optee-os: Upgrade to lf-6.1.22-2.0.0 (3.21)

Upgrade optee-os to be aligned with NXP BSP LF6.1.22_2.0.0.

Reapply and refresh patch files.

Drop patches that provided correct sysroot. Instead, use CFLAGS{32,64}
to pass --sysroot, this option is available since optee-os 3.16.

Relevant changes:
- 1962aec95 LFOPTEE-238 drivers: ele: use the baseline API to retrieve the UID
- 7e7b93ac1 LFOPTEE-238 drivers: ele: add msb and lsb to imx_ele_buf object
- 086b65048 LF-8999 drivers: ele: disable ASLR for imx8ulp
- fa3174b61 LF-8995 drivers: ele: keystore: change global key store id
- 1ae8545a4 LF-8995 drivers: ele: disable imx_ele_global_init() if CFG_IMX_ELE_ECC_DRV is disabled
- c15e21b07 LFOPTEE-243 Rework ELE MU mapping
- fb5eaa07f drivers: ele: retain the return value in case imx_ele_generate_key(), imx_ele_signature_generate() and imx_ele_signature_verification() returns an error
- 6e706ee51 drivers: ele: change RNG command ID
- 9492fa474 LFOPTEE-242 drivers: ele: use the new derive key API for HUK generation
- 4d4bd4340 core: ls: enable CFG_PKCS11_TA
- cf2cc646a core: imx: enable CFG_PKCS11_TA
- 4c8281883 drivers: ele: fix ELE_COMMAND_SUCCEED
- 5363154ed core: imx: move tzc380.c to plat-imx
- ccf5dc690 core: imx: allow CFG_CRYPTO_DRIVER enablement for imx93evk
- 735c01acf LFOPTEE-178 drivers: ele: Change OP-TEE MU memory mapping from Secure to Non-Secure
- 093318267 LFOPTEE-178 drivers: ele: Add support for ECC operations
- fa58e94e1 LFOPTEE-178 drivers: ele: Add Generate/Delete Key APIs
- 09badc46e LFOPTEE-178 drivers: ele: Add Key Management APIs
- 0cd738b0d LFOPTEE-178 drivers: ele: Create a global key store handle for all subsequent calls
- c93839af6 LFOPTEE-178 drivers: ele: Create a global session handle for all subsequent calls
- c1b29579d LFOPTEE-178 drivers: ele: add memory management functions
- c61f273fd LFOPTEE-178 drivers: ele: getting common macros and functions in header file
- b5f423f49 LFOPTEE-178 drivers: ele: move ELE to a dedicated directory
- afa1dd7bc drivers: caam: disable CFG_CRYPTO_SM2_* when ECC CAAM driver is enabled
- c723025d5 core: imx: fix CFG_TZDRAM_START
- 80b25f59f LF-7525 drivers: dcp: do not modify DCP node status in the DTB
- 425ed1fbb LFU-368: core: imx93: enable trusted_keys as early TA
- 1924712ff LFOPTEE-85 core: plat-ls: Enabled DTB overlay feature for LS platforms
- e98f5c77d LFOPTEE-85 drivers: caam: add DTB_JR_PATH for LS platforms
- 4a98ea70c core: imx: enable attestation PTA
- a654afb61 drivers: caam: add device tree JR path for mx8ulp
- e155b164e core: imx: enable CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID by default
- 3a3ddf85b core: imx: enable TZASC driver for all i.MX platforms
- 8a1984cb1 TEE-639 drivers: caam: skip JR init of CFG_JR_HAB_INDEX
- 992f6b93b LFOPTEE-17: core: plat-ls: add PTA for I2C RTC test
- 519bfab46 core: imx: disable CSU protection for the DCP
- 484138b3f core: ls: enabled CFG_ENABLE_EMBEDDED_TESTS by default
- 299d2d7ad core: imx: enabled CFG_ENABLE_EMBEDDED_TESTS by default
- e79c46c9d core: ls: enable CAAM driver by default.
- 18cca2b72 core: ls: disable CAAM for ls1088 and ls2088
- 9315f5d1e LFOPTEE-9 plat-ls: Increase heap size
- dc2ddcf86 TEE-598 core: imx: increase heap size to 128k
- 0cd1cf295 TEE-526 drivers: caam: add SDP Memory cacheability verification
- 54edf5b70 TEE-526 core: arm: retrieve SDP Memory cacheability
- d5d6e8c85 core: imx: enable CAAM driver by default
- b1b2f83cc core: imx: add resume capability to CSU driver
- 6130b501e core: imx: allow NS world to change SMP bit
- 40006fb93 core: imx: remove SC_IPC_BASE_SECURE definition
- cb115caf6 LFOPTEE-37: core_mmu_lpae: clear L2 tables and indexes
- 546ed42ac LFOPTEE-37: imx8qm: bget_malloc: reset malloc_poolset at runtime
- e8e4b9761 LFOPTEE-37: imx8qm: gic: avoid GICD re-configuration
- 5eebee811 LFOPTEE-37: plat-imx: add platforms mx8qm mek cockpit a53 and a72
- ad9310fbb pta: imx: add DEK blob encapsulation
- 9fe4ecdba drivers: caam: add secure memory and blob drivers
- 4d6df4796 core: imx: add SECMEM definitions for imx8m platforms
- c3b7c47f3 TEE-482 Add .clang-format
- c48eeb2c6 MLK-22073 core: generic_entry_a32: change L1 invalidation at secondary boot
- aa26586bf scripts: add build script for imx and ls
- f5e685f71 drivers: imx_snvs: unlock SNVS access for non-secure
- d328f3a08 drivers: caam: skip the JR device tree disablement for imx8 platforms
- 85feed23e core: imx: enable DT overlay for imx8 platforms
- ebfaab628 drivers: caam: disable job ring via DT overlay
- f4f575781 core: add device tree overlay subnode disable
- a3e52ba26 drivers: caam: rework the CAAM crypto makefile
- 3cb66cb83 core: ls: remove CFG_WITH_SOFTWARE_PRNG default definition for LS platforms
- 55af337cd core: imx: remove CFG_WITH_SOFTWARE_PRNG default definition for i.MX platforms
- f06709794 core: move CFG_WITH_SOFTWARE_PRNG default definition
- 54493021c drivers: caam: remove CFG_NXP_CAAM_ACIPHER compilation flag
- 5dec4ebbf core: crypto: give the platform configuration a higher priority
- 294f91f32 drivers: imx_scu: add resume capabilities
- 851e73b1d core: imx: add plat_cpu_wakeup_late() on arm32
- 93e8838ca TEE-272 Cortex-A9 add PL310 Linux/Optee Mutex
- 711fea086 drivers: imx_scu: move i.MX SCU driver
- b0ef56504 drivers: imx_csu: move i.MX CSU driver
- 0fc481338 drivers: imx_caam: move i.MX CAAM driver
- 3cabf823d core: imx: enable busfreq on imx6 and imx7 platforms
- 11d7fc300 core: pm: imx: export busfreq_change() function
- be238d4ac core: imx: enable the compilation of sm_platform_handler.c for busfreq
- c390bfbb5 core: imx: add busfreq SIP calls
- 9df964338 pm: imx: add power management drivers
- 70af7a82a pm: imx: add suspend source files
- 2a1a3cee8 pm: imx: add cpuidle source files
- c292e6239 pm: imx: add busfreq source files
- fc00b1f35 core: imx: enable CFG_PM_ARM32 and CFG_IMX_PM for power management
- fc0a35a03 core: imx: remove SRC and GPC functions from imx.h
- f0f51a260 core: imx: add imx7ulp registers
- a1cbd6256 core: imx: add imx7 DDRC and IOMUX registers
- ac51cdba4 core: imx: add imx6 MMDC and IOMUX registers
- d7844a1ad core: imx: add pl310_enabled()
- 3dcdade81 core: imx: remove imx_sip.h
- 1e79f969e core: imx: remove power management code for imx7 platforms
- c7b15f67e allow setting sysroot for libgcc lookup
- e8abbcfbd Update CHANGELOG for 3.21.0
- 50666c141 plat-zynqmp: fixes interrupt controller
- b031393cd core: tee_ta_instance_stats(): correct the allocation size of dump_ctx
- 32b94ed4b drivers: caam: fix MP abstraction layer functions
- 4a0740da2 drivers: caam: math: add CFG_NXP_CAAM_MATH_DRV compilation flag
- 44220a36a libtomcrypt: fix pkcs_1_v1_5_decode() when empty message
- 3fb72c226 drivers: crypto: add support for SM2_DSA_SM3
- 163a7c9e8 core: imx: remove duplicate driver_init() call
- 31b31015b build: ta: add RISC-V linker script
- de4176748 core: mm: Fix idx truncation bug
- 9eabc2b44 core: fix loading of encrypted TA
- 9901df47d core: dump_ta_memstats(): check TA initialization completion before accessing it
- 66370233e ci: se05x crypto driver: update plug-and-trust
- fb559031c drivers: se050: allow configuring the Secure Element applet
- 7723564b9 dts: stm32: add OTP index for HUK on stm32mp15 platform
- b0946e1d9 drivers: stm32mp15_huk: use DT HUK NVMEM layout API
- db8ca286e se050: ecc: SE050-F shared secret
- b300b5a37 ci: compile-test as many PTAs as possible on QEMU/QEMUv8
- eb238769a pta: attestation: fix compilation incompatible pointer warning
- 552d5e40d core: ffa: Allow multiple SPs with same UUID
- f60c6b9c1 drivers: imx_ele: add ELE driver
- 8cd1171e9 drivers: imx_mu: add MU base address and size for imx93
- 4f89aed3d drivers: imx_mu: add MU base address and size for imx8ulp
- 753e6fe4f drivers: imx_mu: increase maximum MU message size
- 088116c9c drivers: imx_mu: add support for imx93
- abbe1d51f core: spmc: move FIP SP deinit call
- 6d7c8c3d8 core: spmc: fix FIP SP loading
- 1478437e6 core: ltc: use SHA-3 crypto accelerated function
- c60ed582e core: arm64: SHAKE128 using ARMv8.2-A cryptographic extensions
- bfedef0ce core: arm64: SHA-3 using ARMv8.2-A cryptographic extensions
- 2be3770e8 core: arm64: SM4 CE optimization for ARMv8.2
- 8b5fb12e2 core: arm64: SM4-AESE optimization for ARMv8
- 2fb9e950b Revert "ci: disable QEMUv8_check_rust job"
- 557fea2de Remove checked in .checkpatch-camelcase.git.
- fdc4a8bef ldelf: syscall: support RISC-V ldelf sycall
- 28849defb libutee: increase MPI_MEMPOOL_SIZE to 14Kb
- 6e99433ed core: remove keep pager directive on core_init_mmu_regs()
- dd884cc27 plat-stm32mp1: conf: support 32bit MMU
- 1a3d47c53 clk: stm32mp15: embed clock names only in debug mode
- 41d9f6c2b libutee: add TEE_ALG_ECDSA_SHA* to TEE_ALG_GET_DIGEST_SIZE()
- 7bd215a7b core: mbedtls: ecc_get_keysize(): do not check algorithm against curve
- 9cf576a9f drivers: crypto: versal: do not use deprecated algorithm macros
- 53af8d704 drivers: crypto: se050: do not use deprecated algorithm macros
- fa40bed51 core: fix out-of-bounds access of dump_ctx
- 442c670a2 drivers: atmel_tcb: Use matrix_dt_get_id() to correctly retrieve the id
- 9a28dbc4f plat-sam: matrix: add matrix_dt_get_id() to parse matrix id from dt
- 0db298206 core: pta: imx: add manufacturing protection
- d538d2936 drivers: caam: add manufacturing protection feature
- f5c3d85a5 core: crypto: add support MD5 hashes in RSA sign/verify/cipher
- 2c9522664 core: drivers: zynqmp_csu_puf.c: increase regen time to 6ms
- 3d70a9743 core: crypto: change supported HMAC key size ranges
- 200eb7bd8 plat-totalcompute: remap console logs
- f4f85ac77 drivers: crypto: add SM2 ECC encrypt and decrypt
- 769cbbd70 drivers: crypto: add SM2 curve in crypto API
- 9655e48e7 ci: qemuv8: build with maximum log level
- 9894fdb48 ta: pkcs11: fix trace compilation warning
- a3cfa14ac drivers: caam: enable the CAAM clock when submitting a new job
- 316fd6e9c drivers: caam: add missing header file
- cd857358b core: imx: use register_ddr() to register dynamic shared memory
- 9740df775 drivers: clk: sam: remove hard coded USB clock setup
- 5ff81ad89 dts: sama5d2: add assigned-clocks properties for usb
- 90dee57ac drivers: clk: sam: export audiopll_fracck and usbck
- c0e9e857f drivers: clk: sam: add a macro for count of main clocks
- 8ac3cb374 core: drivers: crypto: caam: Check PKCS_V1_5 decryption buffer size
- 97eb91680 drivers: imx: tzc380: re-configure TZ380 upon PM resume
- 83857db53 drivers: imx: tzc380: do not dump TZASC state before lockdown
- 92f496916 drivers: imx: tzc380: add support for 8mscale platforms
- 809fa817a core: ffa: add TOS_FW_CONFIG handling

Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>

1 files changed, 67 insertions, 0 deletions

diff --git a/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch b/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch
new file mode 100644
index 00000000..f72d80dc
--- /dev/null
+++ b/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch
@@ -0,0 +1,67 @@
+From b53f5542102b8088448134202c30ca563f5b3c04 Mon Sep 17 00:00:00 2001
+From: Jerome Forissier <jerome.forissier@linaro.org>
+Date: Fri, 5 Aug 2022 09:48:03 +0200
+Subject: [PATCH 4/4] core: link: add --no-warn-rwx-segments
+
+Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
+Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474]
+
+binutils ld.bfd generates one RWX LOAD segment by merging several sections
+with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it
+also warns by default when that happens [1], which breaks the build due to
+--fatal-warnings. The RWX segment is not a problem for the TEE core, since
+that information is not used to set memory permissions. Therefore, silence
+the warning.
+
+Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
+Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448
+Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
+Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
+Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
+---
+
+ core/arch/arm/kernel/link.mk | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
+index e8a518254..60e08966f 100644
+--- a/core/arch/arm/kernel/link.mk
++++ b/core/arch/arm/kernel/link.mk
+@@ -37,6 +37,7 @@ link-ldflags += --sort-section=alignment
+ link-ldflags += --fatal-warnings
+ link-ldflags += --gc-sections
+ link-ldflags += $(link-ldflags-common)
++link-ldflags += $(call ld-option,--no-warn-rwx-segments)
+ 
+ link-ldadd  = $(LDADD)
+ link-ldadd += $(ldflags-external)
+@@ -61,6 +62,7 @@ link-script-cppflags := \
+                $(cppflagscore))
+ 
+ ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \
++                  $(call ld-option,--no-warn-rwx-segments) \
+                   $(link-ldflags-common) \
+                   $(link-objs) $(link-ldadd) $(libgcccore)
+ cleanfiles += $(link-out-dir)/all_objs.o
+@@ -75,7 +77,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o
+                $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@
+ 
+ unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
+-                $(link-ldflags-common)
++                $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments)
+ unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore)
+ cleanfiles += $(link-out-dir)/unpaged.o
+ $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt
+@@ -104,7 +106,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o
+                $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@
+ 
+ init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
+-              $(link-ldflags-common)
++              $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments)
+ init-ldadd := $(link-objs-init) $(link-out-dir)/version.o  $(link-ldadd) \
+              $(libgcccore)
+ cleanfiles += $(link-out-dir)/init.o
+-- 
+2.40.1
+