@@ -44,6 +44,9 @@ Other steps depend on your machine/platform definition:
and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc` and
`meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for N1SDP and Corstone1000 platforms.
+4. Trusted Services supports an SPMC agonistic binary format. To build SPs to this format the `TS_ENV` variable is to be
+ set to `sp`. The resulting SP binaries should be able to boot under any FF-A v1.1 compliant SPMC implementation.
+
## Normal World applications
Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes
@@ -6,61 +6,64 @@
# TS SPs UUIDs definitions
require recipes-security/trusted-services/ts-uuid.inc
-TS_ENV = "opteesp"
+TS_ENV ?= "opteesp"
TS_BIN = "${RECIPE_SYSROOT}/usr/${TS_ENV}/bin"
+TS_BIN_SPM_TEST= "${RECIPE_SYSROOT}/usr/opteesp/bin"
+
+SP_EXT = "${@oe.utils.conditional('TS_ENV','opteesp','.stripped.elf','.bin',d)}"
# ITS SP
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \
' ts-sp-its', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \
- ' ${TS_BIN}/${ITS_UUID}.stripped.elf', '', d)}"
+ ' ${TS_BIN}/${ITS_UUID}${SP_EXT}', '', d)}"
# Storage SP
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \
' ts-sp-storage', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \
- ' ${TS_BIN}/${STORAGE_UUID}.stripped.elf', '', d)}"
+ ' ${TS_BIN}/${STORAGE_UUID}${SP_EXT}', '', d)}"
# Crypto SP.
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \
' ts-sp-crypto', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \
- ' ${TS_BIN}/${CRYPTO_UUID}.stripped.elf', '', d)}"
+ ' ${TS_BIN}/${CRYPTO_UUID}${SP_EXT}', '', d)}"
# Attestation SP
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \
' ts-sp-attestation', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \
- ' ${TS_BIN}/${ATTESTATION_UUID}.stripped.elf', '', d)}"
+ ' ${TS_BIN}/${ATTESTATION_UUID}${SP_EXT}', '', d)}"
# Env-test SP
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \
' ts-sp-env-test', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \
- ' ${TS_BIN}/${ENV_TEST_UUID}.stripped.elf', '', d)}"
+ ' ${TS_BIN}/${ENV_TEST_UUID}${SP_EXT}', '', d)}"
# SE-Proxy SP
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \
' ts-sp-se-proxy', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \
- ' ${TS_BIN}/${SE_PROXY_UUID}.stripped.elf', '', d)}"
+ ' ${TS_BIN}/${SE_PROXY_UUID}${SP_EXT}', '', d)}"
# SMM Gateway
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
' ts-sp-smm-gateway', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
- ' ${TS_BIN}/${SMM_GATEWAY_UUID}.stripped.elf', '', d)}"
+ ' ${TS_BIN}/${SMM_GATEWAY_UUID}${SP_EXT}', '', d)}"
# SPM test SPs
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
' ts-sp-spm-test1 ts-sp-spm-test2 \
ts-sp-spm-test3 ts-sp-spm-test4', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
- ' ${TS_BIN}/${SPM_TEST1_UUID}.stripped.elf \
- ${TS_BIN}/${SPM_TEST2_UUID}.stripped.elf \
- ${TS_BIN}/${SPM_TEST3_UUID}.stripped.elf \
- ${TS_BIN}/${SPM_TEST4_UUID}.stripped.elf', \
- '', d)}"
+ ' ${TS_BIN_SPM_TEST}/${SPM_TEST1_UUID}.stripped.elf \
+ ${TS_BIN_SPM_TEST}/${SPM_TEST2_UUID}.stripped.elf \
+ ${TS_BIN_SPM_TEST}/${SPM_TEST3_UUID}.stripped.elf \
+ ${TS_BIN_SPM_TEST}/${SPM_TEST4_UUID}.stripped.elf', \
+ '', d)}"
EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
' CFG_SPMC_TESTS=y', '' , d)}"
@@ -69,7 +72,7 @@ DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage',
' ts-sp-block-storage', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \
- ' ${TS_BIN}/${BLOCK_STORAGE_UUID}.stripped.elf', '', d)}"
+ ' ${TS_BIN}/${BLOCK_STORAGE_UUID}${SP_EXT}', '', d)}"
EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', \
' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y \
@@ -23,7 +23,7 @@ TS_PLATFORM ?= "ts/mock"
# FIP packaging is not supported yet
SP_PACKAGING_METHOD ?= "embedded"
-SYSROOT_DIRS += "/usr/opteesp /usr/arm-linux"
+SYSROOT_DIRS += "/usr/${TS_ENV} /usr/opteesp /usr/arm-linux"
# TS cmake files use find_file() to search through source code and build dirs.
# Yocto cmake class limits CMAKE_FIND_ROOT_PATH and find_file() fails.
@@ -54,5 +54,5 @@ EXTRA_OECMAKE += "${@get_ts_toolchain_option(d)}"
# Paths to pre-built dependencies required by some TS SPs/tools
EXTRA_OECMAKE += "-Dlibts_ROOT=${STAGING_DIR_HOST}${TS_INSTALL}/lib/cmake/libts/ \
- -DNEWLIB_INSTALL_DIR=${STAGING_DIR_HOST}${TS_INSTALL}/newlib \
+ -DNEWLIB_INSTALL_DIR=${STAGING_DIR_HOST}/usr/opteesp/newlib \
"
@@ -6,6 +6,7 @@ require trusted-services.inc
require ts-uuid.inc
DEPENDS += "dtc-native ts-newlib"
+DEPENDS += "${@oe.utils.conditional('TS_ENV','sp','python3-pyelftools-native','', d)}"
FILES:${PN}-dev = "${TS_INSTALL}"
@@ -1,5 +1,8 @@
DESCRIPTION = "Trusted Services SPMC test SPs"
+# spm test SP only supports opteesp.
+TS_ENV = 'opteesp'
+
require ts-sp-common.inc
SP_UUID = "${SPM_TEST${SP_INDEX}_UUID}"
The current version of the TS recipes fails to build if the TS environment is not set to opteesp. Change the recipes to allow building the sp environment. This environment targets "generic" secure partitions and produces SPMC agnostic SP binaries which should be able to boot under any FF-A v1.0 compliant SPMC implementation. Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com> --- documentation/trusted-services.md | 3 ++ .../recipes-security/optee/optee-os-ts.inc | 31 ++++++++++--------- .../trusted-services/trusted-services.inc | 4 +-- .../trusted-services/ts-sp-common.inc | 1 + .../ts-sp-spm-test-common.inc | 3 ++ 5 files changed, 26 insertions(+), 16 deletions(-)