From patchwork Wed Jun 18 08:10:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Clement Faure X-Patchwork-Id: 65221 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E00F0C7115E for ; Wed, 18 Jun 2025 08:11:04 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.2042.1750234259331767085 for ; Wed, 18 Jun 2025 01:10:59 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: clement.faure@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5E46F1BD0; Wed, 18 Jun 2025 01:10:38 -0700 (PDT) Received: from MGC575JXM4.arm.com (unknown [10.57.83.236]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 53C943F66E; Wed, 18 Jun 2025 01:10:58 -0700 (PDT) From: Clement Faure To: meta-arm@lists.yoctoproject.org Cc: =?utf-8?q?Cl=C3=A9ment_Faure?= Subject: [PATCH 2/3] arm/optee: remove 4.3.0 Date: Wed, 18 Jun 2025 10:10:46 +0200 Message-Id: <20250618081047.34990-3-clement.faure@arm.com> X-Mailer: git-send-email 2.39.5 (Apple Git-154) In-Reply-To: <20250618081047.34990-1-clement.faure@arm.com> References: <20250618081047.34990-1-clement.faure@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 18 Jun 2025 08:11:04 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6566 From: Clément Faure Remove optee 4.3.0 recipes. Signed-off-by: Clément Faure --- ...dd-udev-rule-and-systemd-service-fil.patch | 186 ------------------ .../optee/optee-client_4.3.0.bb | 10 - .../optee/optee-examples_4.3.0.bb | 3 - .../optee/optee-os-tadevkit_4.3.0.bb | 26 --- ...mpile.mk-use-CFLAGS-from-environment.patch | 43 ---- ....mk-remove-absolute-build-time-paths.patch | 53 ----- ...02-link.mk-use-CFLAGS-with-version.o.patch | 45 ----- ...k-generate-version.o-in-link-out-dir.patch | 70 ------- .../recipes-security/optee/optee-os_4.3.0.bb | 14 -- .../optee/optee-test_4.3.0.bb | 12 -- 10 files changed, 462 deletions(-) delete mode 100644 meta-arm/recipes-security/optee/optee-client/0001-tee-supplicant-add-udev-rule-and-systemd-service-fil.patch delete mode 100644 meta-arm/recipes-security/optee/optee-client_4.3.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-examples_4.3.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-os-tadevkit_4.3.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-os/0001-compile.mk-use-CFLAGS-from-environment.patch delete mode 100644 meta-arm/recipes-security/optee/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch delete mode 100644 meta-arm/recipes-security/optee/optee-os/0002-link.mk-use-CFLAGS-with-version.o.patch delete mode 100644 meta-arm/recipes-security/optee/optee-os/0003-link.mk-generate-version.o-in-link-out-dir.patch delete mode 100644 meta-arm/recipes-security/optee/optee-os_4.3.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-test_4.3.0.bb diff --git a/meta-arm/recipes-security/optee/optee-client/0001-tee-supplicant-add-udev-rule-and-systemd-service-fil.patch b/meta-arm/recipes-security/optee/optee-client/0001-tee-supplicant-add-udev-rule-and-systemd-service-fil.patch deleted file mode 100644 index 18c0d950..00000000 --- a/meta-arm/recipes-security/optee/optee-client/0001-tee-supplicant-add-udev-rule-and-systemd-service-fil.patch +++ /dev/null @@ -1,186 +0,0 @@ -From bf0d02758696ee7a9f7af9e95f85f5c238d0e109 Mon Sep 17 00:00:00 2001 -From: Mikko Rapeli -Date: Wed, 2 Oct 2024 15:24:21 +0100 -Subject: [PATCH] tee-supplicant: add udev rule and systemd service file - -tee-supplicant startup with systemd init based -is non-trivial. Add sample udev rule and systemd -service files here so that distros can co-operate maintaining -them. - -Files are from meta-arm https://git.yoctoproject.org/meta-arm -at commit 7cce43e632daa8650f683ac726f9124681b302a4 with license -MIT and authors: - -Peter Griffin -Joshua Watt -Javier Tia -Mikko Rapeli - -With permission from the authors, files can be relicensed to -BSD-2-Clause like rest of optee client repo. - -The config files expect to find tee and teepriv system groups -and teesuppl user and group (part of teepriv group) for running -tee-supplicant. Additionally state directory /var/lib/tee -must be owned by teesuppl user and group with no rights -to other users. The groups and user can be changed via -CMake variables: - -CFG_TEE_GROUP -CFG_TEEPRIV_GROUP -CFG_TEE_SUPPL_USER -CFG_TEE_SUPPL_GROUP - -Change storage path from /data to /var/lib and -use standard CMake variables also for constructing install -paths which can be override to change the defaults: - -CMAKE_INSTALL_PREFIX, e.g. / -CMAKE_INSTALL_LIBDIR, e.g. /usr/lib -CMAKE_INSTALL_LOCALSTATEDIR /var - -Once these are setup, udev will start tee-supplicant in initramfs -or rootfs with teesuppl user and group when /dev/teepriv -device appears. The systemd service starts before tpm2.target -(new in systemd 256) which starts early in initramfs and in main rootfs. -This covers firmware TPM TA usecases for main rootfs encryption. When -stopping tee-supplicant, the ftpm kernel modules are removed and only -then the main process stopped to avoid fTPM breakage. These workarounds -may be removed once RPMB kernel and optee patches without tee-supplicant -are merged (Linux kernel >= 6.12-rc1, optee_os latest master or >= 4.4). - -Tested on yocto meta-arm setup which runs fTPM and optee-test/xtest -under qemuarm64: - -$ git clone https://git.yoctoproject.org/meta-arm -$ cd meta-arm -$ SSTATE_DIR=$HOME/sstate DL_DIR=$HOME/download kas build \ -ci/qemuarm64-secureboot.yml:ci/poky-altcfg.yml:ci/testimage.yml - -Compiled image can be manually started to qemu serial console with: - -$ SSTATE_DIR=$HOME/sstate DL_DIR=$HOME/download kas shell \ -ci/qemuarm64-secureboot.yml:ci/poky-altcfg.yml:ci/testimage.yml -$ runqemu slirp nographic - -meta-arm maintainers run these tests as part of their CI. - -Note that if the tee-supplicant state directory /var/lib/tee -can not be accessed due permissions or other problems, then -tee-supplicant startup with systemd still works. Only optee-test/xtest -will be failing and fTPM kernel drivers fail to load with error -messages. - -Cc: Peter Griffin -Cc: Joshua Watt -Cc: Javier Tia -Acked-by: Jerome Forissier -Signed-off-by: Mikko Rapeli ---- - config.mk | 2 +- - libteec/CMakeLists.txt | 2 +- - tee-supplicant/CMakeLists.txt | 13 +++++++++++-- - tee-supplicant/optee-udev.rules.in | 7 +++++++ - tee-supplicant/tee-supplicant@.service.in | 17 +++++++++++++++++ - 5 files changed, 37 insertions(+), 4 deletions(-) - create mode 100644 tee-supplicant/optee-udev.rules.in - create mode 100644 tee-supplicant/tee-supplicant@.service.in - -Upstream-Status: Backport - -diff --git a/config.mk b/config.mk -index eae481f..3def087 100644 ---- a/config.mk -+++ b/config.mk -@@ -23,7 +23,7 @@ CFG_TEE_SUPP_LOG_LEVEL?=1 - # This folder can be created with the required permission in an init - # script during boot, else it will be created by the tee-supplicant on - # first REE FS access. --CFG_TEE_FS_PARENT_PATH ?= /data/tee -+CFG_TEE_FS_PARENT_PATH ?= /var/lib/tee - - # CFG_TEE_CLIENT_LOG_FILE - # The location of the client log file when logging to file is enabled. -diff --git a/libteec/CMakeLists.txt b/libteec/CMakeLists.txt -index c742d31..c857369 100644 ---- a/libteec/CMakeLists.txt -+++ b/libteec/CMakeLists.txt -@@ -14,7 +14,7 @@ endif() - # Configuration flags always included - ################################################################################ - set(CFG_TEE_CLIENT_LOG_LEVEL "1" CACHE STRING "libteec log level") --set(CFG_TEE_CLIENT_LOG_FILE "/data/tee/teec.log" CACHE STRING "Location of libteec log") -+set(CFG_TEE_CLIENT_LOG_FILE "${CMAKE_INSTALL_LOCALSTATEDIR}/lib/tee/teec.log" CACHE STRING "Location of libteec log") - - ################################################################################ - # Source files -diff --git a/tee-supplicant/CMakeLists.txt b/tee-supplicant/CMakeLists.txt -index 54a34c7..8df9bef 100644 ---- a/tee-supplicant/CMakeLists.txt -+++ b/tee-supplicant/CMakeLists.txt -@@ -11,10 +11,15 @@ option(CFG_TEE_SUPP_PLUGINS "Enable tee-supplicant plugin support" ON) - set(CFG_TEE_SUPP_LOG_LEVEL "1" CACHE STRING "tee-supplicant log level") - # FIXME: Question is, is this really needed? Should just use defaults from # GNUInstallDirs? - set(CFG_TEE_CLIENT_LOAD_PATH "/lib" CACHE STRING "Colon-separated list of paths where to look for TAs (see also --ta-dir)") --set(CFG_TEE_FS_PARENT_PATH "/data/tee" CACHE STRING "Location of TEE filesystem (secure storage)") -+set(CFG_TEE_FS_PARENT_PATH "${CMAKE_INSTALL_LOCALSTATEDIR}/lib/tee" CACHE STRING "Location of TEE filesystem (secure storage)") - # FIXME: Why do we have if defined(CFG_GP_SOCKETS) && CFG_GP_SOCKETS == 1 in the c-file? - set(CFG_GP_SOCKETS "1" CACHE STRING "Enable GlobalPlatform Socket API support") --set(CFG_TEE_PLUGIN_LOAD_PATH "/usr/lib/tee-supplicant/plugins/" CACHE STRING "tee-supplicant's plugins path") -+set(CFG_TEE_PLUGIN_LOAD_PATH "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}/${PROJECT_NAME}/plugins/" CACHE STRING "tee-supplicant's plugins path") -+ -+set(CFG_TEE_GROUP "tee" CACHE STRING "Group which has access to /dev/tee* devices") -+set(CFG_TEEPRIV_GROUP "teepriv" CACHE STRING "Group which has access to /dev/teepriv* devices") -+set(CFG_TEE_SUPPL_USER "teesuppl" CACHE STRING "User account which tee-supplicant is started with") -+set(CFG_TEE_SUPPL_GROUP "teesuppl" CACHE STRING "Group account which tee-supplicant is started with") - - if(CFG_TEE_SUPP_PLUGINS) - set(CMAKE_INSTALL_RPATH "${CFG_TEE_PLUGIN_LOAD_PATH}") -@@ -113,3 +118,7 @@ endif() - # Install targets - ################################################################################ - install(TARGETS ${PROJECT_NAME} RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}) -+configure_file(tee-supplicant@.service.in tee-supplicant@.service @ONLY) -+install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/tee-supplicant@.service DESTINATION ${CMAKE_INSTALL_LIBDIR}/systemd/system) -+configure_file(optee-udev.rules.in optee-udev.rules @ONLY) -+install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/optee-udev.rules DESTINATION ${CMAKE_INSTALL_SYSCONFDIR}/udev/rules.d) -diff --git a/tee-supplicant/optee-udev.rules.in b/tee-supplicant/optee-udev.rules.in -new file mode 100644 -index 0000000..275e833 ---- /dev/null -+++ b/tee-supplicant/optee-udev.rules.in -@@ -0,0 +1,7 @@ -+# SPDX-License-Identifier: BSD-2-Clause -+KERNEL=="tee[0-9]*", MODE="0660", OWNER="root", GROUP="@CFG_TEE_GROUP@", TAG+="systemd" -+ -+# If a /dev/teepriv[0-9]* device is detected, start an instance of -+# tee-supplicant.service with the device name as parameter -+KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="@CFG_TEEPRIV_GROUP@", \ -+ TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service" -diff --git a/tee-supplicant/tee-supplicant@.service.in b/tee-supplicant/tee-supplicant@.service.in -new file mode 100644 -index 0000000..e53a935 ---- /dev/null -+++ b/tee-supplicant/tee-supplicant@.service.in -@@ -0,0 +1,17 @@ -+# SPDX-License-Identifier: BSD-2-Clause -+[Unit] -+Description=TEE Supplicant on %i -+DefaultDependencies=no -+After=dev-%i.device -+Wants=dev-%i.device -+Conflicts=shutdown.target -+Before=tpm2.target sysinit.target shutdown.target -+ -+[Service] -+Type=notify -+User=@CFG_TEE_SUPPL_USER@ -+Group=@CFG_TEE_SUPPL_GROUP@ -+EnvironmentFile=-@CMAKE_INSTALL_SYSCONFDIR@/default/tee-supplicant -+ExecStart=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_SBINDIR@/tee-supplicant $OPTARGS -+# Workaround for fTPM TA: stop kernel module before tee-supplicant -+ExecStop=-/bin/sh -c "/sbin/modprobe -v -r tpm_ftpm_tee ; /bin/kill $MAINPID" --- -2.34.1 - diff --git a/meta-arm/recipes-security/optee/optee-client_4.3.0.bb b/meta-arm/recipes-security/optee/optee-client_4.3.0.bb deleted file mode 100644 index fae453ad..00000000 --- a/meta-arm/recipes-security/optee/optee-client_4.3.0.bb +++ /dev/null @@ -1,10 +0,0 @@ -require recipes-security/optee/optee-client.inc - -SRCREV = "a5b1ffcd26e328af0bbf18ab448a38ecd558e05c" - -SRC_URI += "file://0001-tee-supplicant-add-udev-rule-and-systemd-service-fil.patch \ - file://0001-tee-supplicant-update-udev-systemd-install-code.patch" - -inherit pkgconfig -DEPENDS += "util-linux" -EXTRA_OEMAKE += "PKG_CONFIG=pkg-config" diff --git a/meta-arm/recipes-security/optee/optee-examples_4.3.0.bb b/meta-arm/recipes-security/optee/optee-examples_4.3.0.bb deleted file mode 100644 index f082a25d..00000000 --- a/meta-arm/recipes-security/optee/optee-examples_4.3.0.bb +++ /dev/null @@ -1,3 +0,0 @@ -require recipes-security/optee/optee-examples.inc - -SRCREV = "378dc0db2d5dd279f58a3b6cb3f78ffd6b165035" diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_4.3.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_4.3.0.bb deleted file mode 100644 index 2e43254a..00000000 --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_4.3.0.bb +++ /dev/null @@ -1,26 +0,0 @@ -require recipes-security/optee/optee-os_${PV}.bb - -SUMMARY = "OP-TEE Trusted OS TA devkit" -DESCRIPTION = "OP-TEE TA devkit for build TAs" -HOMEPAGE = "https://www.op-tee.org/" - -DEPENDS += "python3-pycryptodome-native" - -do_install() { - #install TA devkit - install -d ${D}${includedir}/optee/export-user_ta/ - for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do - cp -aR $f ${D}${includedir}/optee/export-user_ta/ - done -} - -do_deploy() { - echo "Do not inherit do_deploy from optee-os." -} - -FILES:${PN} = "${includedir}/optee/" - -# Include extra headers needed by SPMC tests to TA DEVKIT. -# Supported after op-tee v3.20 -EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ - ' CFG_SPMC_TESTS=y', '' , d)}" diff --git a/meta-arm/recipes-security/optee/optee-os/0001-compile.mk-use-CFLAGS-from-environment.patch b/meta-arm/recipes-security/optee/optee-os/0001-compile.mk-use-CFLAGS-from-environment.patch deleted file mode 100644 index 6577dce3..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0001-compile.mk-use-CFLAGS-from-environment.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 978cc08a393b7d5d0043bf7f4d33f0e33b2b18d8 Mon Sep 17 00:00:00 2001 -From: Mikko Rapeli -Date: Thu, 1 Aug 2024 13:58:36 +0000 -Subject: [PATCH 1/3] compile.mk: use CFLAGS from environment - -Users can set CFLAGS just like AFLAGS, CC, -LD etc and expect them to be used. It's ok to amend -to them but overwriting should not be done. -Build environment like yocto expect that these -variables are used to call the compiler etc tools. -Linux distro build environments usually set -these variables. - -Helps to remove build time paths from generated binaries -since mappings to remove them can be set by the distro -build system in CFLAGS automatically for each SW component -in the build. - -Reviewed-by: Jerome Forissier -Signed-off-by: Mikko Rapeli ---- - mk/compile.mk | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -Upstream-Status: Backport - -diff --git a/mk/compile.mk b/mk/compile.mk -index b3d807ba4..0de7ea259 100644 ---- a/mk/compile.mk -+++ b/mk/compile.mk -@@ -80,7 +80,8 @@ comp-compiler-$2 := $$(CC$(sm)) - comp-flags-$2 = $$(filter-out $$(CFLAGS_REMOVE) $$(cflags-remove) \ - $$(cflags-remove-$$(comp-sm-$2)) \ - $$(cflags-remove-$2), \ -- $$(CFLAGS$$(arch-bits-$$(comp-sm-$2))) $$(CFLAGS_WARNS) \ -+ $$(CFLAGS$$(arch-bits-$$(comp-sm-$2))) $$(CFLAGS) \ -+ $$(CFLAGS_WARNS) \ - $$(comp-cflags$$(comp-sm-$2)) $$(cflags$$(comp-sm-$2)) \ - $$(cflags-lib$$(comp-lib-$2)) $$(cflags-$2)) - ifeq ($C,1) --- -2.34.1 - diff --git a/meta-arm/recipes-security/optee/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch b/meta-arm/recipes-security/optee/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch deleted file mode 100644 index 63fb63a2..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 29b84ae5b277b85cd7244acde077694e6643fcde Mon Sep 17 00:00:00 2001 -From: Mikko Rapeli -Date: Thu, 18 Jul 2024 07:54:18 +0000 -Subject: [PATCH] mk/compile.mk: remove absolute build time paths - -Some generated files get a __FILE_ID__ which include absolute -build time paths. Remove the paths and use plain file name. -Fixes yocto QA check. - -Problem/bug: - -$ strings ../image/lib/firmware/tee.elf | grep mikko -__FILE_ID__ -_home_mikko_build_core_ta_pub_key_c -__FILE_ID__ -_home_mikko_build_core_ldelf_hex_c -__FILE_ID__ -_home_mikko_build_core_early_ta_fd02c9da_306c_48c7_a49c_bbd827ae86ee_c - -With this patch: - -$ strings ../image/lib/firmware/tee.elf | grep mikko -$ strings ../image/lib/firmware/tee.elf | grep FILE_ID | egrep \ -"core_ta_pub_key_c|core_ldelf_hex_c|core_early_ta_fd02c9da_306c_4" -__FILE_ID__ core_ta_pub_key_c -__FILE_ID__ core_ldelf_hex_c -__FILE_ID__ core_early_ta_fd02c9da_306c_48c7_a49c_bbd827ae86ee_c - -Reviewed-by: Jens Wiklander -Acked-by: Jerome Forissier -Signed-off-by: Mikko Rapeli ---- - mk/compile.mk | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Upstream-Status: Backport - -diff --git a/mk/compile.mk b/mk/compile.mk -index b3d807ba4..338535bf3 100644 ---- a/mk/compile.mk -+++ b/mk/compile.mk -@@ -120,7 +120,7 @@ comp-cppflags-$2 = $$(filter-out $$(CPPFLAGS_REMOVE) $$(cppflags-remove) \ - $$(addprefix -I,$$(incdirs-$2)) \ - $$(cppflags$$(comp-sm-$2)) \ - $$(cppflags-lib$$(comp-lib-$2)) $$(cppflags-$2)) \ -- -D__FILE_ID__=$$(subst -,_,$$(subst /,_,$$(subst .,_,$1))) -+ -D__FILE_ID__=$$(subst -,_,$$(subst /,_,$$(subst .,_,$$(patsubst $$(out-dir)/%,%,$1)))) - - comp-flags-$2 += -MD -MF $$(comp-dep-$2) -MT $$@ - comp-flags-$2 += $$(comp-cppflags-$2) --- -2.34.1 - diff --git a/meta-arm/recipes-security/optee/optee-os/0002-link.mk-use-CFLAGS-with-version.o.patch b/meta-arm/recipes-security/optee/optee-os/0002-link.mk-use-CFLAGS-with-version.o.patch deleted file mode 100644 index 08bc15d7..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0002-link.mk-use-CFLAGS-with-version.o.patch +++ /dev/null @@ -1,45 +0,0 @@ -From f9207376ed58836bf748cc4cea0fcbf46624a709 Mon Sep 17 00:00:00 2001 -From: Mikko Rapeli -Date: Thu, 1 Aug 2024 14:03:11 +0000 -Subject: [PATCH 2/3] link.mk: use CFLAGS with version.o - -Should be used by all compilations. - -Reviewed-by: Jerome Forissier -Signed-off-by: Mikko Rapeli ---- - core/arch/arm/kernel/link.mk | 2 +- - core/arch/riscv/kernel/link.mk | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -Upstream-Status: Backport - -diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index 49e9f4fa1..377a82b65 100644 ---- a/core/arch/arm/kernel/link.mk -+++ b/core/arch/arm/kernel/link.mk -@@ -151,7 +151,7 @@ define update-buildcount - endef - - # filter-out to workaround objdump warning --version-o-cflags = $(filter-out -g3,$(core-platform-cflags) \ -+version-o-cflags = $(filter-out -g3,$(CFLAGS) $(core-platform-cflags) \ - $(platform-cflags) $(cflagscore)) - # SOURCE_DATE_EPOCH defined for reproducible builds - ifneq ($(SOURCE_DATE_EPOCH),) -diff --git a/core/arch/riscv/kernel/link.mk b/core/arch/riscv/kernel/link.mk -index 3d1000d15..1fff0a379 100644 ---- a/core/arch/riscv/kernel/link.mk -+++ b/core/arch/riscv/kernel/link.mk -@@ -62,7 +62,7 @@ define update-buildcount - endef - - # filter-out to workaround objdump warning --version-o-cflags = $(filter-out -g3,$(core-platform-cflags) \ -+version-o-cflags = $(filter-out -g3,$(CFLAGS) $(core-platform-cflags) \ - $(platform-cflags) $(cflagscore)) - # SOURCE_DATE_EPOCH defined for reproducible builds - ifneq ($(SOURCE_DATE_EPOCH),) --- -2.34.1 - diff --git a/meta-arm/recipes-security/optee/optee-os/0003-link.mk-generate-version.o-in-link-out-dir.patch b/meta-arm/recipes-security/optee/optee-os/0003-link.mk-generate-version.o-in-link-out-dir.patch deleted file mode 100644 index 0e559b2e..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0003-link.mk-generate-version.o-in-link-out-dir.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 8f100f355e645376729086edbace8f01cf7aa3b4 Mon Sep 17 00:00:00 2001 -From: Mikko Rapeli -Date: Thu, 1 Aug 2024 14:04:55 +0000 -Subject: [PATCH 3/3] link.mk: generate version.o in link-out-dir - -When source code is piped to compiler, then the -current working directory is left into debug -data. If the working directory is not the output -directory, then mappings which strip absolute output -directory paths don't work. - -Removes absolute build time paths from version.o -debug info. - -Reviewed-by: Jerome Forissier -Signed-off-by: Mikko Rapeli ---- - core/arch/arm/kernel/link.mk | 5 +++-- - core/arch/riscv/kernel/link.mk | 5 +++-- - 2 files changed, 6 insertions(+), 4 deletions(-) - -Upstream-Status: Backport - -diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index 377a82b65..d1d527224 100644 ---- a/core/arch/arm/kernel/link.mk -+++ b/core/arch/arm/kernel/link.mk -@@ -163,14 +163,15 @@ CORE_CC_VERSION = `$(CCcore) -v 2>&1 | grep "version " | sed 's/ *$$//'` - define gen-version-o - $(call update-buildcount,$(link-out-dir)/.buildcount) - @$(cmd-echo-silent) ' GEN $(link-out-dir)/version.o' -- $(q)echo -e "const char core_v_str[] =" \ -+ $(q)cd $(link-out-dir) && \ -+ echo -e "const char core_v_str[] =" \ - "\"$(TEE_IMPL_VERSION) \"" \ - "\"($(CORE_CC_VERSION)) \"" \ - "\"#$(BUILD_COUNT_STR) \"" \ - "\"$(DATE_STR) \"" \ - "\"$(CFG_KERN_LINKER_ARCH)\";\n" \ - | $(CCcore) $(version-o-cflags) \ -- -xc - -c -o $(link-out-dir)/version.o -+ -xc - -c -o version.o - endef - $(link-out-dir)/version.o: - $(call gen-version-o) -diff --git a/core/arch/riscv/kernel/link.mk b/core/arch/riscv/kernel/link.mk -index 1fff0a379..6511586e2 100644 ---- a/core/arch/riscv/kernel/link.mk -+++ b/core/arch/riscv/kernel/link.mk -@@ -74,14 +74,15 @@ CORE_CC_VERSION = `$(CCcore) -v 2>&1 | grep "version " | sed 's/ *$$//'` - define gen-version-o - $(call update-buildcount,$(link-out-dir)/.buildcount) - @$(cmd-echo-silent) ' GEN $(link-out-dir)/version.o' -- $(q)echo -e "const char core_v_str[] =" \ -+ $(q)cd $(link-out-dir) && \ -+ echo -e "const char core_v_str[] =" \ - "\"$(TEE_IMPL_VERSION) \"" \ - "\"($(CORE_CC_VERSION)) \"" \ - "\"#$(BUILD_COUNT_STR) \"" \ - "\"$(DATE_STR) \"" \ - "\"$(CFG_KERN_LINKER_ARCH)\";\n" \ - | $(CCcore) $(version-o-cflags) \ -- -xc - -c -o $(link-out-dir)/version.o -+ -xc - -c -o version.o - endef - - $(link-out-dir)/version.o: --- -2.34.1 - diff --git a/meta-arm/recipes-security/optee/optee-os_4.3.0.bb b/meta-arm/recipes-security/optee/optee-os_4.3.0.bb deleted file mode 100644 index cfd926b0..00000000 --- a/meta-arm/recipes-security/optee/optee-os_4.3.0.bb +++ /dev/null @@ -1,14 +0,0 @@ -require recipes-security/optee/optee-os.inc - -DEPENDS += "dtc-native" - -FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" - -SRCREV = "1c0d52ace3c237ca6276cafb5c73f699a75c1d40" -SRC_URI += " \ - file://0003-optee-enable-clang-support.patch \ - file://0001-mk-compile.mk-remove-absolute-build-time-paths.patch \ - file://0001-compile.mk-use-CFLAGS-from-environment.patch \ - file://0002-link.mk-use-CFLAGS-with-version.o.patch \ - file://0003-link.mk-generate-version.o-in-link-out-dir.patch \ -" diff --git a/meta-arm/recipes-security/optee/optee-test_4.3.0.bb b/meta-arm/recipes-security/optee/optee-test_4.3.0.bb deleted file mode 100644 index 44846fef..00000000 --- a/meta-arm/recipes-security/optee/optee-test_4.3.0.bb +++ /dev/null @@ -1,12 +0,0 @@ -require recipes-security/optee/optee-test.inc - -SRCREV = "9d4c4fb9638fb533211037016b6da12fbbcc4bb6" -LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a8fa504109e4cd7ea575bc49ea4be560" - -# Include ffa_spmc test group if the SPMC test is enabled. -# Supported after op-tee v3.20 -EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ - ' CFG_SPMC_TESTS=y CFG_SECURE_PARTITION=y', '' , d)}" - -RDEPENDS:${PN} += "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ - ' arm-ffa-user', '' , d)}"