summaryrefslogtreecommitdiffstats
path: root/recipes-security
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-security')
-rw-r--r--recipes-security/optee-imx/optee-client-fslc-imx.inc25
-rw-r--r--recipes-security/optee-imx/optee-client-fslc.inc43
-rw-r--r--recipes-security/optee-imx/optee-client/0001-tee-supplicant-Fix-non-arch-service-unit-install-pat.patch35
-rw-r--r--recipes-security/optee-imx/optee-client/optee-udev.rules6
-rw-r--r--recipes-security/optee-imx/optee-client_4.4.0.imx.bb4
-rw-r--r--recipes-security/optee-imx/optee-client_4.6.0.imx.bb4
-rw-r--r--recipes-security/optee-imx/optee-fslc.inc4
-rw-r--r--recipes-security/optee-imx/optee-os-common-fslc-imx.inc4
-rw-r--r--recipes-security/optee-imx/optee-os-fslc-imx.inc2
-rw-r--r--recipes-security/optee-imx/optee-os-fslc.inc10
-rw-r--r--recipes-security/optee-imx/optee-os-tadevkit-fslc-imx.inc5
-rw-r--r--recipes-security/optee-imx/optee-os-tadevkit_4.4.0.imx.bb4
-rw-r--r--recipes-security/optee-imx/optee-os-tadevkit_4.6.0.imx.bb4
-rw-r--r--recipes-security/optee-imx/optee-os_4.4.0.imx.bb6
-rw-r--r--recipes-security/optee-imx/optee-os_4.6.0.imx.bb6
-rw-r--r--recipes-security/optee-imx/optee-test-fslc-imx.inc4
-rw-r--r--recipes-security/optee-imx/optee-test-fslc.inc4
-rw-r--r--recipes-security/optee-imx/optee-test_4.6.0.imx.bb (renamed from recipes-security/optee-imx/optee-test_4.4.0.imx.bb)4
-rw-r--r--recipes-security/optee-qoriq/optee-client-qoriq_3.13.0.bb5
-rw-r--r--recipes-security/optee-qoriq/optee-client-qoriq_4.6.0.bb4
-rw-r--r--recipes-security/optee-qoriq/optee-client.nxp.inc59
-rw-r--r--recipes-security/optee-qoriq/optee-client/tee-supplicant.service11
-rw-r--r--recipes-security/optee-qoriq/optee-os-qoriq-tadevkit_4.6.0.bb24
-rw-r--r--recipes-security/optee-qoriq/optee-os-qoriq_3.13.0.bb28
-rw-r--r--recipes-security/optee-qoriq/optee-os-qoriq_4.6.0.bb21
-rw-r--r--recipes-security/optee-qoriq/optee-os.nxp.inc87
-rw-r--r--recipes-security/optee-qoriq/optee-test-qoriq_3.13.0.bb13
-rw-r--r--recipes-security/optee-qoriq/optee-test-qoriq_4.6.0.bb10
-rw-r--r--recipes-security/optee-qoriq/optee-test.nxp.inc66
-rw-r--r--recipes-security/smw/keyctl-caam_git.bb4
-rw-r--r--recipes-security/smw/smw_git.bb2
31 files changed, 209 insertions, 299 deletions
diff --git a/recipes-security/optee-imx/optee-client-fslc-imx.inc b/recipes-security/optee-imx/optee-client-fslc-imx.inc
index 7aeff9fd5..1112a864d 100644
--- a/recipes-security/optee-imx/optee-client-fslc-imx.inc
+++ b/recipes-security/optee-imx/optee-client-fslc-imx.inc
@@ -1,5 +1,5 @@
1# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-client-imx.inc. 1# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-client-imx.inc.
2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L37 2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-walnascar/imx-6.12.20-2.0.0.xml#L37
3 3
4require optee-client-fslc.inc 4require optee-client-fslc.inc
5 5
@@ -10,27 +10,8 @@ SRC_URI:remove = "git://github.com/OP-TEE/optee_client.git;branch=master;protoco
10SRC_URI:prepend = "${OPTEE_CLIENT_SRC};branch=${SRCBRANCH} " 10SRC_URI:prepend = "${OPTEE_CLIENT_SRC};branch=${SRCBRANCH} "
11OPTEE_CLIENT_SRC ?= "git://github.com/nxp-imx/imx-optee-client.git;protocol=https" 11OPTEE_CLIENT_SRC ?= "git://github.com/nxp-imx/imx-optee-client.git;protocol=https"
12 12
13SRC_URI += "file://0001-tee-supplicant-Fix-non-arch-service-unit-install-pat.patch"
14
13inherit pkgconfig 15inherit pkgconfig
14 16
15EXTRA_OECMAKE += "-DCFG_TEE_CLIENT_LOAD_PATH=${nonarch_base_libdir}" 17EXTRA_OECMAKE += "-DCFG_TEE_CLIENT_LOAD_PATH=${nonarch_base_libdir}"
16
17# Copy the udev rule from the libts recipe for starting tee-supplicant@.service
18SRC_URI += "file://tee-udev.rules"
19# Unix group name for dev/tee* ownership.
20TEE_GROUP_NAME ?= "teeclnt"
21do_install:append () {
22 if ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', 'false', 'true', d)}; then
23 install -d ${D}${nonarch_base_libdir}/udev/rules.d/
24 install -m 755 ${UNPACKDIR}/tee-udev.rules ${D}${nonarch_base_libdir}/udev/rules.d/
25 sed -i -e "s/teeclnt/${TEE_GROUP_NAME}/" ${D}${nonarch_base_libdir}/udev/rules.d/tee-udev.rules
26 fi
27
28 if [ "${libdir}" != "${nonarch_base_libdir}" ]; then
29 rm -rf ${D}${libdir}/systemd
30 fi
31}
32inherit ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', '', 'useradd', d)}
33USERADD_PACKAGES = "${PN}"
34GROUPADD_PARAM:${PN} = "--system ${TEE_GROUP_NAME}"
35
36FILES:${PN} += "${libdir}/* ${includedir}/*"
diff --git a/recipes-security/optee-imx/optee-client-fslc.inc b/recipes-security/optee-imx/optee-client-fslc.inc
index 455bdd780..70a25fe6c 100644
--- a/recipes-security/optee-imx/optee-client-fslc.inc
+++ b/recipes-security/optee-imx/optee-client-fslc.inc
@@ -1,5 +1,5 @@
1# Copied from meta-arm/recipes-security/optee/optee-client.inc. 1# Copied from meta-arm/recipes-security/optee/optee-client.inc.
2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L30 2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-walnascar/imx-6.12.20-2.0.0.xml#L30
3 3
4SUMMARY = "OP-TEE Client API" 4SUMMARY = "OP-TEE Client API"
5DESCRIPTION = "Open Portable Trusted Execution Environment - Normal World Client side of the TEE" 5DESCRIPTION = "Open Portable Trusted Execution Environment - Normal World Client side of the TEE"
@@ -8,32 +8,39 @@ HOMEPAGE = "https://www.op-tee.org/"
8LICENSE = "BSD-2-Clause" 8LICENSE = "BSD-2-Clause"
9LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" 9LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b"
10 10
11inherit systemd update-rc.d cmake 11inherit systemd update-rc.d cmake useradd
12 12
13SRC_URI = " \ 13SRC_URI = " \
14 git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https \ 14 git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https \
15 file://tee-supplicant@.service \
16 file://tee-supplicant.sh \ 15 file://tee-supplicant.sh \
17" 16"
18 17
19UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$" 18UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$"
20 19
21S = "${WORKDIR}/git"
22
23EXTRA_OECMAKE = " \ 20EXTRA_OECMAKE = " \
24 -DBUILD_SHARED_LIBS=ON \ 21 -DBUILD_SHARED_LIBS=ON \
25 -DCFG_TEE_FS_PARENT_PATH='${localstatedir}/lib/tee' \ 22 -DCFG_USE_PKGCONFIG=ON \
26" 23"
24
25# libts uses /dev/tee devices too. Add a common variable to allow configuring the same group.
26TEE_GROUP_NAME ?= "tee"
27
28EXTRA_OECMAKE += " -DCFG_ENABLE_SYSTEMD=On -DSYSTEMD_UNIT_DIR=${systemd_system_unitdir}/"
29EXTRA_OECMAKE += " -DCFG_ENABLE_UDEV=On -DUDEV_UDEV_DIR=${nonarch_base_libdir}/udev/rules.d/"
30EXTRA_OECMAKE += " -DCFG_TEE_GROUP=${TEE_GROUP_NAME} -DCFG_TEEPRIV_GROUP=teepriv"
31
27EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0" 32EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0"
28 33
29do_install:append() { 34do_install:append() {
30 install -D -p -m0644 ${UNPACKDIR}/tee-supplicant@.service ${D}${systemd_system_unitdir}/tee-supplicant@.service 35 if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
31 install -D -p -m0755 ${UNPACKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant 36 install -D -p -m0755 ${UNPACKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant
32 37 sed -i -e s:@sysconfdir@:${sysconfdir}:g \
33 sed -i -e s:@sysconfdir@:${sysconfdir}:g \ 38 -e s:@sbindir@:${sbindir}:g \
34 -e s:@sbindir@:${sbindir}:g \ 39 -e s:@supluser@:teesuppl:g \
35 ${D}${systemd_system_unitdir}/tee-supplicant@.service \ 40 -e s:@suplgroup@:teesuppl:g \
36 ${D}${sysconfdir}/init.d/tee-supplicant 41 ${D}${sysconfdir}/init.d/tee-supplicant
42 fi
43 install -o teesuppl -g teesuppl -m 0700 -d ${D}${localstatedir}/lib/tee
37} 44}
38 45
39SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service" 46SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service"
@@ -41,3 +48,13 @@ SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service"
41INITSCRIPT_PACKAGES = "${PN}" 48INITSCRIPT_PACKAGES = "${PN}"
42INITSCRIPT_NAME:${PN} = "tee-supplicant" 49INITSCRIPT_NAME:${PN} = "tee-supplicant"
43INITSCRIPT_PARAMS:${PN} = "start 10 1 2 3 4 5 . stop 90 0 6 ." 50INITSCRIPT_PARAMS:${PN} = "start 10 1 2 3 4 5 . stop 90 0 6 ."
51
52FILES:${PN} += "${nonarch_base_libdir}/udev/rules.d/"
53
54# Users and groups:
55# TEE_GROUP_NAME group to access /dev/tee*
56# teepriv group to acess /dev/teepriv*, only tee-supplicant
57# teesuppl user and group teesuppl to run tee-supplicant
58USERADD_PACKAGES = "${PN}"
59GROUPADD_PARAM:${PN} = "--system ${TEE_GROUP_NAME}; --system teepriv; --system teesuppl"
60USERADD_PARAM:${PN} = "--system -g teesuppl --groups teepriv --home-dir ${localstatedir}/lib/tee -M --shell /sbin/nologin teesuppl;"
diff --git a/recipes-security/optee-imx/optee-client/0001-tee-supplicant-Fix-non-arch-service-unit-install-pat.patch b/recipes-security/optee-imx/optee-client/0001-tee-supplicant-Fix-non-arch-service-unit-install-pat.patch
new file mode 100644
index 000000000..631e08019
--- /dev/null
+++ b/recipes-security/optee-imx/optee-client/0001-tee-supplicant-Fix-non-arch-service-unit-install-pat.patch
@@ -0,0 +1,35 @@
1From 5ffab66dda3e25f0b2ebc5115013c4234d048703 Mon Sep 17 00:00:00 2001
2From: Tom Hochstein <tom.hochstein@nxp.com>
3Date: Mon, 21 Apr 2025 08:47:29 -0500
4Subject: [PATCH] tee-supplicant: Fix non-arch service unit install path
5
6A 64-bit build with multilib enabled fails:
7```
8ERROR: optee-client-4.4.0-r0 do_package: Didn't find service unit 'tee-supplicant@.service', specified in SYSTEMD_SERVICE:optee-client. Also looked for service unit 'tee-supplicant@.service'.
9```
10
11The problem is the service unit is installed in the arch-specific folder
12/usr/lib64/systemd/system, but it is non-arch and should be in
13/usr/lib/systemd/system.
14
15Upstream-Status: Pending
16Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
17---
18 tee-supplicant/CMakeLists.txt | 2 +-
19 1 file changed, 1 insertion(+), 1 deletion(-)
20
21diff --git a/tee-supplicant/CMakeLists.txt b/tee-supplicant/CMakeLists.txt
22index 8df9bef..3ea058c 100644
23--- a/tee-supplicant/CMakeLists.txt
24+++ b/tee-supplicant/CMakeLists.txt
25@@ -119,6 +119,6 @@ endif()
26 ################################################################################
27 install(TARGETS ${PROJECT_NAME} RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR})
28 configure_file(tee-supplicant@.service.in tee-supplicant@.service @ONLY)
29-install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/tee-supplicant@.service DESTINATION ${CMAKE_INSTALL_LIBDIR}/systemd/system)
30+install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/tee-supplicant@.service DESTINATION lib/systemd/system)
31 configure_file(optee-udev.rules.in optee-udev.rules @ONLY)
32 install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/optee-udev.rules DESTINATION ${CMAKE_INSTALL_SYSCONFDIR}/udev/rules.d)
33--
342.34.1
35
diff --git a/recipes-security/optee-imx/optee-client/optee-udev.rules b/recipes-security/optee-imx/optee-client/optee-udev.rules
new file mode 100644
index 000000000..075f469c0
--- /dev/null
+++ b/recipes-security/optee-imx/optee-client/optee-udev.rules
@@ -0,0 +1,6 @@
1KERNEL=="tee[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", TAG+="systemd"
2
3# If a /dev/teepriv[0-9]* device is detected, start an instance of
4# tee-supplicant.service with the device name as parameter
5KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", \
6 TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service"
diff --git a/recipes-security/optee-imx/optee-client_4.4.0.imx.bb b/recipes-security/optee-imx/optee-client_4.4.0.imx.bb
deleted file mode 100644
index 322f998fc..000000000
--- a/recipes-security/optee-imx/optee-client_4.4.0.imx.bb
+++ /dev/null
@@ -1,4 +0,0 @@
1require optee-client-fslc-imx.inc
2
3SRCBRANCH = "lf-6.6.52_2.2.0"
4SRCREV = "d221676a58b305bddbf97db00395205b3038de8e"
diff --git a/recipes-security/optee-imx/optee-client_4.6.0.imx.bb b/recipes-security/optee-imx/optee-client_4.6.0.imx.bb
new file mode 100644
index 000000000..b5a185da1
--- /dev/null
+++ b/recipes-security/optee-imx/optee-client_4.6.0.imx.bb
@@ -0,0 +1,4 @@
1require optee-client-fslc-imx.inc
2
3SRCBRANCH = "lf-6.12.20_2.0.0"
4SRCREV = "02e7f9213b0d7db9c35ebf1e41e733fc9c5a3f75"
diff --git a/recipes-security/optee-imx/optee-fslc.inc b/recipes-security/optee-imx/optee-fslc.inc
index c89746dc4..599dda522 100644
--- a/recipes-security/optee-imx/optee-fslc.inc
+++ b/recipes-security/optee-imx/optee-fslc.inc
@@ -1,14 +1,16 @@
1# Copied from meta-arm/recipes-security/optee/optee.inc. 1# Copied from meta-arm/recipes-security/optee/optee.inc.
2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L30 2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-walnascar/imx-6.12.20-2.0.0.xml#L30
3 3
4UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$" 4UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$"
5 5
6COMPATIBLE_MACHINE ?= "invalid" 6COMPATIBLE_MACHINE ?= "invalid"
7COMPATIBLE_MACHINE:genericarm64 ?= "genericarm64"
7COMPATIBLE_MACHINE:qemuarm64 ?= "qemuarm64" 8COMPATIBLE_MACHINE:qemuarm64 ?= "qemuarm64"
8COMPATIBLE_MACHINE:qemuarm ?= "qemuarm" 9COMPATIBLE_MACHINE:qemuarm ?= "qemuarm"
9# Please add supported machines below or set it in .bbappend or .conf 10# Please add supported machines below or set it in .bbappend or .conf
10 11
11OPTEEMACHINE ?= "${MACHINE}" 12OPTEEMACHINE ?= "${MACHINE}"
13OPTEEMACHINE:genericarm64 ?= "vexpress-qemu_armv8a"
12OPTEEMACHINE:aarch64:qemuall ?= "vexpress-qemu_armv8a" 14OPTEEMACHINE:aarch64:qemuall ?= "vexpress-qemu_armv8a"
13OPTEEMACHINE:arm:qemuall ?= "vexpress-qemu_virt" 15OPTEEMACHINE:arm:qemuall ?= "vexpress-qemu_virt"
14 16
diff --git a/recipes-security/optee-imx/optee-os-common-fslc-imx.inc b/recipes-security/optee-imx/optee-os-common-fslc-imx.inc
index 941182fe9..ffd217099 100644
--- a/recipes-security/optee-imx/optee-os-common-fslc-imx.inc
+++ b/recipes-security/optee-imx/optee-os-common-fslc-imx.inc
@@ -1,6 +1,5 @@
1# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-os-common-imx.inc. 1# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-os-common-imx.inc.
2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L37 2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-walnascar/imx-6.12.20-2.0.0.xml#L37
3
4require optee-os-fslc.inc 3require optee-os-fslc.inc
5 4
6DEPENDS:append:arm = "u-boot-mkimage-native" 5DEPENDS:append:arm = "u-boot-mkimage-native"
@@ -38,6 +37,7 @@ OPTEEMACHINE:mx8mnul-nxp-bsp = "imx-mx8mnevk"
38OPTEEMACHINE:mx8ulp-nxp-bsp = "imx-mx8ulpevk" 37OPTEEMACHINE:mx8ulp-nxp-bsp = "imx-mx8ulpevk"
39OPTEEMACHINE:mx91-nxp-bsp = "imx-mx91evk" 38OPTEEMACHINE:mx91-nxp-bsp = "imx-mx91evk"
40OPTEEMACHINE:mx93-nxp-bsp = "imx-mx93evk" 39OPTEEMACHINE:mx93-nxp-bsp = "imx-mx93evk"
40OPTEEMACHINE:mx943-nxp-bsp = "imx-mx943evk"
41OPTEEMACHINE:mx95-nxp-bsp = "imx-mx95evk" 41OPTEEMACHINE:mx95-nxp-bsp = "imx-mx95evk"
42 42
43# Strip the leading imx- 43# Strip the leading imx-
diff --git a/recipes-security/optee-imx/optee-os-fslc-imx.inc b/recipes-security/optee-imx/optee-os-fslc-imx.inc
index 5fe6a75a5..f46f666ee 100644
--- a/recipes-security/optee-imx/optee-os-fslc-imx.inc
+++ b/recipes-security/optee-imx/optee-os-fslc-imx.inc
@@ -1,5 +1,5 @@
1# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-os-imx.inc. 1# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-os-imx.inc.
2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L37 2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-walnascar/imx-6.12.20-2.0.0.xml#L37
3 3
4require optee-os-common-fslc-imx.inc 4require optee-os-common-fslc-imx.inc
5 5
diff --git a/recipes-security/optee-imx/optee-os-fslc.inc b/recipes-security/optee-imx/optee-os-fslc.inc
index c1f1f48f5..4df1617d1 100644
--- a/recipes-security/optee-imx/optee-os-fslc.inc
+++ b/recipes-security/optee-imx/optee-os-fslc.inc
@@ -1,5 +1,5 @@
1# Copied from meta-arm/recipes-security/optee/optee-os.inc. 1# Copied from meta-arm/recipes-security/optee/optee-os.inc.
2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L30 2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-walnascar/imx-6.12.20-2.0.0.xml#L30
3 3
4SUMMARY = "OP-TEE Trusted OS" 4SUMMARY = "OP-TEE Trusted OS"
5DESCRIPTION = "Open Portable Trusted Execution Environment - Trusted side of the TEE" 5DESCRIPTION = "Open Portable Trusted Execution Environment - Trusted side of the TEE"
@@ -19,7 +19,6 @@ DEPENDS:append:toolchain-clang = " compiler-rt"
19 19
20SRC_URI = "git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https" 20SRC_URI = "git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https"
21 21
22S = "${WORKDIR}/git"
23B = "${WORKDIR}/build" 22B = "${WORKDIR}/build"
24 23
25EXTRA_OEMAKE += " \ 24EXTRA_OEMAKE += " \
@@ -27,7 +26,7 @@ EXTRA_OEMAKE += " \
27 CFG_${OPTEE_CORE}_core=y \ 26 CFG_${OPTEE_CORE}_core=y \
28 CROSS_COMPILE_core=${HOST_PREFIX} \ 27 CROSS_COMPILE_core=${HOST_PREFIX} \
29 CROSS_COMPILE_ta_${OPTEE_ARCH}=${HOST_PREFIX} \ 28 CROSS_COMPILE_ta_${OPTEE_ARCH}=${HOST_PREFIX} \
30 NOWERROR=1 \ 29 AFLAGS="${CFLAGS}" \
31 ta-targets=ta_${OPTEE_ARCH} \ 30 ta-targets=ta_${OPTEE_ARCH} \
32 O=${B} \ 31 O=${B} \
33" 32"
@@ -40,7 +39,7 @@ AS[unexport] = "1"
40LD[unexport] = "1" 39LD[unexport] = "1"
41 40
42do_compile:prepend() { 41do_compile:prepend() {
43 PLAT_LIBGCC_PATH=$(${CC} -print-libgcc-file-name) 42 PLAT_LIBGCC_PATH=$(${CC} -print-libgcc-file-name)
44} 43}
45 44
46do_compile() { 45do_compile() {
@@ -79,8 +78,5 @@ FILES:${PN}-ta = "${nonarch_base_libdir}/optee_armtz/*"
79 78
80# note: "textrel" is not triggered on all archs 79# note: "textrel" is not triggered on all archs
81INSANE_SKIP:${PN} = "textrel" 80INSANE_SKIP:${PN} = "textrel"
82# Build paths are currently embedded
83INSANE_SKIP:${PN} += "buildpaths"
84INSANE_SKIP:${PN}-dev = "staticdev" 81INSANE_SKIP:${PN}-dev = "staticdev"
85INHIBIT_PACKAGE_STRIP = "1" 82INHIBIT_PACKAGE_STRIP = "1"
86
diff --git a/recipes-security/optee-imx/optee-os-tadevkit-fslc-imx.inc b/recipes-security/optee-imx/optee-os-tadevkit-fslc-imx.inc
index 18cf9a374..0b02c6908 100644
--- a/recipes-security/optee-imx/optee-os-tadevkit-fslc-imx.inc
+++ b/recipes-security/optee-imx/optee-os-tadevkit-fslc-imx.inc
@@ -1,5 +1,5 @@
1# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-os-tadevkit-imx.inc. 1# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-os-tadevkit-imx.inc.
2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L37 2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-walnascar/imx-6.12.20-2.0.0.xml#L37
3 3
4require optee-os-common-fslc-imx.inc 4require optee-os-common-fslc-imx.inc
5 5
@@ -22,6 +22,3 @@ do_deploy() {
22} 22}
23 23
24FILES:${PN} = "${includedir}/optee/" 24FILES:${PN} = "${includedir}/optee/"
25
26# Build paths are currently embedded
27INSANE_SKIP:${PN}-dev += "buildpaths"
diff --git a/recipes-security/optee-imx/optee-os-tadevkit_4.4.0.imx.bb b/recipes-security/optee-imx/optee-os-tadevkit_4.4.0.imx.bb
deleted file mode 100644
index bb2e2cf6b..000000000
--- a/recipes-security/optee-imx/optee-os-tadevkit_4.4.0.imx.bb
+++ /dev/null
@@ -1,4 +0,0 @@
1require optee-os-tadevkit-fslc-imx.inc
2
3SRCBRANCH = "lf-6.6.52_2.2.0"
4SRCREV = "60beb308810f9561a67fdb435388a64c85eb6dcb"
diff --git a/recipes-security/optee-imx/optee-os-tadevkit_4.6.0.imx.bb b/recipes-security/optee-imx/optee-os-tadevkit_4.6.0.imx.bb
new file mode 100644
index 000000000..92bdf00e7
--- /dev/null
+++ b/recipes-security/optee-imx/optee-os-tadevkit_4.6.0.imx.bb
@@ -0,0 +1,4 @@
1require optee-os-tadevkit-fslc-imx.inc
2
3SRCBRANCH = "lf-6.12.20_2.0.0"
4SRCREV = "87964807d80baf1dcfd89cafc66de34a1cf16bf3"
diff --git a/recipes-security/optee-imx/optee-os_4.4.0.imx.bb b/recipes-security/optee-imx/optee-os_4.4.0.imx.bb
deleted file mode 100644
index dc6d3901d..000000000
--- a/recipes-security/optee-imx/optee-os_4.4.0.imx.bb
+++ /dev/null
@@ -1,6 +0,0 @@
1# Copyright 2017-2024 NXP
2
3require optee-os-fslc-imx.inc
4
5SRCBRANCH = "lf-6.6.52_2.2.0"
6SRCREV = "60beb308810f9561a67fdb435388a64c85eb6dcb"
diff --git a/recipes-security/optee-imx/optee-os_4.6.0.imx.bb b/recipes-security/optee-imx/optee-os_4.6.0.imx.bb
new file mode 100644
index 000000000..ed2557bcb
--- /dev/null
+++ b/recipes-security/optee-imx/optee-os_4.6.0.imx.bb
@@ -0,0 +1,6 @@
1# Copyright 2017-2024 NXP
2
3require optee-os-fslc-imx.inc
4
5SRCBRANCH = "lf-6.12.20_2.0.0"
6SRCREV = "87964807d80baf1dcfd89cafc66de34a1cf16bf3"
diff --git a/recipes-security/optee-imx/optee-test-fslc-imx.inc b/recipes-security/optee-imx/optee-test-fslc-imx.inc
index ab16fd221..b4bb6031b 100644
--- a/recipes-security/optee-imx/optee-test-fslc-imx.inc
+++ b/recipes-security/optee-imx/optee-test-fslc-imx.inc
@@ -1,6 +1,5 @@
1# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-test-imx.inc. 1# Copied from meta-imx/meta-imx-bsp/recipes-security/optee/optee-test-imx.inc.
2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L37 2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-walnascar/imx-6.12.20-2.0.0.xml#L37
3
4require optee-test-fslc.inc 3require optee-test-fslc.inc
5 4
6DEPENDS += "openssl" 5DEPENDS += "openssl"
@@ -14,5 +13,6 @@ OPTEE_TEST_SRC ?= "git://github.com/nxp-imx/imx-optee-test.git;protocol=https"
14 13
15EXTRA_OEMAKE:append:libc-musl = " OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}" 14EXTRA_OEMAKE:append:libc-musl = " OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}"
16CFLAGS:append:libc-musl = " -Wno-error=deprecated-declarations" 15CFLAGS:append:libc-musl = " -Wno-error=deprecated-declarations"
16CFLAGS += " -Wno-error=unterminated-string-initialization"
17 17
18COMPATIBLE_MACHINE = "(imx-nxp-bsp)" 18COMPATIBLE_MACHINE = "(imx-nxp-bsp)"
diff --git a/recipes-security/optee-imx/optee-test-fslc.inc b/recipes-security/optee-imx/optee-test-fslc.inc
index 0fb5f878a..46d57ac41 100644
--- a/recipes-security/optee-imx/optee-test-fslc.inc
+++ b/recipes-security/optee-imx/optee-test-fslc.inc
@@ -1,12 +1,11 @@
1# Copied from meta-arm/recipes-security/optee/optee-test.inc. 1# Copied from meta-arm/recipes-security/optee/optee-test.inc.
2# See: https://github.com/nxp-imx/imx-manifest/blob/imx-linux-scarthgap/imx-6.6.52-2.2.0.xml#L30 2# See:https://github.com/nxp-imx/imx-manifest/blob/imx-linux-walnascar/imx-6.12.20-2.0.0.xml#L30
3 3
4SUMMARY = "OP-TEE sanity testsuite" 4SUMMARY = "OP-TEE sanity testsuite"
5DESCRIPTION = "Open Portable Trusted Execution Environment - Test suite" 5DESCRIPTION = "Open Portable Trusted Execution Environment - Test suite"
6HOMEPAGE = "https://www.op-tee.org/" 6HOMEPAGE = "https://www.op-tee.org/"
7 7
8LICENSE = "BSD-2-Clause & GPL-2.0-only" 8LICENSE = "BSD-2-Clause & GPL-2.0-only"
9LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa"
10 9
11inherit python3native ptest 10inherit python3native ptest
12inherit deploy 11inherit deploy
@@ -18,7 +17,6 @@ SRC_URI = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \
18 file://run-ptest \ 17 file://run-ptest \
19 " 18 "
20 19
21S = "${WORKDIR}/git"
22B = "${WORKDIR}/build" 20B = "${WORKDIR}/build"
23 21
24EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ 22EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
diff --git a/recipes-security/optee-imx/optee-test_4.4.0.imx.bb b/recipes-security/optee-imx/optee-test_4.6.0.imx.bb
index b4ac12714..78e933486 100644
--- a/recipes-security/optee-imx/optee-test_4.4.0.imx.bb
+++ b/recipes-security/optee-imx/optee-test_4.6.0.imx.bb
@@ -9,5 +9,5 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a8fa504109e4cd7ea575bc49ea4be560 \
9 file://LICENSE-GPL;md5=10e86b5d2a6cb0e2b9dcfdd26a9ac58d" 9 file://LICENSE-GPL;md5=10e86b5d2a6cb0e2b9dcfdd26a9ac58d"
10 10
11 11
12SRCBRANCH = "lf-6.6.52_2.2.0" 12SRCBRANCH = "lf-6.12.20_2.0.0"
13SRCREV = "dafc98ed8364d7281a9a7f0788dd0a2067844a59" 13SRCREV = "010f088f05b5ebf392c6e235d6e53d391755722f"
diff --git a/recipes-security/optee-qoriq/optee-client-qoriq_3.13.0.bb b/recipes-security/optee-qoriq/optee-client-qoriq_3.13.0.bb
deleted file mode 100644
index 94123e435..000000000
--- a/recipes-security/optee-qoriq/optee-client-qoriq_3.13.0.bb
+++ /dev/null
@@ -1,5 +0,0 @@
1require optee-client.nxp.inc
2
3PV:append = "+git${SRCPV}"
4
5COMPATIBLE_MACHINE = "(qoriq-arm64)"
diff --git a/recipes-security/optee-qoriq/optee-client-qoriq_4.6.0.bb b/recipes-security/optee-qoriq/optee-client-qoriq_4.6.0.bb
new file mode 100644
index 000000000..4b61f7c04
--- /dev/null
+++ b/recipes-security/optee-qoriq/optee-client-qoriq_4.6.0.bb
@@ -0,0 +1,4 @@
1require optee-client.nxp.inc
2
3OPTEE_CLIENT_BRANCH = "lf-6.12.20_2.0.0"
4SRCREV = "02e7f9213b0d7db9c35ebf1e41e733fc9c5a3f75"
diff --git a/recipes-security/optee-qoriq/optee-client.nxp.inc b/recipes-security/optee-qoriq/optee-client.nxp.inc
index c3933a243..590540cd8 100644
--- a/recipes-security/optee-qoriq/optee-client.nxp.inc
+++ b/recipes-security/optee-qoriq/optee-client.nxp.inc
@@ -1,53 +1,22 @@
1# Copyright 2020-2021 NXP 1# Copyright 2020-2021,2025 NXP
2 2
3SUMMARY = "OPTEE Client libs" 3require recipes-security/optee-imx/optee-client-fslc.inc
4HOMEPAGE = "http://www.optee.org/"
5LICENSE = "BSD"
6LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b"
7 4
8inherit python3native systemd 5# The patch same as imx-optee, so point FILESEXTRAPATHS to optee-imx/optee-client,
6# avoid duplicate copy files to optee-qoriq
7FILESEXTRAPATHS:prepend := "${THISDIR}/../optee-imx/optee-client:"
9 8
10SRC_URI = "git://github.com/nxp-qoriq/optee_client.git;protocol=https;nobranch=1" 9DEPENDS = "util-linux-libuuid"
11SRCREV = "7c9c423d00e96bf51debd5fe10fd70dce83be5cc"
12 10
13FILESEXTRAPATHS:prepend := "${THISDIR}/optee-client:" 11SRC_URI:remove = "git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https"
14SRC_URI += "file://tee-supplicant.service" 12SRC_URI:prepend = "${OPTEE_CLIENT_SRC};branch=${OPTEE_CLIENT_BRANCH} "
15 13
16S = "${WORKDIR}/git" 14OPTEE_CLIENT_SRC ?= "git://github.com/nxp-qoriq/optee_client.git;protocol=https"
17B = "${WORKDIR}/build"
18 15
19OPTEE_ARCH ?= "arm32" 16inherit pkgconfig
20OPTEE_ARCH:armv7a = "arm32"
21OPTEE_ARCH:aarch64 = "arm64"
22 17
23EXTRA_OEMAKE = "ARCH=${OPTEE_ARCH} O=${B}" 18do_install:append () {
24 19 if ! ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
25do_install () { 20 rm -rf ${D}${libdir}/systemd
26 oe_runmake -C ${S} install 21 fi
27
28 install -d ${D}${libdir}/
29 install -p -m0644 ${B}/export${libdir}/libteec.so.1.0.0 ${D}${libdir}/
30 ln -sf libteec.so.1.0.0 ${D}${libdir}/libteec.so.1.0
31 ln -sf libteec.so.1.0.0 ${D}${libdir}/libteec.so.1
32 ln -sf libteec.so.1 ${D}${libdir}/libteec.so
33
34 install -D -p -m0644 ${B}/export/usr/lib/libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0.1.0
35 ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0.1
36 ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0
37 ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so
38
39 install -D -p -m0755 ${B}/export/usr/sbin/tee-supplicant ${D}${bindir}/tee-supplicant
40
41 cp -a ${B}/export/usr/include ${D}${includedir}
42
43 install -d ${D}${systemd_system_unitdir}/
44 install -m0644 ${UNPACKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/
45 sed -i -e s:/etc:${sysconfdir}:g -e s:/usr/bin:${bindir}:g ${D}${systemd_system_unitdir}/tee-supplicant.service
46} 22}
47
48SYSTEMD_SERVICE:${PN} = "tee-supplicant.service"
49
50FILES:${PN} += "${libdir}/* ${includedir}/*"
51
52INSANE_SKIP:${PN} = "ldflags dev-elf"
53INSANE_SKIP:${PN}-dev = "ldflags dev-elf"
diff --git a/recipes-security/optee-qoriq/optee-client/tee-supplicant.service b/recipes-security/optee-qoriq/optee-client/tee-supplicant.service
deleted file mode 100644
index 0e2b4f6ba..000000000
--- a/recipes-security/optee-qoriq/optee-client/tee-supplicant.service
+++ /dev/null
@@ -1,11 +0,0 @@
1[Unit]
2Description=TEE Supplicant
3
4[Service]
5User=root
6EnvironmentFile=-/etc/default/tee-supplicant
7ExecStart=/usr/bin/tee-supplicant $OPTARGS
8
9[Install]
10WantedBy=basic.target
11
diff --git a/recipes-security/optee-qoriq/optee-os-qoriq-tadevkit_4.6.0.bb b/recipes-security/optee-qoriq/optee-os-qoriq-tadevkit_4.6.0.bb
new file mode 100644
index 000000000..e7847b81e
--- /dev/null
+++ b/recipes-security/optee-qoriq/optee-os-qoriq-tadevkit_4.6.0.bb
@@ -0,0 +1,24 @@
1require optee-os.nxp.inc
2
3SUMMARY = "OP-TEE Trusted OS TA devkit"
4DESCRIPTION = "OP-TEE TA devkit for build TAs"
5HOMEPAGE = "https://www.op-tee.org/"
6
7DEPENDS += "python3-pycryptodome-native"
8
9OPTEE_OS_BRANCH = "lf-6.12.20_2.0.0"
10SRCREV = "87964807d80baf1dcfd89cafc66de34a1cf16bf3"
11
12do_install() {
13 #install TA devkit
14 install -d ${D}${includedir}/optee/export-user_ta/
15 for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do
16 cp -aR $f ${D}${includedir}/optee/export-user_ta/
17 done
18}
19
20do_deploy() {
21 echo "Do not inherit do_deploy from optee-os."
22}
23
24FILES:${PN} = "${includedir}/optee/"
diff --git a/recipes-security/optee-qoriq/optee-os-qoriq_3.13.0.bb b/recipes-security/optee-qoriq/optee-os-qoriq_3.13.0.bb
deleted file mode 100644
index 3c3652d3d..000000000
--- a/recipes-security/optee-qoriq/optee-os-qoriq_3.13.0.bb
+++ /dev/null
@@ -1,28 +0,0 @@
1require optee-os.nxp.inc
2
3PV:append = "+git${SRCPV}"
4
5PLATFORM_FLAVOR:ls1088ardb-pb = "ls1088ardb"
6PLATFORM_FLAVOR:ls1046afrwy = "ls1046ardb"
7PLATFORM_FLAVOR:lx2162aqds = "lx2160aqds"
8
9EXTRA_OEMAKE += " \
10 PLATFORM=ls \
11 CFG_ARM64_core=y \
12"
13
14do_compile:append:ls1012afrwy() {
15 mv ${B}/core/tee-raw.bin ${B}/core/tee_512mb.bin
16 oe_runmake CFG_DRAM0_SIZE=0x40000000 all
17}
18
19do_install:append:qoriq() {
20 install -m 644 ${B}/core/tee-raw.bin ${D}${nonarch_base_libdir}/firmware/tee_${MACHINE}.bin
21}
22
23do_install:append:ls1012afrwy() {
24 install -m 644 ${B}/core/tee_512mb.bin ${D}${nonarch_base_libdir}/firmware/tee_${MACHINE}_512mb.bin
25}
26
27INHIBIT_PACKAGE_STRIP = "1"
28COMPATIBLE_MACHINE = "(qoriq-arm64)"
diff --git a/recipes-security/optee-qoriq/optee-os-qoriq_4.6.0.bb b/recipes-security/optee-qoriq/optee-os-qoriq_4.6.0.bb
new file mode 100644
index 000000000..cd568b3dc
--- /dev/null
+++ b/recipes-security/optee-qoriq/optee-os-qoriq_4.6.0.bb
@@ -0,0 +1,21 @@
1require optee-os.nxp.inc
2
3OPTEE_OS_BRANCH = "lf-6.12.20_2.0.0"
4SRCREV = "87964807d80baf1dcfd89cafc66de34a1cf16bf3"
5
6do_install:append () {
7 install -d ${D}${nonarch_base_libdir}/firmware/
8 install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/
9 install -m 644 ${B}/core/tee-raw.bin ${D}${nonarch_base_libdir}/firmware/tee_${MACHINE}.bin
10
11 # Install embedded TAs
12 install -d ${D}${base_libdir}/optee_armtz/
13 install -m 444 ${B}/ta/*/*.ta ${D}${base_libdir}/optee_armtz/
14}
15
16do_deploy:append () {
17 install -d ${DEPLOYDIR}/optee
18 install -m 644 ${D}${nonarch_base_libdir}/firmware/* ${DEPLOYDIR}/optee/
19}
20
21FILES:${PN} = "${nonarch_base_libdir}/optee_armtz/ ${nonarch_base_libdir}/firmware/"
diff --git a/recipes-security/optee-qoriq/optee-os.nxp.inc b/recipes-security/optee-qoriq/optee-os.nxp.inc
index 5b90b937c..88ba3fbe2 100644
--- a/recipes-security/optee-qoriq/optee-os.nxp.inc
+++ b/recipes-security/optee-qoriq/optee-os.nxp.inc
@@ -1,75 +1,30 @@
1# Copyright 2020-2021 NXP 1# Copyright 2020-2021,2025 NXP
2require recipes-security/optee-imx/optee-os-fslc.inc
2 3
3SUMMARY = "OPTEE OS" 4DEPENDS:append = " dtc-native"
4DESCRIPTION = "OPTEE OS"
5HOMEPAGE = "http://www.optee.org/"
6LICENSE = "BSD"
7LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173"
8 5
9inherit deploy python3native autotools 6# The patch same as imx-optee, so point FILESEXTRAPATHS to optee-imx/optee-client,
10DEPENDS = "python3-pycryptodome-native python3-pyelftools-native python3-pycryptodomex-native dtc-native" 7# avoid duplicate copy files to optee-qoriq
8FILESEXTRAPATHS:prepend := "${THISDIR}/../optee-imx/optee-os:"
11 9
12SRC_URI = "git://github.com/nxp-qoriq/optee_os.git;protocol=https;nobranch=1" 10SRC_URI:remove = "git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https"
13SRCREV = "735d98806dc26fbeeecad7f5e60ffeab8170c67e" 11SRC_URI:prepend = "${OPTEE_OS_SRC};branch=${OPTEE_OS_BRANCH} "
12SRC_URI:append = " file://0007-allow-setting-sysroot-for-clang.patch"
14 13
15S = "${WORKDIR}/git" 14OPTEE_OS_SRC ?= "git://github.com/nxp-qoriq/optee_os.git;protocol=https"
16B = "${WORKDIR}/build.${PLATFORM_FLAVOR}"
17 15
18PLATFORM_FLAVOR ?= "${MACHINE}" 16REQUIRED_MACHINE_FEATURES = "optee"
19 17
20OPTEE_ARCH ?= "arm64" 18inherit features_check
21OPTEE_ARCH:armv7a = "arm32"
22OPTEE_ARCH:aarch64 = "arm64"
23 19
24OPTEE_CORE_LOG_LEVEL ?= "1" 20OPTEEMACHINE = "ls-${MACHINE}"
25OPTEE_TA_LOG_LEVEL ?= "0" 21OPTEEMACHINE:ls1088ardb-pb = "ls-ls1088ardb"
22OPTEEMACHINE:ls1046afrwy = "ls-ls1046ardb"
23OPTEEMACHINE:lx2162aqds = "ls-lx2160aqds"
24OPTEEMACHINE:lx2160ardb-rev2 = "ls-lx2160ardb"
26 25
27# Optee-os can be built for 32 bits and 64 bits at the same time 26EXTRA_OEMAKE:append = " \
28# as long as the compilers are correctly defined. 27 CFG_TEE_TA_LOG_LEVEL=0 \
29# For 64bits, CROSS_COMPILE64 must be set 28 CFG_TEE_CORE_LOG_LEVEL=1 \
30# When defining CROSS_COMPILE and CROSS_COMPILE64, we assure that
31# any 32 or 64 bits builds will pass
32EXTRA_OEMAKE = " \
33 -C ${S} O=${B} \
34 PLATFORM_FLAVOR=${PLATFORM_FLAVOR} \
35 CROSS_COMPILE=${HOST_PREFIX} \
36 CROSS_COMPILE64=${HOST_PREFIX} \
37 CFG_WERROR=y \
38 CFG_TEE_CORE_LOG_LEVEL=${OPTEE_CORE_LOG_LEVEL} \
39 CFG_TEE_TA_LOG_LEVEL=${OPTEE_TA_LOG_LEVEL} \
40" 29"
41 30COMPATIBLE_MACHINE = "(qoriq-arm64)"
42do_compile() {
43 unset LDFLAGS
44 export CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST}"
45 oe_runmake all
46}
47
48do_install() {
49 install -d ${D}${nonarch_base_libdir}/firmware/
50 install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/
51
52 # Install the TA devkit
53 install -d ${D}${includedir}/optee/export-user_ta/
54
55 for f in ${B}/export-ta_${OPTEE_ARCH}/*; do
56 cp -aR $f ${D}${includedir}/optee/export-user_ta/
57 done
58
59 install -d ${D}${nonarch_base_libdir}/optee_armtz
60 find ${B}/export-ta_${OPTEE_ARCH}/ta -name '*.ta' | while read name; do
61 install -m 444 $name ${D}${nonarch_base_libdir}/optee_armtz/
62 done
63}
64
65do_deploy() {
66 install -d ${DEPLOYDIR}/optee
67 install -m 644 ${D}${nonarch_base_libdir}/firmware/* ${DEPLOYDIR}/optee/
68}
69addtask deploy before do_build after do_install
70
71FILES:${PN} = "${nonarch_base_libdir}/firmware/ ${nonarch_base_libdir}/optee_armtz/"
72FILES:${PN}-staticdev = "/usr/include/optee/"
73RDEPENDS:${PN}-dev += "${PN}-staticdev"
74
75PACKAGE_ARCH = "${MACHINE_ARCH}"
diff --git a/recipes-security/optee-qoriq/optee-test-qoriq_3.13.0.bb b/recipes-security/optee-qoriq/optee-test-qoriq_3.13.0.bb
deleted file mode 100644
index 69ef73d3a..000000000
--- a/recipes-security/optee-qoriq/optee-test-qoriq_3.13.0.bb
+++ /dev/null
@@ -1,13 +0,0 @@
1require optee-test.nxp.inc
2
3PV:append = "+git${SRCPV}"
4
5DEPENDS += "optee-client-qoriq optee-os-qoriq"
6
7TEEC_EXPORT = "${STAGING_DIR_HOST}${prefix}"
8
9EXTRA_OEMAKE += " \
10 TEEC_EXPORT=${TEEC_EXPORT} \
11"
12
13COMPATIBLE_MACHINE = "(qoriq-arm64)"
diff --git a/recipes-security/optee-qoriq/optee-test-qoriq_4.6.0.bb b/recipes-security/optee-qoriq/optee-test-qoriq_4.6.0.bb
new file mode 100644
index 000000000..d008a6211
--- /dev/null
+++ b/recipes-security/optee-qoriq/optee-test-qoriq_4.6.0.bb
@@ -0,0 +1,10 @@
1require optee-test.nxp.inc
2
3# The BSD and GPL license files are now included in the source
4# https://github.com/OP-TEE/optee_test/commit/a748f5fcd9ec8a574dc86a5aa56d05bc6ac174e7
5LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a8fa504109e4cd7ea575bc49ea4be560 \
6 file://LICENSE-BSD;md5=dca16d6efa93b55d0fd662ae5cd6feeb \
7 file://LICENSE-GPL;md5=10e86b5d2a6cb0e2b9dcfdd26a9ac58d"
8
9OPTEE_TEST_BRANCH = "lf-6.12.20_2.0.0"
10SRCREV = "010f088f05b5ebf392c6e235d6e53d391755722f"
diff --git a/recipes-security/optee-qoriq/optee-test.nxp.inc b/recipes-security/optee-qoriq/optee-test.nxp.inc
index 14a42ac5a..48d5a4211 100644
--- a/recipes-security/optee-qoriq/optee-test.nxp.inc
+++ b/recipes-security/optee-qoriq/optee-test.nxp.inc
@@ -1,61 +1,15 @@
1# Copyright 2020-2021 NXP 1# Copyright 2020-2021,2025 NXP
2require recipes-security/optee-imx/optee-test-fslc.inc
2 3
3SUMMARY = "OPTEE test" 4DEPENDS:remove = "optee-client optee-os-tadevkit"
4HOMEPAGE = "http://www.optee.org/" 5DEPENDS:append = "optee-client-qoriq optee-os-qoriq-tadevkit openssl"
5 6
6LICENSE = "BSD & GPL-2.0-only" 7SRC_URI:remove = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https"
7LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" 8SRC_URI:remove = "file://run-ptest"
9SRC_URI:prepend = "${OPTEE_TEST_SRC};branch=${OPTEE_TEST_BRANCH} "
8 10
9DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native openssl" 11OPTEE_TEST_SRC ?= "git://github.com/nxp-qoriq/optee_test.git;protocol=https"
10inherit python3native cmake
11 12
12SRC_URI = "git://github.com/nxp-qoriq/optee_test.git;protocol=https;nobranch=1" 13CFLAGS += " -Wno-error=unterminated-string-initialization"
13SRCREV = "69722dab8c1f2683e30e0ee3b536053367e37aad"
14 14
15S = "${WORKDIR}/git" 15COMPATIBLE_MACHINE = "(qoriq-arm64)"
16B = "${WORKDIR}/build"
17
18TA_DEV_KIT_DIR ?= "${STAGING_INCDIR}/optee/export-user_ta"
19OPTEE_CLIENT_EXPORT ?= "${STAGING_DIR_HOST}${prefix}"
20
21EXTRA_OEMAKE = " \
22 TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
23 OPTEE_CLIENT_EXPORT=${OPTEE_CLIENT_EXPORT} \
24 CROSS_COMPILE_HOST=${HOST_PREFIX} \
25 CROSS_COMPILE_TA=${HOST_PREFIX} \
26 OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}/ \
27 -C ${S} O=${B} \
28"
29
30EXTRA_OECMAKE = " \
31 -DOPTEE_TEST_SDK=${TA_DEV_KIT_DIR} \
32"
33
34do_compile() {
35 export CXXFLAGS="${CXXFLAGS} --sysroot=${STAGING_DIR_HOST}"
36 oe_runmake xtest
37 oe_runmake ta
38 oe_runmake test_plugin
39}
40
41do_install() {
42 install -d ${D}${bindir}/
43 install ${B}/xtest/xtest ${D}${bindir}/
44
45 install -d ${D}${nonarch_base_libdir}/optee_armtz
46 find ${B}/ta -name '*.ta' | while read name; do
47 install -m 444 $name ${D}${nonarch_base_libdir}/optee_armtz/
48 done
49
50 install -d ${D}${libdir}/tee-supplicant/plugins/
51 find ${B}/supp_plugin -name '*.plugin' | while read name; do
52 install -m 755 $name ${D}${libdir}/tee-supplicant/plugins/
53 done
54}
55
56FILES:${PN} += "${nonarch_base_libdir} ${libdir}/tee-supplicant/plugins/"
57
58DEBUG_OPTIMIZATION:append = " -Wno-error=maybe-uninitialized -Wno-deprecated-declarations"
59FULL_OPTIMIZATION:append = " -Wno-error=maybe-uninitialized -Wno-deprecated-declarations"
60
61PACKAGE_ARCH = "${MACHINE_ARCH}"
diff --git a/recipes-security/smw/keyctl-caam_git.bb b/recipes-security/smw/keyctl-caam_git.bb
index 25a5f656a..f147e1148 100644
--- a/recipes-security/smw/keyctl-caam_git.bb
+++ b/recipes-security/smw/keyctl-caam_git.bb
@@ -11,13 +11,11 @@ SRC_URI = "git://github.com/nxp-imx/keyctl_caam.git;protocol=https;branch=${SRCB
11 11
12SRCREV = "81dc06cdb9c4d0d4ba10459d85af9a8603774948" 12SRCREV = "81dc06cdb9c4d0d4ba10459d85af9a8603774948"
13 13
14S = "${WORKDIR}/git"
15
16TARGET_CC_ARCH += "${LDFLAGS}" 14TARGET_CC_ARCH += "${LDFLAGS}"
17 15
18do_install () { 16do_install () {
19 oe_runmake DESTDIR=${D} install 17 oe_runmake DESTDIR=${D} install
20} 18}
21 19
22COMPATIBLE_MACHINE = "(imx-generic-bsp)" 20COMPATIBLE_MACHINE = "(imx-generic-bsp|qoriq)"
23 21
diff --git a/recipes-security/smw/smw_git.bb b/recipes-security/smw/smw_git.bb
index 3c1d04908..dbb59d2f3 100644
--- a/recipes-security/smw/smw_git.bb
+++ b/recipes-security/smw/smw_git.bb
@@ -19,7 +19,7 @@ SRC_URI = "git://github.com/nxp-imx/imx-smw.git;protocol=https;branch=release/ve
19SRCREV_smw = "f0570b3e8cb5f68d54edc4f9dd7cb984f6f604ed" 19SRCREV_smw = "f0570b3e8cb5f68d54edc4f9dd7cb984f6f604ed"
20SRCREV_psa = "463cb95ada820bc6f758d50066cf8c0ed5cc3a02" 20SRCREV_psa = "463cb95ada820bc6f758d50066cf8c0ed5cc3a02"
21SRCREV_FORMAT = "smw_psa" 21SRCREV_FORMAT = "smw_psa"
22S = "${WORKDIR}/git/smw" 22S = "${UNPACKDIR}/git/smw"
23 23
24inherit cmake python3native 24inherit cmake python3native
25 25
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-12-21 20:33:20 +0000