From patchwork Thu May 11 18:43:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denys Dmytriyenko X-Patchwork-Id: 23836 X-Patchwork-Delegate: reatmon@ti.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9A51C7EE24 for ; Thu, 11 May 2023 18:43:07 +0000 (UTC) Received: from mailout4.zoneedit.com (mailout4.zoneedit.com [64.68.198.64]) by mx.groups.io with SMTP id smtpd.web11.4740.1683830585846303766 for ; Thu, 11 May 2023 11:43:06 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=none, err=permanent DNS error (domain: denix.org, ip: 64.68.198.64, mailfrom: denis@denix.org) Received: from localhost (localhost [127.0.0.1]) by mailout4.zoneedit.com (Postfix) with ESMTP id 2D2AE40CA8; Thu, 11 May 2023 18:43:05 +0000 (UTC) Received: from mailout4.zoneedit.com ([127.0.0.1]) by localhost (zmo14-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sF8Zs9lpLyNY; Thu, 11 May 2023 18:43:05 +0000 (UTC) Received: from mail.denix.org (pool-100-15-88-116.washdc.fios.verizon.net [100.15.88.116]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout4.zoneedit.com (Postfix) with ESMTPSA id 0AE6F40C93; Thu, 11 May 2023 18:43:04 +0000 (UTC) Received: from thorin.denix (thorin.denix [192.168.30.9]) by mail.denix.org (Postfix) with ESMTP id 04955163843; Thu, 11 May 2023 14:42:20 -0400 (EDT) From: Denys Dmytriyenko To: meta-ti@lists.yoctoproject.org Cc: Denys Dmytriyenko Subject: [master/kirkstone][PATCH 1/2] optee-os: only activate customizations for TI platforms Date: Thu, 11 May 2023 18:43:00 +0000 Message-Id: <20230511184301.1075335-1-denis@denix.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 11 May 2023 18:43:07 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-ti/message/16517 From: Denys Dmytriyenko Avoid inheriting ti-secdev class and adding unconditional dependency on TI_SECURE_DEV_PKG and other variables, when meta-ti-bsp is in the bblayers.conf stack, but not building for TI platforms. This solves yocto-check-layer signature test for Yocto Project compliance. Signed-off-by: Denys Dmytriyenko --- .../{optee-os_%.bbappend => optee-os-ti.inc} | 0 .../optee/optee-os_%.bbappend | 116 +----------------- 2 files changed, 3 insertions(+), 113 deletions(-) copy meta-ti-bsp/recipes-security/optee/{optee-os_%.bbappend => optee-os-ti.inc} (100%) diff --git a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-os-ti.inc similarity index 100% copy from meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend copy to meta-ti-bsp/recipes-security/optee/optee-os-ti.inc diff --git a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend index 4f052996..0067cdc7 100644 --- a/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend +++ b/meta-ti-bsp/recipes-security/optee/optee-os_%.bbappend @@ -1,114 +1,4 @@ -# Use TI SECDEV for signing -inherit ti-secdev +OPTEE_TI = "" +OPTEE_TI:ti-soc = "optee-os-ti.inc" -EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}" - -EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1" -EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1" - -do_compile:append:k3() { - cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin - cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned - cp ${B}/core/tee.elf ${B}/bl32.elf -} - -# Signing procedure for legacy HS devices -optee_sign_legacyhs() { - ( cd ${B}/core/; \ - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \ - normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"` - mv tee.bin.signed ${B}/$normfl.optee; \ - ) - - if [ "${OPTEEPAGER}" = "y" ]; then - oe_runmake -C ${S} clean - oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y - ( cd ${B}/core/; \ - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \ - normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"` - mv tee.bin.signed ${B}/$normfl-pager.optee; \ - ) - fi -} - -do_compile:append:ti43x() { - optee_sign_legacyhs -} - -do_compile:append:dra7xx() { - optee_sign_legacyhs -} - -# Signing procedure for K3 devices -optee_sign_k3hs() { - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin - cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned - cp ${B}/core/tee.elf ${B}/bl32.elf -} - -do_compile:append:am65xx-hs-evm() { - optee_sign_k3hs -} - -do_compile:append:am64xx-evm() { - optee_sign_k3hs -} - -do_compile:append:am62xx-evm() { - optee_sign_k3hs -} - -do_compile:append:am62xx-lp-evm() { - optee_sign_k3hs -} - -do_compile:append:am62axx-evm() { - optee_sign_k3hs -} - -do_compile:append:j721e-hs-evm() { - optee_sign_k3hs -} - -do_compile:append:j7200-hs-evm() { - optee_sign_k3hs -} - -do_compile:append:j721s2-hs-evm() { - optee_sign_k3hs -} - -do_compile:append:j784s4-hs-evm() { - optee_sign_k3hs -} - -do_install:append:ti-soc() { - install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true - install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true - install -m 644 ${B}/bl32.bin.unsigned ${D}${nonarch_base_libdir}/firmware/ || true - install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ || true -} - -optee_deploy_legacyhs() { - cd ${DEPLOYDIR}/ - for f in optee/*.optee; do - ln -sf $f ${DEPLOYDIR}/ - done -} - -do_deploy:append:ti43x() { - optee_deploy_legacyhs -} - -do_deploy:append:dra7xx() { - optee_deploy_legacyhs -} - -do_deploy:append:k3() { - ln -sf optee/bl32.bin ${DEPLOYDIR}/ - ln -sf optee/bl32.bin.unsigned ${DEPLOYDIR}/ - ln -sf optee/bl32.elf ${DEPLOYDIR}/ -} - -# This is needed for bl32.elf -INSANE_SKIP:${PN}:append:k3 = " textrel" +require ${OPTEE_TI} From patchwork Thu May 11 18:43:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denys Dmytriyenko X-Patchwork-Id: 23837 X-Patchwork-Delegate: reatmon@ti.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB70EC7EE25 for ; Thu, 11 May 2023 18:43:07 +0000 (UTC) Received: from mailout4.zoneedit.com (mailout4.zoneedit.com [64.68.198.64]) by mx.groups.io with SMTP id smtpd.web10.4639.1683830585834263785 for ; Thu, 11 May 2023 11:43:06 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=none, err=permanent DNS error (domain: denix.org, ip: 64.68.198.64, mailfrom: denis@denix.org) Received: from localhost (localhost [127.0.0.1]) by mailout4.zoneedit.com (Postfix) with ESMTP id 2A47240CA2; Thu, 11 May 2023 18:43:05 +0000 (UTC) Received: from mailout4.zoneedit.com ([127.0.0.1]) by localhost (zmo14-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5PF0I9xOzBY3; Thu, 11 May 2023 18:43:05 +0000 (UTC) Received: from mail.denix.org (pool-100-15-88-116.washdc.fios.verizon.net [100.15.88.116]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout4.zoneedit.com (Postfix) with ESMTPSA id 1102940C98; Thu, 11 May 2023 18:43:04 +0000 (UTC) Received: from thorin.denix (thorin.denix [192.168.30.9]) by mail.denix.org (Postfix) with ESMTP id 124571638CA; Thu, 11 May 2023 14:42:21 -0400 (EDT) From: Denys Dmytriyenko To: meta-ti@lists.yoctoproject.org Cc: Denys Dmytriyenko Subject: [master/kirkstone][PATCH 2/2] trusted-firmware-a: only activate customizations for TI platforms Date: Thu, 11 May 2023 18:43:01 +0000 Message-Id: <20230511184301.1075335-2-denis@denix.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230511184301.1075335-1-denis@denix.org> References: <20230511184301.1075335-1-denis@denix.org> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 11 May 2023 18:43:07 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-ti/message/16518 From: Denys Dmytriyenko Avoid inheriting ti-secdev class and adding unconditional dependency on TI_SECURE_DEV_PKG and other variables, when meta-ti-bsp is in the bblayers.conf stack, but not building for TI platforms. This solves yocto-check-layer signature test for Yocto Project compliance. Signed-off-by: Denys Dmytriyenko --- ...a_%.bbappend => trusted-firmware-a-ti.inc} | 0 .../trusted-firmware-a_%.bbappend | 72 +------------------ 2 files changed, 3 insertions(+), 69 deletions(-) copy meta-ti-bsp/recipes-bsp/trusted-firmware-a/{trusted-firmware-a_%.bbappend => trusted-firmware-a-ti.inc} (100%) diff --git a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-ti.inc similarity index 100% copy from meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend copy to meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-ti.inc diff --git a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend index 4ea63205..00d08a51 100644 --- a/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend +++ b/meta-ti-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend @@ -1,70 +1,4 @@ -PV:k3 = "2.8+git${SRCPV}" -SRCREV_tfa:k3 = "2fcd408bb3a6756767a43c073c597cef06e7f2d5" -SRC_URI:k3 = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https;name=tfa;branch=master" -COMPATIBLE_MACHINE:k3 = "k3" -TFA_BUILD_TARGET:k3 = "all" -TFA_INSTALL_TARGET:k3 = "bl31" -TFA_SPD:k3 = "opteed" +TFA_TI = "" +TFA_TI:k3 = "trusted-firmware-a-ti.inc" -SRC_URI:append:k3 = " file://rwx-segments-ti.patch" -FILESEXTRAPATHS:prepend := "${THISDIR}/files:" - -# Use TI SECDEV for signing -inherit ti-secdev - -EXTRA_OEMAKE:append:k3 = "${@ ' K3_USART=' + d.getVar('TFA_K3_USART') if d.getVar('TFA_K3_USART') else ''}" -EXTRA_OEMAKE:append:k3 = "${@ ' K3_PM_SYSTEM_SUSPEND=' + d.getVar('TFA_K3_SYSTEM_SUSPEND') if d.getVar('TFA_K3_SYSTEM_SUSPEND') else ''}" - -# Signing procedure for K3 HS devices -tfa_sign_k3hs() { - mv ${BUILD_DIR}/bl31.bin ${BUILD_DIR}/bl31.bin.unsigned - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${BUILD_DIR}/bl31.bin.unsigned ${BUILD_DIR}/bl31.bin -} - -do_compile:append:am65xx-hs-evm() { - tfa_sign_k3hs -} - -do_compile:append:am64xx-evm() { - tfa_sign_k3hs -} - -do_compile:append:am62xx-evm() { - tfa_sign_k3hs -} - -do_compile:append:am62xx-lp-evm() { - tfa_sign_k3hs -} - -do_compile:append:am62axx-evm() { - tfa_sign_k3hs -} - -do_compile:append:j721e-hs-evm() { - tfa_sign_k3hs -} - -do_compile:append:j7200-hs-evm() { - tfa_sign_k3hs -} - -do_compile:append:j721s2-hs-evm() { - tfa_sign_k3hs -} - -do_compile:append:j784s4-hs-evm() { - tfa_sign_k3hs -} - -do_install:append:k3() { - if [ -f ${BUILD_DIR}/bl31.bin.unsigned ]; then - echo "Install bl31.bin.unsigned" - install -m 0644 ${BUILD_DIR}/bl31.bin.unsigned \ - ${D}/firmware/bl31.bin.unsigned - else - echo "Install bl31.bin.unsigned" - install -m 0644 ${BUILD_DIR}/bl31.bin \ - ${D}/firmware/bl31.bin.unsigned - fi -} +require ${TFA_TI}