee-os_%.bbappend
@@ -1,3 +1,18 @@
		1	FILESEXTRAPATHS_prepend_ti-soc := "${THISDIR}/${PN}:"
		2
		3	PV_ti-soc = "3.11.0+git${SRCPV}"
		4
		5	SRCREV_ti-soc = "c4def2a8262a03244d9a88461699b9b8e43c6b55"
		6
		7	SRC_URI_ti-soc = " \
		8	git://github.com/OP-TEE/optee_os.git \
		9	file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \
		10	file://0007-allow-setting-sysroot-for-clang.patch \
		11	file://0001-libutils-provide-empty-__getauxval-implementation.patch \
		12	file://0002-link.mk-implement-support-for-libnames-after-libgcc-.patch \
		13	file://0003-ta_dev_kit.mk-make-sure-that-libutils-is-linked-seco.patch \
		14	"
		15
1	do_compile_prepend_ti-soc() {	16	do_compile_prepend_ti-soc() {
2	export TI_SECURE_DEV_PKG=${TI_SECURE_DEV_PKG}	17	export TI_SECURE_DEV_PKG=${TI_SECURE_DEV_PKG}
3	}	18	}