@@ -8,6 +8,7 @@ header:
local_conf_header:
trusted_services: |
TEST_SUITES:append = " trusted_services"
+ TEST_SUITES:remove = "parselogs"
# Include TS Crypto, TS Protected Storage, and TS Internal Trusted Storage and SPs into optee-os image
# FIXME - remove TS SMM Gateway due to QEMU v9.0.0 test failures
MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
@@ -23,8 +23,6 @@ PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
KERNEL_DTB_NAME = "fvp-base-revc.dtb"
KERNEL_DEVICETREE = "arm/${KERNEL_DTB_NAME}"
KERNEL_IMAGETYPE = "Image"
-#FIXME - Working around arm-tstee not compiling on kernels greater than 6.8
-PREFERRED_VERSION_linux-yocto ?= "6.6.%"
EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
@@ -3,9 +3,6 @@ MACHINEOVERRIDES =. "qemuarm64:"
require ${COREBASE}/meta/conf/machine/qemuarm64.conf
KMACHINE = "qemuarm64"
-#FIXME - Working around arm-tstee not compiling on kernels greater than 6.8
-PREFERRED_VERSION_linux-yocto ?= "6.6.%"
-PREFERRED_VERSION_linux-yocto-rt ?= "6.6.%"
# secure=on can't ever use KVM, so force it off
QEMU_USE_KVM = ""
deleted file mode 100644
@@ -1,23 +0,0 @@
-SUMMARY = "A Linux kernel module providing user space access to Trusted Services"
-DESCRIPTION = "${SUMMARY}"
-LICENSE = "GPL-2.0-only"
-LIC_FILES_CHKSUM = "file://COPYING;md5=05e355bbd617507216a836c56cf24983"
-
-inherit module
-
-SRC_URI = "git://gitlab.arm.com/linux-arm/linux-trusted-services;protocol=https;branch=main \
- file://Makefile;subdir=git \
- "
-S = "${WORKDIR}/git"
-
-# Tag tee-v2.0.0
-SRCREV = "a2d7349a96c3b3afb44bf1555d53f1c46e45a23d"
-UPSTREAM_CHECK_GITTAGREGEX = "^tee-v(?P<pver>\d+(\.\d+)+)$"
-
-COMPATIBLE_HOST = "(arm|aarch64).*-linux"
-KERNEL_MODULE_AUTOLOAD += "arm-tstee"
-
-do_install:append() {
- install -d ${D}${includedir}
- install -m 0644 ${S}/uapi/arm_tstee.h ${D}${includedir}/
-}
@@ -1 +1,2 @@
CONFIG_ARM_FFA_TRANSPORT=y
+CONFIG_ARM_TSTEE=y
new file mode 100644
@@ -0,0 +1,223 @@
+From cc9589c03cb0fcd9c3248b95f05cce1afaa37d0f Mon Sep 17 00:00:00 2001
+From: Balint Dobszay <balint.dobszay@arm.com>
+Date: Thu, 19 Oct 2023 16:35:05 +0200
+Subject: [PATCH] Remove TEE driver external component
+
+The TSTEE driver has been merged to Linux kernel v6.10, which makes the
+out-of-tree version deprecated. Remove the external component that was
+downloading it. Also, the in-tree version doesn't have a module version
+field defined, so the sanity check for reading the out-of-tree module's
+version is removed too.
+
+Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
+Change-Id: I57ee44293c5e940ee7fa944d1420ebcba624fc56
+Upstream-Status: Backport
+---
+ .../rpc/ts_rpc/caller/linux/component.cmake | 6 --
+ .../ts_rpc/caller/linux/ts_rpc_caller_linux.c | 56 +++----------------
+ .../spm/optee/userspace-programs-on-fvp.rst | 3 +-
+ docs/quickstart/optee-testing.rst | 1 -
+ .../LinuxFfaTeeDriver/LinuxFfaTeeDriver.cmake | 54 ------------------
+ 5 files changed, 9 insertions(+), 111 deletions(-)
+ delete mode 100644 external/LinuxFfaTeeDriver/LinuxFfaTeeDriver.cmake
+
+diff --git a/components/rpc/ts_rpc/caller/linux/component.cmake b/components/rpc/ts_rpc/caller/linux/component.cmake
+index c9f439e20da4..f8e4a52fb70c 100644
+--- a/components/rpc/ts_rpc/caller/linux/component.cmake
++++ b/components/rpc/ts_rpc/caller/linux/component.cmake
+@@ -8,8 +8,6 @@ if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+ endif()
+
+-include(${TS_ROOT}/external/LinuxFfaTeeDriver/LinuxFfaTeeDriver.cmake)
+-
+ set_property(TARGET ${TGT} APPEND PROPERTY PUBLIC_HEADER
+ "${CMAKE_CURRENT_LIST_DIR}/ts_rpc_caller_linux.h"
+ )
+@@ -17,7 +15,3 @@ set_property(TARGET ${TGT} APPEND PROPERTY PUBLIC_HEADER
+ target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/ts_rpc_caller_linux.c"
+ )
+-
+-target_include_directories(${TGT} PRIVATE
+- "${LINUX_FFA_TEE_DRIVER_INCLUDE_DIR}"
+- )
+diff --git a/components/rpc/ts_rpc/caller/linux/ts_rpc_caller_linux.c b/components/rpc/ts_rpc/caller/linux/ts_rpc_caller_linux.c
+index 7c4606e56f09..3402a9f6ae2b 100644
+--- a/components/rpc/ts_rpc/caller/linux/ts_rpc_caller_linux.c
++++ b/components/rpc/ts_rpc/caller/linux/ts_rpc_caller_linux.c
+@@ -6,7 +6,6 @@
+
+ #include "ts_rpc_caller_linux.h"
+
+-#include <arm_tstee.h>
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <linux/tee.h>
+@@ -24,11 +23,16 @@
+
+ #define INVALID_SESS_ID 0
+ #define MAX_TEE_DEV_NUM 16
+-#define TS_TEE_DRV_REQ_VER_MAJOR 2
+-#define TS_TEE_DRV_REQ_VER_MINOR 0
+-#define TS_TEE_DRV_REQ_VER_PATCH 0
+ #define TS_TEE_DRV_INVALID_SHM_ID (0)
+
++/*
++ * This define is part of linux/tee.h starting from Linux v6.10
++ * Let's keep a copy here in case the kernel headers come from an older version
++ */
++#ifndef TEE_IMPL_ID_TSTEE
++#define TEE_IMPL_ID_TSTEE 3
++#endif
++
+ struct ts_tee_dev {
+ uint16_t endpoint_id;
+ char path[16];
+@@ -236,47 +240,6 @@ static rpc_status_t call(void *context, uint16_t opcode,
+ return RPC_SUCCESS;
+ }
+
+-static bool ts_tee_drv_check_version(void)
+-{
+- unsigned int major = 0;
+- unsigned int minor = 0;
+- unsigned int patch = 0;
+- FILE *f = NULL;
+- int cnt = 0;
+-
+- f = fopen("/sys/module/arm_tstee/version", "r");
+- if (f) {
+- cnt = fscanf(f, "%u.%u.%u", &major, &minor, &patch);
+- fclose(f);
+-
+- if (cnt != 3) {
+- printf("error: cannot read TS TEE driver version\n");
+- return false;
+- }
+- } else {
+- printf("error: TS TEE driver not available\n");
+- return false;
+- }
+-
+- if (major != TS_TEE_DRV_REQ_VER_MAJOR)
+- goto err;
+-
+- if (minor < TS_TEE_DRV_REQ_VER_MINOR)
+- goto err;
+-
+- if (minor == TS_TEE_DRV_REQ_VER_MINOR)
+- if (patch < TS_TEE_DRV_REQ_VER_PATCH)
+- goto err;
+-
+- return true;
+-
+-err:
+- printf("error: TS TEE driver is v%u.%u.%u but required v%u.%u.%u\n", major, minor, patch,
+- TS_TEE_DRV_REQ_VER_MAJOR, TS_TEE_DRV_REQ_VER_MINOR, TS_TEE_DRV_REQ_VER_PATCH);
+-
+- return false;
+-}
+-
+ static void ts_tee_drv_discover(struct ts_tee_dev *ts_tee_devs, size_t count)
+ {
+ struct tee_ioctl_version_data vers = { 0 };
+@@ -314,9 +277,6 @@ rpc_status_t ts_rpc_caller_linux_init(struct rpc_caller_interface *rpc_caller)
+ if (!rpc_caller || rpc_caller->context)
+ return RPC_ERROR_INVALID_VALUE;
+
+- if (!ts_tee_drv_check_version())
+- return RPC_ERROR_INTERNAL;
+-
+ context = (struct ts_rpc_caller_linux_context *)calloc(
+ 1, sizeof(struct ts_rpc_caller_linux_context));
+ if (!context)
+diff --git a/docs/environments/secure-partitions/spm/optee/userspace-programs-on-fvp.rst b/docs/environments/secure-partitions/spm/optee/userspace-programs-on-fvp.rst
+index f81e1dff3264..aeb26fb3462a 100644
+--- a/docs/environments/secure-partitions/spm/optee/userspace-programs-on-fvp.rst
++++ b/docs/environments/secure-partitions/spm/optee/userspace-programs-on-fvp.rst
+@@ -59,8 +59,7 @@ Once it boots to the login prompt, log in as root and from the FVP terminal, ent
+ # Install the shared library and executables
+ cp -vat /usr out/ts-install/arm-linux/lib out/ts-install/arm-linux/bin
+
+- # Load the kernel modules
+- out/linux-arm-ffa-tee/load_module.sh
++ # Load the kernel module
+ out/linux-arm-ffa-user/load_module.sh
+
+ # Run the test application
+diff --git a/docs/quickstart/optee-testing.rst b/docs/quickstart/optee-testing.rst
+index 7eccf7ab9031..9ff2421d5565 100644
+--- a/docs/quickstart/optee-testing.rst
++++ b/docs/quickstart/optee-testing.rst
+@@ -47,7 +47,6 @@ Once it boots to the login prompt, log in as root and from the FVP terminal, ent
+
+ cd /mnt/host
+ cp -vat /usr out/ts-install/arm-linux/lib out/ts-install/arm-linux/bin
+- out/linux-arm-ffa-tee/load_module.sh
+ out/linux-arm-ffa-user/load_module.sh
+ ts-service-test -v
+
+diff --git a/external/LinuxFfaTeeDriver/LinuxFfaTeeDriver.cmake b/external/LinuxFfaTeeDriver/LinuxFfaTeeDriver.cmake
+deleted file mode 100644
+index da0a5b3def7e..000000000000
+--- a/external/LinuxFfaTeeDriver/LinuxFfaTeeDriver.cmake
++++ /dev/null
+@@ -1,54 +0,0 @@
+-#-------------------------------------------------------------------------------
+-# Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
+-#
+-# SPDX-License-Identifier: BSD-3-Clause
+-#
+-#-------------------------------------------------------------------------------
+-
+-# If the driver is already installed, try to find that
+-find_path(LINUX_FFA_TEE_DRIVER_INCLUDE_DIR
+- NAMES arm_tstee.h
+- DOC "Linux FF-A TEE driver include directory"
+-)
+-
+-# If not found, download it
+-if(NOT LINUX_FFA_TEE_DRIVER_INCLUDE_DIR)
+- set(LINUX_FFA_TEE_DRIVER_URL "https://git.gitlab.arm.com/linux-arm/linux-trusted-services.git"
+- CACHE STRING "Linux FF-A TEE driver repository URL")
+-
+- # Note: the aim of this external component is to make the header file defining the IOCTL API
+- # available. Fetching a moving reference is ok as long as API compatibility is guaranteed.
+- set(LINUX_FFA_TEE_DRIVER_REFSPEC "origin/tee-v2"
+- CACHE STRING "Linux FF-A TEE driver git refspec")
+-
+- set(LINUX_FFA_TEE_DRIVER_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/linux_ffa_tee_driver-src"
+- CACHE PATH "Location of Linux TEE driver source.")
+-
+- if (DEFINED ENV{LINUX_FFA_TEE_DRIVER_SOURCE_DIR})
+- set(LINUX_FFA_TEE_DRIVER_SOURCE_DIR $ENV{LINUX_FFA_TEE_DRIVER_SOURCE_DIR}
+- CACHE PATH "Location of Linux TEE driver source." FORCE)
+- endif()
+-
+- set(GIT_OPTIONS
+- GIT_REPOSITORY ${LINUX_FFA_TEE_DRIVER_URL}
+- GIT_TAG ${LINUX_FFA_TEE_DRIVER_REFSPEC}
+- GIT_SHALLOW TRUE
+- )
+- include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED)
+- LazyFetch_MakeAvailable(
+- DEP_NAME linux_ffa_tee_driver
+- FETCH_OPTIONS "${GIT_OPTIONS}"
+- SOURCE_DIR ${LINUX_FFA_TEE_DRIVER_SOURCE_DIR}
+- )
+-
+- find_path(LINUX_FFA_TEE_DRIVER_INCLUDE_DIR
+- NAMES arm_tstee.h
+- PATHS ${LINUX_FFA_TEE_DRIVER_SOURCE_DIR}/uapi
+- NO_DEFAULT_PATH
+- REQUIRED
+- DOC "Linux FF-A TEE driver include directory"
+- )
+-endif()
+-
+-set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS
+- "${LINUX_FFA_TEE_DRIVER_INCLUDE_DIR}/arm_tstee.h")
+--
+2.39.2
+
@@ -6,12 +6,12 @@ TS_ENV = "arm-linux"
require trusted-services.inc
SRC_URI += "file://tee-udev.rules \
+ file://0001-Remove-TEE-driver-external-component.patch \
"
OECMAKE_SOURCEPATH="${S}/deployments/libts/${TS_ENV}"
-DEPENDS += "arm-tstee arm-ffa-user"
-RRECOMMENDS:${PN} += "arm-tstee"
+DEPENDS += "arm-ffa-user"
# Unix group name for dev/tee* ownership.
TEE_GROUP_NAME ?= "teeclnt"
The ts-tee driver was upstreamed into the v6.10 kernel. Remove arm-tstee driver package, since the upstream one should be used. Parselogs is failing on the qemuarm64-secureboot tests because the arm ffs linux kernel driver requires gicv3 to be in the DT and logs an error if not (though still appears to work). Signed-off-by: Jon Mason <jon.mason@arm.com> --- ci/qemuarm64-secureboot-ts.yml | 1 + meta-arm-bsp/conf/machine/fvp-base.conf | 2 - .../conf/machine/qemuarm64-secureboot.conf | 3 - .../arm-tstee/arm-tstee_2.0.0.bb | 23 -- .../linux/files/arm-ffa-transport.cfg | 1 + ...Remove-TEE-driver-external-component.patch | 223 ++++++++++++++++++ .../trusted-services/libts_git.bb | 4 +- 7 files changed, 227 insertions(+), 30 deletions(-) delete mode 100644 meta-arm/recipes-kernel/arm-tstee/arm-tstee_2.0.0.bb create mode 100644 meta-arm/recipes-security/trusted-services/libts/0001-Remove-TEE-driver-external-component.patch