From patchwork Wed Mar 16 17:33:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alejandro Enedino Hernandez Samaniego X-Patchwork-Id: 5346 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 59F2FC433EF for ; Wed, 16 Mar 2022 17:34:02 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web10.466.1647452040679887349 for ; Wed, 16 Mar 2022 10:34:00 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=D5bvrU1o; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: alhe@linux.microsoft.com) Received: from alsamon-xub.lan (cpe-70-112-59-126.austin.res.rr.com [70.112.59.126]) by linux.microsoft.com (Postfix) with ESMTPSA id 780F020C5A46; Wed, 16 Mar 2022 10:33:59 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 780F020C5A46 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1647452039; bh=twRgOHFhro8fyPX2LcrJnYtt/rD38lKqFAmSRUlI8h0=; h=From:To:Cc:Subject:Date:From; b=D5bvrU1oXDhncm7SAWevJ53llLRXItqtAJvntfnxzmVgJ77jfDHQXEaRIsUHnsLgd IYq7GGBUuL4I6B3QdENf1eiq/RueP9UUSvyF/jh/OXBJC5ZCDZWGzdVobewMmjjoyR G9x6UP51ioNJii5Y/D4s9CAzhEMBnhgsJiIEnbq4= From: Alejandro Enedino Hernandez Samaniego To: meta-arm@lists.yoctoproject.org Cc: Alejandro Enedino Hernandez Samaniego Subject: [PATCH v2] arm/optee: Upgrade from 3.14 to 3.16 Date: Wed, 16 Mar 2022 11:33:47 -0600 Message-Id: <20220316173347.1203615-1-alhe@linux.microsoft.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 16 Mar 2022 17:34:02 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3178 - Removes upstreamed patches for optee-examples - Fixes optee-examples installation - Includes new python3-cryptography dependency - Removes older cryptography backend dependencies - Fixes python3-cryptography to work with openssl - Keeps optee-client and optee-os v3.1.4 for corstone1000 compatibility Tested on qemuarm64-secureboot via optee-examples and xtest -l 15 Signed-off-by: Alejandro Enedino Hernandez Samaniego --- .../conf/machine/include/corstone1000.inc | 2 + .../optee/optee-client_3.16.0.bbappend | 6 ++ ...pend => optee-os-tadevkit_3.16.0.bbappend} | 0 .../optee/optee-os_3.16.0.bbappend | 7 ++ ....0.bbappend => optee-test_3.16.0.bbappend} | 0 .../optee-ftpm/optee-ftpm_git.bb | 6 +- .../optee/optee-client_3.16.0.bb | 3 + .../recipes-security/optee/optee-examples.inc | 7 +- ...ix-non-portable-sh-check-for-plugins.patch | 46 ++++++++++ ...efault-cross-compiler-environment-se.patch | 84 ------------------- ...nable-plugins-installation-in-rootfs.patch | 37 -------- .../optee/optee-examples_3.14.0.bb | 4 - .../optee/optee-examples_3.16.0.bb | 3 + ..._3.14.0.bb => optee-os-tadevkit_3.16.0.bb} | 3 +- meta-arm/recipes-security/optee/optee-os.inc | 2 +- .../recipes-security/optee/optee-os_3.14.0.bb | 1 + .../recipes-security/optee/optee-os_3.16.0.bb | 8 ++ .../optee/optee-spdevkit_git.bb | 2 +- .../recipes-security/optee/optee-test.inc | 2 +- .../optee/optee-test_3.14.0.bb | 3 - .../optee/optee-test_3.16.0.bb | 3 + meta-arm/recipes-security/optee/optee.inc | 3 + 22 files changed, 95 insertions(+), 137 deletions(-) create mode 100644 meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend rename meta-arm-bsp/recipes-security/optee/{optee-os-tadevkit_3.14.0.bbappend => optee-os-tadevkit_3.16.0.bbappend} (100%) create mode 100644 meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend rename meta-arm-bsp/recipes-security/optee/{optee-test_3.14.0.bbappend => optee-test_3.16.0.bbappend} (100%) create mode 100644 meta-arm/recipes-security/optee/optee-client_3.16.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch delete mode 100644 meta-arm/recipes-security/optee/optee-examples_3.14.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-examples_3.16.0.bb rename meta-arm/recipes-security/optee/{optee-os-tadevkit_3.14.0.bb => optee-os-tadevkit_3.16.0.bb} (94%) create mode 100644 meta-arm/recipes-security/optee/optee-os_3.16.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-test_3.14.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-test_3.16.0.bb diff --git a/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm-bsp/conf/machine/include/corstone1000.inc index 1af74bd..4eca524 100644 --- a/meta-arm-bsp/conf/machine/include/corstone1000.inc +++ b/meta-arm-bsp/conf/machine/include/corstone1000.inc @@ -36,6 +36,8 @@ UBOOT_ARCH = "arm" UBOOT_EXTLINUX = "0" # optee +PREFERRED_VERSION_optee-os ?= "3.14%" +PREFERRED_VERSION_optee-client ?= "3.14%" EXTRA_IMAGEDEPENDS += "optee-os" OPTEE_ARCH = "arm64" OPTEE_BINARY = "tee-pager_v2.bin" diff --git a/meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend new file mode 100644 index 0000000..d2b023b --- /dev/null +++ b/meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend @@ -0,0 +1,6 @@ +# Machine specific configurations + +MACHINE_OPTEE_CLIENT_REQUIRE ?= "" +MACHINE_OPTEE_CLIENT_REQUIRE:tc = "optee-client-tc.inc" + +require ${MACHINE_OPTEE_CLIENT_REQUIRE} diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend similarity index 100% rename from meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend rename to meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend new file mode 100644 index 0000000..7834b64 --- /dev/null +++ b/meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend @@ -0,0 +1,7 @@ +# Machine specific configurations + +MACHINE_OPTEE_OS_REQUIRE ?= "" +MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os_corstone1000.inc" +MACHINE_OPTEE_OS_REQUIRE:tc = "optee-os-tc.inc" + +require ${MACHINE_OPTEE_OS_REQUIRE} diff --git a/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend similarity index 100% rename from meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend rename to meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb index f2a74da..1a54e99 100644 --- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb @@ -15,7 +15,7 @@ inherit deploy python3native LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5" -DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit" +DEPENDS = "python3-pyelftools-native optee-os-tadevkit python3-cryptography-native " FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896" @@ -48,6 +48,10 @@ EXTRA_OEMAKE:append:aarch64:qemuall = "\ CFG_ARM64_ta_arm64=y \ " +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" + PARALLEL_MAKE = "" do_compile() { diff --git a/meta-arm/recipes-security/optee/optee-client_3.16.0.bb b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb new file mode 100644 index 0000000..4a36cbc --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb @@ -0,0 +1,3 @@ +require optee-client.inc + +SRCREV = "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2" diff --git a/meta-arm/recipes-security/optee/optee-examples.inc b/meta-arm/recipes-security/optee/optee-examples.inc index 656722e..e6feb99 100644 --- a/meta-arm/recipes-security/optee/optee-examples.inc +++ b/meta-arm/recipes-security/optee/optee-examples.inc @@ -5,16 +5,14 @@ HOMEPAGE = "https://github.com/linaro-swg/optee_examples" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30" -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native" +DEPENDS = "optee-client optee-os-tadevkit python3-cryptography-native" inherit python3native require optee.inc SRC_URI = "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https \ - file://0001-plugins-Honour-default-cross-compiler-environment-se.patch \ - file://0002-Makefile-Enable-plugins-installation-in-rootfs.patch \ - " + file://0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch" EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ HOST_CROSS_COMPILE=${HOST_PREFIX} \ @@ -25,6 +23,7 @@ EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ S = "${WORKDIR}/git" B = "${WORKDIR}/build" + do_compile() { oe_runmake -C ${S} } diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch new file mode 100644 index 0000000..70add62 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch @@ -0,0 +1,46 @@ +From 11610debf750f15c7a104db7315dcd7d69e282a8 Mon Sep 17 00:00:00 2001 +From: Alejandro Enedino Hernandez Samaniego +Date: Sat, 26 Feb 2022 01:52:26 +0000 +Subject: [PATCH] Makefile: Fix non-portable sh check for plugins + +Upstream-Status: Pending + +We previously held a patch that used "=" for comparison, but when +that patch got upstreamed it was changed to "==" which is non-portable, +resulting in an error: + +/bin/sh: 6: [: acipher: unexpected operator +/bin/sh: 6: [: plugins: unexpected operator +/bin/sh: 6: [: hello_world: unexpected operator +/bin/sh: 6: [: hotp: unexpected operator +/bin/sh: 6: [: aes: unexpected operator +/bin/sh: 6: [: random: unexpected operator +/bin/sh: 6: [: secure_storage: unexpected operator + +if /bin/sh doesnt point to bash. + +Which in turn causes our do_install task to fail since plugins arent +where we expect them to be. + + +Signed-off-by: Alejandro Enedino Hernandez Samaniego +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index b3f16aa..9359d95 100644 +--- a/Makefile ++++ b/Makefile +@@ -31,7 +31,7 @@ prepare-for-rootfs: examples + cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \ + fi; \ + cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \ +- if [ $$example == plugins ]; then \ ++ if [ $$example = plugins ]; then \ + cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \ + fi; \ + done +-- +2.25.1 + diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch b/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch deleted file mode 100644 index 033e48c..0000000 --- a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 79c826c249001700007a6dffe80c3d61ff4428ef Mon Sep 17 00:00:00 2001 -From: Sumit Garg -Date: Tue, 20 Jul 2021 13:54:30 +0530 -Subject: [PATCH 1/2] plugins: Honour default cross compiler environment setup - -Honour default $(CC), $(CFLAGS) and $(LDFLAGS) variables. Without this -plugins example fails to build for OE/Yocto. - -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87] - -Signed-off-by: Sumit Garg ---- - plugins/Makefile | 2 +- - plugins/host/Makefile | 2 +- - plugins/syslog/Makefile | 16 ++++++++++++---- - 3 files changed, 14 insertions(+), 6 deletions(-) - -diff --git a/plugins/Makefile b/plugins/Makefile -index 2372b38..ea472b4 100644 ---- a/plugins/Makefile -+++ b/plugins/Makefile -@@ -8,7 +8,7 @@ TA_CROSS_COMPILE ?= $(CROSS_COMPILE) - all: - $(MAKE) -C host CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables - $(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)" LDFLAGS="" -- $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" -+ $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables - - .PHONY: clean - clean: -diff --git a/plugins/host/Makefile b/plugins/host/Makefile -index 7285104..76244c7 100644 ---- a/plugins/host/Makefile -+++ b/plugins/host/Makefile -@@ -20,7 +20,7 @@ BINARY = optee_example_plugins - all: $(BINARY) - - $(BINARY): $(OBJS) -- $(CC) -o $@ $< $(LDADD) -+ $(CC) $(LDFLAGS) -o $@ $< $(LDADD) - - .PHONY: clean - clean: -diff --git a/plugins/syslog/Makefile b/plugins/syslog/Makefile -index 62d916a..71f5f92 100644 ---- a/plugins/syslog/Makefile -+++ b/plugins/syslog/Makefile -@@ -1,3 +1,11 @@ -+CC ?= $(CROSS_COMPILE)gcc -+LD ?= $(CROSS_COMPILE)ld -+AR ?= $(CROSS_COMPILE)ar -+NM ?= $(CROSS_COMPILE)nm -+OBJCOPY ?= $(CROSS_COMPILE)objcopy -+OBJDUMP ?= $(CROSS_COMPILE)objdump -+READELF ?= $(CROSS_COMPILE)readelf -+ - PLUGIN_UUID = 96bcf744-4f72-4866-bf1d-8634fd9c65e5 - - PLUGIN = $(PLUGIN_UUID).plugin -@@ -6,17 +14,17 @@ PLUGIN_OBJ = $(patsubst %.c, %.o, $(PLUGIN_SRS)) - PLUGIN_INCLUDES_DIR = $(CURDIR) $(TEEC_EXPORT)/include - - PLUGIN_INCLUDES = $(addprefix -I, $(PLUGIN_INCLUDES_DIR)) --PLUGIN_CCFLAGS = -Wall -fPIC --PLUGIN_LDFLAGS = -shared -+PLUGIN_CCFLAGS = $(CFLAGS) -Wall -fPIC -+PLUGIN_LDFLAGS = $(LDFLAGS) -shared - - .PHONY: all - all: $(PLUGIN) - - $(PLUGIN): $(PLUGIN_OBJ) -- $(CROSS_COMPILE)gcc $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@ -+ $(CC) $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@ - - %.o: %.c -- $(CROSS_COMPILE)gcc $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o -+ $(CC) $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o - - .PHONY: clean - clean: --- -2.25.1 - diff --git a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch b/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch deleted file mode 100644 index 80e6b5f..0000000 --- a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch +++ /dev/null @@ -1,37 +0,0 @@ -From f4e5e74548d92258855434b550c58fe44993c148 Mon Sep 17 00:00:00 2001 -From: Sumit Garg -Date: Tue, 20 Jul 2021 14:20:10 +0530 -Subject: [PATCH] Makefile: Enable plugins installation in rootfs - -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87] - -Signed-off-by: Sumit Garg - ---- - Makefile | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/Makefile b/Makefile -index a275842..9359d95 100644 ---- a/Makefile -+++ b/Makefile -@@ -25,14 +25,19 @@ prepare-for-rootfs: examples - @mkdir -p $(OUTPUT_DIR) - @mkdir -p $(OUTPUT_DIR)/ta - @mkdir -p $(OUTPUT_DIR)/ca -+ @mkdir -p $(OUTPUT_DIR)/plugins - @for example in $(EXAMPLE_LIST); do \ - if [ -e $$example/host/optee_example_$$example ]; then \ - cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \ - fi; \ - cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \ -+ if [ $$example = plugins ]; then \ -+ cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \ -+ fi; \ - done - - prepare-for-rootfs-clean: - @rm -rf $(OUTPUT_DIR)/ta - @rm -rf $(OUTPUT_DIR)/ca -+ @rm -rf $(OUTPUT_DIR)/plugins - @rmdir --ignore-fail-on-non-empty $(OUTPUT_DIR) || test ! -e $(OUTPUT_DIR) diff --git a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb deleted file mode 100644 index f2b5f7d..0000000 --- a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb +++ /dev/null @@ -1,4 +0,0 @@ -require optee-examples.inc - -SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec" - diff --git a/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb new file mode 100644 index 0000000..b5f6269 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb @@ -0,0 +1,3 @@ +require optee-examples.inc + +SRCREV = "65fc74309e12189ad5b6ce3ffec37c8011088a5a" diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb similarity index 94% rename from meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb rename to meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb index 0d37a52..c710e27 100644 --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb @@ -1,10 +1,11 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:" -require optee-os_3.14.0.bb +require optee-os_3.16.0.bb SUMMARY = "OP-TEE Trusted OS TA devkit" DESCRIPTION = "OP-TEE TA devkit for build TAs" HOMEPAGE = "https://www.op-tee.org/" + do_install() { #install TA devkit install -d ${D}${includedir}/optee/export-user_ta/ diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc index 1506a58..eee715f 100644 --- a/meta-arm/recipes-security/optee/optee-os.inc +++ b/meta-arm/recipes-security/optee/optee-os.inc @@ -10,7 +10,7 @@ require optee.inc CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os" -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native" +DEPENDS = "python3-pyelftools-native python3-cryptography-native" DEPENDS:append:toolchain-clang = " compiler-rt" diff --git a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os_3.14.0.bb index 95d82bb..92e1f88 100644 --- a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb +++ b/meta-arm/recipes-security/optee/optee-os_3.14.0.bb @@ -6,3 +6,4 @@ SRC_URI:append = " \ file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \ file://0007-allow-setting-sysroot-for-clang.patch \ " +DEPENDS = "python3-pycryptodome-native python3-pyelftools-native" diff --git a/meta-arm/recipes-security/optee/optee-os_3.16.0.bb b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb new file mode 100644 index 0000000..873e964 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb @@ -0,0 +1,8 @@ +require optee-os.inc + +SRCREV = "d0b742d1564834dac903f906168d7357063d5459" + +SRC_URI:append = " \ + file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \ + file://0007-allow-setting-sysroot-for-clang.patch \ +" diff --git a/meta-arm/recipes-security/optee/optee-spdevkit_git.bb b/meta-arm/recipes-security/optee/optee-spdevkit_git.bb index 16ad751..ec1b205 100644 --- a/meta-arm/recipes-security/optee/optee-spdevkit_git.bb +++ b/meta-arm/recipes-security/optee/optee-spdevkit_git.bb @@ -10,7 +10,7 @@ require optee.inc CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os" -DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native" +DEPENDS = "python3-pyelftools-native" DEPENDS:append:toolchain-clang = " compiler-rt" diff --git a/meta-arm/recipes-security/optee/optee-test.inc b/meta-arm/recipes-security/optee/optee-test.inc index aada243..3ba8788 100644 --- a/meta-arm/recipes-security/optee/optee-test.inc +++ b/meta-arm/recipes-security/optee/optee-test.inc @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" inherit python3native ptest require optee.inc -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native" +DEPENDS = "optee-client optee-os-tadevkit python3-cryptography-native" SRC_URI = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \ file://run-ptest \ diff --git a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb b/meta-arm/recipes-security/optee/optee-test_3.14.0.bb deleted file mode 100644 index 6367c27..0000000 --- a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb +++ /dev/null @@ -1,3 +0,0 @@ -require optee-test.inc - -SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741" diff --git a/meta-arm/recipes-security/optee/optee-test_3.16.0.bb b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb new file mode 100644 index 0000000..03f9c34 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb @@ -0,0 +1,3 @@ +require optee-test.inc + +SRCREV = "1cf0e6d2bdd1145370033d4e182634458528579d" diff --git a/meta-arm/recipes-security/optee/optee.inc b/meta-arm/recipes-security/optee/optee.inc index f02a022..beae366 100644 --- a/meta-arm/recipes-security/optee/optee.inc +++ b/meta-arm/recipes-security/optee/optee.inc @@ -26,3 +26,6 @@ EXTRA_OEMAKE += "V=1 \ OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \ TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \ " +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"