aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-security
diff options
context:
space:
mode:
authorDenys Dmytriyenko <denys@ti.com>2020-10-10 02:11:49 +0000
committerDan Murphy <dmurphy@ti.com>2020-10-11 10:20:05 -0500
commitfe82d5c838e8f809518f1285a0fc615a3394a29a (patch)
tree55bbe55d9be92b6498f64c3b76c15b12700dae34 /recipes-security
parentda0aa1409e4d0a559b7e11e53d3fff664b6f52fd (diff)
downloadmeta-ti-fe82d5c838e8f809518f1285a0fc615a3394a29a.tar.gz
meta-ti-fe82d5c838e8f809518f1285a0fc615a3394a29a.tar.bz2
meta-ti-fe82d5c838e8f809518f1285a0fc615a3394a29a.zip
optee-os: add TI signing calls via TI_SECURE_DEV_PKG
It was originally residing in meta-arago due to earlier dependency on meta-optee layer from meta-linaro. Now optee is in meta-arm and this code can move to meta-ti. Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Dan Murphy <dmurphy@ti.com>
Diffstat (limited to 'recipes-security')
-rw-r--r--recipes-security/optee/optee-os_%.bbappend83
1 files changed, 83 insertions, 0 deletions
diff --git a/recipes-security/optee/optee-os_%.bbappend b/recipes-security/optee/optee-os_%.bbappend
new file mode 100644
index 000000000..2846d0add
--- /dev/null
+++ b/recipes-security/optee/optee-os_%.bbappend
@@ -0,0 +1,83 @@
+do_compile_prepend_ti-soc() {
+ export TI_SECURE_DEV_PKG=${TI_SECURE_DEV_PKG}
+}
+
+do_compile_append_k3() {
+ ( cd out/arm-plat-${OPTEEOUTPUTMACHINE}/core/; \
+ cp tee-pager_v2.bin ${B}/bl32.bin; \
+ cp tee.elf ${B}/bl32.elf; \
+ )
+}
+
+# Signing procedure for legacy HS devices
+optee_sign_legacyhs() {
+ ( cd out/arm-plat-${OPTEEOUTPUTMACHINE}/core/; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
+ normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"`
+ mv tee.bin.signed ${B}/$normfl.optee; \
+ )
+
+ if [ "${OPTEEPAGER}" = "y" ]; then
+ rm -rf out/
+ oe_runmake all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y
+ ( cd out/arm-plat-${OPTEEOUTPUTMACHINE}/core/; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
+ normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"`
+ mv tee.bin.signed ${B}/$normfl-pager.optee; \
+ )
+ fi
+}
+
+# Signing procedure for K3 HS devices
+optee_sign_k3hs() {
+ ( cd out/arm-plat-${OPTEEOUTPUTMACHINE}/core/; \
+ ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee-pager_v2.bin tee-pager.bin.signed; \
+ mv tee-pager.bin.signed ${B}/bl32.bin; \
+ cp tee.elf ${B}/bl32.elf; \
+ )
+}
+
+do_compile_append_ti43x() {
+ optee_sign_legacyhs
+}
+
+do_compile_append_dra7xx() {
+ optee_sign_legacyhs
+}
+
+do_compile_append_am65xx-hs-evm() {
+ optee_sign_k3hs
+}
+
+do_compile_append_j7-hs-evm() {
+ optee_sign_k3hs
+}
+
+do_install_append_ti-soc() {
+ install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true
+ install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true
+ install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ || true
+}
+
+optee_deploy_legacyhs() {
+ cd ${DEPLOYDIR}/
+ for f in optee/*.optee; do
+ ln -sf $f ${DEPLOYDIR}/
+ done
+}
+
+do_deploy_append_ti43x() {
+ optee_deploy_legacyhs
+}
+
+do_deploy_append_dra7xx() {
+ optee_deploy_legacyhs
+}
+
+do_deploy_append_k3() {
+ ln -sf optee/bl32.bin ${DEPLOYDIR}/
+ ln -sf optee/bl32.elf ${DEPLOYDIR}/
+}
+
+# This is needed for bl32.elf
+INSANE_SKIP_${PN}_append_k3 = " textrel"