Message ID | 20230519112400.340-1-Gyorgy.Szing@arm.com |
---|---|
State | New |
Headers | show |
Series | [01/16] arm/trusted-services: update TS version | expand |
On Fri, 19 May 2023 13:23:45 +0200, Gyorgy Szing wrote: > This change updates to latest available version of Trusted Services. > List of changes: > - adapt SP recipes to file structure changes and support for > "configurations". In TS each SP can be built in various different > setups to allow adapting to platform and integration specific > differences. > - MbedTLS dependency has been updated to v3.3.0. > - This needs new python dependencies are required in the build > environment. > - psa-acs was updated to a matching version. > - do_patch() has been updated to support the MbedTLS patch added > in TS. > - Update TS dependency patching method to use git instead of patch. > - Downgrade nanopb to match up-stream dependency version. Applied, thanks! [01/16] arm/trusted-services: update TS version commit: cad1cc154f795739ff9b5a32397ab6b4301f0093 [02/16] optee-os: remove v3.18 pin of OP-TEE on qemuarm64-secureboot commit: c5df0d9acddab09a3b05e075c85a349edcca7f92 [03/16] arm/oeqa: Make ts-service-test config match selected SPs commit: e0c451ffd2510c19bf52c4fdcfeea372e9990643 [04/16] optee-os: Add support for TOS_FW_CONFIG on qemu commit: b81642c5f8566a947a13ccb3ef135157b1842449 [05/16] arm/trusted-firmware-a: Add TOS_FW_CONFIG handling for quemu commit: 260b3357865ed9250c473a01aed40164e2301067 [06/16] optee-test: backport SWd ABI compatibility changes commit: 73d9318f0b157021a5d51f7cf435a3713a5ed594 [07/16] optee-os: enable SPMC test commit: cad5dd0f8f67f3db23dc5e71703f8188190122e0 [08/16] arm/oeqa: enable OP-TEE SPMC tests commit: a13b63f9ea04eb5500b706b0421cfed6e293d634 [09/16] arm-bsp/trusted-services:corstone1000: remove already merged patches commit: 6e0f3be575c6452f3810e0154d8c185801317bef [10/16] trusted-services: update documentation commit: eaac633fa64a0bc87e9175461c6d073dd8b7b4ee [11/16] arm/trusted-services: disable psa-iat on qemuarm64-secureboot commit: bcb0a72c93c60b89f1815b3c1921649323acb032 [12/16] arm-bsp/trusted-services: remove merged patches for corstone1000 commit: c3cc9cfbf788c88a80209da1046af4a4d917e50b [13/16] arm/trusted-services: fix nanopb build error commit: 1f2ab563d159a7150511234865fd54838e2672ea [14/16] optee-os: unblock NWd interrupts commit: 78d9aafa2ab27dda70d524c614e2d86f08d5e29f [15/16] arm-bps/corstone1000: setup trusted service proxy configuration commit: bd8d017051b9f160c6bb041650a24fa527a7045f [16/16] CI: Platform specific Trusted Services config commit: c1a7dd5eda419109b179af6cbf93cb0dac2f7ae3 Best regards,
I would like to propose reverting this series ASAP due to the breakage caused to downstream layers and platforms. On Fri, May 19, 2023 at 01:23:45PM +0200, Gyorgy Szing wrote: > This change updates to latest available version of Trusted Services. > List of changes: > - adapt SP recipes to file structure changes and support for > "configurations". In TS each SP can be built in various different > setups to allow adapting to platform and integration specific > differences. > - MbedTLS dependency has been updated to v3.3.0. > - This needs new python dependencies are required in the build > environment. > - psa-acs was updated to a matching version. > - do_patch() has been updated to support the MbedTLS patch added > in TS. > - Update TS dependency patching method to use git instead of patch. > - Downgrade nanopb to match up-stream dependency version. > > Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> > Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com> > --- > .../trusted-services/trusted-services-src.inc | 27 +++++++++---------- > .../trusted-services/ts-demo_git.bb | 1 + > .../trusted-services/ts-newlib_4.1.0.bb | 4 +-- > .../ts-psa-api-test-common_git.inc | 4 ++- > .../trusted-services/ts-sp-attestation_git.bb | 3 ++- > .../trusted-services/ts-sp-crypto_git.bb | 5 ++-- > .../trusted-services/ts-sp-env-test_git.bb | 3 ++- > .../trusted-services/ts-sp-its_git.bb | 3 ++- > .../trusted-services/ts-sp-se-proxy_git.bb | 3 ++- > .../trusted-services/ts-sp-smm-gateway_git.bb | 3 ++- > .../trusted-services/ts-sp-storage_git.bb | 3 ++- > 11 files changed, 32 insertions(+), 27 deletions(-) > > diff --git a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc > index dc295506..c3ab7867 100644 > --- a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc > +++ b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc > @@ -5,8 +5,8 @@ LICENSE = "Apache-2.0 & BSD-3-Clause & BSD-2-Clause & Zlib" > SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=integration;name=trusted-services;destsuffix=git/trusted-services \ > " > > -#latest on 12.10.22. > -SRCREV_trusted-services = "3d4956770f89eb9ae0a73257901ae6277c078da6" > +#Latest on 2023 April 25 > +SRCREV="0d292e7c879076ea36cc39e30e0ac930b71e8cd8" > LIC_FILES_CHKSUM = "file://${S}/license.rst;md5=ea160bac7f690a069c608516b17997f4" > > S = "${WORKDIR}/git/trusted-services" > @@ -17,14 +17,14 @@ SRC_URI += "git://github.com/dgibson/dtc;name=dtc;protocol=https;branch=main;des > SRCREV_dtc = "b6910bec11614980a21e46fbccc35934b671bd81" > LIC_FILES_CHKSUM += "file://../dtc/README.license;md5=a1eb22e37f09df5b5511b8a278992d0e" > > -# MbedTLS, tag "mbedtls-3.1.0" > +# MbedTLS, tag "mbedtls-3.3.0" > SRC_URI += "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;branch=master;destsuffix=git/mbedtls" > -SRCREV_mbedtls = "d65aeb37349ad1a50e0f6c9b694d4b5290d60e49" > +SRCREV_mbedtls = "8c89224991adff88d53cd380f42a2baa36f91454" > LIC_FILES_CHKSUM += "file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" > > -# Nanopb, tag "nanopb-0.4.6" > +# Nanopb, tag "nanopb-0.4.2" > SRC_URI += "git://github.com/nanopb/nanopb.git;name=nanopb;protocol=https;branch=master;destsuffix=git/nanopb" > -SRCREV_nanopb = "afc499f9a410fc9bbf6c9c48cdd8d8b199d49eb4" > +SRCREV_nanopb = "df0e92f474f9cca704fe2b31483f0b4d1b1715a4" > LIC_FILES_CHKSUM += "file://../nanopb/LICENSE.txt;md5=9db4b73a55a3994384112efcdb37c01f" > > # qcbor, tag "v1.0.0" > @@ -54,15 +54,12 @@ LIC_FILES_CHKSUM += "file://../openamp/LICENSE.md;md5=a8d8cf662ef6bf9936a1e14135 > > # TS ships patches for external dependencies that needs to be applied > apply_ts_patches() { > - for p in ${S}/external/qcbor/*.patch; do > - patch -p1 -N -d ${WORKDIR}/git/qcbor < ${p} || true > - done > - for p in ${S}/external/t_cose/*.patch; do > - patch -p1 -N -d ${WORKDIR}/git/tcose < ${p} || true > - done > - for p in ${S}/external/CppUTest/*.patch; do > - patch -p1 -d ${WORKDIR}/git/cpputest < ${p} > - done > + ( cd ${WORKDIR}/git/qcbor; git stash; git branch -f bf_am; git am ${S}/external/qcbor/*.patch; git reset bf_am ) > + ( cd ${WORKDIR}/git/tcose; git stash; git branch -f bf_am; git am ${S}/external/t_cose/*.patch; git reset bf_am ) > + ( cd ${WORKDIR}/git/mbedtls; git stash; git branch -f bf_am; git am ${S}/external/MbedTLS/*.patch; git reset bf_am ) > + ( cd ${WORKDIR}/git/cpputest; git stash; git apply ${S}/external/CppUTest/*.patch ) > + ( cd ${WORKDIR}/git/dtc; git stash; git apply ${S}/external/libfdt/*.patch ) > + ( cd ${WORKDIR}/git/nanopb; git stash; git apply ${S}/external/nanopb/*.patch ) > } > do_patch[postfuncs] += "apply_ts_patches" > > diff --git a/meta-arm/recipes-security/trusted-services/ts-demo_git.bb b/meta-arm/recipes-security/trusted-services/ts-demo_git.bb > index a9f7b65f..668bde56 100644 > --- a/meta-arm/recipes-security/trusted-services/ts-demo_git.bb > +++ b/meta-arm/recipes-security/trusted-services/ts-demo_git.bb > @@ -6,6 +6,7 @@ TS_ENV = "arm-linux" > > require trusted-services.inc > > +DEPENDS += "python3-jsonschema-native python3-jinja2-native" > DEPENDS += "libts" > RDEPENDS:${PN} += "libts" > > diff --git a/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb b/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb > index 408c7d3c..24a724a4 100644 > --- a/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb > +++ b/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb > @@ -22,9 +22,7 @@ OECMAKE_SOURCEPATH = "${S}/deployments/newlib/${TS_ENV}/" > > # TS ships a patch that needs to be applied to newlib > apply_ts_patch() { > - for p in ${S}/external/newlib/*.patch; do > - patch -p1 -d ${WORKDIR}/git/newlib < ${p} > - done > + ( cd ${WORKDIR}/git/newlib; git stash; git branch -f bf_am; git am ${S}/external/newlib/*.patch; git reset bf_am ) > } > do_patch[postfuncs] += "apply_ts_patch" > > diff --git a/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc b/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc > index 41cb0c08..8a7b0e5c 100644 > --- a/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc > +++ b/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc > @@ -4,6 +4,8 @@ TS_ENV = "arm-linux" > > require trusted-services.inc > > +DEPENDS += "python3-jsonschema-native python3-jinja2-native" > + > DEPENDS += "libts" > RDEPENDS:${PN} += "libts" > > @@ -11,7 +13,7 @@ SRC_URI += "git://github.com/ARM-software/psa-arch-tests.git;name=psatest;protoc > file://0001-Pass-Yocto-build-settings-to-psa-arch-tests-native.patch;patchdir=../psatest \ > " > > -SRCREV_psatest = "451aa087a40d02c7d04778235014c5619d126471" > +SRCREV_psatest = "38cb53a4d9e292435ddf7899960b15af62decfbe" > LIC_FILES_CHKSUM += "file://../psatest/LICENSE.md;md5=2a944942e1496af1886903d274dedb13" > > EXTRA_OECMAKE += "\ > diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb > index eef05fe3..6cddfb03 100644 > --- a/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb > +++ b/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb > @@ -3,5 +3,6 @@ DESCRIPTION = "Trusted Services attestation service provider" > require ts-sp-common.inc > > SP_UUID = "${ATTESTATION_UUID}" > +TS_SP_IAT_CONFIG ?= "default" > > -OECMAKE_SOURCEPATH="${S}/deployments/attestation/${TS_ENV}" > +OECMAKE_SOURCEPATH="${S}/deployments/attestation/config/${TS_SP_IAT_CONFIG}-${TS_ENV}" > diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb > index 77a28557..867e4a81 100644 > --- a/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb > +++ b/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb > @@ -3,7 +3,8 @@ DESCRIPTION = "Trusted Services crypto service provider" > require ts-sp-common.inc > > SP_UUID = "${CRYPTO_UUID}" > +TS_SP_CRYPTO_CONFIG ?= "default" > > -DEPENDS += "python3-protobuf-native" > +DEPENDS += "python3-protobuf-native python3-jsonschema-native python3-jinja2-native" > > -OECMAKE_SOURCEPATH="${S}/deployments/crypto/${TS_ENV}" > +OECMAKE_SOURCEPATH="${S}/deployments/crypto/config/${TS_SP_CRYPTO_CONFIG}-${TS_ENV}" > diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb > index 040fd4d1..5551a4de 100644 > --- a/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb > +++ b/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb > @@ -6,5 +6,6 @@ require ts-sp-common.inc > COMPATIBLE_MACHINE ?= "invalid" > > SP_UUID = "${ENV_TEST_UUID}" > +TS_SP_ENVTEST_CONFIG ?= "baremetal-fvp_base_revc" > > -OECMAKE_SOURCEPATH="${S}/deployments/env-test/${TS_ENV}" > +OECMAKE_SOURCEPATH="${S}/deployments/env-test/config/${TS_SP_ENVTEST_CONFIG}-${TS_ENV}" > diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb > index 4eb5dc5e..5472dbda 100644 > --- a/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb > +++ b/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb > @@ -3,5 +3,6 @@ DESCRIPTION = "Trusted Services internal secure storage service provider" > require ts-sp-common.inc > > SP_UUID = "${ITS_UUID}" > +TS_SP_ITS_CONFIG ?= "default" > > -OECMAKE_SOURCEPATH="${S}/deployments/internal-trusted-storage/${TS_ENV}" > +OECMAKE_SOURCEPATH="${S}/deployments/internal-trusted-storage/config/${TS_SP_ITS_CONFIG}-${TS_ENV}" > diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb > index b9246418..26781434 100644 > --- a/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb > +++ b/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb > @@ -3,7 +3,8 @@ DESCRIPTION = "Trusted Services proxy service providers" > require ts-sp-common.inc > > SP_UUID = "${SE_PROXY_UUID}" > +TS_SP_SE_PROXY_CONFIG ?= "default" > > DEPENDS += "python3-protobuf-native" > > -OECMAKE_SOURCEPATH="${S}/deployments/se-proxy/${TS_ENV}" > +OECMAKE_SOURCEPATH="${S}/deployments/se-proxy/config/${TS_SP_SE_PROXY_CONFIG}-${TS_ENV}" > diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb > index 06ca6bd1..752f7fe7 100644 > --- a/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb > +++ b/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb > @@ -3,5 +3,6 @@ DESCRIPTION = "Trusted Services service provider for UEFI SMM services" > require ts-sp-common.inc > > SP_UUID = "${SMM_GATEWAY_UUID}" > +TS_SP_SMM_GATEWAY_CONFIG ?= "default" > > -OECMAKE_SOURCEPATH="${S}/deployments/smm-gateway/${TS_ENV}" > +OECMAKE_SOURCEPATH="${S}/deployments/smm-gateway/config/${TS_SP_SMM_GATEWAY_CONFIG}-${TS_ENV}" > diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb > index c8937546..5b2f47b3 100644 > --- a/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb > +++ b/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb > @@ -3,5 +3,6 @@ DESCRIPTION = "Trusted Services secure storage service provider" > require ts-sp-common.inc > > SP_UUID = "${STORAGE_UUID}" > +TS_SP_PS_CONFIG ?= "default" > > -OECMAKE_SOURCEPATH="${S}/deployments/protected-storage/${TS_ENV}" > +OECMAKE_SOURCEPATH="${S}/deployments/protected-storage/config/${TS_SP_PS_CONFIG}-${TS_ENV}" > -- > 2.39.1.windows.1
On 12 Jun 2023, at 22:42, Denys Dmytriyenko via lists.yoctoproject.org <denis=denix.org@lists.yoctoproject.org> wrote: > > I would like to propose reverting this series ASAP due to the breakage caused > to downstream layers and platforms. Is this just related to the EXTRA_OEMAKE += " CFG_MAP_EXT_DT_SECURE=y” line, or something else too? Obviously that needs fixing, but I don’t think that deserves a bulk revert. Ross
On Tue, Jun 13, 2023 at 02:20:28PM +0000, Ross Burton wrote: > On 12 Jun 2023, at 22:42, Denys Dmytriyenko via lists.yoctoproject.org <denis=denix.org@lists.yoctoproject.org> wrote: > > > > I would like to propose reverting this series ASAP due to the breakage caused > > to downstream layers and platforms. > > Is this just related to the EXTRA_OEMAKE += " CFG_MAP_EXT_DT_SECURE=y” line, > or something else too? Obviously that needs fixing, but I don’t think that > deserves a bulk revert. The reason for the revert proposal was due to a total silence from the author on multiple inquiries. Yes, the fix is simple, but a confirmation or any kind of feedback would have been greatly appreciated...
On 13 Jun 2023, at 20:58, Denys Dmytriyenko <denis@denix.org> wrote: > > On Tue, Jun 13, 2023 at 02:20:28PM +0000, Ross Burton wrote: >> On 12 Jun 2023, at 22:42, Denys Dmytriyenko via lists.yoctoproject.org <denis=denix.org@lists.yoctoproject.org> wrote: >>> >>> I would like to propose reverting this series ASAP due to the breakage caused >>> to downstream layers and platforms. >> >> Is this just related to the EXTRA_OEMAKE += " CFG_MAP_EXT_DT_SECURE=y” line, >> or something else too? Obviously that needs fixing, but I don’t think that >> deserves a bulk revert. > > The reason for the revert proposal was due to a total silence from the author > on multiple inquiries. Yes, the fix is simple, but a confirmation or any kind > of feedback would have been greatly appreciated… Agreed, silence isn’t good, and any one of us should have responded. A proposed resolution is running through internal CI now to check it doesn’t break anything now, hopefully it will be on the list tomorrow. Ross
On Tue, Jun 13, 2023 at 09:14:43PM +0000, Ross Burton wrote: > On 13 Jun 2023, at 20:58, Denys Dmytriyenko <denis@denix.org> wrote: > > > > On Tue, Jun 13, 2023 at 02:20:28PM +0000, Ross Burton wrote: > >> On 12 Jun 2023, at 22:42, Denys Dmytriyenko via lists.yoctoproject.org <denis=denix.org@lists.yoctoproject.org> wrote: > >>> > >>> I would like to propose reverting this series ASAP due to the breakage caused > >>> to downstream layers and platforms. > >> > >> Is this just related to the EXTRA_OEMAKE += " CFG_MAP_EXT_DT_SECURE=y” line, > >> or something else too? Obviously that needs fixing, but I don’t think that > >> deserves a bulk revert. > > > > The reason for the revert proposal was due to a total silence from the author > > on multiple inquiries. Yes, the fix is simple, but a confirmation or any kind > > of feedback would have been greatly appreciated… > > Agreed, silence isn’t good, and any one of us should have responded. A > proposed resolution is running through internal CI now to check it doesn’t > break anything now, hopefully it will be on the list tomorrow. Thanks. Is it any different from my proposal? https://patchwork.yoctoproject.org/project/arm/patch/20230613181723.1711212-1-denis@denix.org/
On 13 Jun 2023, at 22:26, Denys Dmytriyenko <denis@denix.org> wrote: >> Agreed, silence isn’t good, and any one of us should have responded. A >> proposed resolution is running through internal CI now to check it doesn’t >> break anything now, hopefully it will be on the list tomorrow. > > Thanks. Is it any different from my proposal? > https://patchwork.yoctoproject.org/project/arm/patch/20230613181723.1711212-1-denis@denix.org/ It is not :) Ross
diff --git a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc index dc295506..c3ab7867 100644 --- a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc +++ b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc @@ -5,8 +5,8 @@ LICENSE = "Apache-2.0 & BSD-3-Clause & BSD-2-Clause & Zlib" SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=integration;name=trusted-services;destsuffix=git/trusted-services \ " -#latest on 12.10.22. -SRCREV_trusted-services = "3d4956770f89eb9ae0a73257901ae6277c078da6" +#Latest on 2023 April 25 +SRCREV="0d292e7c879076ea36cc39e30e0ac930b71e8cd8" LIC_FILES_CHKSUM = "file://${S}/license.rst;md5=ea160bac7f690a069c608516b17997f4" S = "${WORKDIR}/git/trusted-services" @@ -17,14 +17,14 @@ SRC_URI += "git://github.com/dgibson/dtc;name=dtc;protocol=https;branch=main;des SRCREV_dtc = "b6910bec11614980a21e46fbccc35934b671bd81" LIC_FILES_CHKSUM += "file://../dtc/README.license;md5=a1eb22e37f09df5b5511b8a278992d0e" -# MbedTLS, tag "mbedtls-3.1.0" +# MbedTLS, tag "mbedtls-3.3.0" SRC_URI += "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;branch=master;destsuffix=git/mbedtls" -SRCREV_mbedtls = "d65aeb37349ad1a50e0f6c9b694d4b5290d60e49" +SRCREV_mbedtls = "8c89224991adff88d53cd380f42a2baa36f91454" LIC_FILES_CHKSUM += "file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" -# Nanopb, tag "nanopb-0.4.6" +# Nanopb, tag "nanopb-0.4.2" SRC_URI += "git://github.com/nanopb/nanopb.git;name=nanopb;protocol=https;branch=master;destsuffix=git/nanopb" -SRCREV_nanopb = "afc499f9a410fc9bbf6c9c48cdd8d8b199d49eb4" +SRCREV_nanopb = "df0e92f474f9cca704fe2b31483f0b4d1b1715a4" LIC_FILES_CHKSUM += "file://../nanopb/LICENSE.txt;md5=9db4b73a55a3994384112efcdb37c01f" # qcbor, tag "v1.0.0" @@ -54,15 +54,12 @@ LIC_FILES_CHKSUM += "file://../openamp/LICENSE.md;md5=a8d8cf662ef6bf9936a1e14135 # TS ships patches for external dependencies that needs to be applied apply_ts_patches() { - for p in ${S}/external/qcbor/*.patch; do - patch -p1 -N -d ${WORKDIR}/git/qcbor < ${p} || true - done - for p in ${S}/external/t_cose/*.patch; do - patch -p1 -N -d ${WORKDIR}/git/tcose < ${p} || true - done - for p in ${S}/external/CppUTest/*.patch; do - patch -p1 -d ${WORKDIR}/git/cpputest < ${p} - done + ( cd ${WORKDIR}/git/qcbor; git stash; git branch -f bf_am; git am ${S}/external/qcbor/*.patch; git reset bf_am ) + ( cd ${WORKDIR}/git/tcose; git stash; git branch -f bf_am; git am ${S}/external/t_cose/*.patch; git reset bf_am ) + ( cd ${WORKDIR}/git/mbedtls; git stash; git branch -f bf_am; git am ${S}/external/MbedTLS/*.patch; git reset bf_am ) + ( cd ${WORKDIR}/git/cpputest; git stash; git apply ${S}/external/CppUTest/*.patch ) + ( cd ${WORKDIR}/git/dtc; git stash; git apply ${S}/external/libfdt/*.patch ) + ( cd ${WORKDIR}/git/nanopb; git stash; git apply ${S}/external/nanopb/*.patch ) } do_patch[postfuncs] += "apply_ts_patches" diff --git a/meta-arm/recipes-security/trusted-services/ts-demo_git.bb b/meta-arm/recipes-security/trusted-services/ts-demo_git.bb index a9f7b65f..668bde56 100644 --- a/meta-arm/recipes-security/trusted-services/ts-demo_git.bb +++ b/meta-arm/recipes-security/trusted-services/ts-demo_git.bb @@ -6,6 +6,7 @@ TS_ENV = "arm-linux" require trusted-services.inc +DEPENDS += "python3-jsonschema-native python3-jinja2-native" DEPENDS += "libts" RDEPENDS:${PN} += "libts" diff --git a/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb b/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb index 408c7d3c..24a724a4 100644 --- a/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb +++ b/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb @@ -22,9 +22,7 @@ OECMAKE_SOURCEPATH = "${S}/deployments/newlib/${TS_ENV}/" # TS ships a patch that needs to be applied to newlib apply_ts_patch() { - for p in ${S}/external/newlib/*.patch; do - patch -p1 -d ${WORKDIR}/git/newlib < ${p} - done + ( cd ${WORKDIR}/git/newlib; git stash; git branch -f bf_am; git am ${S}/external/newlib/*.patch; git reset bf_am ) } do_patch[postfuncs] += "apply_ts_patch" diff --git a/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc b/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc index 41cb0c08..8a7b0e5c 100644 --- a/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc +++ b/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc @@ -4,6 +4,8 @@ TS_ENV = "arm-linux" require trusted-services.inc +DEPENDS += "python3-jsonschema-native python3-jinja2-native" + DEPENDS += "libts" RDEPENDS:${PN} += "libts" @@ -11,7 +13,7 @@ SRC_URI += "git://github.com/ARM-software/psa-arch-tests.git;name=psatest;protoc file://0001-Pass-Yocto-build-settings-to-psa-arch-tests-native.patch;patchdir=../psatest \ " -SRCREV_psatest = "451aa087a40d02c7d04778235014c5619d126471" +SRCREV_psatest = "38cb53a4d9e292435ddf7899960b15af62decfbe" LIC_FILES_CHKSUM += "file://../psatest/LICENSE.md;md5=2a944942e1496af1886903d274dedb13" EXTRA_OECMAKE += "\ diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb index eef05fe3..6cddfb03 100644 --- a/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb +++ b/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb @@ -3,5 +3,6 @@ DESCRIPTION = "Trusted Services attestation service provider" require ts-sp-common.inc SP_UUID = "${ATTESTATION_UUID}" +TS_SP_IAT_CONFIG ?= "default" -OECMAKE_SOURCEPATH="${S}/deployments/attestation/${TS_ENV}" +OECMAKE_SOURCEPATH="${S}/deployments/attestation/config/${TS_SP_IAT_CONFIG}-${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb index 77a28557..867e4a81 100644 --- a/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb +++ b/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb @@ -3,7 +3,8 @@ DESCRIPTION = "Trusted Services crypto service provider" require ts-sp-common.inc SP_UUID = "${CRYPTO_UUID}" +TS_SP_CRYPTO_CONFIG ?= "default" -DEPENDS += "python3-protobuf-native" +DEPENDS += "python3-protobuf-native python3-jsonschema-native python3-jinja2-native" -OECMAKE_SOURCEPATH="${S}/deployments/crypto/${TS_ENV}" +OECMAKE_SOURCEPATH="${S}/deployments/crypto/config/${TS_SP_CRYPTO_CONFIG}-${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb index 040fd4d1..5551a4de 100644 --- a/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb +++ b/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb @@ -6,5 +6,6 @@ require ts-sp-common.inc COMPATIBLE_MACHINE ?= "invalid" SP_UUID = "${ENV_TEST_UUID}" +TS_SP_ENVTEST_CONFIG ?= "baremetal-fvp_base_revc" -OECMAKE_SOURCEPATH="${S}/deployments/env-test/${TS_ENV}" +OECMAKE_SOURCEPATH="${S}/deployments/env-test/config/${TS_SP_ENVTEST_CONFIG}-${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb index 4eb5dc5e..5472dbda 100644 --- a/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb +++ b/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb @@ -3,5 +3,6 @@ DESCRIPTION = "Trusted Services internal secure storage service provider" require ts-sp-common.inc SP_UUID = "${ITS_UUID}" +TS_SP_ITS_CONFIG ?= "default" -OECMAKE_SOURCEPATH="${S}/deployments/internal-trusted-storage/${TS_ENV}" +OECMAKE_SOURCEPATH="${S}/deployments/internal-trusted-storage/config/${TS_SP_ITS_CONFIG}-${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb index b9246418..26781434 100644 --- a/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb +++ b/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb @@ -3,7 +3,8 @@ DESCRIPTION = "Trusted Services proxy service providers" require ts-sp-common.inc SP_UUID = "${SE_PROXY_UUID}" +TS_SP_SE_PROXY_CONFIG ?= "default" DEPENDS += "python3-protobuf-native" -OECMAKE_SOURCEPATH="${S}/deployments/se-proxy/${TS_ENV}" +OECMAKE_SOURCEPATH="${S}/deployments/se-proxy/config/${TS_SP_SE_PROXY_CONFIG}-${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb index 06ca6bd1..752f7fe7 100644 --- a/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb +++ b/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb @@ -3,5 +3,6 @@ DESCRIPTION = "Trusted Services service provider for UEFI SMM services" require ts-sp-common.inc SP_UUID = "${SMM_GATEWAY_UUID}" +TS_SP_SMM_GATEWAY_CONFIG ?= "default" -OECMAKE_SOURCEPATH="${S}/deployments/smm-gateway/${TS_ENV}" +OECMAKE_SOURCEPATH="${S}/deployments/smm-gateway/config/${TS_SP_SMM_GATEWAY_CONFIG}-${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb index c8937546..5b2f47b3 100644 --- a/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb +++ b/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb @@ -3,5 +3,6 @@ DESCRIPTION = "Trusted Services secure storage service provider" require ts-sp-common.inc SP_UUID = "${STORAGE_UUID}" +TS_SP_PS_CONFIG ?= "default" -OECMAKE_SOURCEPATH="${S}/deployments/protected-storage/${TS_ENV}" +OECMAKE_SOURCEPATH="${S}/deployments/protected-storage/config/${TS_SP_PS_CONFIG}-${TS_ENV}"