From patchwork Wed Jun 18 08:10:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Clement Faure X-Patchwork-Id: 65220 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F0FFFC7115C for ; Wed, 18 Jun 2025 08:11:04 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.2041.1750234258440478959 for ; Wed, 18 Jun 2025 01:10:58 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: clement.faure@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 511D21BC0; Wed, 18 Jun 2025 01:10:37 -0700 (PDT) Received: from MGC575JXM4.arm.com (unknown [10.57.83.236]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 3DE5E3F66E; Wed, 18 Jun 2025 01:10:57 -0700 (PDT) From: Clement Faure To: meta-arm@lists.yoctoproject.org Cc: Clement Faure Subject: [PATCH 1/3] arm-bsp/optee-os: corstone-1000: upgrade to 4.6.0 Date: Wed, 18 Jun 2025 10:10:45 +0200 Message-Id: <20250618081047.34990-2-clement.faure@arm.com> X-Mailer: git-send-email 2.39.5 (Apple Git-154) In-Reply-To: <20250618081047.34990-1-clement.faure@arm.com> References: <20250618081047.34990-1-clement.faure@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 18 Jun 2025 08:11:04 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6565 Add recipes for OP-TEE v4.6.0 Upgrade Corstone-1000 OP-TEE revision from 4.4.0 to 4.6.0 Add patch to fix compilation issue with musl and optee-test 4.6.0. Signed-off-by: Clement Faure --- .../conf/machine/include/corstone1000.inc | 4 +- .../0001-Handle-logging-syscall.patch | 32 ------------ ...rstone1000-increase-CFG_TZDRAM_SIZE.patch} | 0 .../optee/optee-os-corstone1000-common.inc | 3 +- .../optee/optee-client_4.6.0.bb | 9 ++++ .../optee/optee-examples_4.6.0.bb | 4 ++ .../optee/optee-os-tadevkit_4.6.0.bb | 29 +++++++++++ .../recipes-security/optee/optee-os_4.6.0.bb | 11 ++++ ...Re-order-the-include-of-sys-stat.h-h.patch | 51 +++++++++++++++++++ .../optee/optee-test_4.6.0.bb | 19 +++++++ 10 files changed, 126 insertions(+), 36 deletions(-) delete mode 100644 meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-Handle-logging-syscall.patch rename meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/{0002-plat-corstone1000-increase-CFG_TZDRAM_SIZE.patch => 0001-plat-corstone1000-increase-CFG_TZDRAM_SIZE.patch} (100%) create mode 100644 meta-arm/recipes-security/optee/optee-client_4.6.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-examples_4.6.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-os-tadevkit_4.6.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-os_4.6.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-test/0001-regression_1000-Re-order-the-include-of-sys-stat.h-h.patch create mode 100644 meta-arm/recipes-security/optee/optee-test_4.6.0.bb diff --git a/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm-bsp/conf/machine/include/corstone1000.inc index bbaeee29..ecaea64d 100644 --- a/meta-arm-bsp/conf/machine/include/corstone1000.inc +++ b/meta-arm-bsp/conf/machine/include/corstone1000.inc @@ -14,8 +14,8 @@ TFA_BL2_BINARY = "bl2-corstone1000.bin" TFA_FIP_BINARY = "fip-corstone1000.bin" # optee -PREFERRED_VERSION_optee-os ?= "4.4.%" -PREFERRED_VERSION_optee-client ?= "4.4.%" +PREFERRED_VERSION_optee-os ?= "4.6.%" +PREFERRED_VERSION_optee-client ?= "4.6.%" # Trusted Services TS_PLATFORM = "arm/corstone1000" diff --git a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-Handle-logging-syscall.patch b/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-Handle-logging-syscall.patch deleted file mode 100644 index 58ba2afd..00000000 --- a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-Handle-logging-syscall.patch +++ /dev/null @@ -1,32 +0,0 @@ -From d6ee50f581b43b16733b8731369b071d609d5048 Mon Sep 17 00:00:00 2001 -From: Emekcan Aras -Date: Thu, 31 Aug 2023 10:51:54 +0100 -Subject: [PATCH] Handle logging syscall - -Signed-off-by: Emekcan Aras -Upstream-Status: Pending [upstreamed differently in 280b6a3] ---- - core/arch/arm/kernel/spmc_sp_handler.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/core/arch/arm/kernel/spmc_sp_handler.c b/core/arch/arm/kernel/spmc_sp_handler.c -index 1f218a0df..0676e8898 100644 ---- a/core/arch/arm/kernel/spmc_sp_handler.c -+++ b/core/arch/arm/kernel/spmc_sp_handler.c -@@ -1276,7 +1276,12 @@ void spmc_sp_msg_handler(struct thread_smc_args *args, - handle_console_log(args); - sp_enter(args, caller_sp); - break; -- -+ case 0xdeadbeef: -+ ts_push_current_session(&caller_sp->ts_sess); -+ IMSG("%s", (char *)args->a1); -+ ts_pop_current_session(); -+ sp_enter(args, caller_sp); -+ break; - default: - EMSG("Unhandled FFA function ID %#"PRIx32, - (uint32_t)args->a0); --- -2.17.1 - diff --git a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-plat-corstone1000-increase-CFG_TZDRAM_SIZE.patch b/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-increase-CFG_TZDRAM_SIZE.patch similarity index 100% rename from meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-plat-corstone1000-increase-CFG_TZDRAM_SIZE.patch rename to meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-increase-CFG_TZDRAM_SIZE.patch diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc b/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc index 3f6452dc..d7fe4c73 100644 --- a/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc +++ b/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc @@ -1,7 +1,6 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:" SRC_URI:append = " \ - file://0001-Handle-logging-syscall.patch \ - file://0002-plat-corstone1000-increase-CFG_TZDRAM_SIZE.patch \ + file://0001-plat-corstone1000-increase-CFG_TZDRAM_SIZE.patch \ " COMPATIBLE_MACHINE = "corstone1000" diff --git a/meta-arm/recipes-security/optee/optee-client_4.6.0.bb b/meta-arm/recipes-security/optee/optee-client_4.6.0.bb new file mode 100644 index 00000000..cbd75eb3 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-client_4.6.0.bb @@ -0,0 +1,9 @@ +require recipes-security/optee/optee-client.inc + +# v4.6.0 +SRCREV = "02e7f9213b0d7db9c35ebf1e41e733fc9c5a3f75" +SRC_URI += "file://0001-tee-supplicant-update-udev-systemd-install-code.patch" + +inherit pkgconfig +DEPENDS += "util-linux" +EXTRA_OEMAKE += "PKG_CONFIG=pkg-config" diff --git a/meta-arm/recipes-security/optee/optee-examples_4.6.0.bb b/meta-arm/recipes-security/optee/optee-examples_4.6.0.bb new file mode 100644 index 00000000..8ee4ece9 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-examples_4.6.0.bb @@ -0,0 +1,4 @@ +require recipes-security/optee/optee-examples.inc + +# v4.6.0 +SRCREV = "5306d2c7c618bb4a91df17a2d5d79ae4701af4a3" diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_4.6.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_4.6.0.bb new file mode 100644 index 00000000..961d5251 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_4.6.0.bb @@ -0,0 +1,29 @@ +require recipes-security/optee/optee-os_${PV}.bb + +SUMMARY = "OP-TEE Trusted OS TA devkit" +DESCRIPTION = "OP-TEE TA devkit for build TAs" +HOMEPAGE = "https://www.op-tee.org/" + +DEPENDS += "python3-pycryptodome-native" + +do_install() { + #install TA devkit + install -d ${D}${includedir}/optee/export-user_ta/ + for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do + cp -aR $f ${D}${includedir}/optee/export-user_ta/ + done +} + +do_deploy() { + echo "Do not inherit do_deploy from optee-os." +} + +FILES:${PN} = "${includedir}/optee/" + +# Build paths are currently embedded +INSANE_SKIP:${PN}-dev += "buildpaths" + +# Include extra headers needed by SPMC tests to TA DEVKIT. +# Supported after op-tee v3.20 +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' CFG_SPMC_TESTS=y', '' , d)}" diff --git a/meta-arm/recipes-security/optee/optee-os_4.6.0.bb b/meta-arm/recipes-security/optee/optee-os_4.6.0.bb new file mode 100644 index 00000000..c9a6b261 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os_4.6.0.bb @@ -0,0 +1,11 @@ +require recipes-security/optee/optee-os.inc + +DEPENDS += "dtc-native" + +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +# v4.6.0 +SRCREV = "71785645fa6ce42db40dbf5a54e0eaedc4f61591" +SRC_URI += " \ + file://0003-optee-enable-clang-support.patch \ + " diff --git a/meta-arm/recipes-security/optee/optee-test/0001-regression_1000-Re-order-the-include-of-sys-stat.h-h.patch b/meta-arm/recipes-security/optee/optee-test/0001-regression_1000-Re-order-the-include-of-sys-stat.h-h.patch new file mode 100644 index 00000000..9bc18baf --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-test/0001-regression_1000-Re-order-the-include-of-sys-stat.h-h.patch @@ -0,0 +1,51 @@ +From a15be9eca1b7e935917d834284726027dffc8cfb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Cl=C3=A9ment=20Faure?= +Date: Wed, 7 May 2025 13:54:36 +0000 +Subject: [PATCH] regression_1000: Re-order the include of header +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +With musl, the compilation of optee-test would fail: + +| GEN optee-test/4.6.0/optee-test-4.6.0/xtest/regression_8100_ca_crt.h +| python3 ../../scripts/file_to_c.py --inf ../../cert/ca.crt --out optee-test/4.6.0/optee-test-4.6.0/xtest/regression_8100_ca_crt.h --name regression_8100_ca_crt +| In file included from optee-test/4.6.0/recipe-sysroot/usr/include/sys/stat.h:30, +| from optee-test/host/xtest/regression_1000.c:24: +| optee-test/4.6.0/recipe-sysroot/usr/include/bits/stat.h:17:26: error: expected identifier or '(' before '[' token +| 17 | unsigned __unused[2]; +| | ^ + +The defintion of OP-TEE macro __unused conflicts with the musl implementation +and its use of variables named __unused. + +Re-ordering and including before the macro gets defined is +enough to work around the issue. + +Signed-off-by: Clément Faure +Acked-by: Jerome Forissier +Upstream-Status: Backport [a15be9eca1b7e935917d834284726027dffc8cfb] +--- + host/xtest/regression_1000.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/host/xtest/regression_1000.c b/host/xtest/regression_1000.c +index e9d20a8..a427789 100644 +--- a/host/xtest/regression_1000.c ++++ b/host/xtest/regression_1000.c +@@ -20,11 +20,11 @@ + #ifdef CFG_SECURE_DATA_PATH + #include + #endif ++#include + #include + #include + #include + #include +-#include + #include + #include + #include +-- +2.43.0 + diff --git a/meta-arm/recipes-security/optee/optee-test_4.6.0.bb b/meta-arm/recipes-security/optee/optee-test_4.6.0.bb new file mode 100644 index 00000000..ab4b8ae2 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-test_4.6.0.bb @@ -0,0 +1,19 @@ +require recipes-security/optee/optee-test.inc + +# v4.6.0 +SRCREV = "a9e9495f4d57b97022008ad11198195e7e044c5d" + +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a8fa504109e4cd7ea575bc49ea4be560" + +SRC_URI += " \ + file://0001-build-make-cmake-add-Werror-based-on-CFG_WERROR.patch \ + file://0001-regression_1000-Re-order-the-include-of-sys-stat.h-h.patch \ +" + +# Include ffa_spmc test group if the SPMC test is enabled. +# Supported after op-tee v3.20 +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' CFG_SPMC_TESTS=y CFG_SECURE_PARTITION=y', '' , d)}" + +RDEPENDS:${PN} += "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' arm-ffa-user', '' , d)}" From patchwork Wed Jun 18 08:10:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Clement Faure X-Patchwork-Id: 65221 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E00F0C7115E for ; Wed, 18 Jun 2025 08:11:04 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.2042.1750234259331767085 for ; Wed, 18 Jun 2025 01:10:59 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: clement.faure@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5E46F1BD0; Wed, 18 Jun 2025 01:10:38 -0700 (PDT) Received: from MGC575JXM4.arm.com (unknown [10.57.83.236]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 53C943F66E; Wed, 18 Jun 2025 01:10:58 -0700 (PDT) From: Clement Faure To: meta-arm@lists.yoctoproject.org Cc: =?utf-8?q?Cl=C3=A9ment_Faure?= Subject: [PATCH 2/3] arm/optee: remove 4.3.0 Date: Wed, 18 Jun 2025 10:10:46 +0200 Message-Id: <20250618081047.34990-3-clement.faure@arm.com> X-Mailer: git-send-email 2.39.5 (Apple Git-154) In-Reply-To: <20250618081047.34990-1-clement.faure@arm.com> References: <20250618081047.34990-1-clement.faure@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 18 Jun 2025 08:11:04 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6566 From: Clément Faure Remove optee 4.3.0 recipes. Signed-off-by: Clément Faure --- ...dd-udev-rule-and-systemd-service-fil.patch | 186 ------------------ .../optee/optee-client_4.3.0.bb | 10 - .../optee/optee-examples_4.3.0.bb | 3 - .../optee/optee-os-tadevkit_4.3.0.bb | 26 --- ...mpile.mk-use-CFLAGS-from-environment.patch | 43 ---- ....mk-remove-absolute-build-time-paths.patch | 53 ----- ...02-link.mk-use-CFLAGS-with-version.o.patch | 45 ----- ...k-generate-version.o-in-link-out-dir.patch | 70 ------- .../recipes-security/optee/optee-os_4.3.0.bb | 14 -- .../optee/optee-test_4.3.0.bb | 12 -- 10 files changed, 462 deletions(-) delete mode 100644 meta-arm/recipes-security/optee/optee-client/0001-tee-supplicant-add-udev-rule-and-systemd-service-fil.patch delete mode 100644 meta-arm/recipes-security/optee/optee-client_4.3.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-examples_4.3.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-os-tadevkit_4.3.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-os/0001-compile.mk-use-CFLAGS-from-environment.patch delete mode 100644 meta-arm/recipes-security/optee/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch delete mode 100644 meta-arm/recipes-security/optee/optee-os/0002-link.mk-use-CFLAGS-with-version.o.patch delete mode 100644 meta-arm/recipes-security/optee/optee-os/0003-link.mk-generate-version.o-in-link-out-dir.patch delete mode 100644 meta-arm/recipes-security/optee/optee-os_4.3.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-test_4.3.0.bb diff --git a/meta-arm/recipes-security/optee/optee-client/0001-tee-supplicant-add-udev-rule-and-systemd-service-fil.patch b/meta-arm/recipes-security/optee/optee-client/0001-tee-supplicant-add-udev-rule-and-systemd-service-fil.patch deleted file mode 100644 index 18c0d950..00000000 --- a/meta-arm/recipes-security/optee/optee-client/0001-tee-supplicant-add-udev-rule-and-systemd-service-fil.patch +++ /dev/null @@ -1,186 +0,0 @@ -From bf0d02758696ee7a9f7af9e95f85f5c238d0e109 Mon Sep 17 00:00:00 2001 -From: Mikko Rapeli -Date: Wed, 2 Oct 2024 15:24:21 +0100 -Subject: [PATCH] tee-supplicant: add udev rule and systemd service file - -tee-supplicant startup with systemd init based -is non-trivial. Add sample udev rule and systemd -service files here so that distros can co-operate maintaining -them. - -Files are from meta-arm https://git.yoctoproject.org/meta-arm -at commit 7cce43e632daa8650f683ac726f9124681b302a4 with license -MIT and authors: - -Peter Griffin -Joshua Watt -Javier Tia -Mikko Rapeli - -With permission from the authors, files can be relicensed to -BSD-2-Clause like rest of optee client repo. - -The config files expect to find tee and teepriv system groups -and teesuppl user and group (part of teepriv group) for running -tee-supplicant. Additionally state directory /var/lib/tee -must be owned by teesuppl user and group with no rights -to other users. The groups and user can be changed via -CMake variables: - -CFG_TEE_GROUP -CFG_TEEPRIV_GROUP -CFG_TEE_SUPPL_USER -CFG_TEE_SUPPL_GROUP - -Change storage path from /data to /var/lib and -use standard CMake variables also for constructing install -paths which can be override to change the defaults: - -CMAKE_INSTALL_PREFIX, e.g. / -CMAKE_INSTALL_LIBDIR, e.g. /usr/lib -CMAKE_INSTALL_LOCALSTATEDIR /var - -Once these are setup, udev will start tee-supplicant in initramfs -or rootfs with teesuppl user and group when /dev/teepriv -device appears. The systemd service starts before tpm2.target -(new in systemd 256) which starts early in initramfs and in main rootfs. -This covers firmware TPM TA usecases for main rootfs encryption. When -stopping tee-supplicant, the ftpm kernel modules are removed and only -then the main process stopped to avoid fTPM breakage. These workarounds -may be removed once RPMB kernel and optee patches without tee-supplicant -are merged (Linux kernel >= 6.12-rc1, optee_os latest master or >= 4.4). - -Tested on yocto meta-arm setup which runs fTPM and optee-test/xtest -under qemuarm64: - -$ git clone https://git.yoctoproject.org/meta-arm -$ cd meta-arm -$ SSTATE_DIR=$HOME/sstate DL_DIR=$HOME/download kas build \ -ci/qemuarm64-secureboot.yml:ci/poky-altcfg.yml:ci/testimage.yml - -Compiled image can be manually started to qemu serial console with: - -$ SSTATE_DIR=$HOME/sstate DL_DIR=$HOME/download kas shell \ -ci/qemuarm64-secureboot.yml:ci/poky-altcfg.yml:ci/testimage.yml -$ runqemu slirp nographic - -meta-arm maintainers run these tests as part of their CI. - -Note that if the tee-supplicant state directory /var/lib/tee -can not be accessed due permissions or other problems, then -tee-supplicant startup with systemd still works. Only optee-test/xtest -will be failing and fTPM kernel drivers fail to load with error -messages. - -Cc: Peter Griffin -Cc: Joshua Watt -Cc: Javier Tia -Acked-by: Jerome Forissier -Signed-off-by: Mikko Rapeli ---- - config.mk | 2 +- - libteec/CMakeLists.txt | 2 +- - tee-supplicant/CMakeLists.txt | 13 +++++++++++-- - tee-supplicant/optee-udev.rules.in | 7 +++++++ - tee-supplicant/tee-supplicant@.service.in | 17 +++++++++++++++++ - 5 files changed, 37 insertions(+), 4 deletions(-) - create mode 100644 tee-supplicant/optee-udev.rules.in - create mode 100644 tee-supplicant/tee-supplicant@.service.in - -Upstream-Status: Backport - -diff --git a/config.mk b/config.mk -index eae481f..3def087 100644 ---- a/config.mk -+++ b/config.mk -@@ -23,7 +23,7 @@ CFG_TEE_SUPP_LOG_LEVEL?=1 - # This folder can be created with the required permission in an init - # script during boot, else it will be created by the tee-supplicant on - # first REE FS access. --CFG_TEE_FS_PARENT_PATH ?= /data/tee -+CFG_TEE_FS_PARENT_PATH ?= /var/lib/tee - - # CFG_TEE_CLIENT_LOG_FILE - # The location of the client log file when logging to file is enabled. -diff --git a/libteec/CMakeLists.txt b/libteec/CMakeLists.txt -index c742d31..c857369 100644 ---- a/libteec/CMakeLists.txt -+++ b/libteec/CMakeLists.txt -@@ -14,7 +14,7 @@ endif() - # Configuration flags always included - ################################################################################ - set(CFG_TEE_CLIENT_LOG_LEVEL "1" CACHE STRING "libteec log level") --set(CFG_TEE_CLIENT_LOG_FILE "/data/tee/teec.log" CACHE STRING "Location of libteec log") -+set(CFG_TEE_CLIENT_LOG_FILE "${CMAKE_INSTALL_LOCALSTATEDIR}/lib/tee/teec.log" CACHE STRING "Location of libteec log") - - ################################################################################ - # Source files -diff --git a/tee-supplicant/CMakeLists.txt b/tee-supplicant/CMakeLists.txt -index 54a34c7..8df9bef 100644 ---- a/tee-supplicant/CMakeLists.txt -+++ b/tee-supplicant/CMakeLists.txt -@@ -11,10 +11,15 @@ option(CFG_TEE_SUPP_PLUGINS "Enable tee-supplicant plugin support" ON) - set(CFG_TEE_SUPP_LOG_LEVEL "1" CACHE STRING "tee-supplicant log level") - # FIXME: Question is, is this really needed? Should just use defaults from # GNUInstallDirs? - set(CFG_TEE_CLIENT_LOAD_PATH "/lib" CACHE STRING "Colon-separated list of paths where to look for TAs (see also --ta-dir)") --set(CFG_TEE_FS_PARENT_PATH "/data/tee" CACHE STRING "Location of TEE filesystem (secure storage)") -+set(CFG_TEE_FS_PARENT_PATH "${CMAKE_INSTALL_LOCALSTATEDIR}/lib/tee" CACHE STRING "Location of TEE filesystem (secure storage)") - # FIXME: Why do we have if defined(CFG_GP_SOCKETS) && CFG_GP_SOCKETS == 1 in the c-file? - set(CFG_GP_SOCKETS "1" CACHE STRING "Enable GlobalPlatform Socket API support") --set(CFG_TEE_PLUGIN_LOAD_PATH "/usr/lib/tee-supplicant/plugins/" CACHE STRING "tee-supplicant's plugins path") -+set(CFG_TEE_PLUGIN_LOAD_PATH "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}/${PROJECT_NAME}/plugins/" CACHE STRING "tee-supplicant's plugins path") -+ -+set(CFG_TEE_GROUP "tee" CACHE STRING "Group which has access to /dev/tee* devices") -+set(CFG_TEEPRIV_GROUP "teepriv" CACHE STRING "Group which has access to /dev/teepriv* devices") -+set(CFG_TEE_SUPPL_USER "teesuppl" CACHE STRING "User account which tee-supplicant is started with") -+set(CFG_TEE_SUPPL_GROUP "teesuppl" CACHE STRING "Group account which tee-supplicant is started with") - - if(CFG_TEE_SUPP_PLUGINS) - set(CMAKE_INSTALL_RPATH "${CFG_TEE_PLUGIN_LOAD_PATH}") -@@ -113,3 +118,7 @@ endif() - # Install targets - ################################################################################ - install(TARGETS ${PROJECT_NAME} RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}) -+configure_file(tee-supplicant@.service.in tee-supplicant@.service @ONLY) -+install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/tee-supplicant@.service DESTINATION ${CMAKE_INSTALL_LIBDIR}/systemd/system) -+configure_file(optee-udev.rules.in optee-udev.rules @ONLY) -+install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/optee-udev.rules DESTINATION ${CMAKE_INSTALL_SYSCONFDIR}/udev/rules.d) -diff --git a/tee-supplicant/optee-udev.rules.in b/tee-supplicant/optee-udev.rules.in -new file mode 100644 -index 0000000..275e833 ---- /dev/null -+++ b/tee-supplicant/optee-udev.rules.in -@@ -0,0 +1,7 @@ -+# SPDX-License-Identifier: BSD-2-Clause -+KERNEL=="tee[0-9]*", MODE="0660", OWNER="root", GROUP="@CFG_TEE_GROUP@", TAG+="systemd" -+ -+# If a /dev/teepriv[0-9]* device is detected, start an instance of -+# tee-supplicant.service with the device name as parameter -+KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="@CFG_TEEPRIV_GROUP@", \ -+ TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service" -diff --git a/tee-supplicant/tee-supplicant@.service.in b/tee-supplicant/tee-supplicant@.service.in -new file mode 100644 -index 0000000..e53a935 ---- /dev/null -+++ b/tee-supplicant/tee-supplicant@.service.in -@@ -0,0 +1,17 @@ -+# SPDX-License-Identifier: BSD-2-Clause -+[Unit] -+Description=TEE Supplicant on %i -+DefaultDependencies=no -+After=dev-%i.device -+Wants=dev-%i.device -+Conflicts=shutdown.target -+Before=tpm2.target sysinit.target shutdown.target -+ -+[Service] -+Type=notify -+User=@CFG_TEE_SUPPL_USER@ -+Group=@CFG_TEE_SUPPL_GROUP@ -+EnvironmentFile=-@CMAKE_INSTALL_SYSCONFDIR@/default/tee-supplicant -+ExecStart=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_SBINDIR@/tee-supplicant $OPTARGS -+# Workaround for fTPM TA: stop kernel module before tee-supplicant -+ExecStop=-/bin/sh -c "/sbin/modprobe -v -r tpm_ftpm_tee ; /bin/kill $MAINPID" --- -2.34.1 - diff --git a/meta-arm/recipes-security/optee/optee-client_4.3.0.bb b/meta-arm/recipes-security/optee/optee-client_4.3.0.bb deleted file mode 100644 index fae453ad..00000000 --- a/meta-arm/recipes-security/optee/optee-client_4.3.0.bb +++ /dev/null @@ -1,10 +0,0 @@ -require recipes-security/optee/optee-client.inc - -SRCREV = "a5b1ffcd26e328af0bbf18ab448a38ecd558e05c" - -SRC_URI += "file://0001-tee-supplicant-add-udev-rule-and-systemd-service-fil.patch \ - file://0001-tee-supplicant-update-udev-systemd-install-code.patch" - -inherit pkgconfig -DEPENDS += "util-linux" -EXTRA_OEMAKE += "PKG_CONFIG=pkg-config" diff --git a/meta-arm/recipes-security/optee/optee-examples_4.3.0.bb b/meta-arm/recipes-security/optee/optee-examples_4.3.0.bb deleted file mode 100644 index f082a25d..00000000 --- a/meta-arm/recipes-security/optee/optee-examples_4.3.0.bb +++ /dev/null @@ -1,3 +0,0 @@ -require recipes-security/optee/optee-examples.inc - -SRCREV = "378dc0db2d5dd279f58a3b6cb3f78ffd6b165035" diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_4.3.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_4.3.0.bb deleted file mode 100644 index 2e43254a..00000000 --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_4.3.0.bb +++ /dev/null @@ -1,26 +0,0 @@ -require recipes-security/optee/optee-os_${PV}.bb - -SUMMARY = "OP-TEE Trusted OS TA devkit" -DESCRIPTION = "OP-TEE TA devkit for build TAs" -HOMEPAGE = "https://www.op-tee.org/" - -DEPENDS += "python3-pycryptodome-native" - -do_install() { - #install TA devkit - install -d ${D}${includedir}/optee/export-user_ta/ - for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do - cp -aR $f ${D}${includedir}/optee/export-user_ta/ - done -} - -do_deploy() { - echo "Do not inherit do_deploy from optee-os." -} - -FILES:${PN} = "${includedir}/optee/" - -# Include extra headers needed by SPMC tests to TA DEVKIT. -# Supported after op-tee v3.20 -EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ - ' CFG_SPMC_TESTS=y', '' , d)}" diff --git a/meta-arm/recipes-security/optee/optee-os/0001-compile.mk-use-CFLAGS-from-environment.patch b/meta-arm/recipes-security/optee/optee-os/0001-compile.mk-use-CFLAGS-from-environment.patch deleted file mode 100644 index 6577dce3..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0001-compile.mk-use-CFLAGS-from-environment.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 978cc08a393b7d5d0043bf7f4d33f0e33b2b18d8 Mon Sep 17 00:00:00 2001 -From: Mikko Rapeli -Date: Thu, 1 Aug 2024 13:58:36 +0000 -Subject: [PATCH 1/3] compile.mk: use CFLAGS from environment - -Users can set CFLAGS just like AFLAGS, CC, -LD etc and expect them to be used. It's ok to amend -to them but overwriting should not be done. -Build environment like yocto expect that these -variables are used to call the compiler etc tools. -Linux distro build environments usually set -these variables. - -Helps to remove build time paths from generated binaries -since mappings to remove them can be set by the distro -build system in CFLAGS automatically for each SW component -in the build. - -Reviewed-by: Jerome Forissier -Signed-off-by: Mikko Rapeli ---- - mk/compile.mk | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -Upstream-Status: Backport - -diff --git a/mk/compile.mk b/mk/compile.mk -index b3d807ba4..0de7ea259 100644 ---- a/mk/compile.mk -+++ b/mk/compile.mk -@@ -80,7 +80,8 @@ comp-compiler-$2 := $$(CC$(sm)) - comp-flags-$2 = $$(filter-out $$(CFLAGS_REMOVE) $$(cflags-remove) \ - $$(cflags-remove-$$(comp-sm-$2)) \ - $$(cflags-remove-$2), \ -- $$(CFLAGS$$(arch-bits-$$(comp-sm-$2))) $$(CFLAGS_WARNS) \ -+ $$(CFLAGS$$(arch-bits-$$(comp-sm-$2))) $$(CFLAGS) \ -+ $$(CFLAGS_WARNS) \ - $$(comp-cflags$$(comp-sm-$2)) $$(cflags$$(comp-sm-$2)) \ - $$(cflags-lib$$(comp-lib-$2)) $$(cflags-$2)) - ifeq ($C,1) --- -2.34.1 - diff --git a/meta-arm/recipes-security/optee/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch b/meta-arm/recipes-security/optee/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch deleted file mode 100644 index 63fb63a2..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 29b84ae5b277b85cd7244acde077694e6643fcde Mon Sep 17 00:00:00 2001 -From: Mikko Rapeli -Date: Thu, 18 Jul 2024 07:54:18 +0000 -Subject: [PATCH] mk/compile.mk: remove absolute build time paths - -Some generated files get a __FILE_ID__ which include absolute -build time paths. Remove the paths and use plain file name. -Fixes yocto QA check. - -Problem/bug: - -$ strings ../image/lib/firmware/tee.elf | grep mikko -__FILE_ID__ -_home_mikko_build_core_ta_pub_key_c -__FILE_ID__ -_home_mikko_build_core_ldelf_hex_c -__FILE_ID__ -_home_mikko_build_core_early_ta_fd02c9da_306c_48c7_a49c_bbd827ae86ee_c - -With this patch: - -$ strings ../image/lib/firmware/tee.elf | grep mikko -$ strings ../image/lib/firmware/tee.elf | grep FILE_ID | egrep \ -"core_ta_pub_key_c|core_ldelf_hex_c|core_early_ta_fd02c9da_306c_4" -__FILE_ID__ core_ta_pub_key_c -__FILE_ID__ core_ldelf_hex_c -__FILE_ID__ core_early_ta_fd02c9da_306c_48c7_a49c_bbd827ae86ee_c - -Reviewed-by: Jens Wiklander -Acked-by: Jerome Forissier -Signed-off-by: Mikko Rapeli ---- - mk/compile.mk | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Upstream-Status: Backport - -diff --git a/mk/compile.mk b/mk/compile.mk -index b3d807ba4..338535bf3 100644 ---- a/mk/compile.mk -+++ b/mk/compile.mk -@@ -120,7 +120,7 @@ comp-cppflags-$2 = $$(filter-out $$(CPPFLAGS_REMOVE) $$(cppflags-remove) \ - $$(addprefix -I,$$(incdirs-$2)) \ - $$(cppflags$$(comp-sm-$2)) \ - $$(cppflags-lib$$(comp-lib-$2)) $$(cppflags-$2)) \ -- -D__FILE_ID__=$$(subst -,_,$$(subst /,_,$$(subst .,_,$1))) -+ -D__FILE_ID__=$$(subst -,_,$$(subst /,_,$$(subst .,_,$$(patsubst $$(out-dir)/%,%,$1)))) - - comp-flags-$2 += -MD -MF $$(comp-dep-$2) -MT $$@ - comp-flags-$2 += $$(comp-cppflags-$2) --- -2.34.1 - diff --git a/meta-arm/recipes-security/optee/optee-os/0002-link.mk-use-CFLAGS-with-version.o.patch b/meta-arm/recipes-security/optee/optee-os/0002-link.mk-use-CFLAGS-with-version.o.patch deleted file mode 100644 index 08bc15d7..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0002-link.mk-use-CFLAGS-with-version.o.patch +++ /dev/null @@ -1,45 +0,0 @@ -From f9207376ed58836bf748cc4cea0fcbf46624a709 Mon Sep 17 00:00:00 2001 -From: Mikko Rapeli -Date: Thu, 1 Aug 2024 14:03:11 +0000 -Subject: [PATCH 2/3] link.mk: use CFLAGS with version.o - -Should be used by all compilations. - -Reviewed-by: Jerome Forissier -Signed-off-by: Mikko Rapeli ---- - core/arch/arm/kernel/link.mk | 2 +- - core/arch/riscv/kernel/link.mk | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -Upstream-Status: Backport - -diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index 49e9f4fa1..377a82b65 100644 ---- a/core/arch/arm/kernel/link.mk -+++ b/core/arch/arm/kernel/link.mk -@@ -151,7 +151,7 @@ define update-buildcount - endef - - # filter-out to workaround objdump warning --version-o-cflags = $(filter-out -g3,$(core-platform-cflags) \ -+version-o-cflags = $(filter-out -g3,$(CFLAGS) $(core-platform-cflags) \ - $(platform-cflags) $(cflagscore)) - # SOURCE_DATE_EPOCH defined for reproducible builds - ifneq ($(SOURCE_DATE_EPOCH),) -diff --git a/core/arch/riscv/kernel/link.mk b/core/arch/riscv/kernel/link.mk -index 3d1000d15..1fff0a379 100644 ---- a/core/arch/riscv/kernel/link.mk -+++ b/core/arch/riscv/kernel/link.mk -@@ -62,7 +62,7 @@ define update-buildcount - endef - - # filter-out to workaround objdump warning --version-o-cflags = $(filter-out -g3,$(core-platform-cflags) \ -+version-o-cflags = $(filter-out -g3,$(CFLAGS) $(core-platform-cflags) \ - $(platform-cflags) $(cflagscore)) - # SOURCE_DATE_EPOCH defined for reproducible builds - ifneq ($(SOURCE_DATE_EPOCH),) --- -2.34.1 - diff --git a/meta-arm/recipes-security/optee/optee-os/0003-link.mk-generate-version.o-in-link-out-dir.patch b/meta-arm/recipes-security/optee/optee-os/0003-link.mk-generate-version.o-in-link-out-dir.patch deleted file mode 100644 index 0e559b2e..00000000 --- a/meta-arm/recipes-security/optee/optee-os/0003-link.mk-generate-version.o-in-link-out-dir.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 8f100f355e645376729086edbace8f01cf7aa3b4 Mon Sep 17 00:00:00 2001 -From: Mikko Rapeli -Date: Thu, 1 Aug 2024 14:04:55 +0000 -Subject: [PATCH 3/3] link.mk: generate version.o in link-out-dir - -When source code is piped to compiler, then the -current working directory is left into debug -data. If the working directory is not the output -directory, then mappings which strip absolute output -directory paths don't work. - -Removes absolute build time paths from version.o -debug info. - -Reviewed-by: Jerome Forissier -Signed-off-by: Mikko Rapeli ---- - core/arch/arm/kernel/link.mk | 5 +++-- - core/arch/riscv/kernel/link.mk | 5 +++-- - 2 files changed, 6 insertions(+), 4 deletions(-) - -Upstream-Status: Backport - -diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index 377a82b65..d1d527224 100644 ---- a/core/arch/arm/kernel/link.mk -+++ b/core/arch/arm/kernel/link.mk -@@ -163,14 +163,15 @@ CORE_CC_VERSION = `$(CCcore) -v 2>&1 | grep "version " | sed 's/ *$$//'` - define gen-version-o - $(call update-buildcount,$(link-out-dir)/.buildcount) - @$(cmd-echo-silent) ' GEN $(link-out-dir)/version.o' -- $(q)echo -e "const char core_v_str[] =" \ -+ $(q)cd $(link-out-dir) && \ -+ echo -e "const char core_v_str[] =" \ - "\"$(TEE_IMPL_VERSION) \"" \ - "\"($(CORE_CC_VERSION)) \"" \ - "\"#$(BUILD_COUNT_STR) \"" \ - "\"$(DATE_STR) \"" \ - "\"$(CFG_KERN_LINKER_ARCH)\";\n" \ - | $(CCcore) $(version-o-cflags) \ -- -xc - -c -o $(link-out-dir)/version.o -+ -xc - -c -o version.o - endef - $(link-out-dir)/version.o: - $(call gen-version-o) -diff --git a/core/arch/riscv/kernel/link.mk b/core/arch/riscv/kernel/link.mk -index 1fff0a379..6511586e2 100644 ---- a/core/arch/riscv/kernel/link.mk -+++ b/core/arch/riscv/kernel/link.mk -@@ -74,14 +74,15 @@ CORE_CC_VERSION = `$(CCcore) -v 2>&1 | grep "version " | sed 's/ *$$//'` - define gen-version-o - $(call update-buildcount,$(link-out-dir)/.buildcount) - @$(cmd-echo-silent) ' GEN $(link-out-dir)/version.o' -- $(q)echo -e "const char core_v_str[] =" \ -+ $(q)cd $(link-out-dir) && \ -+ echo -e "const char core_v_str[] =" \ - "\"$(TEE_IMPL_VERSION) \"" \ - "\"($(CORE_CC_VERSION)) \"" \ - "\"#$(BUILD_COUNT_STR) \"" \ - "\"$(DATE_STR) \"" \ - "\"$(CFG_KERN_LINKER_ARCH)\";\n" \ - | $(CCcore) $(version-o-cflags) \ -- -xc - -c -o $(link-out-dir)/version.o -+ -xc - -c -o version.o - endef - - $(link-out-dir)/version.o: --- -2.34.1 - diff --git a/meta-arm/recipes-security/optee/optee-os_4.3.0.bb b/meta-arm/recipes-security/optee/optee-os_4.3.0.bb deleted file mode 100644 index cfd926b0..00000000 --- a/meta-arm/recipes-security/optee/optee-os_4.3.0.bb +++ /dev/null @@ -1,14 +0,0 @@ -require recipes-security/optee/optee-os.inc - -DEPENDS += "dtc-native" - -FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" - -SRCREV = "1c0d52ace3c237ca6276cafb5c73f699a75c1d40" -SRC_URI += " \ - file://0003-optee-enable-clang-support.patch \ - file://0001-mk-compile.mk-remove-absolute-build-time-paths.patch \ - file://0001-compile.mk-use-CFLAGS-from-environment.patch \ - file://0002-link.mk-use-CFLAGS-with-version.o.patch \ - file://0003-link.mk-generate-version.o-in-link-out-dir.patch \ -" diff --git a/meta-arm/recipes-security/optee/optee-test_4.3.0.bb b/meta-arm/recipes-security/optee/optee-test_4.3.0.bb deleted file mode 100644 index 44846fef..00000000 --- a/meta-arm/recipes-security/optee/optee-test_4.3.0.bb +++ /dev/null @@ -1,12 +0,0 @@ -require recipes-security/optee/optee-test.inc - -SRCREV = "9d4c4fb9638fb533211037016b6da12fbbcc4bb6" -LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a8fa504109e4cd7ea575bc49ea4be560" - -# Include ffa_spmc test group if the SPMC test is enabled. -# Supported after op-tee v3.20 -EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ - ' CFG_SPMC_TESTS=y CFG_SECURE_PARTITION=y', '' , d)}" - -RDEPENDS:${PN} += "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ - ' arm-ffa-user', '' , d)}" From patchwork Wed Jun 18 08:10:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Clement Faure X-Patchwork-Id: 65219 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB5EBC71157 for ; Wed, 18 Jun 2025 08:11:04 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.2043.1750234260414248729 for ; Wed, 18 Jun 2025 01:11:00 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: clement.faure@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6CB3614BF; Wed, 18 Jun 2025 01:10:39 -0700 (PDT) Received: from MGC575JXM4.arm.com (unknown [10.57.83.236]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 612073F66E; Wed, 18 Jun 2025 01:10:59 -0700 (PDT) From: Clement Faure To: meta-arm@lists.yoctoproject.org Cc: =?utf-8?q?Cl=C3=A9ment_Faure?= Subject: [PATCH 3/3] arm/optee: remove 4.4.0 Date: Wed, 18 Jun 2025 10:10:47 +0200 Message-Id: <20250618081047.34990-4-clement.faure@arm.com> X-Mailer: git-send-email 2.39.5 (Apple Git-154) In-Reply-To: <20250618081047.34990-1-clement.faure@arm.com> References: <20250618081047.34990-1-clement.faure@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 18 Jun 2025 08:11:04 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6567 From: Clément Faure Remove optee 4.4.0 recipes. Signed-off-by: Clément Faure --- .../optee/optee-client_4.4.0.bb | 9 ------ .../optee/optee-examples_4.4.0.bb | 4 --- .../optee/optee-os-tadevkit_4.4.0.bb | 29 ------------------- .../recipes-security/optee/optee-os_4.4.0.bb | 11 ------- .../optee/optee-test_4.4.0.bb | 16 ---------- 5 files changed, 69 deletions(-) delete mode 100644 meta-arm/recipes-security/optee/optee-client_4.4.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-examples_4.4.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-os-tadevkit_4.4.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-os_4.4.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-test_4.4.0.bb diff --git a/meta-arm/recipes-security/optee/optee-client_4.4.0.bb b/meta-arm/recipes-security/optee/optee-client_4.4.0.bb deleted file mode 100644 index 8bd03868..00000000 --- a/meta-arm/recipes-security/optee/optee-client_4.4.0.bb +++ /dev/null @@ -1,9 +0,0 @@ -require recipes-security/optee/optee-client.inc - -# v4.4.0 -SRCREV = "d221676a58b305bddbf97db00395205b3038de8e" -SRC_URI += "file://0001-tee-supplicant-update-udev-systemd-install-code.patch" - -inherit pkgconfig -DEPENDS += "util-linux" -EXTRA_OEMAKE += "PKG_CONFIG=pkg-config" diff --git a/meta-arm/recipes-security/optee/optee-examples_4.4.0.bb b/meta-arm/recipes-security/optee/optee-examples_4.4.0.bb deleted file mode 100644 index 46f08384..00000000 --- a/meta-arm/recipes-security/optee/optee-examples_4.4.0.bb +++ /dev/null @@ -1,4 +0,0 @@ -require recipes-security/optee/optee-examples.inc - -# v4.4.0 -SRCREV = "378dc0db2d5dd279f58a3b6cb3f78ffd6b165035" diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_4.4.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_4.4.0.bb deleted file mode 100644 index 961d5251..00000000 --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_4.4.0.bb +++ /dev/null @@ -1,29 +0,0 @@ -require recipes-security/optee/optee-os_${PV}.bb - -SUMMARY = "OP-TEE Trusted OS TA devkit" -DESCRIPTION = "OP-TEE TA devkit for build TAs" -HOMEPAGE = "https://www.op-tee.org/" - -DEPENDS += "python3-pycryptodome-native" - -do_install() { - #install TA devkit - install -d ${D}${includedir}/optee/export-user_ta/ - for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do - cp -aR $f ${D}${includedir}/optee/export-user_ta/ - done -} - -do_deploy() { - echo "Do not inherit do_deploy from optee-os." -} - -FILES:${PN} = "${includedir}/optee/" - -# Build paths are currently embedded -INSANE_SKIP:${PN}-dev += "buildpaths" - -# Include extra headers needed by SPMC tests to TA DEVKIT. -# Supported after op-tee v3.20 -EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ - ' CFG_SPMC_TESTS=y', '' , d)}" diff --git a/meta-arm/recipes-security/optee/optee-os_4.4.0.bb b/meta-arm/recipes-security/optee/optee-os_4.4.0.bb deleted file mode 100644 index bd031ef7..00000000 --- a/meta-arm/recipes-security/optee/optee-os_4.4.0.bb +++ /dev/null @@ -1,11 +0,0 @@ -require recipes-security/optee/optee-os.inc - -DEPENDS += "dtc-native" - -FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" - -# v4.4.0 -SRCREV = "8f645256efc0dc66bd5c118778b0b50c44469ae1" -SRC_URI += " \ - file://0003-optee-enable-clang-support.patch \ - " diff --git a/meta-arm/recipes-security/optee/optee-test_4.4.0.bb b/meta-arm/recipes-security/optee/optee-test_4.4.0.bb deleted file mode 100644 index 8b88865b..00000000 --- a/meta-arm/recipes-security/optee/optee-test_4.4.0.bb +++ /dev/null @@ -1,16 +0,0 @@ -require recipes-security/optee/optee-test.inc - -# v4.4.0 -SRCREV = "695231ef8987866663a9ed5afd8f77d1bae3dc08" - -LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a8fa504109e4cd7ea575bc49ea4be560" - -SRC_URI += "file://0001-build-make-cmake-add-Werror-based-on-CFG_WERROR.patch" - -# Include ffa_spmc test group if the SPMC test is enabled. -# Supported after op-tee v3.20 -EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ - ' CFG_SPMC_TESTS=y CFG_SECURE_PARTITION=y', '' , d)}" - -RDEPENDS:${PN} += "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ - ' arm-ffa-user', '' , d)}"