| Message ID | 20230511184301.1075335-1-denis@denix.org |
|---|---|
| State | Accepted |
| Delegated to: | Ryan Eatmon |
| Headers | show |
| Series | [master/kirkstone,1/2] optee-os: only activate customizations for TI platforms | expand |
This does not apply against kirkstone cleanly because of the optee version change from 3.16 to % for master. I'll fix it as I apply the patch, but I wanted to inform anyone trying it themselves. On 5/11/2023 1:43 PM, Denys Dmytriyenko wrote: > From: Denys Dmytriyenko <denys@konsulko.com> > > Avoid inheriting ti-secdev class and adding unconditional dependency > on TI_SECURE_DEV_PKG and other variables, when meta-ti-bsp is in the > bblayers.conf stack, but not building for TI platforms. This solves > yocto-check-layer signature test for Yocto Project compliance. > > Signed-off-by: Denys Dmytriyenko <denys@konsulko.com> > --- > .../{optee-os_%.bbappend => optee-os-ti.inc} | 0 > .../optee/optee-os_%.bbappend | 116 +----------------- > 2 files changed, 3 insertions(+), 113 deletions(-) > copy meta-ti-bsp/recipes-security/optee/{optee-os_%.bbappend => optee-os-ti.inc} (100%) > > diff --git a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc > similarity index 100% > copy from meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend > copy to meta-ti-bsp/recipes-security/optee/optee-os-ti.inc > diff --git a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend > index 4f052996..0067cdc7 100644 > --- a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend > +++ b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend > @@ -1,114 +1,4 @@ > -# Use TI SECDEV for signing > -inherit ti-secdev > +OPTEE_TI = "" > +OPTEE_TI:ti-soc = "optee-os-ti.inc" > > -EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}" > - > -EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1" > -EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1" > - > -do_compile:append:k3() { > - cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin > - cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned > - cp ${B}/core/tee.elf ${B}/bl32.elf > -} > - > -# Signing procedure for legacy HS devices > -optee_sign_legacyhs() { > - ( cd ${B}/core/; \ > - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \ > - normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"` > - mv tee.bin.signed ${B}/$normfl.optee; \ > - ) > - > - if [ "${OPTEEPAGER}" = "y" ]; then > - oe_runmake -C ${S} clean > - oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y > - ( cd ${B}/core/; \ > - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \ > - normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"` > - mv tee.bin.signed ${B}/$normfl-pager.optee; \ > - ) > - fi > -} > - > -do_compile:append:ti43x() { > - optee_sign_legacyhs > -} > - > -do_compile:append:dra7xx() { > - optee_sign_legacyhs > -} > - > -# Signing procedure for K3 devices > -optee_sign_k3hs() { > - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin > - cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned > - cp ${B}/core/tee.elf ${B}/bl32.elf > -} > - > -do_compile:append:am65xx-hs-evm() { > - optee_sign_k3hs > -} > - > -do_compile:append:am64xx-evm() { > - optee_sign_k3hs > -} > - > -do_compile:append:am62xx-evm() { > - optee_sign_k3hs > -} > - > -do_compile:append:am62xx-lp-evm() { > - optee_sign_k3hs > -} > - > -do_compile:append:am62axx-evm() { > - optee_sign_k3hs > -} > - > -do_compile:append:j721e-hs-evm() { > - optee_sign_k3hs > -} > - > -do_compile:append:j7200-hs-evm() { > - optee_sign_k3hs > -} > - > -do_compile:append:j721s2-hs-evm() { > - optee_sign_k3hs > -} > - > -do_compile:append:j784s4-hs-evm() { > - optee_sign_k3hs > -} > - > -do_install:append:ti-soc() { > - install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true > - install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true > - install -m 644 ${B}/bl32.bin.unsigned ${D}${nonarch_base_libdir}/firmware/ || true > - install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ || true > -} > - > -optee_deploy_legacyhs() { > - cd ${DEPLOYDIR}/ > - for f in optee/*.optee; do > - ln -sf $f ${DEPLOYDIR}/ > - done > -} > - > -do_deploy:append:ti43x() { > - optee_deploy_legacyhs > -} > - > -do_deploy:append:dra7xx() { > - optee_deploy_legacyhs > -} > - > -do_deploy:append:k3() { > - ln -sf optee/bl32.bin ${DEPLOYDIR}/ > - ln -sf optee/bl32.bin.unsigned ${DEPLOYDIR}/ > - ln -sf optee/bl32.elf ${DEPLOYDIR}/ > -} > - > -# This is needed for bl32.elf > -INSANE_SKIP:${PN}:append:k3 = " textrel" > +require ${OPTEE_TI} > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#16517): https://lists.yoctoproject.org/g/meta-ti/message/16517 > Mute This Topic: https://lists.yoctoproject.org/mt/98834089/6551054 > Group Owner: meta-ti+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/meta-ti/leave/10828724/6551054/1815494134/xyzzy [reatmon@ti.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc similarity index 100% copy from meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend copy to meta-ti-bsp/recipes-security/optee/optee-os-ti.inc diff --git a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend index 4f052996..0067cdc7 100644 --- a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend +++ b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend @@ -1,114 +1,4 @@ -# Use TI SECDEV for signing -inherit ti-secdev +OPTEE_TI = "" +OPTEE_TI:ti-soc = "optee-os-ti.inc" -EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}" - -EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1" -EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1" - -do_compile:append:k3() { - cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin - cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned - cp ${B}/core/tee.elf ${B}/bl32.elf -} - -# Signing procedure for legacy HS devices -optee_sign_legacyhs() { - ( cd ${B}/core/; \ - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \ - normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"` - mv tee.bin.signed ${B}/$normfl.optee; \ - ) - - if [ "${OPTEEPAGER}" = "y" ]; then - oe_runmake -C ${S} clean - oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y - ( cd ${B}/core/; \ - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \ - normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"` - mv tee.bin.signed ${B}/$normfl-pager.optee; \ - ) - fi -} - -do_compile:append:ti43x() { - optee_sign_legacyhs -} - -do_compile:append:dra7xx() { - optee_sign_legacyhs -} - -# Signing procedure for K3 devices -optee_sign_k3hs() { - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin - cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned - cp ${B}/core/tee.elf ${B}/bl32.elf -} - -do_compile:append:am65xx-hs-evm() { - optee_sign_k3hs -} - -do_compile:append:am64xx-evm() { - optee_sign_k3hs -} - -do_compile:append:am62xx-evm() { - optee_sign_k3hs -} - -do_compile:append:am62xx-lp-evm() { - optee_sign_k3hs -} - -do_compile:append:am62axx-evm() { - optee_sign_k3hs -} - -do_compile:append:j721e-hs-evm() { - optee_sign_k3hs -} - -do_compile:append:j7200-hs-evm() { - optee_sign_k3hs -} - -do_compile:append:j721s2-hs-evm() { - optee_sign_k3hs -} - -do_compile:append:j784s4-hs-evm() { - optee_sign_k3hs -} - -do_install:append:ti-soc() { - install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true - install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true - install -m 644 ${B}/bl32.bin.unsigned ${D}${nonarch_base_libdir}/firmware/ || true - install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ || true -} - -optee_deploy_legacyhs() { - cd ${DEPLOYDIR}/ - for f in optee/*.optee; do - ln -sf $f ${DEPLOYDIR}/ - done -} - -do_deploy:append:ti43x() { - optee_deploy_legacyhs -} - -do_deploy:append:dra7xx() { - optee_deploy_legacyhs -} - -do_deploy:append:k3() { - ln -sf optee/bl32.bin ${DEPLOYDIR}/ - ln -sf optee/bl32.bin.unsigned ${DEPLOYDIR}/ - ln -sf optee/bl32.elf ${DEPLOYDIR}/ -} - -# This is needed for bl32.elf -INSANE_SKIP:${PN}:append:k3 = " textrel" +require ${OPTEE_TI}