diff options
Diffstat (limited to 'meta-arm/recipes-security/optee')
27 files changed, 272 insertions, 501 deletions
diff --git a/meta-arm/recipes-security/optee/optee-client.inc b/meta-arm/recipes-security/optee/optee-client.inc index 65c9a447..ddda2d1a 100644 --- a/meta-arm/recipes-security/optee/optee-client.inc +++ b/meta-arm/recipes-security/optee/optee-client.inc @@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=69663ab153298557a59c67a60a743e5b" inherit systemd update-rc.d cmake SRC_URI = " \ - git://github.com/OP-TEE/optee_client.git \ - file://tee-supplicant.service \ + git://github.com/OP-TEE/optee_client.git;branch=master;protocol=https \ + file://tee-supplicant@.service \ file://tee-supplicant.sh \ " @@ -21,20 +21,20 @@ EXTRA_OECMAKE = " \ -DBUILD_SHARED_LIBS=ON \ -DCFG_TEE_FS_PARENT_PATH='${localstatedir}/lib/tee' \ " -EXTRA_OECMAKE_append_toolchain-clang = " -DCFG_WERROR=0" +EXTRA_OECMAKE:append:toolchain-clang = " -DCFG_WERROR=0" -do_install_append() { - install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service - install -D -p -m0755 ${WORKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant +do_install:append() { + install -D -p -m0644 ${UNPACKDIR}/tee-supplicant@.service ${D}${systemd_system_unitdir}/tee-supplicant@.service + install -D -p -m0755 ${UNPACKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant sed -i -e s:@sysconfdir@:${sysconfdir}:g \ -e s:@sbindir@:${sbindir}:g \ - ${D}${systemd_system_unitdir}/tee-supplicant.service \ + ${D}${systemd_system_unitdir}/tee-supplicant@.service \ ${D}${sysconfdir}/init.d/tee-supplicant } -SYSTEMD_SERVICE_${PN} = "tee-supplicant.service" +SYSTEMD_SERVICE:${PN} = "tee-supplicant@.service" INITSCRIPT_PACKAGES = "${PN}" -INITSCRIPT_NAME_${PN} = "tee-supplicant" -INITSCRIPT_PARAMS_${PN} = "start 10 1 2 3 4 5 . stop 90 0 6 ." +INITSCRIPT_NAME:${PN} = "tee-supplicant" +INITSCRIPT_PARAMS:${PN} = "start 10 1 2 3 4 5 . stop 90 0 6 ." diff --git a/meta-arm/recipes-security/optee/optee-client/tee-supplicant.service b/meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service index c273832d..72c0b9aa 100644 --- a/meta-arm/recipes-security/optee/optee-client/tee-supplicant.service +++ b/meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service @@ -1,5 +1,5 @@ [Unit] -Description=TEE Supplicant +Description=TEE Supplicant on %i [Service] User=root diff --git a/meta-arm/recipes-security/optee/optee-client_3.11.0.bb b/meta-arm/recipes-security/optee/optee-client_3.11.0.bb deleted file mode 100644 index f765d12c..00000000 --- a/meta-arm/recipes-security/optee/optee-client_3.11.0.bb +++ /dev/null @@ -1,3 +0,0 @@ -require optee-client.inc - -SRCREV = "c0c925384c1d7e3558d27d2708857482952d7907" diff --git a/meta-arm/recipes-security/optee/optee-client_4.2.0.bb b/meta-arm/recipes-security/optee/optee-client_4.2.0.bb new file mode 100644 index 00000000..56494e4c --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-client_4.2.0.bb @@ -0,0 +1,7 @@ +require recipes-security/optee/optee-client.inc + +SRCREV = "3eac340a781c00ccd61b151b0e9c22a8c6e9f9f0" + +inherit pkgconfig +DEPENDS += "util-linux" +EXTRA_OEMAKE += "PKG_CONFIG=pkg-config" diff --git a/meta-arm/recipes-security/optee/optee-examples.inc b/meta-arm/recipes-security/optee/optee-examples.inc index 81c31bc0..5011f480 100644 --- a/meta-arm/recipes-security/optee/optee-examples.inc +++ b/meta-arm/recipes-security/optee/optee-examples.inc @@ -5,15 +5,14 @@ HOMEPAGE = "https://github.com/linaro-swg/optee_examples" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30" -DEPENDS = "optee-client optee-os python3-pycryptodome-native" +DEPENDS = "optee-client optee-os-tadevkit python3-cryptography-native" inherit python3native require optee.inc -SRC_URI = "git://github.com/linaro-swg/optee_examples.git \ - file://0001-make-Pass-ldflags-during-link.patch \ - " +SRC_URI = "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https \ + " EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ HOST_CROSS_COMPILE=${HOST_PREFIX} \ @@ -24,6 +23,7 @@ EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ S = "${WORKDIR}/git" B = "${WORKDIR}/build" + do_compile() { oe_runmake -C ${S} } @@ -32,11 +32,15 @@ do_compile[cleandirs] = "${B}" do_install () { mkdir -p ${D}${nonarch_base_libdir}/optee_armtz mkdir -p ${D}${bindir} + mkdir -p ${D}${libdir}/tee-supplicant/plugins install -D -p -m0755 ${B}/ca/* ${D}${bindir} install -D -p -m0444 ${B}/ta/* ${D}${nonarch_base_libdir}/optee_armtz + install -D -p -m0444 ${B}/plugins/* ${D}${libdir}/tee-supplicant/plugins } -FILES_${PN} += "${nonarch_base_libdir}/optee_armtz/" +FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/ \ + ${libdir}/tee-supplicant/plugins/ \ + " # Imports machine specific configs from staging to build PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-make-Pass-ldflags-during-link.patch b/meta-arm/recipes-security/optee/optee-examples/0001-make-Pass-ldflags-during-link.patch deleted file mode 100644 index 84202ef0..00000000 --- a/meta-arm/recipes-security/optee/optee-examples/0001-make-Pass-ldflags-during-link.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 29ae21de41f2fbab6dbecbbf408826b28de82df1 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Tue, 1 Sep 2020 21:09:56 -0700 -Subject: [PATCH] make: Pass ldflags during link - -OpenEmbeeded needs to pass essential linker flags to set correct flags -for gnu_hash among others which sets the linking straight -using LDFLAGS varible here means, we can affect the linker flags -from build environment - -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/85] - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - acipher/host/Makefile | 2 +- - aes/host/Makefile | 2 +- - hello_world/host/Makefile | 2 +- - hotp/host/Makefile | 2 +- - random/host/Makefile | 2 +- - secure_storage/host/Makefile | 2 +- - 6 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/acipher/host/Makefile b/acipher/host/Makefile -index 8f4bc8a..c2cabef 100644 ---- a/acipher/host/Makefile -+++ b/acipher/host/Makefile -@@ -18,7 +18,7 @@ BINARY = optee_example_acipher - all: $(BINARY) - - $(BINARY): $(OBJS) -- $(CC) -o $@ $< $(LDADD) -+ $(CC) -o $@ $< $(LDFLAGS) $(LDADD) - - .PHONY: clean - clean: -diff --git a/aes/host/Makefile b/aes/host/Makefile -index dfeb4e8..f61c71b 100644 ---- a/aes/host/Makefile -+++ b/aes/host/Makefile -@@ -18,7 +18,7 @@ BINARY = optee_example_aes - all: $(BINARY) - - $(BINARY): $(OBJS) -- $(CC) -o $@ $< $(LDADD) -+ $(CC) -o $@ $< $(LDFLAGS) $(LDADD) - - .PHONY: clean - clean: -diff --git a/hello_world/host/Makefile b/hello_world/host/Makefile -index c4c8239..69cf42c 100644 ---- a/hello_world/host/Makefile -+++ b/hello_world/host/Makefile -@@ -18,7 +18,7 @@ BINARY = optee_example_hello_world - all: $(BINARY) - - $(BINARY): $(OBJS) -- $(CC) -o $@ $< $(LDADD) -+ $(CC) -o $@ $< $(LDFLAGS) $(LDADD) - - .PHONY: clean - clean: -diff --git a/hotp/host/Makefile b/hotp/host/Makefile -index cb7fd19..e7f013f 100644 ---- a/hotp/host/Makefile -+++ b/hotp/host/Makefile -@@ -18,7 +18,7 @@ BINARY = optee_example_hotp - all: $(BINARY) - - $(BINARY): $(OBJS) -- $(CC) -o $@ $< $(LDADD) -+ $(CC) -o $@ $< $(LDFLAGS) $(LDADD) - - .PHONY: clean - clean: -diff --git a/random/host/Makefile b/random/host/Makefile -index fd407d9..9377f7a 100644 ---- a/random/host/Makefile -+++ b/random/host/Makefile -@@ -18,7 +18,7 @@ BINARY = optee_example_random - all: $(BINARY) - - $(BINARY): $(OBJS) -- $(CC) -o $@ $< $(LDADD) -+ $(CC) -o $@ $< $(LDFLAGS) $(LDADD) - - .PHONY: clean - clean: -diff --git a/secure_storage/host/Makefile b/secure_storage/host/Makefile -index 29bfb87..b3265ae 100644 ---- a/secure_storage/host/Makefile -+++ b/secure_storage/host/Makefile -@@ -18,7 +18,7 @@ BINARY = optee_example_secure_storage - all: $(BINARY) - - $(BINARY): $(OBJS) -- $(CC) -o $@ $< $(LDADD) -+ $(CC) -o $@ $< $(LDFLAGS) $(LDADD) - - .PHONY: clean - clean: --- -2.28.0 - diff --git a/meta-arm/recipes-security/optee/optee-examples_3.11.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.11.0.bb deleted file mode 100644 index 72473eda..00000000 --- a/meta-arm/recipes-security/optee/optee-examples_3.11.0.bb +++ /dev/null @@ -1,4 +0,0 @@ -require optee-examples.inc - -SRCREV = "9a7dc598591990349d88b4dba3a37aadd6851295" - diff --git a/meta-arm/recipes-security/optee/optee-examples_4.2.0.bb b/meta-arm/recipes-security/optee/optee-examples_4.2.0.bb new file mode 100644 index 00000000..f082a25d --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-examples_4.2.0.bb @@ -0,0 +1,3 @@ +require recipes-security/optee/optee-examples.inc + +SRCREV = "378dc0db2d5dd279f58a3b6cb3f78ffd6b165035" diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_4.2.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_4.2.0.bb new file mode 100644 index 00000000..961d5251 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_4.2.0.bb @@ -0,0 +1,29 @@ +require recipes-security/optee/optee-os_${PV}.bb + +SUMMARY = "OP-TEE Trusted OS TA devkit" +DESCRIPTION = "OP-TEE TA devkit for build TAs" +HOMEPAGE = "https://www.op-tee.org/" + +DEPENDS += "python3-pycryptodome-native" + +do_install() { + #install TA devkit + install -d ${D}${includedir}/optee/export-user_ta/ + for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do + cp -aR $f ${D}${includedir}/optee/export-user_ta/ + done +} + +do_deploy() { + echo "Do not inherit do_deploy from optee-os." +} + +FILES:${PN} = "${includedir}/optee/" + +# Build paths are currently embedded +INSANE_SKIP:${PN}-dev += "buildpaths" + +# Include extra headers needed by SPMC tests to TA DEVKIT. +# Supported after op-tee v3.20 +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' CFG_SPMC_TESTS=y', '' , d)}" diff --git a/meta-arm/recipes-security/optee/optee-os-ts.inc b/meta-arm/recipes-security/optee/optee-os-ts.inc new file mode 100644 index 00000000..d30e8ea7 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os-ts.inc @@ -0,0 +1,85 @@ +# Include Trusted Services SPs accordingly to defined machine features + +# Please notice that OPTEE will load SPs in the order listed in this file. +# If an SP requires another SP to be already loaded it must be listed lower. + +# TS SPs UUIDs definitions +require recipes-security/trusted-services/ts-uuid.inc + +TS_ENV ?= "opteesp" +TS_BIN = "${RECIPE_SYSROOT}/usr/${TS_ENV}/bin" +TS_BIN_SPM_TEST= "${RECIPE_SYSROOT}/usr/opteesp/bin" + +SP_EXT = "${@oe.utils.conditional('TS_ENV','opteesp','.stripped.elf','.bin',d)}" + +# ITS SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \ + ' ts-sp-its', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \ + ' ${TS_BIN}/${ITS_UUID}${SP_EXT}', '', d)}" + +# Storage SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \ + ' ts-sp-storage', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \ + ' ${TS_BIN}/${STORAGE_UUID}${SP_EXT}', '', d)}" + +# Crypto SP. +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \ + ' ts-sp-crypto', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \ + ' ${TS_BIN}/${CRYPTO_UUID}${SP_EXT}', '', d)}" + +# Attestation SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \ + ' ts-sp-attestation', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \ + ' ${TS_BIN}/${ATTESTATION_UUID}${SP_EXT}', '', d)}" + +# Env-test SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \ + ' ts-sp-env-test', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \ + ' ${TS_BIN}/${ENV_TEST_UUID}${SP_EXT}', '', d)}" + +# SE-Proxy SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \ + ' ts-sp-se-proxy', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \ + ' ${TS_BIN}/${SE_PROXY_UUID}${SP_EXT}', '', d)}" + +# SMM Gateway +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ + ' ts-sp-smm-gateway', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ + ' ${TS_BIN}/${SMM_GATEWAY_UUID}${SP_EXT}', '', d)}" + +# SPM test SPs +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' ts-sp-spm-test1 ts-sp-spm-test2 \ + ts-sp-spm-test3 ts-sp-spm-test4', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' ${TS_BIN_SPM_TEST}/${SPM_TEST1_UUID}.stripped.elf \ + ${TS_BIN_SPM_TEST}/${SPM_TEST2_UUID}.stripped.elf \ + ${TS_BIN_SPM_TEST}/${SPM_TEST3_UUID}.stripped.elf \ + ${TS_BIN_SPM_TEST}/${SPM_TEST4_UUID}.stripped.elf', \ + '', d)}" +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' CFG_SPMC_TESTS=y', '' , d)}" + +# Firmware Update SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-fwu', \ + ' ts-sp-fwu', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-fwu', \ + ' ${TS_BIN}/${FWU_UUID}${SP_EXT}', '', d)}" + +# Block Storage SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ + ' ts-sp-block-storage', '' , d)}" + +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ + ' ${TS_BIN}/${BLOCK_STORAGE_UUID}${SP_EXT}', '', d)}" + +EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', \ + ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y \ + SP_PATHS="${SP_PATHS}" ', d)}" diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc index 483b797d..e9f252e3 100644 --- a/meta-arm/recipes-security/optee/optee-os.inc +++ b/meta-arm/recipes-security/optee/optee-os.inc @@ -10,11 +10,11 @@ require optee.inc CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os" -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native" +DEPENDS = "python3-pyelftools-native python3-cryptography-native" -DEPENDS_append_toolchain-clang = " compiler-rt" +DEPENDS:append:toolchain-clang = " compiler-rt" -SRC_URI = "git://github.com/OP-TEE/optee_os.git" +SRC_URI = "git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https" S = "${WORKDIR}/git" B = "${WORKDIR}/build" @@ -24,18 +24,20 @@ EXTRA_OEMAKE += " \ CFG_${OPTEE_CORE}_core=y \ CROSS_COMPILE_core=${HOST_PREFIX} \ CROSS_COMPILE_ta_${OPTEE_ARCH}=${HOST_PREFIX} \ - NOWERROR=1 \ ta-targets=ta_${OPTEE_ARCH} \ O=${B} \ " +EXTRA_OEMAKE += " HOST_PREFIX=${HOST_PREFIX}" +EXTRA_OEMAKE += " CROSS_COMPILE64=${HOST_PREFIX}" -CFLAGS[unexport] = "1" LDFLAGS[unexport] = "1" CPPFLAGS[unexport] = "1" AS[unexport] = "1" LD[unexport] = "1" -do_configure[noexec] = "1" +do_compile:prepend() { + PLAT_LIBGCC_PATH=$(${CC} -print-libgcc-file-name) +} do_compile() { oe_runmake -C ${S} all @@ -47,30 +49,33 @@ do_install() { install -d ${D}${nonarch_base_libdir}/firmware/ install -m 644 ${B}/core/*.bin ${B}/core/tee.elf ${D}${nonarch_base_libdir}/firmware/ - #install TA devkit - install -d ${D}${includedir}/optee/export-user_ta/ - for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do - cp -aR $f ${D}${includedir}/optee/export-user_ta/ - done + #install tas in optee_armtz + install -d ${D}${nonarch_base_libdir}/optee_armtz/ + install -m 444 ${B}/ta/*/*.ta ${D}${nonarch_base_libdir}/optee_armtz } PACKAGE_ARCH = "${MACHINE_ARCH}" do_deploy() { - install -d ${DEPLOYDIR}/optee - install -m 644 ${D}${nonarch_base_libdir}/firmware/* ${DEPLOYDIR}/optee/ + install -d ${DEPLOYDIR}/${MLPREFIX}optee + install -m 644 ${D}${nonarch_base_libdir}/firmware/* ${DEPLOYDIR}/${MLPREFIX}optee + + install -d ${DEPLOYDIR}/${MLPREFIX}optee/ta + install -m 644 ${B}/ta/*/*.elf ${DEPLOYDIR}/${MLPREFIX}optee/ta } addtask deploy before do_build after do_install SYSROOT_DIRS += "${nonarch_base_libdir}/firmware" -FILES_${PN} = "${nonarch_base_libdir}/firmware/" -FILES_${PN}-dev = "${includedir}/optee/" +PACKAGES += "${PN}-ta" +FILES:${PN} = "${nonarch_base_libdir}/firmware/" +FILES:${PN}-ta = "${nonarch_base_libdir}/optee_armtz/*" -# note: "textrel" is not triggered on all archs -INSANE_SKIP_${PN} = "textrel" -INSANE_SKIP_${PN}-dev = "staticdev" +# note: "textrel" is not triggered on all archs +INSANE_SKIP:${PN} = "textrel" +# Build paths are currently embedded +INSANE_SKIP:${PN} += "buildpaths" +INSANE_SKIP:${PN}-dev = "staticdev" INHIBIT_PACKAGE_STRIP = "1" - diff --git a/meta-arm/recipes-security/optee/optee-os/0001-libutils-provide-empty-__getauxval-implementation.patch b/meta-arm/recipes-security/optee/optee-os/0001-libutils-provide-empty-__getauxval-implementation.patch deleted file mode 100644 index 0120f5c2..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0001-libutils-provide-empty-__getauxval-implementation.patch +++ /dev/null @@ -1,62 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From 36e784f621bf5d5be9183beba35f39426277c110 Mon Sep 17 00:00:00 2001 -From: Volodymyr Babchuk <volodymyr_babchuk@epam.com> -Date: Tue, 13 Oct 2020 22:45:39 +0300 -Subject: [PATCH 1/3] libutils: provide empty __getauxval() implementation - -Never version of libgcc are built with LSE implementation in mind. To -determine if LSE is available on platform it calls __getauxval(), so in -some cases we can get undefined reference to __getauxval() error. - -Prominent case is libgcc_eh.a library, which is used by C++ TAs. Exception -handler depends on atomic operations, so it tries to call -init_have_lse_atomics() first. This function in turn calls __getauxval(), -which causes linking error. - -In the future we can make __getauxval() to return actual platform -capabilities. - -Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> -Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> -Reviewed-by: Jerome Forissier <jerome@forissier.org> ---- - lib/libutils/ext/arch/arm/auxval.c | 12 ++++++++++++ - lib/libutils/ext/arch/arm/sub.mk | 1 + - 2 files changed, 13 insertions(+) - create mode 100644 lib/libutils/ext/arch/arm/auxval.c - -diff --git a/lib/libutils/ext/arch/arm/auxval.c b/lib/libutils/ext/arch/arm/auxval.c -new file mode 100644 -index 00000000..98bca850 ---- /dev/null -+++ b/lib/libutils/ext/arch/arm/auxval.c -@@ -0,0 +1,12 @@ -+// SPDX-License-Identifier: BSD-2-Clause -+/* -+ * Copyright (c) 2020, EPAM Systems -+ */ -+ -+#include <compiler.h> -+ -+unsigned long int __getauxval (unsigned long int type); -+unsigned long int __getauxval (unsigned long int type __unused) -+{ -+ return 0; -+} -diff --git a/lib/libutils/ext/arch/arm/sub.mk b/lib/libutils/ext/arch/arm/sub.mk -index dc5eed67..2e779066 100644 ---- a/lib/libutils/ext/arch/arm/sub.mk -+++ b/lib/libutils/ext/arch/arm/sub.mk -@@ -3,6 +3,7 @@ srcs-$(CFG_ARM32_$(sm)) += aeabi_unwind.c - endif - srcs-$(CFG_ARM32_$(sm)) += atomic_a32.S - srcs-$(CFG_ARM64_$(sm)) += atomic_a64.S -+srcs-y += auxval.c - ifneq ($(sm),ldelf) # TA, core - srcs-$(CFG_ARM32_$(sm)) += mcount_a32.S - srcs-$(CFG_ARM64_$(sm)) += mcount_a64.S --- -2.25.1 - diff --git a/meta-arm/recipes-security/optee/optee-os/0002-link.mk-implement-support-for-libnames-after-libgcc-.patch b/meta-arm/recipes-security/optee/optee-os/0002-link.mk-implement-support-for-libnames-after-libgcc-.patch deleted file mode 100644 index 11296c8c..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0002-link.mk-implement-support-for-libnames-after-libgcc-.patch +++ /dev/null @@ -1,55 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From 73196b58ea6978ffa5e581738030f51c5789ef73 Mon Sep 17 00:00:00 2001 -From: Volodymyr Babchuk <volodymyr_babchuk@epam.com> -Date: Tue, 13 Oct 2020 22:54:13 +0300 -Subject: [PATCH 2/3] link.mk: implement support for libnames-after-libgcc - variable - -Newer versions of libgcc depend on external __getauxval() symbol, which is -now provided by libutils. But libgcc is linked after libutils, so linker -can't resolve that symbol. We can't include libgcc into linking group with -libtutils, because libgcc provides symbols that conflict with libutil's -ones, like __aeabi_idiv with friends for instance. - -So, to resolve libgcc dependency on libutils we need to link with libutils -second time. To make things more generic, we will introduce -$(libnames-after-libgcc) variable for libraries that should be linked after -libgcc. - -Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> -Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> -Reviewed-by: Jerome Forissier <jerome@forissier.org> ---- - ta/arch/arm/link.mk | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/ta/arch/arm/link.mk b/ta/arch/arm/link.mk -index 445c285d..3025acb1 100644 ---- a/ta/arch/arm/link.mk -+++ b/ta/arch/arm/link.mk -@@ -55,8 +55,11 @@ link-ldflags += --eh-frame-hdr - link-ldadd += $(libstdc++$(sm)) $(libgcc_eh$(sm)) - endif - link-ldadd += --end-group --ldargs-$(user-ta-uuid).elf := $(link-ldflags) $(objs) $(link-ldadd) $(libgcc$(sm)) - -+link-ldadd-after-libgcc += $(addprefix -l,$(libnames-after-libgcc)) -+ -+ldargs-$(user-ta-uuid).elf := $(link-ldflags) $(objs) $(link-ldadd) \ -+ $(libgcc$(sm)) $(link-ldadd-after-libgcc) - - link-script-cppflags-$(sm) := \ - $(filter-out $(CPPFLAGS_REMOVE) $(cppflags-remove), \ -@@ -76,6 +79,7 @@ $(link-script-pp$(sm)): $(link-script$(sm)) $(conf-file) $(link-script-pp-makefi - $(link-script-cppflags-$(sm)) $$< -o $$@ - - $(link-out-dir$(sm))/$(user-ta-uuid).elf: $(objs) $(libdeps) \ -+ $(libdeps-after-libgcc) \ - $(link-script-pp$(sm)) \ - $(dynlistdep) \ - $(additional-link-deps) --- -2.25.1 - diff --git a/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch b/meta-arm/recipes-security/optee/optee-os/0003-optee-enable-clang-support.patch index 5c0d0a56..3c13ce3f 100644 --- a/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch +++ b/meta-arm/recipes-security/optee/optee-os/0003-optee-enable-clang-support.patch @@ -1,4 +1,4 @@ -From 3167f2c0dba4db59d61b60a8fe66f969d20aafa9 Mon Sep 17 00:00:00 2001 +From 59d4c190eae11c93b26cca5a7b005a17dadc8248 Mon Sep 17 00:00:00 2001 From: Brett Warren <brett.warren@arm.com> Date: Wed, 23 Sep 2020 09:27:34 +0100 Subject: [PATCH] optee: enable clang support @@ -10,15 +10,16 @@ compiler-rt. This is mitigated by including the variable as ammended. Upstream-Status: Pending ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701 Signed-off-by: Brett Warren <brett.warren@arm.com> + --- mk/clang.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mk/clang.mk b/mk/clang.mk -index 0f48c836..47465523 100644 +index a045beee8..1ebe2f702 100644 --- a/mk/clang.mk +++ b/mk/clang.mk -@@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ +@@ -30,7 +30,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ # Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of # libgcc for clang diff --git a/meta-arm/recipes-security/optee/optee-os/0003-ta_dev_kit.mk-make-sure-that-libutils-is-linked-seco.patch b/meta-arm/recipes-security/optee/optee-os/0003-ta_dev_kit.mk-make-sure-that-libutils-is-linked-seco.patch deleted file mode 100644 index 88ba5f85..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0003-ta_dev_kit.mk-make-sure-that-libutils-is-linked-seco.patch +++ /dev/null @@ -1,44 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From f50962e3f56f0932662b2ffa10afe53339a335dd Mon Sep 17 00:00:00 2001 -From: Volodymyr Babchuk <volodymyr_babchuk@epam.com> -Date: Fri, 16 Oct 2020 16:36:08 +0300 -Subject: [PATCH 3/3] ta_dev_kit.mk: make sure that libutils is linked second - time - -libgcc depends on __getauxval symbol from libuils. As, generally libutils -is linked before libgcc, we will get "unresolved symbol" error. To resolve -this dependency we need to link libutils second time - after libgcc. - -Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> -Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> -Reviewed-by: Jerome Forissier <jerome@forissier.org> ---- - ta/mk/ta_dev_kit.mk | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/ta/mk/ta_dev_kit.mk b/ta/mk/ta_dev_kit.mk -index e28be677..d0e66317 100644 ---- a/ta/mk/ta_dev_kit.mk -+++ b/ta/mk/ta_dev_kit.mk -@@ -78,6 +78,16 @@ endif - libnames += dl - libdeps += $(ta-dev-kit-dir$(sm))/lib/libdl.a - -+# libutils provides __getauxval symbol which is needed by libgcc 10.x. We can't -+# link libutils after libgcc, because libgcc will replace some symbols provided -+# by libutils, which will cause further linking issues. -+# -+# But if we place libutils before libgcc, linker will not be able to resolve -+# __getauxval. So we need to link with libutils twice: before and after libgcc. -+# Hence it included both in $(libnames) and in $(libnames-after-libgcc) -+libnames-after-libgcc += utils -+libdeps-after-libgcc += $(ta-dev-kit-dir$(sm))/lib/libutils.a -+ - # Pass config variable (CFG_) from conf.mk on the command line - cppflags$(sm) += $(strip \ - $(foreach var, $(filter CFG_%,$(.VARIABLES)), \ --- -2.25.1 - diff --git a/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch deleted file mode 100644 index 17005396..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 0bab935695ebcf0c533b49896ab18ff33d4a47d1 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@arm.com> -Date: Tue, 26 May 2020 14:38:02 -0500 -Subject: [PATCH] allow setting sysroot for libgcc lookup - -Explicitly pass the new variable LIBGCC_LOCATE_CFLAGS variable when searching -for the compiler libraries as there's no easy way to reliably pass --sysroot -otherwise. - -Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188] -Signed-off-by: Ross Burton <ross.burton@arm.com> ---- - mk/gcc.mk | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/mk/gcc.mk b/mk/gcc.mk -index adc77a24..81bfa78a 100644 ---- a/mk/gcc.mk -+++ b/mk/gcc.mk -@@ -13,11 +13,11 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \ - -print-file-name=include 2> /dev/null) - - # Get location of libgcc from gcc --libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \ -+libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \ - -print-libgcc-file-name 2> /dev/null) --libstdc++$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ -+libstdc++$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ - -print-file-name=libstdc++.a 2> /dev/null) --libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ -+libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ - -print-file-name=libgcc_eh.a 2> /dev/null) - - # Define these to something to discover accidental use diff --git a/meta-arm/recipes-security/optee/optee-os_3.11.0.bb b/meta-arm/recipes-security/optee/optee-os_3.11.0.bb deleted file mode 100644 index 13b3dc65..00000000 --- a/meta-arm/recipes-security/optee/optee-os_3.11.0.bb +++ /dev/null @@ -1,11 +0,0 @@ -require optee-os.inc - -SRCREV = "c4def2a8262a03244d9a88461699b9b8e43c6b55" - -SRC_URI_append = " \ - file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \ - file://0007-allow-setting-sysroot-for-clang.patch \ - file://0001-libutils-provide-empty-__getauxval-implementation.patch \ - file://0002-link.mk-implement-support-for-libnames-after-libgcc-.patch \ - file://0003-ta_dev_kit.mk-make-sure-that-libutils-is-linked-seco.patch \ -" diff --git a/meta-arm/recipes-security/optee/optee-os_4.%.bbappend b/meta-arm/recipes-security/optee/optee-os_4.%.bbappend new file mode 100644 index 00000000..4f4a0006 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os_4.%.bbappend @@ -0,0 +1,5 @@ +# Include Trusted Services Secure Partitions +require recipes-security/optee/optee-os-ts.inc + +# Conditionally include platform specific Trusted Services related OPTEE build parameters +EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_CORE_HEAP_SIZE=131072 CFG_TEE_BENCHMARK=n CFG_TEE_CORE_LOG_LEVEL=4 CFG_CORE_SEL1_SPMC=y ', d)}" diff --git a/meta-arm/recipes-security/optee/optee-os_4.2.0.bb b/meta-arm/recipes-security/optee/optee-os_4.2.0.bb new file mode 100644 index 00000000..8ae219f4 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os_4.2.0.bb @@ -0,0 +1,10 @@ +require recipes-security/optee/optee-os.inc + +DEPENDS += "dtc-native" + +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +SRCREV = "12d7c4ee4642d2d761e39fbcf21a06fb77141dea" +SRC_URI += " \ + file://0003-optee-enable-clang-support.patch \ + " diff --git a/meta-arm/recipes-security/optee/optee-test.inc b/meta-arm/recipes-security/optee/optee-test.inc index f09b9d24..58f10139 100644 --- a/meta-arm/recipes-security/optee/optee-test.inc +++ b/meta-arm/recipes-security/optee/optee-test.inc @@ -2,23 +2,16 @@ SUMMARY = "OP-TEE sanity testsuite" DESCRIPTION = "Open Portable Trusted Execution Environment - Test suite" HOMEPAGE = "https://www.op-tee.org/" -LICENSE = "BSD & GPLv2" -LIC_FILES_CHKSUM = "file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" +LICENSE = "BSD-2-Clause & GPL-2.0-only" +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" inherit python3native ptest +inherit deploy require optee.inc -# Linking fails on musl due to C++/threads -# https://github.com/OP-TEE/optee_test/issues/458#issuecomment-720540834 -# When upgraded we should be able to remove this limitation -COMPATIBLE_HOST_libc-musl = 'null' +DEPENDS = "optee-client optee-os-tadevkit python3-cryptography-native openssl" -DEPENDS = "optee-client optee-os python3-pycryptodome-native" - -SRC_URI = "git://github.com/OP-TEE/optee_test.git \ - file://0001-host-xtest-Adjust-order-of-including-compiler.h.patch \ - file://0002-make-remove-Wno-unsafe-loop-for-clang.patch \ - file://0003-make-remove-Wmissing-noreturn-for-clang.patch \ +SRC_URI = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \ file://run-ptest \ " @@ -26,16 +19,20 @@ S = "${WORKDIR}/git" B = "${WORKDIR}/build" EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ + OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR} \ CROSS_COMPILE_HOST=${HOST_PREFIX} \ CROSS_COMPILE_TA=${HOST_PREFIX} \ O=${B} \ " +CFLAGS += "-Wno-error=deprecated-declarations" + do_compile() { cd ${S} # Top level makefile doesn't seem to handle parallel make gracefully oe_runmake xtest oe_runmake ta + oe_runmake test_plugin } do_compile[cleandirs] = "${B}" @@ -46,9 +43,20 @@ do_install () { # default TEEC_LOAD_PATH is /lib mkdir -p ${D}${nonarch_base_libdir}/optee_armtz/ install -D -p -m0444 ${B}/ta/*/*.ta ${D}${nonarch_base_libdir}/optee_armtz/ + mkdir -p ${D}${libdir}/tee-supplicant/plugins + install -D -p -m0444 ${B}/supp_plugin/*.plugin ${D}${libdir}/tee-supplicant/plugins/ +} + +do_deploy () { + install -d ${DEPLOYDIR}/${MLPREFIX}optee/ta + install -m 644 ${B}/ta/*/*.elf ${DEPLOYDIR}/${MLPREFIX}optee/ta } -FILES_${PN} += "${nonarch_base_libdir}/optee_armtz/" +addtask deploy before do_build after do_install + +FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/ \ + ${libdir}/tee-supplicant/plugins/ \ + " # Imports machine specific configs from staging to build PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/meta-arm/recipes-security/optee/optee-test/0001-host-xtest-Adjust-order-of-including-compiler.h.patch b/meta-arm/recipes-security/optee/optee-test/0001-host-xtest-Adjust-order-of-including-compiler.h.patch deleted file mode 100644 index 3c500d7a..00000000 --- a/meta-arm/recipes-security/optee/optee-test/0001-host-xtest-Adjust-order-of-including-compiler.h.patch +++ /dev/null @@ -1,64 +0,0 @@ -From fc95b3ccbbfd336797ae2cfd6dd4dc58644e146f Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sat, 30 May 2020 17:52:18 -0700 -Subject: [PATCH] host/xtest: Adjust order of including compiler.h - -compiler.h defines some defines which violate libc namespace e.g. -__unused, this works ok with glibc but fails in awkward ways with musl -the reason is musl uses __unused in its internal structures and this -define in compiler.h conflicts with system headers causing errors like - -recipe-sysroot/usr/include/bits/stat.h:17:19: error: expected identifier or '(' before '[' token unsigned __unused[2]; - ^ -including compiler.h afer sys/stat.h fixes the problem. - -Upstream-Status: Pending [https://github.com/OP-TEE/optee_test/issues/453] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - host/xtest/install_ta.c | 2 +- - host/xtest/stats.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/host/xtest/install_ta.c b/host/xtest/install_ta.c -index 09a4c6d..6f7bb5c 100644 ---- a/host/xtest/install_ta.c -+++ b/host/xtest/install_ta.c -@@ -4,7 +4,6 @@ - * SPDX-License-Identifier: BSD-2-Clause - */ - --#include <compiler.h> - #include <dirent.h> - #include <err.h> - #include <errno.h> -@@ -20,6 +19,7 @@ - #include <sys/types.h> - #include <tee_client_api.h> - #include <unistd.h> -+#include <compiler.h> - - #include "install_ta.h" - #include "xtest_helpers.h" -diff --git a/host/xtest/stats.c b/host/xtest/stats.c -index 96b0b5f..db9bf25 100644 ---- a/host/xtest/stats.c -+++ b/host/xtest/stats.c -@@ -3,7 +3,6 @@ - * Copyright (c) 2019, Linaro Limited - */ - --#include <compiler.h> - #include <dirent.h> - #include <err.h> - #include <errno.h> -@@ -18,6 +17,7 @@ - #include <sys/types.h> - #include <tee_client_api.h> - #include <unistd.h> -+#include <compiler.h> - #include "xtest_test.h" - #include "stats.h" - --- -2.26.2 - diff --git a/meta-arm/recipes-security/optee/optee-test/0001-xtest-stats-remove-unneeded-stat.h-include.patch b/meta-arm/recipes-security/optee/optee-test/0001-xtest-stats-remove-unneeded-stat.h-include.patch new file mode 100644 index 00000000..581c6db3 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-test/0001-xtest-stats-remove-unneeded-stat.h-include.patch @@ -0,0 +1,34 @@ +From 236ebb968a298fa5d461e734559ad8a13b667eb6 Mon Sep 17 00:00:00 2001 +From: Jon Mason <jon.mason@arm.com> +Date: Wed, 24 Jan 2024 11:35:50 -0500 +Subject: [PATCH] xtest: stats: remove unneeded stat.h include + +Hack to work around musl compile error: + +| In file included from optee-test/4.1.0/recipe-sysroot/usr/include/sys/stat.h:23, +| from optee-test/4.1.0/git/host/xtest/stats.c:17: +| optee-test/4.1.0/recipe-sysroot/usr/include/bits/stat.h:17:26: error: expected identifier or '(' before '[' token +| 17 | unsigned __unused[2]; +| | ^ + +stat.h is not needed, since it is not being used in this file. So +removing it. + +Upstream-Status: Inappropriate [https://github.com/OP-TEE/optee_test/issues/722] +Signed-off-by: Jon Mason <jon.mason@arm.com> +--- + host/xtest/stats.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/host/xtest/stats.c b/host/xtest/stats.c +index fb16d55586da..05aa3adac611 100644 +--- a/host/xtest/stats.c ++++ b/host/xtest/stats.c +@@ -14,7 +14,6 @@ + #include <stdio.h> + #include <stdlib.h> + #include <string.h> +-#include <sys/stat.h> + #include <sys/types.h> + #include <tee_client_api.h> + #include <unistd.h> diff --git a/meta-arm/recipes-security/optee/optee-test/0002-make-remove-Wno-unsafe-loop-for-clang.patch b/meta-arm/recipes-security/optee/optee-test/0002-make-remove-Wno-unsafe-loop-for-clang.patch deleted file mode 100644 index 17dd7d87..00000000 --- a/meta-arm/recipes-security/optee/optee-test/0002-make-remove-Wno-unsafe-loop-for-clang.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 438533ce9da1df0b7c7914e64b39ffdc1da1ab79 Mon Sep 17 00:00:00 2001 -From: Brett Warren <brett.warran@arm.com> -Date: Thu, 8 Oct 2020 10:03:25 +0100 -Subject: [PATCH] make: remove -Wmissing-noreturn for clang - -When compiling when clang, -Wmissing-noreturn causes an error because -of non-compliant code. This option is removed to workaround this. - -Upstream-Status: Pending [https://github.com/OP-TEE/optee_test/issues/452] -Changed-Id: 71cb511904547d790d1ea98f93bf8e5a6afcb36d -Signed-off-by: Brett Warren <brett.warren@arm.com> ---- - host/xtest/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/host/xtest/Makefile b/host/xtest/Makefile -index 3c206b0..96746de 100644 ---- a/host/xtest/Makefile -+++ b/host/xtest/Makefile -@@ -169,7 +169,7 @@ CFLAGS += -Wall -Wcast-align -Werror \ - -Werror-implicit-function-declaration -Wextra -Wfloat-equal \ - -Wformat-nonliteral -Wformat-security -Wformat=2 -Winit-self \ - -Wmissing-declarations -Wmissing-format-attribute \ -- -Wmissing-include-dirs -Wmissing-noreturn \ -+ -Wmissing-include-dirs \ - -Wmissing-prototypes -Wnested-externs -Wpointer-arith \ - -Wshadow -Wstrict-prototypes -Wswitch-default \ - -Wwrite-strings \ --- -2.17.1 - diff --git a/meta-arm/recipes-security/optee/optee-test/0003-make-remove-Wmissing-noreturn-for-clang.patch b/meta-arm/recipes-security/optee/optee-test/0003-make-remove-Wmissing-noreturn-for-clang.patch deleted file mode 100644 index bbc303f3..00000000 --- a/meta-arm/recipes-security/optee/optee-test/0003-make-remove-Wmissing-noreturn-for-clang.patch +++ /dev/null @@ -1,31 +0,0 @@ -From ed5a9d9f7a3e9e14ca0e8aea59008124ee0e5f96 Mon Sep 17 00:00:00 2001 -From: Brett Warren <brett.warren@arm.com> -Date: Thu, 8 Oct 2020 10:20:52 +0100 -Subject: [PATCH] make: remove -Wno-unsafe-loop for clang - -When compiling with clang, the -Wno-unsafe-loop-optimizations option -throws an error because clang doesn't recognise it. This option is -removed to workaround this. - -Upstream-Status: Pending [https://github.com/OP-TEE/optee_test/issues/452] -Change-Id: 5fe0892c73208aaffac8c9995cb3275936fb1ba6 -Signed-off-by: Brett Warren <brett.warren@arm.com> ---- - host/xtest/Makefile | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/host/xtest/Makefile b/host/xtest/Makefile -index 96746de..73731d0 100644 ---- a/host/xtest/Makefile -+++ b/host/xtest/Makefile -@@ -174,7 +174,6 @@ CFLAGS += -Wall -Wcast-align -Werror \ - -Wshadow -Wstrict-prototypes -Wswitch-default \ - -Wwrite-strings \ - -Wno-declaration-after-statement \ -- -Wno-unsafe-loop-optimizations \ - -Wno-missing-field-initializers -Wno-format-zero-length - endif - --- -2.17.1 - diff --git a/meta-arm/recipes-security/optee/optee-test_3.11.0.bb b/meta-arm/recipes-security/optee/optee-test_3.11.0.bb deleted file mode 100644 index 0f8b5b04..00000000 --- a/meta-arm/recipes-security/optee/optee-test_3.11.0.bb +++ /dev/null @@ -1,3 +0,0 @@ -require optee-test.inc - -SRCREV = "159e295d5cc3ad2275ab15fe544620f6604d4ba4" diff --git a/meta-arm/recipes-security/optee/optee-test_4.2.0.bb b/meta-arm/recipes-security/optee/optee-test_4.2.0.bb new file mode 100644 index 00000000..6317a72f --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-test_4.2.0.bb @@ -0,0 +1,12 @@ +require recipes-security/optee/optee-test.inc + +SRCREV = "526d5bac1b65f907f67c05cd07beca72fbab88dd" +SRC_URI += "file://0001-xtest-stats-remove-unneeded-stat.h-include.patch" + +# Include ffa_spmc test group if the SPMC test is enabled. +# Supported after op-tee v3.20 +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' CFG_SPMC_TESTS=y CFG_SECURE_PARTITION=y', '' , d)}" + +RDEPENDS:${PN} += "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' arm-ffa-user', '' , d)}" diff --git a/meta-arm/recipes-security/optee/optee.inc b/meta-arm/recipes-security/optee/optee.inc index d093b48c..37676f14 100644 --- a/meta-arm/recipes-security/optee/optee.inc +++ b/meta-arm/recipes-security/optee/optee.inc @@ -1,17 +1,22 @@ UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$" COMPATIBLE_MACHINE ?= "invalid" -COMPATIBLE_MACHINE_qemuarm64 ?= "qemuarm64" +COMPATIBLE_MACHINE:qemuarm64 ?= "qemuarm64" +COMPATIBLE_MACHINE:qemuarm ?= "qemuarm" # Please add supported machines below or set it in .bbappend or .conf OPTEEMACHINE ?= "${MACHINE}" -OPTEEMACHINE_aarch64_qemuall ?= "vexpress-qemu_armv8a" +OPTEEMACHINE:aarch64:qemuall ?= "vexpress-qemu_armv8a" +OPTEEMACHINE:arm:qemuall ?= "vexpress-qemu_virt" OPTEE_ARCH = "null" -OPTEE_ARCH_armv7a = "arm32" -OPTEE_ARCH_aarch64 = "arm64" +OPTEE_ARCH:arm = "arm32" +OPTEE_ARCH:aarch64 = "arm64" OPTEE_CORE = "${@d.getVar('OPTEE_ARCH').upper()}" +# FIXME - breaks with Clang 18. See https://github.com/OP-TEE/optee_os/issues/6754 +TOOLCHAIN = "gcc" + OPTEE_TOOLCHAIN = "${@d.getVar('TOOLCHAIN') or 'gcc'}" OPTEE_COMPILER = "${@bb.utils.contains("BBFILE_COLLECTIONS", "clang-layer", "${OPTEE_TOOLCHAIN}", "gcc", d)}" @@ -20,8 +25,16 @@ OPTEE_COMPILER = "${@bb.utils.contains("BBFILE_COLLECTIONS", "clang-layer", "${O TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta" EXTRA_OEMAKE += "V=1 \ - LIBGCC_LOCATE_CFLAGS=--sysroot=${STAGING_DIR_HOST} \ + LIBGCC_LOCATE_CFLAGS='${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS}' \ COMPILER=${OPTEE_COMPILER} \ OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \ TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \ " +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" + +CFLAGS += "--sysroot=${STAGING_DIR_HOST}" + +# See the rationale in https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt. +CVE_STATUS[CVE-2021-36133] = "disputed: devices shipped open for development purposes" |