From 72cd51fa11b1f5cc9f252163792cdf495a5b1090 Mon Sep 17 00:00:00 2001 From: Ryan Eatmon Date: Wed, 29 Mar 2023 15:35:01 -0500 Subject: optee-os: Only sign files for platforms that support it We are seeing some testing issues where the new code that signs all of the files at all times is causing issues. So rollback the logic and only sign for platforms that support it. Signed-off-by: Ryan Eatmon --- .../recipes-security/optee/optee-os_%.bbappend | 44 +++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend index 0c5a6b21..4f052996 100644 --- a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend +++ b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend @@ -6,6 +6,12 @@ EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') i EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1" EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1" +do_compile:append:k3() { + cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin + cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned + cp ${B}/core/tee.elf ${B}/bl32.elf +} + # Signing procedure for legacy HS devices optee_sign_legacyhs() { ( cd ${B}/core/; \ @@ -34,12 +40,48 @@ do_compile:append:dra7xx() { } # Signing procedure for K3 devices -do_compile:append:k3() { +optee_sign_k3hs() { ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned cp ${B}/core/tee.elf ${B}/bl32.elf } +do_compile:append:am65xx-hs-evm() { + optee_sign_k3hs +} + +do_compile:append:am64xx-evm() { + optee_sign_k3hs +} + +do_compile:append:am62xx-evm() { + optee_sign_k3hs +} + +do_compile:append:am62xx-lp-evm() { + optee_sign_k3hs +} + +do_compile:append:am62axx-evm() { + optee_sign_k3hs +} + +do_compile:append:j721e-hs-evm() { + optee_sign_k3hs +} + +do_compile:append:j7200-hs-evm() { + optee_sign_k3hs +} + +do_compile:append:j721s2-hs-evm() { + optee_sign_k3hs +} + +do_compile:append:j784s4-hs-evm() { + optee_sign_k3hs +} + do_install:append:ti-soc() { install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true -- cgit v1.2.3-54-g00ecf