diff options
Diffstat (limited to 'meta-ti-bsp/recipes-security')
12 files changed, 118 insertions, 0 deletions
diff --git a/meta-ti-bsp/recipes-security/optee/optee-%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-%.bbappend new file mode 100644 index 00000000..bc590bfd --- /dev/null +++ b/meta-ti-bsp/recipes-security/optee/optee-%.bbappend @@ -0,0 +1 @@ +COMPATIBLE_MACHINE:ti-soc = "ti-soc" diff --git a/meta-ti-bsp/recipes-security/optee/optee-client-ti-version.inc b/meta-ti-bsp/recipes-security/optee/optee-client-ti-version.inc new file mode 100644 index 00000000..22a363f4 --- /dev/null +++ b/meta-ti-bsp/recipes-security/optee/optee-client-ti-version.inc @@ -0,0 +1,2 @@ +PV = "4.2.0+git" +SRCREV = "3eac340a781c00ccd61b151b0e9c22a8c6e9f9f0" diff --git a/meta-ti-bsp/recipes-security/optee/optee-client_%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-client_%.bbappend new file mode 100644 index 00000000..f193e78b --- /dev/null +++ b/meta-ti-bsp/recipes-security/optee/optee-client_%.bbappend @@ -0,0 +1,4 @@ +OPTEE_TI_VERSION = "" +OPTEE_TI_VERSION:ti-soc = "${BPN}-ti-version.inc" + +require ${OPTEE_TI_VERSION} diff --git a/meta-ti-bsp/recipes-security/optee/optee-examples-ti-version.inc b/meta-ti-bsp/recipes-security/optee/optee-examples-ti-version.inc new file mode 100644 index 00000000..2d7a95bd --- /dev/null +++ b/meta-ti-bsp/recipes-security/optee/optee-examples-ti-version.inc @@ -0,0 +1,2 @@ +PV = "4.2.0+git" +SRCREV = "378dc0db2d5dd279f58a3b6cb3f78ffd6b165035" diff --git a/meta-ti-bsp/recipes-security/optee/optee-examples_%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-examples_%.bbappend new file mode 100644 index 00000000..f193e78b --- /dev/null +++ b/meta-ti-bsp/recipes-security/optee/optee-examples_%.bbappend @@ -0,0 +1,4 @@ +OPTEE_TI_VERSION = "" +OPTEE_TI_VERSION:ti-soc = "${BPN}-ti-version.inc" + +require ${OPTEE_TI_VERSION} diff --git a/meta-ti-bsp/recipes-security/optee/optee-os-tadevkit-ti-overrides.inc b/meta-ti-bsp/recipes-security/optee/optee-os-tadevkit-ti-overrides.inc new file mode 100644 index 00000000..df46e243 --- /dev/null +++ b/meta-ti-bsp/recipes-security/optee/optee-os-tadevkit-ti-overrides.inc @@ -0,0 +1 @@ +EXTRA_OEMAKE:remove = "CFG_MAP_EXT_DT_SECURE=y" diff --git a/meta-ti-bsp/recipes-security/optee/optee-os-tadevkit_%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-os-tadevkit_%.bbappend new file mode 100644 index 00000000..980f7a4b --- /dev/null +++ b/meta-ti-bsp/recipes-security/optee/optee-os-tadevkit_%.bbappend @@ -0,0 +1,9 @@ +OPTEE_TI_VERSION = "" +OPTEE_TI_VERSION:ti-soc = "optee-os-ti-version.inc" + +require ${OPTEE_TI_VERSION} + +OPTEE_TI_OVERRIDES = "" +OPTEE_TI_OVERRIDES:ti-soc = "${BPN}-ti-overrides.inc" + +require ${OPTEE_TI_OVERRIDES} diff --git a/meta-ti-bsp/recipes-security/optee/optee-os-ti-overrides.inc b/meta-ti-bsp/recipes-security/optee/optee-os-ti-overrides.inc new file mode 100644 index 00000000..0ea30907 --- /dev/null +++ b/meta-ti-bsp/recipes-security/optee/optee-os-ti-overrides.inc @@ -0,0 +1,78 @@ +# Use TI SECDEV for signing +inherit ti-secdev + +EXTRA_OEMAKE:remove = "CFG_MAP_EXT_DT_SECURE=y" + +EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}" + +EXTRA_OEMAKE:append:am62xx = " CFG_TEE_CORE_LOG_LEVEL=1" +EXTRA_OEMAKE:append:am62pxx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1" +EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1" +EXTRA_OEMAKE:append:j722s = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1" + +do_compile:append:k3() { + cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin + cp ${B}/core/tee.elf ${B}/bl32.elf +} + +# Signing procedure for legacy HS devices +optee_sign_legacyhs() { + ( cd ${B}/core/; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \ + normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"` + mv tee.bin.signed ${B}/$normfl.optee; \ + ) + + if [ "${OPTEEPAGER}" = "y" ]; then + oe_runmake -C ${S} clean + oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y + ( cd ${B}/core/; \ + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \ + normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"` + mv tee.bin.signed ${B}/$normfl-pager.optee; \ + ) + fi +} + +do_compile:append:ti43x() { + optee_sign_legacyhs +} + +do_compile:append:dra7xx() { + optee_sign_legacyhs +} + +do_install:append() { + install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true + install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true + install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ || true + + # Install embedded TAs + mkdir -p ${D}${nonarch_base_libdir}/optee_armtz/ + install -D -p -m0444 ${B}/ta/*/*.ta ${D}${nonarch_base_libdir}/optee_armtz/ +} + +optee_deploy_legacyhs() { + cd ${DEPLOYDIR}/ + for f in optee/*.optee; do + ln -sf $f ${DEPLOYDIR}/ + done +} + +do_deploy:append:ti43x() { + optee_deploy_legacyhs +} + +do_deploy:append:dra7xx() { + optee_deploy_legacyhs +} + +do_deploy:append:k3() { + ln -sf optee/bl32.bin ${DEPLOYDIR}/ + ln -sf optee/bl32.elf ${DEPLOYDIR}/ +} + +FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/" + +# This is needed for bl32.elf +INSANE_SKIP:${PN}:append:k3 = " textrel" diff --git a/meta-ti-bsp/recipes-security/optee/optee-os-ti-version.inc b/meta-ti-bsp/recipes-security/optee/optee-os-ti-version.inc new file mode 100644 index 00000000..790f5f5f --- /dev/null +++ b/meta-ti-bsp/recipes-security/optee/optee-os-ti-version.inc @@ -0,0 +1,2 @@ +PV = "4.2.0+git" +SRCREV = "12d7c4ee4642d2d761e39fbcf21a06fb77141dea" diff --git a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend new file mode 100644 index 00000000..0cee127f --- /dev/null +++ b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend @@ -0,0 +1,9 @@ +OPTEE_TI_VERSION = "" +OPTEE_TI_VERSION:ti-soc = "${BPN}-ti-version.inc" + +require ${OPTEE_TI_VERSION} + +OPTEE_TI_OVERRIDES = "" +OPTEE_TI_OVERRIDES:ti-soc = "${BPN}-ti-overrides.inc" + +require ${OPTEE_TI_OVERRIDES} diff --git a/meta-ti-bsp/recipes-security/optee/optee-test-ti-version.inc b/meta-ti-bsp/recipes-security/optee/optee-test-ti-version.inc new file mode 100644 index 00000000..fdfa420c --- /dev/null +++ b/meta-ti-bsp/recipes-security/optee/optee-test-ti-version.inc @@ -0,0 +1,2 @@ +PV = "4.2.0+git" +SRCREV = "526d5bac1b65f907f67c05cd07beca72fbab88dd" diff --git a/meta-ti-bsp/recipes-security/optee/optee-test_%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-test_%.bbappend new file mode 100644 index 00000000..f193e78b --- /dev/null +++ b/meta-ti-bsp/recipes-security/optee/optee-test_%.bbappend @@ -0,0 +1,4 @@ +OPTEE_TI_VERSION = "" +OPTEE_TI_VERSION:ti-soc = "${BPN}-ti-version.inc" + +require ${OPTEE_TI_VERSION} |