@@ -41,6 +41,9 @@ EXTRA_IMAGEDEPENDS += "optee-os"
OPTEE_ARCH = "arm64"
OPTEE_BINARY = "tee-pager_v2.bin"
+# Trusted Services(TS)
+EXTRA_IMAGEDEPENDS += "secure-partitions"
+
# Linux kernel
PREFERRED_PROVIDER_virtual/kernel:forcevariable = "linux-yocto"
PREFERRED_VERSION_linux-yocto = "5.10%"
@@ -4,13 +4,8 @@ COMPATIBLE_MACHINE = "(corstone1000)"
TFM_DEBUG = "1"
-PACKAGECONFIG[test-secure] = "-DTEST_S=OFF,-DTEST_S=OFF"
-PACKAGECONFIG[test-nonsecure] = "-DTEST_NS=OFF,-DTEST_NS=OFF"
-
-INSANE_SKIP:${PN} = "arch"
-
-## Default is the FVP ##
-TFM_PLATFORM_IS_FVP ?= "TRUE"
+## Default is the MPS3 board
+TFM_PLATFORM_IS_FVP ?= "FALSE"
EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}"
SRCREV_tfm = "ccd82e35f539c0d7261b2935d6d30c550cfc6736"
@@ -1,27 +1,13 @@
-SRC_URI = "git://git.trustedfirmware.org/OP-TEE/optee_os.git;protocol=https;branch=psa-development"
-SRCREV = "f9de2c9520ed97b89760cc4c99424aae440b63f4"
-PV .= "+git${SRCREV}"
+require optee-os_corstone1000_common.inc
-DEPENDS += "python3-pycryptodomex-native"
+DEPENDS += " secure-partitions"
+EXTRA_OEMAKE +="'SP_PACKAGING_METHOD=embedded'"
-FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:"
+TS_INSTALL_PREFIX_PATH="${RECIPE_SYSROOT}/firmware/sp/opteesp"
+EXTRA_OEMAKE += "'TS_INSTALL_PREFIX=${TS_INSTALL_PREFIX_PATH}'"
-SRC_URI:append = " \
- file://0001-plat-corstone1000-add-corstone1000-platform.patch \
- file://0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch"
+# se-proxy secure partition
+SP_MKFILE_PATH="${TS_INSTALL_PREFIX}/lib/make/se-proxy.mk"
-COMPATIBLE_MACHINE = "corstone1000"
-
-OPTEEMACHINE = "corstone1000"
-# Enable optee memory layout and boot logs
-EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
-
-# default disable latency benchmarks (over all OP-TEE layers)
-EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n"
-
-EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y"
-
-EXTRA_OEMAKE += " CFG_WITH_SP=y"
-
-EXTRA_OEMAKE += " HOST_PREFIX=${HOST_PREFIX}"
-EXTRA_OEMAKE += " CROSS_COMPILE64=${HOST_PREFIX}"
+EXTRA_OEMAKE += "'CFG_SP_MKFILE_PATH=${SP_MKFILE_PATH}'"
+EXTRA_OEMAKE += "'CFG_EMBED_DTB_SOURCE_FILE=${TS_INSTALL_PREFIX_PATH}/manifest/46bb39d1-b4d9-45b5-88ff-040027dab249.dts'"
new file mode 100644
@@ -0,0 +1,27 @@
+SRC_URI = "git://git.trustedfirmware.org/OP-TEE/optee_os.git;protocol=https;branch=psa-development"
+SRCREV = "f9de2c9520ed97b89760cc4c99424aae440b63f4"
+PV .= "+git${SRCREV}"
+
+DEPENDS += "python3-pycryptodomex-native dtc-native"
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:"
+
+SRC_URI:append = " \
+ file://0001-plat-corstone1000-add-corstone1000-platform.patch \
+ file://0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch"
+
+COMPATIBLE_MACHINE = "corstone1000"
+
+OPTEEMACHINE = "corstone1000"
+# Enable optee memory layout and boot logs
+EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
+
+# default disable latency benchmarks (over all OP-TEE layers)
+EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n"
+
+EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y"
+
+EXTRA_OEMAKE += " CFG_WITH_SP=y"
+
+EXTRA_OEMAKE += " HOST_PREFIX=${HOST_PREFIX}"
+EXTRA_OEMAKE += " CROSS_COMPILE64=${HOST_PREFIX}"
new file mode 100644
@@ -0,0 +1 @@
+require optee-os_corstone1000_common.inc
new file mode 100644
@@ -0,0 +1,6 @@
+# Machine specific configurations
+
+MACHINE_OPTEE_SPDEVKIT_REQUIRE ?= ""
+MACHINE_OPTEE_SPDEVKIT_REQUIRE:corstone1000 = "optee-spdevkit_corstone1000.inc"
+
+require ${MACHINE_OPTEE_SPDEVKIT_REQUIRE}
new file mode 100644
@@ -0,0 +1,33 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+
+From 0bdafbd98ffd25a09822a560435ee9719e9bc0e4 Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Sat, 13 Nov 2021 07:47:44 +0000
+Subject: [PATCH] tools/cmake/common: applying lowercase project convention
+
+Lowercase convention should only apply on the paths inside TS
+source-code.
+Host build paths should not be lowercased. Otherwise, builds
+with uppercase paths will break.
+
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+
+diff --git a/tools/cmake/common/AddPlatform.cmake b/tools/cmake/common/AddPlatform.cmake
+index ae34c6e..31bcd8c 100644
+--- a/tools/cmake/common/AddPlatform.cmake
++++ b/tools/cmake/common/AddPlatform.cmake
+@@ -37,8 +37,8 @@ function(add_platform)
+ set(TGT ${MY_PARAMS_TARGET} CACHE STRING "")
+
+ # Ensure file path conforms to lowercase project convention
+- string(TOLOWER "${TS_PLATFORM_ROOT}/${TS_PLATFORM}/platform.cmake" _platdef)
+- include(${_platdef})
++ string(TOLOWER "${TS_PLATFORM}/platform.cmake" _platdef)
++ include(${TS_PLATFORM_ROOT}/${_platdef})
+ set(CMAKE_CONFIGURE_DEPENDS ${_platdef})
+
+ unset(TGT CACHE)
+--
+2.17.1
+
new file mode 100644
@@ -0,0 +1,31 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+
+From 28f3e8d68996ad2e3ccca45d2435b3b524daef48 Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Sat, 13 Nov 2021 07:51:53 +0000
+Subject: [PATCH] fix EARLY_TA_PATHS env variable
+
+Yocto cleans up environment varaibles at build time.
+EARLY_TA_PATHS should be set a separate rule for securepartitions
+to be included into optee-os image
+
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+diff --git a/environments/opteesp/sp.mk.in b/environments/opteesp/sp.mk.in
+index c44ad59..d67e2dc 100644
+--- a/environments/opteesp/sp.mk.in
++++ b/environments/opteesp/sp.mk.in
+@@ -14,7 +14,8 @@ ifeq (,${@EXPORT_SP_UUID@-included})
+ endif
+
+ ifeq (embedded,${SP_PACKAGING_METHOD})
+-OPTEE_OS_COMMON_EXTRA_FLAGS+=EARLY_TA_PATHS+=${TS_INSTALL_PREFIX}/opteesp/bin/@EXPORT_SP_UUID@.stripped.elf
++EARLY_TA_PATHS+=${TS_INSTALL_PREFIX}/bin/@EXPORT_SP_UUID@.stripped.elf
++OPTEE_OS_COMMON_EXTRA_FLAGS+=${EARLY_TA_PATHS}
+ TS_SP_DTSI_LIST+="\\n\#include \"${TS_INSTALL_PREFIX}/opteesp/manifest/@EXPORT_SP_UUID@.dtsi\""
+ else ifeq (fip,${SP_PACKAGING_METHOD})
+ TS_SP_JSON_LIST+=${TS_INSTALL_PREFIX}/opteesp/json/@EXPORT_SP_NAME@.json
+--
+2.17.1
+
new file mode 100644
@@ -0,0 +1,45 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+
+From 446155031c5a37c3a9771f0215d9fb23d59648d6 Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Sat, 13 Nov 2021 08:34:42 +0000
+Subject: [PATCH] se-proxy:dts: add se-proxy as child node
+
+se-proxy sp string should be added for se-proxy node to be
+read properly.
+
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
+index 961071a..9f5cf71 100644
+--- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in
++++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
+@@ -7,13 +7,15 @@
+ @DTS_TAG@
+
+ @DTS_NODE@ {
+- compatible = "arm,ffa-manifest-1.0";
+- ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */
+- uuid = <@EXPORT_SP_UUID_DT@>;
+- description = "SE Proxy";
+- execution-ctx-count = <1>;
+- exception-level = <1>; /* S-EL0 */
+- execution-state = <0>; /* AArch64 */
+- xlat-granule = <0>; /* 4KiB */
+- messaging-method = <0>; /* Direct messaging only */
++ se-proxy {
++ compatible = "arm,ffa-manifest-1.0";
++ ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */
++ uuid = <@EXPORT_SP_UUID_DT@>;
++ description = "SE Proxy";
++ execution-ctx-count = <1>;
++ exception-level = <1>; /* S-EL0 */
++ execution-state = <0>; /* AArch64 */
++ xlat-granule = <0>; /* 4KiB */
++ messaging-method = <0>; /* Direct messaging only */
++ };
+ };
+--
+2.17.1
+
new file mode 100644
@@ -0,0 +1,4 @@
+MACHINE_TS_REQUIRE ?= ""
+MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc"
+
+require ${MACHINE_TS_REQUIRE}
new file mode 100644
@@ -0,0 +1,17 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/secure-partitions:"
+
+COMPATIBLE_MACHINE = "corstone1000"
+
+SRC_URI:append = " file://0001-tools-cmake-common-applying-lowercase-project-convention.patch \
+ file://0002-fix-EARLY_TA_PATHS-env-variable.patch \
+ file://0003-se-proxy-dts-add-se-proxy-as-child-node.patch \
+ "
+
+TS_PLATFORM = "arm/fvp/fvp_base_revc-2xaemv8a"
+TS_ENVIRONMENT = "opteesp"
+SP_PACKAGING_METHOD = "embedded"
+
+EXTRA_OEMAKE += "TS_PLATFORM=${TS_PLATFORM}"
+
+# Secure Enclave proxy secure partition
+TS_DEPLOYMENTS += "'deployments/se-proxy/${TS_ENVIRONMENT}'"