mbox series

[0/2] optee: Switch to new optee-ftpm fork and fix CVE-2025-46733

Message ID 20250714120714.337891-1-mariam.elshakfy@linaro.org
Headers show
Series optee: Switch to new optee-ftpm fork and fix CVE-2025-46733 | expand

Message

Mariam Elshakfy July 14, 2025, 12:07 p.m. UTC 
These patches update optee-ftpm to use [1] instead of
ARM32-FirmwareTPM sample in [2] as it has been dropped [3]

It also backports a fix for CVE-2025-46733 in both optee-os and
optee-ftpm.

[1] https://github.com/OP-TEE/optee_ftpm/
[2] https://github.com/microsoft/ms-tpm-20-ref/tree/Historical_Samples/
[3] https://github.com/microsoft/ms-tpm-20-ref/pull/108

Signed-off-by: Mariam Elshakfy <mariam.elshakfy@linaro.org>

Mariam Elshakfy (2):
  arm/optee-ftpm: Switch to new fTPM TA fork
  arm/optee: Backport fix for CVE-2025-46733

 .../0001-add-enum-to-ta-flags.patch           | 27 ------
 ...{optee-ftpm_git.bb => optee-ftpm_4.6.0.bb} | 46 ++++++----
 ... => 0001-optee-enable-clang-support.patch} |  0
 ...002-Add-optee-ta-instanceKeepCrashed.patch | 89 +++++++++++++++++++
 .../recipes-security/optee/optee-os_4.6.0.bb  |  3 +-
 5 files changed, 119 insertions(+), 46 deletions(-)
 delete mode 100644 meta-arm/recipes-security/optee-ftpm/optee-ftpm/0001-add-enum-to-ta-flags.patch
 rename meta-arm/recipes-security/optee-ftpm/{optee-ftpm_git.bb => optee-ftpm_4.6.0.bb} (58%)
 rename meta-arm/recipes-security/optee/optee-os/{0003-optee-enable-clang-support.patch => 0001-optee-enable-clang-support.patch} (100%)
 create mode 100644 meta-arm/recipes-security/optee/optee-os/0002-Add-optee-ta-instanceKeepCrashed.patch