@@ -36,6 +36,8 @@ UBOOT_ARCH = "arm"
UBOOT_EXTLINUX = "0"
# optee
+PREFERRED_VERSION_optee-os ?= "3.14%"
+PREFERRED_VERSION_optee-client ?= "3.14%"
EXTRA_IMAGEDEPENDS += "optee-os"
OPTEE_ARCH = "arm64"
OPTEE_BINARY = "tee-pager_v2.bin"
new file mode 100644
@@ -0,0 +1,6 @@
+# Machine specific configurations
+
+MACHINE_OPTEE_CLIENT_REQUIRE ?= ""
+MACHINE_OPTEE_CLIENT_REQUIRE:tc = "optee-client-tc.inc"
+
+require ${MACHINE_OPTEE_CLIENT_REQUIRE}
similarity index 100%
rename from meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend
rename to meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend
new file mode 100644
@@ -0,0 +1,7 @@
+# Machine specific configurations
+
+MACHINE_OPTEE_OS_REQUIRE ?= ""
+MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os_corstone1000.inc"
+MACHINE_OPTEE_OS_REQUIRE:tc = "optee-os-tc.inc"
+
+require ${MACHINE_OPTEE_OS_REQUIRE}
similarity index 100%
rename from meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend
rename to meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend
@@ -15,7 +15,7 @@ inherit deploy python3native
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5"
-DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit"
+DEPENDS = "python3-pyelftools-native optee-os-tadevkit python3-cryptography-native "
FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"
@@ -48,6 +48,10 @@ EXTRA_OEMAKE:append:aarch64:qemuall = "\
CFG_ARM64_ta_arm64=y \
"
+# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
+# right path until this is relocated automatically.
+export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
+
PARALLEL_MAKE = ""
do_compile() {
new file mode 100644
@@ -0,0 +1,3 @@
+require optee-client.inc
+
+SRCREV = "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2"
@@ -5,16 +5,14 @@ HOMEPAGE = "https://github.com/linaro-swg/optee_examples"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30"
-DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
+DEPENDS = "optee-client optee-os-tadevkit python3-cryptography-native"
inherit python3native
require optee.inc
SRC_URI = "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https \
- file://0001-plugins-Honour-default-cross-compiler-environment-se.patch \
- file://0002-Makefile-Enable-plugins-installation-in-rootfs.patch \
- "
+ file://0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch"
EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
HOST_CROSS_COMPILE=${HOST_PREFIX} \
@@ -25,6 +23,7 @@ EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
S = "${WORKDIR}/git"
B = "${WORKDIR}/build"
+
do_compile() {
oe_runmake -C ${S}
}
new file mode 100644
@@ -0,0 +1,46 @@
+From 11610debf750f15c7a104db7315dcd7d69e282a8 Mon Sep 17 00:00:00 2001
+From: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com>
+Date: Sat, 26 Feb 2022 01:52:26 +0000
+Subject: [PATCH] Makefile: Fix non-portable sh check for plugins
+
+Upstream-Status: Pending
+
+We previously held a patch that used "=" for comparison, but when
+that patch got upstreamed it was changed to "==" which is non-portable,
+resulting in an error:
+
+/bin/sh: 6: [: acipher: unexpected operator
+/bin/sh: 6: [: plugins: unexpected operator
+/bin/sh: 6: [: hello_world: unexpected operator
+/bin/sh: 6: [: hotp: unexpected operator
+/bin/sh: 6: [: aes: unexpected operator
+/bin/sh: 6: [: random: unexpected operator
+/bin/sh: 6: [: secure_storage: unexpected operator
+
+if /bin/sh doesnt point to bash.
+
+Which in turn causes our do_install task to fail since plugins arent
+where we expect them to be.
+
+
+Signed-off-by: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index b3f16aa..9359d95 100644
+--- a/Makefile
++++ b/Makefile
+@@ -31,7 +31,7 @@ prepare-for-rootfs: examples
+ cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
+ fi; \
+ cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
+- if [ $$example == plugins ]; then \
++ if [ $$example = plugins ]; then \
+ cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \
+ fi; \
+ done
+--
+2.25.1
+
deleted file mode 100644
@@ -1,84 +0,0 @@
-From 79c826c249001700007a6dffe80c3d61ff4428ef Mon Sep 17 00:00:00 2001
-From: Sumit Garg <sumit.garg@linaro.org>
-Date: Tue, 20 Jul 2021 13:54:30 +0530
-Subject: [PATCH 1/2] plugins: Honour default cross compiler environment setup
-
-Honour default $(CC), $(CFLAGS) and $(LDFLAGS) variables. Without this
-plugins example fails to build for OE/Yocto.
-
-Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87]
-
-Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
----
- plugins/Makefile | 2 +-
- plugins/host/Makefile | 2 +-
- plugins/syslog/Makefile | 16 ++++++++++++----
- 3 files changed, 14 insertions(+), 6 deletions(-)
-
-diff --git a/plugins/Makefile b/plugins/Makefile
-index 2372b38..ea472b4 100644
---- a/plugins/Makefile
-+++ b/plugins/Makefile
-@@ -8,7 +8,7 @@ TA_CROSS_COMPILE ?= $(CROSS_COMPILE)
- all:
- $(MAKE) -C host CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
- $(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)" LDFLAGS=""
-- $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)"
-+ $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
-
- .PHONY: clean
- clean:
-diff --git a/plugins/host/Makefile b/plugins/host/Makefile
-index 7285104..76244c7 100644
---- a/plugins/host/Makefile
-+++ b/plugins/host/Makefile
-@@ -20,7 +20,7 @@ BINARY = optee_example_plugins
- all: $(BINARY)
-
- $(BINARY): $(OBJS)
-- $(CC) -o $@ $< $(LDADD)
-+ $(CC) $(LDFLAGS) -o $@ $< $(LDADD)
-
- .PHONY: clean
- clean:
-diff --git a/plugins/syslog/Makefile b/plugins/syslog/Makefile
-index 62d916a..71f5f92 100644
---- a/plugins/syslog/Makefile
-+++ b/plugins/syslog/Makefile
-@@ -1,3 +1,11 @@
-+CC ?= $(CROSS_COMPILE)gcc
-+LD ?= $(CROSS_COMPILE)ld
-+AR ?= $(CROSS_COMPILE)ar
-+NM ?= $(CROSS_COMPILE)nm
-+OBJCOPY ?= $(CROSS_COMPILE)objcopy
-+OBJDUMP ?= $(CROSS_COMPILE)objdump
-+READELF ?= $(CROSS_COMPILE)readelf
-+
- PLUGIN_UUID = 96bcf744-4f72-4866-bf1d-8634fd9c65e5
-
- PLUGIN = $(PLUGIN_UUID).plugin
-@@ -6,17 +14,17 @@ PLUGIN_OBJ = $(patsubst %.c, %.o, $(PLUGIN_SRS))
- PLUGIN_INCLUDES_DIR = $(CURDIR) $(TEEC_EXPORT)/include
-
- PLUGIN_INCLUDES = $(addprefix -I, $(PLUGIN_INCLUDES_DIR))
--PLUGIN_CCFLAGS = -Wall -fPIC
--PLUGIN_LDFLAGS = -shared
-+PLUGIN_CCFLAGS = $(CFLAGS) -Wall -fPIC
-+PLUGIN_LDFLAGS = $(LDFLAGS) -shared
-
- .PHONY: all
- all: $(PLUGIN)
-
- $(PLUGIN): $(PLUGIN_OBJ)
-- $(CROSS_COMPILE)gcc $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@
-+ $(CC) $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@
-
- %.o: %.c
-- $(CROSS_COMPILE)gcc $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o
-+ $(CC) $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o
-
- .PHONY: clean
- clean:
-2.25.1
-
deleted file mode 100644
@@ -1,37 +0,0 @@
-From f4e5e74548d92258855434b550c58fe44993c148 Mon Sep 17 00:00:00 2001
-From: Sumit Garg <sumit.garg@linaro.org>
-Date: Tue, 20 Jul 2021 14:20:10 +0530
-Subject: [PATCH] Makefile: Enable plugins installation in rootfs
-
-Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87]
-
-Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
-
----
- Makefile | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/Makefile b/Makefile
-index a275842..9359d95 100644
---- a/Makefile
-+++ b/Makefile
-@@ -25,14 +25,19 @@ prepare-for-rootfs: examples
- @mkdir -p $(OUTPUT_DIR)
- @mkdir -p $(OUTPUT_DIR)/ta
- @mkdir -p $(OUTPUT_DIR)/ca
-+ @mkdir -p $(OUTPUT_DIR)/plugins
- @for example in $(EXAMPLE_LIST); do \
- if [ -e $$example/host/optee_example_$$example ]; then \
- cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
- fi; \
- cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
-+ if [ $$example = plugins ]; then \
-+ cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \
-+ fi; \
- done
-
- prepare-for-rootfs-clean:
- @rm -rf $(OUTPUT_DIR)/ta
- @rm -rf $(OUTPUT_DIR)/ca
-+ @rm -rf $(OUTPUT_DIR)/plugins
- @rmdir --ignore-fail-on-non-empty $(OUTPUT_DIR) || test ! -e $(OUTPUT_DIR)
deleted file mode 100644
@@ -1,4 +0,0 @@
-require optee-examples.inc
-
-SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec"
-
new file mode 100644
@@ -0,0 +1,3 @@
+require optee-examples.inc
+
+SRCREV = "65fc74309e12189ad5b6ce3ffec37c8011088a5a"
similarity index 94%
rename from meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
rename to meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
@@ -1,10 +1,11 @@
FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:"
-require optee-os_3.14.0.bb
+require optee-os_3.16.0.bb
SUMMARY = "OP-TEE Trusted OS TA devkit"
DESCRIPTION = "OP-TEE TA devkit for build TAs"
HOMEPAGE = "https://www.op-tee.org/"
+
do_install() {
#install TA devkit
install -d ${D}${includedir}/optee/export-user_ta/
@@ -10,7 +10,7 @@ require optee.inc
CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os"
-DEPENDS = "python3-pycryptodome-native python3-pyelftools-native"
+DEPENDS = "python3-pyelftools-native python3-cryptography-native"
DEPENDS:append:toolchain-clang = " compiler-rt"
@@ -6,3 +6,4 @@ SRC_URI:append = " \
file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \
file://0007-allow-setting-sysroot-for-clang.patch \
"
+DEPENDS = "python3-pycryptodome-native python3-pyelftools-native"
new file mode 100644
@@ -0,0 +1,8 @@
+require optee-os.inc
+
+SRCREV = "d0b742d1564834dac903f906168d7357063d5459"
+
+SRC_URI:append = " \
+ file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \
+ file://0007-allow-setting-sysroot-for-clang.patch \
+"
@@ -10,7 +10,7 @@ require optee.inc
CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os"
-DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native"
+DEPENDS = "python3-pyelftools-native"
DEPENDS:append:toolchain-clang = " compiler-rt"
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa"
inherit python3native ptest
require optee.inc
-DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
+DEPENDS = "optee-client optee-os-tadevkit python3-cryptography-native"
SRC_URI = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \
file://run-ptest \
deleted file mode 100644
@@ -1,3 +0,0 @@
-require optee-test.inc
-
-SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741"
new file mode 100644
@@ -0,0 +1,3 @@
+require optee-test.inc
+
+SRCREV = "1cf0e6d2bdd1145370033d4e182634458528579d"
@@ -26,3 +26,6 @@ EXTRA_OEMAKE += "V=1 \
OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \
TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \
"
+# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
+# right path until this is relocated automatically.
+export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
- Removes upstreamed patches for optee-examples - Fixes optee-examples installation - Includes new python3-cryptography dependency - Removes older cryptography backend dependencies - Fixes python3-cryptography to work with openssl - Keeps optee-client and optee-os v3.1.4 for corstone1000 compatibility Tested on qemuarm64-secureboot via optee-examples and xtest -l 15 Signed-off-by: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com> --- .../conf/machine/include/corstone1000.inc | 2 + .../optee/optee-client_3.16.0.bbappend | 6 ++ ...pend => optee-os-tadevkit_3.16.0.bbappend} | 0 .../optee/optee-os_3.16.0.bbappend | 7 ++ ....0.bbappend => optee-test_3.16.0.bbappend} | 0 .../optee-ftpm/optee-ftpm_git.bb | 6 +- .../optee/optee-client_3.16.0.bb | 3 + .../recipes-security/optee/optee-examples.inc | 7 +- ...ix-non-portable-sh-check-for-plugins.patch | 46 ++++++++++ ...efault-cross-compiler-environment-se.patch | 84 ------------------- ...nable-plugins-installation-in-rootfs.patch | 37 -------- .../optee/optee-examples_3.14.0.bb | 4 - .../optee/optee-examples_3.16.0.bb | 3 + ..._3.14.0.bb => optee-os-tadevkit_3.16.0.bb} | 3 +- meta-arm/recipes-security/optee/optee-os.inc | 2 +- .../recipes-security/optee/optee-os_3.14.0.bb | 1 + .../recipes-security/optee/optee-os_3.16.0.bb | 8 ++ .../optee/optee-spdevkit_git.bb | 2 +- .../recipes-security/optee/optee-test.inc | 2 +- .../optee/optee-test_3.14.0.bb | 3 - .../optee/optee-test_3.16.0.bb | 3 + meta-arm/recipes-security/optee/optee.inc | 3 + 22 files changed, 95 insertions(+), 137 deletions(-) create mode 100644 meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend rename meta-arm-bsp/recipes-security/optee/{optee-os-tadevkit_3.14.0.bbappend => optee-os-tadevkit_3.16.0.bbappend} (100%) create mode 100644 meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend rename meta-arm-bsp/recipes-security/optee/{optee-test_3.14.0.bbappend => optee-test_3.16.0.bbappend} (100%) create mode 100644 meta-arm/recipes-security/optee/optee-client_3.16.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch delete mode 100644 meta-arm/recipes-security/optee/optee-examples_3.14.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-examples_3.16.0.bb rename meta-arm/recipes-security/optee/{optee-os-tadevkit_3.14.0.bb => optee-os-tadevkit_3.16.0.bb} (94%) create mode 100644 meta-arm/recipes-security/optee/optee-os_3.16.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-test_3.14.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-test_3.16.0.bb