diff options
Diffstat (limited to 'recipes-security/optee-imx')
23 files changed, 734 insertions, 722 deletions
diff --git a/recipes-security/optee-imx/optee-client-fslc-imx.inc b/recipes-security/optee-imx/optee-client-fslc-imx.inc new file mode 100644 index 00000000..4cfe18bf --- /dev/null +++ b/recipes-security/optee-imx/optee-client-fslc-imx.inc @@ -0,0 +1,7 @@ +# Copyright (C) 2017-2021 NXP + +require optee-client-fslc.inc + +SRC_URI += "git://github.com/nxp-imx/imx-optee-client.git;protocol=https;branch=${SRCBRANCH}" + +COMPATIBLE_MACHINE = "(imx-nxp-bsp)" diff --git a/recipes-security/optee-imx/optee-client-fslc.inc b/recipes-security/optee-imx/optee-client-fslc.inc new file mode 100644 index 00000000..92f9f1d1 --- /dev/null +++ b/recipes-security/optee-imx/optee-client-fslc.inc @@ -0,0 +1,42 @@ +# Copyright (C) 2017-2021 NXP + +SUMMARY = "OPTEE Client libs" +HOMEPAGE = "http://www.optee.org/" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" + +SRC_URI = "file://tee-supplicant.service" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +inherit python3native systemd features_check pkgconfig + +DEPENDS = "util-linux-libuuid" + +REQUIRED_MACHINE_FEATURES = "optee" + +SYSTEMD_SERVICE:${PN} = "tee-supplicant.service" + +EXTRA_OEMAKE = " \ + -C ${S} O=${B} \ +" + +do_install () { + oe_runmake -C ${S} install + + install -D -p -m0644 ${B}/export/usr/lib/libteec.so.1.0.0 ${D}${libdir}/libteec.so.1.0.0 + ln -sf libteec.so.1.0.0 ${D}${libdir}/libteec.so.1 + ln -sf libteec.so.1.0.0 ${D}${libdir}/libteec.so + + install -D -p -m0644 ${B}/export/usr/lib/libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0.1.0 + ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so.0 + ln -sf libckteec.so.0.1.0 ${D}${libdir}/libckteec.so + + install -D -p -m0755 ${B}/export/usr/sbin/tee-supplicant ${D}${bindir}/tee-supplicant + + cp -a ${B}/export/usr/include ${D}${includedir} + + sed -i -e s:/etc:${sysconfdir}:g -e s:/usr/bin:${bindir}:g ${WORKDIR}/tee-supplicant.service + install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service +} diff --git a/recipes-security/optee-imx/optee-client/0001-flags-do-not-override-CFLAGS-from-host.patch b/recipes-security/optee-imx/optee-client/0001-flags-do-not-override-CFLAGS-from-host.patch deleted file mode 100644 index 9c6b1069..00000000 --- a/recipes-security/optee-imx/optee-client/0001-flags-do-not-override-CFLAGS-from-host.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 591461d6efe51989b4a7f4e875cdf37505eba360 Mon Sep 17 00:00:00 2001 -From: Andrey Zhizhikin <andrey.z@gmail.com> -Date: Thu, 4 Jun 2020 19:24:05 +0000 -Subject: [PATCH] flags: do not override CFLAGS from host - -Some build systems set CFLAGS in environment before the build, but they -got overridden by CFLAGS immediate assignment operator. - -Replace immediate assignment with append directive and use override -directive, so the former definition of CFLAGS gets passed either from -command line or via environment is completely expanded (see [1] for -detailed explanation of override directive and variable append). - -Link: [1] https://www.gnu.org/software/make/manual/html_node/Override-Directive.html - -Upstream-Status: Backport [https://github.com/OP-TEE/optee_client/pull/211] - -Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com> -Reviewed-by: Jerome Forissier <jerome@forissier.org> -Reviewed-by: Joakim Bech <joakim.bech@linaro.org> ---- - flags.mk | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/flags.mk b/flags.mk -index c2f0e1c..65192bc 100644 ---- a/flags.mk -+++ b/flags.mk -@@ -6,7 +6,7 @@ CROSS_COMPILE ?= arm-linux-gnueabihf- - CC ?= $(CROSS_COMPILE)gcc - AR ?= $(CROSS_COMPILE)ar - --CFLAGS := -Wall -Wbad-function-cast -Wcast-align \ -+override CFLAGS += -Wall -Wbad-function-cast -Wcast-align \ - -Werror-implicit-function-declaration -Wextra \ - -Wfloat-equal -Wformat-nonliteral -Wformat-security \ - -Wformat=2 -Winit-self -Wmissing-declarations \ -@@ -16,13 +16,13 @@ CFLAGS := -Wall -Wbad-function-cast -Wcast-align \ - -Wswitch-default -Wunsafe-loop-optimizations \ - -Wwrite-strings -D_FILE_OFFSET_BITS=64 - ifeq ($(CFG_WERROR),y) --CFLAGS += -Werror -+override CFLAGS += -Werror - endif --CFLAGS += -c -fPIC -+override CFLAGS += -c -fPIC - - DEBUG ?= 0 - ifeq ($(DEBUG), 1) --CFLAGS += -DDEBUG -O0 -g -+override CFLAGS += -DDEBUG -O0 -g - endif - - RM := rm -f --- -2.17.1 - diff --git a/recipes-security/optee-imx/optee-client_3.7.0.imx.bb b/recipes-security/optee-imx/optee-client_3.7.0.imx.bb deleted file mode 100644 index d83f8a9c..00000000 --- a/recipes-security/optee-imx/optee-client_3.7.0.imx.bb +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright (C) 2017-2018 NXP - -SUMMARY = "OPTEE Client libs" -HOMEPAGE = "http://www.optee.org/" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" - -inherit python3native systemd - -SRCBRANCH = "imx_5.4.24_2.1.0" -SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-client.git;protocol=https;branch=${SRCBRANCH}" - -SRCREV = "bc0ec8ce1e4dc5ae23f4737ef659338b7cd408fe" - -SRC_URI += "file://tee-supplicant.service \ - file://0001-flags-do-not-override-CFLAGS-from-host.patch \ -" - -S = "${WORKDIR}/git" -B = "${WORKDIR}/build" -SYSTEMD_SERVICE_${PN} = "tee-supplicant.service" - -OPTEE_ARCH ?= "arm32" -OPTEE_ARCH_armv7a = "arm32" -OPTEE_ARCH_aarch64 = "arm64" - -EXTRA_OEMAKE = "ARCH=${OPTEE_ARCH} O=${B}" - -do_install () { - oe_runmake -C ${S} install - - install -D -p -m0644 ${B}/export/usr/lib/libteec.so.1.0 ${D}${libdir}/libteec.so.1.0 - ln -sf libteec.so.1.0 ${D}${libdir}/libteec.so - ln -sf libteec.so.1.0 ${D}${libdir}/libteec.so.1 - - install -D -p -m0755 ${B}/export/usr/sbin/tee-supplicant ${D}${bindir}/tee-supplicant - - cp -a ${B}/export/usr/include ${D}/usr/ - - sed -i -e s:/etc:${sysconfdir}:g -e s:/usr/bin:${bindir}:g ${WORKDIR}/tee-supplicant.service - install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service -} - -PACKAGES += "tee-supplicant" -FILES_${PN} += "${libdir}/* ${includedir}/*" -FILES_tee-supplicant += "${bindir}/tee-supplicant" - -INSANE_SKIP_${PN} = "ldflags dev-elf" -INSANE_SKIP_${PN}-dev = "ldflags dev-elf" -INSANE_SKIP_tee-supplicant = "ldflags" - -COMPATIBLE_MACHINE = "(mx6|mx7|mx8)" diff --git a/recipes-security/optee-imx/optee-client_4.0.0.imx.bb b/recipes-security/optee-imx/optee-client_4.0.0.imx.bb new file mode 100644 index 00000000..b404dd5b --- /dev/null +++ b/recipes-security/optee-imx/optee-client_4.0.0.imx.bb @@ -0,0 +1,7 @@ +require optee-client-fslc-imx.inc + +SRCBRANCH = "lf-6.6.3_1.0.0" +SRCREV = "acb0885c117e73cb6c5c9b1dd9054cb3f93507ee" + +DEPENDS += "util-linux" +EXTRA_OEMAKE += "PKG_CONFIG=pkg-config" diff --git a/recipes-security/optee-imx/optee-fslc.inc b/recipes-security/optee-imx/optee-fslc.inc new file mode 100644 index 00000000..6c96dc2b --- /dev/null +++ b/recipes-security/optee-imx/optee-fslc.inc @@ -0,0 +1,26 @@ +HOMEPAGE = "http://www.optee.org/" + +inherit python3native features_check + +REQUIRED_MACHINE_FEATURES = "optee" + +DEPENDS = "python3-cryptography-native" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +OPTEE_ARCH:arm = "arm32" +OPTEE_ARCH:aarch64 = "arm64" + +COMPILER ?= "gcc" +COMPILER:toolchain-clang = "clang" + +CFLAGS += "--sysroot=${STAGING_DIR_HOST}" +CXXFLAGS += "--sysroot=${STAGING_DIR_HOST}" + +EXTRA_OEMAKE = " \ + COMPILER=${COMPILER} \ + OPENSSL_MODULES=${STAGING_LIBDIR_NATIVE}/ossl-modules \ + OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${exec_prefix} \ + -C ${S} O=${B} \ +" diff --git a/recipes-security/optee-imx/optee-os-fslc-imx.inc b/recipes-security/optee-imx/optee-os-fslc-imx.inc new file mode 100644 index 00000000..6b72e827 --- /dev/null +++ b/recipes-security/optee-imx/optee-os-fslc-imx.inc @@ -0,0 +1,26 @@ +require optee-os-fslc.inc + +SRC_URI = "git://github.com/nxp-imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH}" + +# The platform flavor corresponds to the Yocto machine without the leading 'i'. +PLATFORM_FLAVOR = "${@d.getVar('MACHINE')[1:]}" +PLATFORM_FLAVOR:imx6qdlsabresd = "mx6qsabresd" +PLATFORM_FLAVOR:imx6qdlsabreauto = "mx6qsabreauto" +PLATFORM_FLAVOR:imx6qpdlsolox = "mx6qsabresd" +PLATFORM_FLAVOR:mx6ul-nxp-bsp = "mx6ulevk" +PLATFORM_FLAVOR:mx6ull-nxp-bsp = "mx6ullevk" +PLATFORM_FLAVOR:mx6ulz-nxp-bsp = "mx6ulzevk" +PLATFORM_FLAVOR:mx8mq-nxp-bsp = "mx8mqevk" +PLATFORM_FLAVOR:mx8mm-nxp-bsp = "mx8mmevk" +PLATFORM_FLAVOR:mx8mn-nxp-bsp = "mx8mnevk" +PLATFORM_FLAVOR:mx8mnul-nxp-bsp = "mx8mnevk" +PLATFORM_FLAVOR:mx8mp-nxp-bsp = "mx8mpevk" +PLATFORM_FLAVOR:mx8mpul-nxp-bsp = "mx8mpevk" +PLATFORM_FLAVOR:mx8qm-nxp-bsp = "mx8qmmek" +PLATFORM_FLAVOR:mx8qxp-nxp-bsp = "mx8qxpmek" +PLATFORM_FLAVOR:mx8dx-nxp-bsp = "mx8dxmek" +PLATFORM_FLAVOR:mx8dxl-nxp-bsp = "mx8dxlevk" +PLATFORM_FLAVOR:mx8ulp-nxp-bsp = "mx8ulpevk" +PLATFORM_FLAVOR:mx93-nxp-bsp = "mx93evk" + +COMPATIBLE_MACHINE = "(imx-nxp-bsp)" diff --git a/recipes-security/optee-imx/optee-os-fslc.inc b/recipes-security/optee-imx/optee-os-fslc.inc new file mode 100644 index 00000000..b91a5531 --- /dev/null +++ b/recipes-security/optee-imx/optee-os-fslc.inc @@ -0,0 +1,87 @@ +# Copyright (C) 2017-2021 NXP + +SUMMARY = "OPTEE OS" +DESCRIPTION = "OPTEE OS" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" + +require optee-fslc.inc + +DEPENDS += "python3-pyelftools-native u-boot-mkimage-native" +DEPENDS:append:toolchain-clang = " compiler-rt" + +inherit deploy autotools + +# Optee-os can be built for 32 bits and 64 bits at the same time +# as long as the compilers are correctly defined. +# For 64bits, CROSS_COMPILE64 must be set +# When defining CROSS_COMPILE and CROSS_COMPILE64, we assure that +# any 32 or 64 bits builds will pass +EXTRA_OEMAKE += " \ + PLATFORM=imx-${PLATFORM_FLAVOR} \ + CROSS_COMPILE=${HOST_PREFIX} \ + CROSS_COMPILE64=${HOST_PREFIX} \ + CFLAGS32=--sysroot=${STAGING_DIR_HOST} \ + CFLAGS64=--sysroot=${STAGING_DIR_HOST} \ + CFG_TEE_TA_LOG_LEVEL=0 \ + CFG_TEE_CORE_LOG_LEVEL=0 \ +" + +EXTRA_OEMAKE:append:imx8mq-lpddr4-wevk = " \ + CFG_CORE_LARGE_PHYS_ADDR=y \ + CFG_CORE_ARM64_PA_BITS=36 \ + CFG_DDR_SIZE=0x100000000 \ + CFG_TZDRAM_START=0xfe000000 \ +" + +LDFLAGS[unexport] = "1" +CPPFLAGS[unexport] = "1" +AS[unexport] = "1" +LD[unexport] = "1" + +do_configure[noexec] = "1" + +do_compile:prepend() { + PLAT_LIBGCC_PATH=$(${CC} -print-libgcc-file-name) +} + +do_compile:arm () { + oe_runmake all uTee +} + +do_compile:aarch64 () { + oe_runmake all +} +do_compile[cleandirs] = "${B}" + +do_deploy () { + install -d ${DEPLOYDIR} + cp ${B}/core/tee-raw.bin ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin + ln -sf tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/tee.bin +} + +do_deploy:append:arm () { + cp ${B}/core/uTee ${DEPLOYDIR}/uTee-${OPTEE_BIN_EXT} +} + +do_install () { + install -d ${D}${nonarch_base_libdir}/firmware/ + install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ + + # Install embedded TAs + install -d ${D}${nonarch_base_libdir}/optee_armtz/ + install -m 444 ${B}/ta/*/*.ta ${D}${nonarch_base_libdir}/optee_armtz/ + + # Install the TA devkit + install -d ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ + cp -aR ${B}/export-ta_${OPTEE_ARCH}/* \ + ${D}${includedir}/optee/export-user_ta_${OPTEE_ARCH}/ +} + +addtask deploy after do_compile before do_install + +FILES:${PN} = "${nonarch_base_libdir}/firmware/ ${nonarch_base_libdir}/optee_armtz/" +FILES:${PN}-staticdev = "${includedir}/optee/" +RDEPENDS:${PN}-dev += "${PN}-staticdev" + +PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch b/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch new file mode 100644 index 00000000..54fbe541 --- /dev/null +++ b/recipes-security/optee-imx/optee-os/0001-core-Define-section-attributes-for-clang.patch @@ -0,0 +1,245 @@ +From ef83625c9a5f50610e25aa860c4b9c5e64723a66 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <emekcan.aras@arm.com> +Date: Wed, 21 Dec 2022 10:55:58 +0000 +Subject: [PATCH 1/4] core: Define section attributes for clang + +Clang's attribute section is not same as gcc, here we need to add flags +to sections so they can be eventually collected by linker into final +output segments. Only way to do so with clang is to use + +pragma clang section ... + +The behavious is described here [1], this allows us to define names bss +sections. This was not an issue until clang-15 where LLD linker starts +to detect the section flags before merging them and throws the following +errors + +| ld.lld: error: section type mismatch for .nozi.kdata_page +| >>> /mnt/b/yoe/master/build/tmp/work/qemuarm64-yoe-linux/optee-os-tadevkit/3.17.0-r0/build/core/arch/arm/kernel/thread.o:(.nozi.kdata_page): SHT_PROGBITS +| >>> output section .nozi: SHT_NOBITS +| +| ld.lld: error: section type mismatch for .nozi.mmu.l2 +| >>> /mnt/b/yoe/master/build/tmp/work/qemuarm64-yoe-linux/optee-os-tadevkit/3.17.0-r0/build/core/arch/arm/mm/core_mmu_lpae.o:(.nozi.mmu.l2): SHT_PROGBITS +| >>> output section .nozi: SHT_NOBITS + +These sections should be carrying SHT_NOBITS but so far it was not +possible to do so, this patch tries to use clangs pragma to get this +going and match the functionality with gcc. + +[1] https://intel.github.io/llvm-docs/clang/LanguageExtensions.html#specifying-section-names-for-global-objects-pragma-clang-section + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> +--- + + core/arch/arm/kernel/thread.c | 19 +++++++++++++++-- + core/arch/arm/mm/core_mmu_lpae.c | 35 +++++++++++++++++++++++++++---- + core/arch/arm/mm/core_mmu_v7.c | 36 +++++++++++++++++++++++++++++--- + core/kernel/thread.c | 13 +++++++++++- + core/mm/pgt_cache.c | 12 ++++++++++- + 5 files changed, 104 insertions(+), 11 deletions(-) + +diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c +index 66833b3a0..b3eb9cf9a 100644 +--- a/core/arch/arm/kernel/thread.c ++++ b/core/arch/arm/kernel/thread.c +@@ -45,15 +45,30 @@ static size_t thread_user_kcode_size __nex_bss; + #if defined(CFG_CORE_UNMAP_CORE_AT_EL0) && \ + defined(CFG_CORE_WORKAROUND_SPECTRE_BP_SEC) && defined(ARM64) + long thread_user_kdata_sp_offset __nex_bss; ++#ifdef __clang__ ++#ifndef CFG_VIRTUALIZATION ++#pragma clang section bss=".nozi.kdata_page" ++#else ++#pragma clang section bss=".nex_nozi.kdata_page" ++#endif ++#endif + static uint8_t thread_user_kdata_page[ + ROUNDUP(sizeof(struct thread_core_local) * CFG_TEE_CORE_NB_CORE, + SMALL_PAGE_SIZE)] + __aligned(SMALL_PAGE_SIZE) ++#ifndef __clang__ + #ifndef CFG_NS_VIRTUALIZATION +- __section(".nozi.kdata_page"); ++ __section(".nozi.kdata_page") + #else +- __section(".nex_nozi.kdata_page"); ++ __section(".nex_nozi.kdata_page") + #endif ++#endif ++ ; ++#endif ++ ++/* reset BSS section to default ( .bss ) */ ++#ifdef __clang__ ++#pragma clang section bss="" + #endif + + #ifdef ARM32 +diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c +index 4c8b85e39..1885e1d3f 100644 +--- a/core/arch/arm/mm/core_mmu_lpae.c ++++ b/core/arch/arm/mm/core_mmu_lpae.c +@@ -234,19 +234,46 @@ typedef uint16_t l1_idx_t; + typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES]; + typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES]; + ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.base_table" ++#endif + static base_xlat_tbls_t base_xlation_table[NUM_BASE_TABLES] + __aligned(NUM_BASE_LEVEL_ENTRIES * XLAT_ENTRY_SIZE) +- __section(".nozi.mmu.base_table"); ++#ifndef __clang__ ++ __section(".nozi.mmu.base_table") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.l2" ++#endif + static xlat_tbl_t xlat_tables[MAX_XLAT_TABLES] +- __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2"); ++ __aligned(XLAT_TABLE_SIZE) ++#ifndef __clang__ ++ __section(".nozi.mmu.l2") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + + #define XLAT_TABLES_SIZE (sizeof(xlat_tbl_t) * MAX_XLAT_TABLES) + ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.l2" ++#endif + /* MMU L2 table for TAs, one for each thread */ + static xlat_tbl_t xlat_tables_ul1[CFG_NUM_THREADS] +- __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2"); +- ++#ifndef __clang__ ++ __aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + /* + * TAs page table entry inside a level 1 page table. + * +diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c +index 61e703da8..1960c08ca 100644 +--- a/core/arch/arm/mm/core_mmu_v7.c ++++ b/core/arch/arm/mm/core_mmu_v7.c +@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_ENTRIES]; + typedef uint32_t l2_xlat_tbl_t[NUM_L2_ENTRIES]; + typedef uint32_t ul1_xlat_tbl_t[NUM_UL1_ENTRIES]; + ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.l1" ++#endif + static l1_xlat_tbl_t main_mmu_l1_ttb +- __aligned(L1_ALIGNMENT) __section(".nozi.mmu.l1"); ++ __aligned(L1_ALIGNMENT) ++#ifndef __clang__ ++ __section(".nozi.mmu.l1") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + + /* L2 MMU tables */ ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.l2" ++#endif + static l2_xlat_tbl_t main_mmu_l2_ttb[MAX_XLAT_TABLES] +- __aligned(L2_ALIGNMENT) __section(".nozi.mmu.l2"); ++ __aligned(L2_ALIGNMENT) ++#ifndef __clang__ ++ __section(".nozi.mmu.l2") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + + /* MMU L1 table for TAs, one for each thread */ ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.ul1" ++#endif + static ul1_xlat_tbl_t main_mmu_ul1_ttb[CFG_NUM_THREADS] +- __aligned(UL1_ALIGNMENT) __section(".nozi.mmu.ul1"); ++ __aligned(UL1_ALIGNMENT) ++#ifndef __clang__ ++ __section(".nozi.mmu.ul1") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + + struct mmu_partition { + l1_xlat_tbl_t *l1_table; +diff --git a/core/kernel/thread.c b/core/kernel/thread.c +index 2a1f22dce..5516b6771 100644 +--- a/core/kernel/thread.c ++++ b/core/kernel/thread.c +@@ -39,13 +39,24 @@ static uint32_t end_canary_value = 0xababab00; + name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1] + #endif + ++#define DO_PRAGMA(x) _Pragma (#x) ++ ++#ifdef __clang__ ++#define DECLARE_STACK(name, num_stacks, stack_size, linkage) \ ++DO_PRAGMA (clang section bss=".nozi_stack." #name) \ ++linkage uint32_t name[num_stacks] \ ++ [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \ ++ STACK_ALIGNMENT) / sizeof(uint32_t)] \ ++ __attribute__((aligned(STACK_ALIGNMENT))); \ ++DO_PRAGMA(clang section bss="") ++#else + #define DECLARE_STACK(name, num_stacks, stack_size, linkage) \ + linkage uint32_t name[num_stacks] \ + [ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \ + STACK_ALIGNMENT) / sizeof(uint32_t)] \ + __attribute__((section(".nozi_stack." # name), \ + aligned(STACK_ALIGNMENT))) +- ++#endif + #define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack)) + + DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, STACK_TMP_SIZE, +diff --git a/core/mm/pgt_cache.c b/core/mm/pgt_cache.c +index 79553c6d2..b9efdf427 100644 +--- a/core/mm/pgt_cache.c ++++ b/core/mm/pgt_cache.c +@@ -410,8 +410,18 @@ void pgt_init(void) + * has a large alignment, while .bss has a small alignment. The current + * link script is optimized for small alignment in .bss + */ ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.l2" ++#endif + static uint8_t pgt_tables[PGT_CACHE_SIZE][PGT_SIZE] +- __aligned(PGT_SIZE) __section(".nozi.pgt_cache"); ++ __aligned(PGT_SIZE) ++#ifndef __clang__ ++ __section(".nozi.pgt_cache") ++#endif ++ ; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + size_t n; + + for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) { +-- +2.43.2 + diff --git a/recipes-security/optee-imx/optee-os/0001-optee-os-fix-gcc10-compilation-issue-and-missing-cc-.patch b/recipes-security/optee-imx/optee-os/0001-optee-os-fix-gcc10-compilation-issue-and-missing-cc-.patch deleted file mode 100644 index ab42d340..00000000 --- a/recipes-security/optee-imx/optee-os/0001-optee-os-fix-gcc10-compilation-issue-and-missing-cc-.patch +++ /dev/null @@ -1,162 +0,0 @@ -From 109ed8d9a5351c7bb0fdc0953c7e7fb6cedcad9c Mon Sep 17 00:00:00 2001 -From: Andrey Zhizhikin <andrey.z@gmail.com> -Date: Sat, 30 May 2020 22:00:59 +0000 -Subject: [PATCH] optee-os: fix gcc10 compilation issue and missing cc-options - -Backport PR 3891 from upstream to imx fork, which addressed compilation -failure when GCC10 is used. - -Additional changes ported fixed cc-options macro, which allows to query -compiler used if the desired option exists before it could be set. This -solves also the build issues when GCC9 is used to build this component. - -Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/3891] - -Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com> ---- - core/arch/arm/arm.mk | 22 +++++++++++++++++----- - core/core.mk | 5 +---- - mk/cc-option.mk | 9 +++++++++ - mk/gcc.mk | 2 +- - ta/mk/ta_dev_kit.mk | 3 +++ - ta/ta.mk | 1 + - 6 files changed, 32 insertions(+), 10 deletions(-) - create mode 100644 mk/cc-option.mk - -diff --git a/core/arch/arm/arm.mk b/core/arch/arm/arm.mk -index 5defb327..fffa491a 100644 ---- a/core/arch/arm/arm.mk -+++ b/core/arch/arm/arm.mk -@@ -1,3 +1,16 @@ -+# Setup compiler for the core module -+ifeq ($(CFG_ARM64_core),y) -+arch-bits-core := 64 -+else -+arch-bits-core := 32 -+endif -+CROSS_COMPILE_core := $(CROSS_COMPILE$(arch-bits-core)) -+COMPILER_core := $(COMPILER) -+include mk/$(COMPILER_core).mk -+ -+# Defines the cc-option macro using the compiler set for the core module -+include mk/cc-option.mk -+ - CFG_LTC_OPTEE_THREAD ?= y - # Size of emulated TrustZone protected SRAM, 448 kB. - # Only applicable when paging is enabled. -@@ -106,7 +119,7 @@ arm32-platform-aflags-no-hard-float ?= - - arm64-platform-cflags-no-hard-float ?= -mgeneral-regs-only - arm64-platform-cflags-hard-float ?= --arm64-platform-cflags-generic ?= -mstrict-align -+arm64-platform-cflags-generic := -mstrict-align $(call cc-option,-mno-outline-atomics,) - - ifeq ($(DEBUG),1) - # For backwards compatibility -@@ -135,14 +148,12 @@ core-platform-aflags += $(platform-aflags-generic) - core-platform-aflags += $(platform-aflags-debug-info) - - ifeq ($(CFG_ARM64_core),y) --arch-bits-core := 64 - core-platform-cppflags += $(arm64-platform-cppflags) - core-platform-cflags += $(arm64-platform-cflags) - core-platform-cflags += $(arm64-platform-cflags-generic) - core-platform-cflags += $(arm64-platform-cflags-no-hard-float) - core-platform-aflags += $(arm64-platform-aflags) - else --arch-bits-core := 32 - core-platform-cppflags += $(arm32-platform-cppflags) - core-platform-cflags += $(arm32-platform-cflags) - core-platform-cflags += $(arm32-platform-cflags-no-hard-float) -@@ -241,8 +252,9 @@ ta-mk-file-export-add-ta_arm64 += COMPILER ?= gcc_nl_ - ta-mk-file-export-add-ta_arm64 += COMPILER_ta_arm64 ?= $$(COMPILER)_nl_ - endif - --# Set cross compiler prefix for each submodule --$(foreach sm, core $(ta-targets), $(eval CROSS_COMPILE_$(sm) ?= $(CROSS_COMPILE$(arch-bits-$(sm))))) -+# Set cross compiler prefix for each TA target -+$(foreach sm, $(ta-targets), $(eval CROSS_COMPILE_$(sm) ?= $(CROSS_COMPILE$(arch-bits-$(sm))))) -+ - - arm32-sysreg-txt = core/arch/arm/kernel/arm32_sysreg.txt - arm32-sysregs-$(arm32-sysreg-txt)-h := arm32_sysreg.h -diff --git a/core/core.mk b/core/core.mk -index a51cf847..28c7235c 100644 ---- a/core/core.mk -+++ b/core/core.mk -@@ -8,6 +8,7 @@ arch-dir := core/arch/$(ARCH) - platform-dir := $(arch-dir)/plat-$(PLATFORM) - include $(platform-dir)/conf.mk - include mk/config.mk -+# $(ARCH).mk also sets the compiler for the core module - include core/arch/$(ARCH)/$(ARCH).mk - - PLATFORM_$(PLATFORM) := y -@@ -16,10 +17,6 @@ PLATFORM_FLAVOR_$(PLATFORM_FLAVOR) := y - $(eval $(call cfg-depends-all,CFG_PAGED_USER_TA,CFG_WITH_PAGER CFG_WITH_USER_TA)) - include core/crypto.mk - --# Setup compiler for this sub module --COMPILER_$(sm) ?= $(COMPILER) --include mk/$(COMPILER_$(sm)).mk -- - cppflags$(sm) += -D__KERNEL__ - - cppflags$(sm) += -Icore/include -diff --git a/mk/cc-option.mk b/mk/cc-option.mk -new file mode 100644 -index 00000000..4699fbcc ---- /dev/null -+++ b/mk/cc-option.mk -@@ -0,0 +1,9 @@ -+_cc-option-supported = $(if $(shell $(CC$(sm)) $(1) -c -x c /dev/null -o /dev/null 2>/dev/null >/dev/null || echo "Not supported"),,1) -+_cc-opt-cached-var-name = $(subst =,~,$(strip cached-cc-option-$(1)-$(subst $(empty) $(empty),,$(CC$(sm))))) -+define _cc-option -+$(eval _var_name := $(call _cc-opt-cached-var-name,$(1))) -+$(eval $(_var_name) := $(if $(filter $(origin $(_var_name)),undefined),$(call _cc-option-supported,$(1)),$($(_var_name)))) -+$(if $($(_var_name)),$(1),$(2)) -+endef -+cc-option = $(strip $(call _cc-option,$(1),$(2))) -+ -diff --git a/mk/gcc.mk b/mk/gcc.mk -index 1f2c5990..c53a23b1 100644 ---- a/mk/gcc.mk -+++ b/mk/gcc.mk -@@ -12,7 +12,7 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \ - -print-file-name=include 2> /dev/null) - - # Get location of libgcc from gcc --libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) $(comp-cflags$(sm)) \ -+libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \ - -print-libgcc-file-name 2> /dev/null) - - # Define these to something to discover accidental use -diff --git a/ta/mk/ta_dev_kit.mk b/ta/mk/ta_dev_kit.mk -index 04a4f94b..e4b02ea7 100644 ---- a/ta/mk/ta_dev_kit.mk -+++ b/ta/mk/ta_dev_kit.mk -@@ -92,6 +92,9 @@ clean: - @$(cmd-echo-silent) ' CLEAN $(O)' - ${q}if [ -d "$(O)" ]; then $(RMDIR) $(O); fi - -+include $(ta-dev-kit-dir$(sm))/mk/$(COMPILER_$(sm)).mk -+include $(ta-dev-kit-dir$(sm))/mk/cc-option.mk -+ - subdirs = . - include $(ta-dev-kit-dir$(sm))/mk/subdir.mk - -diff --git a/ta/ta.mk b/ta/ta.mk -index dde7be67..ca17054a 100644 ---- a/ta/ta.mk -+++ b/ta/ta.mk -@@ -157,6 +157,7 @@ $(foreach f, $(libfiles), \ - - # Copy .mk files - ta-mkfiles = mk/compile.mk mk/subdir.mk mk/gcc.mk mk/clang.mk mk/cleandirs.mk \ -+ mk/cc-option.mk \ - ta/arch/$(ARCH)/link.mk ta/arch/$(ARCH)/link_shlib.mk \ - ta/mk/ta_dev_kit.mk - --- -2.17.1 - diff --git a/recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch b/recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch new file mode 100644 index 00000000..dbc53542 --- /dev/null +++ b/recipes-security/optee-imx/optee-os/0002-optee-enable-clang-support.patch @@ -0,0 +1,34 @@ +From 2ba573c9763329fbfdfacc8393d565ab747cac4d Mon Sep 17 00:00:00 2001 +From: Brett Warren <brett.warren@arm.com> +Date: Wed, 23 Sep 2020 09:27:34 +0100 +Subject: [PATCH 2/4] optee: enable clang support + +When compiling with clang, the LIBGCC_LOCATE_CFLAG variable used +to provide a sysroot wasn't included, which results in not locating +compiler-rt. This is mitigated by including the variable as ammended. + +Upstream-Status: Pending +ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701 +Signed-off-by: Brett Warren <brett.warren@arm.com> +Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> +--- + + mk/clang.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/mk/clang.mk b/mk/clang.mk +index a045beee8..1ebe2f702 100644 +--- a/mk/clang.mk ++++ b/mk/clang.mk +@@ -30,7 +30,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ + + # Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of + # libgcc for clang +-libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \ ++libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \ + -rtlib=compiler-rt -print-libgcc-file-name 2> /dev/null) + + # Core ASLR relies on the executable being ready to run from its preferred load +-- +2.43.2 + diff --git a/recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch b/recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch new file mode 100644 index 00000000..1c5753c7 --- /dev/null +++ b/recipes-security/optee-imx/optee-os/0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch @@ -0,0 +1,133 @@ +From 6f738803a59613ec4a683ddbc1747ebffd75a4e6 Mon Sep 17 00:00:00 2001 +From: Jerome Forissier <jerome.forissier@linaro.org> +Date: Tue, 23 Aug 2022 12:31:46 +0000 +Subject: [PATCH 3/4] arm32: libutils, libutee, ta: add .note.GNU-stack section + to + + .S files + +When building for arm32 with GNU binutils 2.39, the linker outputs +warnings when linking Trusted Applications: + + arm-unknown-linux-uclibcgnueabihf-ld.bfd: warning: utee_syscalls_a32.o: missing .note.GNU-stack section implies executable stack + arm-unknown-linux-uclibcgnueabihf-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker + +We could silence the warning by adding the '-z execstack' option to the +TA link flags, like we did in the parent commit for the TEE core and +ldelf. Indeed, ldelf always allocates a non-executable piece of memory +for the TA to use as a stack. + +However it seems preferable to comply with the common ELF practices in +this case. A better fix is therefore to add the missing .note.GNU-stack +sections in the assembler files. + +Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> + +Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> +Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] +Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> +--- + + lib/libutee/arch/arm/utee_syscalls_a32.S | 2 ++ + lib/libutils/ext/arch/arm/atomic_a32.S | 2 ++ + lib/libutils/ext/arch/arm/mcount_a32.S | 2 ++ + lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S | 2 ++ + lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S | 2 ++ + lib/libutils/isoc/arch/arm/setjmp_a32.S | 2 ++ + ta/arch/arm/ta_entry_a32.S | 2 ++ + 7 files changed, 14 insertions(+) + +diff --git a/lib/libutee/arch/arm/utee_syscalls_a32.S b/lib/libutee/arch/arm/utee_syscalls_a32.S +index 2dea83ab8..668b65a86 100644 +--- a/lib/libutee/arch/arm/utee_syscalls_a32.S ++++ b/lib/libutee/arch/arm/utee_syscalls_a32.S +@@ -9,6 +9,8 @@ + + .section .note.GNU-stack,"",%progbits + ++ .section .note.GNU-stack,"",%progbits ++ + .section .text + .balign 4 + .code 32 +diff --git a/lib/libutils/ext/arch/arm/atomic_a32.S b/lib/libutils/ext/arch/arm/atomic_a32.S +index 2be73ffad..87ddf1065 100644 +--- a/lib/libutils/ext/arch/arm/atomic_a32.S ++++ b/lib/libutils/ext/arch/arm/atomic_a32.S +@@ -7,6 +7,8 @@ + + .section .note.GNU-stack,"",%progbits + ++ .section .note.GNU-stack,"",%progbits ++ + /* uint32_t atomic_inc32(uint32_t *v); */ + FUNC atomic_inc32 , : + ldrex r1, [r0] +diff --git a/lib/libutils/ext/arch/arm/mcount_a32.S b/lib/libutils/ext/arch/arm/mcount_a32.S +index 54dc3c02d..2f24632b8 100644 +--- a/lib/libutils/ext/arch/arm/mcount_a32.S ++++ b/lib/libutils/ext/arch/arm/mcount_a32.S +@@ -9,6 +9,8 @@ + + .section .note.GNU-stack,"",%progbits + ++ .section .note.GNU-stack,"",%progbits ++ + /* + * Convert return address to call site address by subtracting the size of the + * mcount call instruction (blx __gnu_mcount_nc). +diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S +index 37ae9ec6f..bc6c48b1a 100644 +--- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S ++++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S +@@ -7,6 +7,8 @@ + + .section .note.GNU-stack,"",%progbits + ++ .section .note.GNU-stack,"",%progbits ++ + /* + * signed ret_idivmod_values(signed quot, signed rem); + * return quotient and remaining the EABI way (regs r0,r1) +diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S +index 5c3353e2c..9fb5e0283 100644 +--- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S ++++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S +@@ -7,6 +7,8 @@ + + .section .note.GNU-stack,"",%progbits + ++ .section .note.GNU-stack,"",%progbits ++ + /* + * __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d) + */ +diff --git a/lib/libutils/isoc/arch/arm/setjmp_a32.S b/lib/libutils/isoc/arch/arm/setjmp_a32.S +index f8a0b70df..37d7cb88e 100644 +--- a/lib/libutils/isoc/arch/arm/setjmp_a32.S ++++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S +@@ -53,6 +53,8 @@ + + .section .note.GNU-stack,"",%progbits + ++ .section .note.GNU-stack,"",%progbits ++ + /* Arm/Thumb interworking support: + + The interworking scheme expects functions to use a BX instruction +diff --git a/ta/arch/arm/ta_entry_a32.S b/ta/arch/arm/ta_entry_a32.S +index cd9a12f9d..ccdc19928 100644 +--- a/ta/arch/arm/ta_entry_a32.S ++++ b/ta/arch/arm/ta_entry_a32.S +@@ -7,6 +7,8 @@ + + .section .note.GNU-stack,"",%progbits + ++ .section .note.GNU-stack,"",%progbits ++ + /* + * This function is the bottom of the user call stack. Mark it as such so that + * the unwinding code won't try to go further down. +-- +2.43.2 + diff --git a/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch b/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch new file mode 100644 index 00000000..f32b2284 --- /dev/null +++ b/recipes-security/optee-imx/optee-os/0004-core-link-add-no-warn-rwx-segments.patch @@ -0,0 +1,67 @@ +From a63f82f74e015eb662242cdb51ef814e3f576829 Mon Sep 17 00:00:00 2001 +From: Jerome Forissier <jerome.forissier@linaro.org> +Date: Fri, 5 Aug 2022 09:48:03 +0200 +Subject: [PATCH 4/4] core: link: add --no-warn-rwx-segments + +Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> +Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] + +binutils ld.bfd generates one RWX LOAD segment by merging several sections +with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it +also warns by default when that happens [1], which breaks the build due to +--fatal-warnings. The RWX segment is not a problem for the TEE core, since +that information is not used to set memory permissions. Therefore, silence +the warning. + +Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 +Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 +Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com> +Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> +Acked-by: Jens Wiklander <jens.wiklander@linaro.org> +Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> +--- + + core/arch/arm/kernel/link.mk | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk +index 49e9f4fa1..9e1cc172f 100644 +--- a/core/arch/arm/kernel/link.mk ++++ b/core/arch/arm/kernel/link.mk +@@ -37,6 +37,7 @@ link-ldflags += --sort-section=alignment + link-ldflags += --fatal-warnings + link-ldflags += --gc-sections + link-ldflags += $(link-ldflags-common) ++link-ldflags += $(call ld-option,--no-warn-rwx-segments) + + link-ldadd = $(LDADD) + link-ldadd += $(ldflags-external) +@@ -61,6 +62,7 @@ link-script-cppflags := \ + $(cppflagscore)) + + ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \ ++ $(call ld-option,--no-warn-rwx-segments) \ + $(link-ldflags-common) \ + $(link-objs) $(link-ldadd) $(libgcccore) + cleanfiles += $(link-out-dir)/all_objs.o +@@ -75,7 +77,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o + $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@ + + unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ +- $(link-ldflags-common) ++ $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments) + unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore) + cleanfiles += $(link-out-dir)/unpaged.o + $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt +@@ -104,7 +106,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o + $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@ + + init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ +- $(link-ldflags-common) ++ $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments) + init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \ + $(libgcccore) + cleanfiles += $(link-out-dir)/init.o +-- +2.43.2 + diff --git a/recipes-security/optee-imx/optee-os_3.7.0.imx.bb b/recipes-security/optee-imx/optee-os_3.7.0.imx.bb deleted file mode 100644 index 1bef749b..00000000 --- a/recipes-security/optee-imx/optee-os_3.7.0.imx.bb +++ /dev/null @@ -1,100 +0,0 @@ -# Copyright (C) 2017-2020 NXP - -SUMMARY = "OPTEE OS" -DESCRIPTION = "OPTEE OS" -HOMEPAGE = "http://www.optee.org/" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" - -inherit deploy python3native autotools -DEPENDS = "python3-pycrypto-native python3-pyelftools-native u-boot-mkimage-native" - -SRCBRANCH = "imx_5.4.24_2.1.0" - -SRC_URI = "\ - git://source.codeaurora.org/external/imx/imx-optee-os.git;protocol=https;branch=${SRCBRANCH} \ - file://0001-optee-os-fix-gcc10-compilation-issue-and-missing-cc-.patch \ -" - -SRCREV = "7a49776de59265500f10a247125429fde1555ac1" - -S = "${WORKDIR}/git" -B = "${WORKDIR}/build.${PLATFORM_FLAVOR}" - -# The platform flavor corresponds to the Yocto machine without the leading 'i'. -PLATFORM_FLAVOR = "${@d.getVar('MACHINE')[1:]}" -PLATFORM_FLAVOR_imx6qpdlsolox = "mx6qsabresd" -PLATFORM_FLAVOR_imx6ul7d = "mx6ulevk" -PLATFORM_FLAVOR_imx6ull14x14evk = "mx6ullevk" -PLATFORM_FLAVOR_imx6ull9x9evk = "mx6ullevk" -PLATFORM_FLAVOR_imx6ulz14x14evk = "mx6ulzevk" -PLATFORM_FLAVOR_mx8mm = "mx8mmevk" -PLATFORM_FLAVOR_mx8mn = "mx8mnevk" -PLATFORM_FLAVOR_mx8qxp = "mx8qxpmek" -PLATFORM_FLAVOR_mx8mp = "mx8mpevk" -PLATFORM_FLAVOR_mx8dx = "mx8dxmek" -PLATFORM_FLAVOR_mx8dxl = "mx8dxlevk" -PLATFORM_FLAVOR_mx8phantomdxl = "mx8qxpmek" - -OPTEE_ARCH ?= "arm32" -OPTEE_ARCH_armv7a = "arm32" -OPTEE_ARCH_aarch64 = "arm64" - -# Optee-os can be built for 32 bits and 64 bits at the same time -# as long as the compilers are correctly defined. -# For 64bits, CROSS_COMPILE64 must be set -# When defining CROSS_COMPILE and CROSS_COMPILE64, we assure that -# any 32 or 64 bits builds will pass -EXTRA_OEMAKE = " \ - PLATFORM=imx \ - PLATFORM_FLAVOR=${PLATFORM_FLAVOR} \ - CROSS_COMPILE=${HOST_PREFIX} \ - CROSS_COMPILE64=${HOST_PREFIX} \ - NOWERROR=1 \ - LDFLAGS= \ - O=${B} \ -" - -do_compile () { - unset LDFLAGS - export CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST}" - oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_TEE_CORE_LOG_LEVEL=0 -} - - -do_deploy () { - install -d ${DEPLOYDIR} - ${TARGET_PREFIX}objcopy -O binary ${B}/core/tee.elf ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin - - if [ "${OPTEE_ARCH}" != "arm64" ]; then - IMX_LOAD_ADDR=`cat ${B}/core/tee-init_load_addr.txt` && \ - uboot-mkimage -A arm -O linux -C none -a ${IMX_LOAD_ADDR} -e ${IMX_LOAD_ADDR} \ - -d ${DEPLOYDIR}/tee.${PLATFORM_FLAVOR}.bin ${DEPLOYDIR}/uTee-${OPTEE_BIN_EXT} - fi - - cd ${DEPLOYDIR} - ln -sf tee.${PLATFORM_FLAVOR}.bin tee.bin - cd - -} - -do_install () { - install -d ${D}${nonarch_base_libdir}/firmware/ - install -m 644 ${B}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ - - # Install the TA devkit - install -d ${D}/usr/include/optee/export-user_ta_${OPTEE_ARCH}/ - - for f in ${B}/export-ta_${OPTEE_ARCH}/*; do - cp -aR $f ${D}/usr/include/optee/export-user_ta_${OPTEE_ARCH}/ - done -} - -addtask deploy after do_compile before do_install - - -FILES_${PN} = "${nonarch_base_libdir}/firmware/" -FILES_${PN}-staticdev = "/usr/include/optee/" -RDEPENDS_${PN}-dev += "${PN}-staticdev" - -PACKAGE_ARCH = "${MACHINE_ARCH}" -COMPATIBLE_MACHINE = "(imx)" diff --git a/recipes-security/optee-imx/optee-os_4.0.0.imx.bb b/recipes-security/optee-imx/optee-os_4.0.0.imx.bb new file mode 100644 index 00000000..ad6c6b40 --- /dev/null +++ b/recipes-security/optee-imx/optee-os_4.0.0.imx.bb @@ -0,0 +1,12 @@ +# Copyright (C) 2017-2021 NXP + +require optee-os-fslc-imx.inc + +SRC_URI += " \ + file://0001-core-Define-section-attributes-for-clang.patch \ + file://0002-optee-enable-clang-support.patch \ + file://0003-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch \ + file://0004-core-link-add-no-warn-rwx-segments.patch \ +" +SRCBRANCH = "lf-6.6.3_1.0.0" +SRCREV = "e0a3e77735941e6057a1994a576b83a93ea0bdb9" diff --git a/recipes-security/optee-imx/optee-test-fslc.inc b/recipes-security/optee-imx/optee-test-fslc.inc new file mode 100644 index 00000000..e0c133a7 --- /dev/null +++ b/recipes-security/optee-imx/optee-test-fslc.inc @@ -0,0 +1,38 @@ +# Copyright (C) 2017-2021 NXP + +SUMMARY = "OPTEE test" +LICENSE = "BSD-2-Clause & GPL-2.0-only" +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" + +require optee-fslc.inc + +DEPENDS += "optee-os optee-client openssl" + +EXTRA_OEMAKE += " \ + TA_DEV_KIT_DIR=${STAGING_INCDIR}/optee/export-user_ta_${OPTEE_ARCH}/ \ + CROSS_COMPILE_HOST=${HOST_PREFIX} \ + CROSS_COMPILE_TA=${HOST_PREFIX} \ + CROSS_COMPILE=${HOST_PREFIX} \ +" + +do_compile() { + oe_runmake all +} +do_compile[cleandirs] = "${B}" + +do_install () { + install -d ${D}${bindir} + install ${B}/xtest/xtest ${D}${bindir} + + install -d ${D}${nonarch_base_libdir}/optee_armtz + find ${B}/ta -name '*.ta' | while read name; do + install -m 444 $name ${D}${nonarch_base_libdir}/optee_armtz/ + done + + install -d ${D}${libdir}/tee-supplicant/plugins/ + install ${B}/supp_plugin/*plugin ${D}${libdir}/tee-supplicant/plugins/ +} + +FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/ ${libdir}/tee-supplicant/plugins/" + +RDEPENDS:${PN} = "optee-os" diff --git a/recipes-security/optee-imx/optee-test/0001-use-python3-instead-of-python.patch b/recipes-security/optee-imx/optee-test/0001-use-python3-instead-of-python.patch deleted file mode 100644 index 20f190af..00000000 --- a/recipes-security/optee-imx/optee-test/0001-use-python3-instead-of-python.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 6271160639002a2580d80b75b5397a96d56329f2 Mon Sep 17 00:00:00 2001 -From: Scott Branden <scott.branden@broadcom.com> -Date: Fri, 27 Dec 2019 12:54:28 -0800 -Subject: [PATCH] use python3 instead of python - -use python3 instead of python as python2 is EOL January 2020. - -Signed-off-by: Scott Branden <scott.branden@broadcom.com> -Reviewed-by: Jerome Forissier <jerome@forissier.org> -Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, CFG_GCM_NIST_VECTORS=y) -Upstream-Status: Backport from v3.8.0 ---- - scripts/file_to_c.py | 4 ++-- - scripts/rsp_to_gcm_test.py | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/scripts/file_to_c.py b/scripts/file_to_c.py -index ae16f52..b4ce2a2 100755 ---- a/scripts/file_to_c.py -+++ b/scripts/file_to_c.py -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - # SPDX-License-Identifier: BSD-2-Clause - # - # Copyright (c) 2018, Linaro Limited -@@ -29,7 +29,7 @@ def main(): - - f.write("const uint8_t " + args.name + "[] = {\n") - i = 0 -- for x in array.array("B", inf.read()): -+ for x in array.array("B", map(ord, (inf.read()))): - f.write("0x" + '{0:02x}'.format(x) + ",") - i = i + 1 - if i % 8 == 0: -diff --git a/scripts/rsp_to_gcm_test.py b/scripts/rsp_to_gcm_test.py -index 0543541..e4418be 100755 ---- a/scripts/rsp_to_gcm_test.py -+++ b/scripts/rsp_to_gcm_test.py -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - - modes = {'encrypt': 0, 'decrypt': 1} - --- -2.7.4 - diff --git a/recipes-security/optee-imx/optee-test/0003-sock_server-fix-compilation-against-musl-sys-errno.h.patch b/recipes-security/optee-imx/optee-test/0003-sock_server-fix-compilation-against-musl-sys-errno.h.patch deleted file mode 100644 index d32a8eb7..00000000 --- a/recipes-security/optee-imx/optee-test/0003-sock_server-fix-compilation-against-musl-sys-errno.h.patch +++ /dev/null @@ -1,41 +0,0 @@ -From dc8cd1c43edeedb9f7335020537c4ffdddd683f8 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik@jci.com> -Date: Thu, 7 Feb 2019 01:26:53 +0000 -Subject: [PATCH 1/3] sock_server: fix compilation against musl (sys/errno.h) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Compiling against musl-libc fails with the following error: - -| In file included from .../host/xtest/sock_server.c:24: -| .../usr/include/sys/errno.h:1:2: error: #warning redirecting incorrect #include <sys/errno.h> to <errno.h> [-Werror=cpp] -| #warning redirecting incorrect #include <sys/errno.h> to <errno.h> -| ^~~~~~~ - -Just remove the needless include. - -Signed-off-by: André Draszik <andre.draszik@jci.com> -Acked-by: Jens Wiklander <jens.wiklander@linaro.org> -Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> ---- -Signed-off-by: André Draszik <andre.draszik@jci.com> -Upstream-Status: Backport [3.5.0] - host/xtest/sock_server.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/host/xtest/sock_server.c b/host/xtest/sock_server.c -index 0d2ff06..1ba73d6 100644 ---- a/host/xtest/sock_server.c -+++ b/host/xtest/sock_server.c -@@ -21,7 +21,6 @@ - #include <netdb.h> - #include <netinet/in.h> - #include <poll.h> --#include <sys/errno.h> - #include <sys/socket.h> - #include <unistd.h> - --- -2.23.0.rc1 - diff --git a/recipes-security/optee-imx/optee-test/0004-build-ignore-declaration-after-statement-warnings.patch b/recipes-security/optee-imx/optee-test/0004-build-ignore-declaration-after-statement-warnings.patch deleted file mode 100644 index ed45df60..00000000 --- a/recipes-security/optee-imx/optee-test/0004-build-ignore-declaration-after-statement-warnings.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 1401b89684ee81bf0b3d3dea06e2926b24ba3f97 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik@jci.com> -Date: Thu, 7 Feb 2019 01:29:08 +0000 -Subject: [PATCH 2/3] build: ignore declaration-after-statement warnings -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -| Makefile:37: recipe for target 'xtest' failed -| make: *** [xtest] Error 2 -| make: *** Waiting for unfinished jobs.... -| arith_taf.c: In function 'get_handle': -| arith_taf.c:56:2: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement] -| int h = handle_get(&hdb, ptr); -| ^~~ -| arith_taf.c: In function 'ta_entry_arith_new_var': -| arith_taf.c:82:2: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement] -| size_t len = TEE_BigIntSizeInU32(params[0].value.a); -| ^~~~~~ -| arith_taf.c: In function 'ta_entry_arith_new_fmm_var': -| arith_taf.c:129:2: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement] -| size_t len = TEE_BigIntFMMSizeInU32(params[0].value.a); -| ^~~~~~ -| arith_taf.c: In function 'ta_entry_arith_free_handle': -| arith_taf.c:150:2: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement] -| void *ptr = put_handle(params[0].value.a & ~HT_MASK); -| ^~~~ -| arith_taf.c: In function 'ta_entry_arith_from_octet_string': -| arith_taf.c:165:2: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement] -| TEE_BigInt *big_int = lookup_handle(HT_BIGINT, params[0].value.a); -| ^~~~~~~~~~ -| arith_taf.c: In function 'ta_entry_arith_from_s32': -| arith_taf.c:181:2: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement] -| TEE_BigInt *big_int = lookup_handle(HT_BIGINT, params[0].value.a); -| ^~~~~~~~~~ - -etc. - -Signed-off-by: André Draszik <andre.draszik@jci.com> -Acked-by: Jens Wiklander <jens.wiklander@linaro.org> -Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> ---- -Signed-off-by: André Draszik <andre.draszik@jci.com> -Upstream-Status: Backport [3.5.0] - host/xtest/Makefile | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/host/xtest/Makefile b/host/xtest/Makefile -index f4291e0..e97e555 100644 ---- a/host/xtest/Makefile -+++ b/host/xtest/Makefile -@@ -154,6 +154,7 @@ CFLAGS += -Wall -Wcast-align -Werror \ - -Wmissing-prototypes -Wnested-externs -Wpointer-arith \ - -Wshadow -Wstrict-prototypes -Wswitch-default \ - -Wwrite-strings \ -+ -Wno-declaration-after-statement \ - -Wno-missing-field-initializers -Wno-format-zero-length - endif - --- -2.23.0.rc1 - diff --git a/recipes-security/optee-imx/optee-test/0005-benchmark_1000-fix-compilation-against-musl-uint.patch b/recipes-security/optee-imx/optee-test/0005-benchmark_1000-fix-compilation-against-musl-uint.patch deleted file mode 100644 index 58734aa4..00000000 --- a/recipes-security/optee-imx/optee-test/0005-benchmark_1000-fix-compilation-against-musl-uint.patch +++ /dev/null @@ -1,57 +0,0 @@ -From f74e9f339a8e8cb97fc8ea03bef51d7e3862a60a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik@jci.com> -Date: Thu, 7 Feb 2019 01:31:27 +0000 -Subject: [PATCH 3/3] benchmark_1000: fix compilation against musl (uint) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Compiling against musl-libc fails with the following error: - -| .../host/xtest/benchmark_1000.c: In function 'show_test_result': -| .../host/xtest/benchmark_1000.c:102:2: error: unknown type name 'uint'; did you mean 'int'? -| uint i; -| ^~~~ -| int -| ...host/xtest/benchmark_1000.c:108:16: error: comparison of integer expressions of different signedness: 'int' and 'size_t' {aka 'unsigned int'} [-Werror=sign-compare] -| for (i = 0; i < size; i++) { -| ^ - -etc. - -Convert to using more standard size_t - -Signed-off-by: André Draszik <andre.draszik@jci.com> -Acked-by: Jens Wiklander <jens.wiklander@linaro.org> -Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> ---- -Signed-off-by: André Draszik <andre.draszik@jci.com> -Upstream-Status: Backport [3.5.0] - host/xtest/benchmark_1000.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/host/xtest/benchmark_1000.c b/host/xtest/benchmark_1000.c -index bf92fa0..1caf420 100644 ---- a/host/xtest/benchmark_1000.c -+++ b/host/xtest/benchmark_1000.c -@@ -99,7 +99,7 @@ static TEEC_Result run_chunk_access_test(enum storage_benchmark_cmd cmd, - - static void show_test_result(struct test_record records[], size_t size) - { -- uint i; -+ size_t i; - - printf("-----------------+---------------+----------------\n"); - printf(" Data Size (B) \t | Time (s)\t | Speed (kB/s)\t \n"); -@@ -119,7 +119,7 @@ static void chunk_test(ADBG_Case_t *c, enum storage_benchmark_cmd cmd) - { - uint32_t chunk_size = DEFAULT_CHUNK_SIZE; - struct test_record records[ARRAY_SIZE(data_size_table) - 1]; -- uint i; -+ size_t i; - - for (i = 0; data_size_table[i]; i++) { - ADBG_EXPECT_TEEC_SUCCESS(c, --- -2.23.0.rc1 - diff --git a/recipes-security/optee-imx/optee-test/0006-regression_8100-use-null-terminated-strings-with-fil.patch b/recipes-security/optee-imx/optee-test/0006-regression_8100-use-null-terminated-strings-with-fil.patch deleted file mode 100644 index 1a5c4044..00000000 --- a/recipes-security/optee-imx/optee-test/0006-regression_8100-use-null-terminated-strings-with-fil.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 7d566ed585d1e13f444d48fde5705b5be54de4af Mon Sep 17 00:00:00 2001 -From: Ricardo Salveti <ricardo@foundries.io> -Date: Wed, 26 Jun 2019 17:32:11 -0300 -Subject: [PATCH] regression_8100: use null terminated strings with file_to_c - -GCC 9 is more strict with string manipulation, causing the build to -fail as the string data converted via file_to_c is not null terminated, -as described by the following build error: - -regression_8100.c:100:29: error: '%*s' directive argument is not a -nul-terminated string [-Werror=format-overflow=] -tlen = myasprintf(&trust, "%*s", (int)sizeof(regression_8100_ca_crt), - ^~~ - regression_8100_ca_crt); - ~~~~~~~~~~~~~~~~~~~~~~ - -Change file_to_c to terminate the string after conversion and update the -string size to remove the null terminated byte. Also update -regression_8100 to use the size variable defined via file_to_c instead -of manually calling sizeof. - -Signed-off-by: Ricardo Salveti <ricardo@foundries.io> -Acked-by: Jens Wiklander <jens.wiklander@linaro.org> ---- -Signed-off-by: André Draszik <andre.draszik@jci.com> -Upstream-Status: Backport [3.6.0] - host/xtest/regression_8100.c | 10 +++++----- - scripts/file_to_c.py | 4 ++-- - 2 files changed, 7 insertions(+), 7 deletions(-) - -diff --git a/host/xtest/regression_8100.c b/host/xtest/regression_8100.c -index 04d62d9..13780e1 100644 ---- a/host/xtest/regression_8100.c -+++ b/host/xtest/regression_8100.c -@@ -91,13 +91,13 @@ static void test_8102(ADBG_Case_t *c) - return; - - clen = myasprintf(&chain, "%*s\n%*s", -- (int)sizeof(regression_8100_my_crt), -+ (int)regression_8100_my_crt_size, - regression_8100_my_crt, -- (int)sizeof(regression_8100_mid_crt), -+ (int)regression_8100_mid_crt_size, - regression_8100_mid_crt); - if (!ADBG_EXPECT_COMPARE_SIGNED(c, clen, !=, -1)) - goto out; -- tlen = myasprintf(&trust, "%*s", (int)sizeof(regression_8100_ca_crt), -+ tlen = myasprintf(&trust, "%*s", (int)regression_8100_ca_crt_size, - regression_8100_ca_crt); - if (!ADBG_EXPECT_COMPARE_SIGNED(c, tlen, !=, -1)) - goto out; -@@ -282,7 +282,7 @@ static void test_8103(ADBG_Case_t *c) - NULL, &ret_orig))) - return; - -- clen = myasprintf(&csr, "%*s", (int)sizeof(regression_8100_my_csr), -+ clen = myasprintf(&csr, "%*s", (int)regression_8100_my_csr_size, - regression_8100_my_csr); - if (!ADBG_EXPECT_COMPARE_SIGNED(c, clen, >=, 0)) - goto out; -@@ -300,7 +300,7 @@ static void test_8103(ADBG_Case_t *c) - if (!ADBG_EXPECT_TEEC_SUCCESS(c, res)) - goto out; - -- myasprintf(&ca, "%*s", (int)sizeof(regression_8100_ca_crt), -+ myasprintf(&ca, "%*s", (int)regression_8100_ca_crt_size, - regression_8100_ca_crt); - if (!ADBG_EXPECT_NOT_NULL(c, ca)) - goto out; -diff --git a/scripts/file_to_c.py b/scripts/file_to_c.py -index 83a9832..ae16f52 100755 ---- a/scripts/file_to_c.py -+++ b/scripts/file_to_c.py -@@ -37,9 +37,9 @@ def main(): - else: - f.write(" ") - -- f.write("};\n") -+ f.write("'\\0'};\n") - f.write("const size_t " + args.name + "_size = sizeof(" + -- args.name + ");\n") -+ args.name + ") - 1;\n") - - f.close() - inf.close() --- -2.23.0.rc1 - diff --git a/recipes-security/optee-imx/optee-test_3.7.0.imx.bb b/recipes-security/optee-imx/optee-test_3.7.0.imx.bb deleted file mode 100644 index 04240ff0..00000000 --- a/recipes-security/optee-imx/optee-test_3.7.0.imx.bb +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright (C) 2017-2018 NXP - -SUMMARY = "OPTEE test" -HOMEPAGE = "http://www.optee.org/" - -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" - -DEPENDS = "optee-os optee-client python3-pycrypto-native openssl" -inherit python3native - -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -SRCBRANCH = "imx_5.4.24_2.1.0" - -SRC_URI = "git://source.codeaurora.org/external/imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH} \ - file://0001-use-python3-instead-of-python.patch \ -" - -S = "${WORKDIR}/git" -B = "${WORKDIR}/build" - -SRCREV = "227d6f4c40eaa6f84fe049b9e48c7b27ad7fab08" - -OPTEE_ARCH ?= "arm32" -OPTEE_ARCH_armv7a = "arm32" -OPTEE_ARCH_aarch64 = "arm64" - -TA_DEV_KIT_DIR_arm = "${STAGING_INCDIR}/optee/export-user_ta_arm32/" -TA_DEV_KIT_DIR_aarch64 = "${STAGING_INCDIR}/optee/export-user_ta_arm64/" - -EXTRA_OEMAKE = " \ - TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ - ARCH=${OPTEE_ARCH} \ - OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}/usr \ - CROSS_COMPILE_HOST=${HOST_PREFIX} \ - CROSS_COMPILE_TA=${HOST_PREFIX} \ - CROSS_COMPILE=${HOST_PREFIX} \ - OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}/ \ - -C ${S} O=${B} \ -" - -do_install () { - install -d ${D}/usr/bin - install ${B}/xtest/xtest ${D}/usr/bin/ - - install -d ${D}/lib/optee_armtz - find ${B}/ta -name '*.ta' | while read name; do - install -m 444 $name ${D}/lib/optee_armtz/ - done -} - -FILES_${PN} = "/usr/bin/ /lib*/optee_armtz/" - -COMPATIBLE_MACHINE = "(mx6|mx7|mx8)" diff --git a/recipes-security/optee-imx/optee-test_4.0.0.imx.bb b/recipes-security/optee-imx/optee-test_4.0.0.imx.bb new file mode 100644 index 00000000..1717a713 --- /dev/null +++ b/recipes-security/optee-imx/optee-test_4.0.0.imx.bb @@ -0,0 +1,10 @@ +# Copyright (C) 2017-2021 NXP + +require optee-test-fslc.inc + +SRC_URI = "git://github.com/nxp-imx/imx-optee-test.git;protocol=https;branch=${SRCBRANCH}" + +SRCBRANCH = "lf-6.6.3_1.0.0" +SRCREV = "95c49d950f50fa774e4530d19a967079b3b61279" + +COMPATIBLE_MACHINE = "(imx-nxp-bsp)" |