new file mode 100644
@@ -0,0 +1,45 @@
+From c8a2a6529dc3ff609281ef4fe5c5bc949c805b5c Mon Sep 17 00:00:00 2001
+From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
+Date: Thu, 6 Jun 2024 11:42:46 +0200
+Subject: [PATCH] checkconf.mk: do not use full path to generate guard symbol
+ in conf.h
+
+The combination of building with -g3 (which emits definitions of all
+defined preprocessor macros to the debug info) and using a full path
+to define the name of this preprocessor guard means that the output is
+not binary reproducible across different build hosts. For example, in
+my Yocto build, the string
+
+ __home_ravi_yocto_tmp_glibc_work_stm32mp135fdk_oe_linux_gnueabi_optee_os_stm32mp_3_19_0_stm32mp_r1_1_build_stm32mp135f_dk_include_generated_conf_h_
+
+appears in several build artifacts. Another developer or buildbot
+would not build in some /home/ravi/... directory.
+
+In order to increase binary reproducibility, only use the path sans
+the $(out-dir)/ prefix of the conf.h file.
+
+Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
+Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
+---
+ mk/checkconf.mk | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+Upstream-Status: Backport [c8a2a6529dc3ff609281ef4fe5c5bc949c805b5c]
+
+diff --git a/mk/checkconf.mk b/mk/checkconf.mk
+index 449b1c2b8..bb08d6b15 100644
+--- a/mk/checkconf.mk
++++ b/mk/checkconf.mk
+@@ -17,7 +17,8 @@ define check-conf-h
+ cnf='$(strip $(foreach var, \
+ $(call cfg-vars-by-prefix,$1), \
+ $(call cfg-make-define,$(var))))'; \
+- guard="_`echo $@ | tr -- -/.+ _`_"; \
++ guardpath="$(patsubst $(out-dir)/%,%,$@)" \
++ guard="_`echo "$${guardpath}" | tr -- -/.+ _`_"; \
+ mkdir -p $(dir $@); \
+ echo "#ifndef $${guard}" >$@.tmp; \
+ echo "#define $${guard}" >>$@.tmp; \
+--
+2.34.1
+
new file mode 100644
@@ -0,0 +1,32 @@
+From f881f1b42be0b1e53c0f9a0a663adbc11fa2f320 Mon Sep 17 00:00:00 2001
+From: Mikko Rapeli <mikko.rapeli@linaro.org>
+Date: Thu, 18 Jul 2024 07:54:18 +0000
+Subject: [PATCH] mk/compile.mk: remove absolute build time paths
+
+Some generated files get a __FILE_ID__ which include absolute
+build time paths. Remove the paths and use plain file name.
+Fixes yocto QA check.
+
+Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
+---
+ mk/compile.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Upstream-Status: Submitted [https://github.com/OP-TEE/optee_os/pull/6950]
+
+diff --git a/mk/compile.mk b/mk/compile.mk
+index b3d807ba4..85b4dab64 100644
+--- a/mk/compile.mk
++++ b/mk/compile.mk
+@@ -120,7 +120,7 @@ comp-cppflags-$2 = $$(filter-out $$(CPPFLAGS_REMOVE) $$(cppflags-remove) \
+ $$(addprefix -I,$$(incdirs-$2)) \
+ $$(cppflags$$(comp-sm-$2)) \
+ $$(cppflags-lib$$(comp-lib-$2)) $$(cppflags-$2)) \
+- -D__FILE_ID__=$$(subst -,_,$$(subst /,_,$$(subst .,_,$1)))
++ -D__FILE_ID__=$$(subst -,_,$$(subst /,_,$$(subst .,_,$$(notdir $1))))
+
+ comp-flags-$2 += -MD -MF $$(comp-dep-$2) -MT $$@
+ comp-flags-$2 += $$(comp-cppflags-$2)
+--
+2.34.1
+
@@ -7,4 +7,6 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
SRCREV = "12d7c4ee4642d2d761e39fbcf21a06fb77141dea"
SRC_URI += " \
file://0003-optee-enable-clang-support.patch \
- "
+ file://0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch \
+ file://0001-mk-compile.mk-remove-absolute-build-time-paths.patch \
+"
Change optee-os build scripts to not use absolute build time paths in generated header files and scripts. One patch is backport from master/4.3 and the other has been submitted. Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> --- ...not-use-full-path-to-generate-guard-.patch | 45 +++++++++++++++++++ ....mk-remove-absolute-build-time-paths.patch | 32 +++++++++++++ .../recipes-security/optee/optee-os_4.2.0.bb | 4 +- 3 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 meta-arm/recipes-security/optee/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch create mode 100644 meta-arm/recipes-security/optee/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch