From patchwork Wed Jan 21 14:03:34 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hugues KAMBA MPIANA X-Patchwork-Id: 79338 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F036CA5FDD for ; Wed, 21 Jan 2026 14:04:12 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.12450.1769004243497990780 for ; Wed, 21 Jan 2026 06:04:03 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: hugues.kambampiana@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7ED421517; Wed, 21 Jan 2026 06:03:56 -0800 (PST) Received: from LXKV206JHX.arm.com (unknown [10.57.80.132]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5CFA03F694; Wed, 21 Jan 2026 06:04:02 -0800 (PST) From: Hugues KAMBA MPIANA To: meta-arm@lists.yoctoproject.org Cc: Hugues KAMBA MPIANA Subject: [PATCH 1/3] arm/arm-bsp: optee: add version 4.9.0 Date: Wed, 21 Jan 2026 14:03:34 +0000 Message-ID: <20260121140356.16818-2-hugues.kambampiana@arm.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20260121140356.16818-1-hugues.kambampiana@arm.com> References: <20260121140356.16818-1-hugues.kambampiana@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 21 Jan 2026 14:04:12 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6861 OP-TEE version 4.9.0 has been released on 2026-01-16 [1]. Add OP-TEE recipes to point to version 4.9.0 Link: [1]: https://github.com/OP-TEE/optee_os/blob/master/CHANGELOG.md#op-tee---version-490-2026-01-16 Signed-off-by: Hugues KAMBA MPIANA --- .../optee-ftpm/optee-ftpm_4.9.0.bb | 94 +++++++++++++++++++ .../optee/optee-client_4.9.0.bb | 4 + .../optee/optee-examples_4.9.0.bb | 4 + .../optee/optee-os-tadevkit_4.9.0.bb | 30 ++++++ .../recipes-security/optee/optee-os_4.9.0.bb | 8 ++ .../optee/optee-test_4.9.0.bb | 14 +++ 6 files changed, 154 insertions(+) create mode 100644 meta-arm/recipes-security/optee-ftpm/optee-ftpm_4.9.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-client_4.9.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-examples_4.9.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-os-tadevkit_4.9.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-os_4.9.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-test_4.9.0.bb diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_4.9.0.bb b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_4.9.0.bb new file mode 100644 index 00000000..5dfc88c6 --- /dev/null +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_4.9.0.bb @@ -0,0 +1,94 @@ +SUMMARY = "OPTEE fTPM Microsoft TA" +DESCRIPTION = "TCG reference implementation of the TPM 2.0 Specification." +HOMEPAGE = "https://github.com/microsoft/ms-tpm-20-ref/" + +COMPATIBLE_MACHINE ?= "invalid" +COMPATIBLE_MACHINE:genericarm64 = "genericarm64" +COMPATIBLE_MACHINE:qemuarm64 = "qemuarm64" +COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64" +COMPATIBLE_MACHINE:qemuarm-secureboot = "qemuarm" + +inherit deploy python3native + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=5a3925ece0806073ae9ebbb08ff6f11e" +LIC_FILES_CHKSUM += "file://optee-ta/LICENSE;md5=5a3925ece0806073ae9ebbb08ff6f11e" + +DEPENDS = "python3-pyelftools-native optee-os-tadevkit python3-cryptography-native" +DEPENDS:append:toolchain-clang = " lld-native" + +FTPM_UUID = "bc50d971-d4c9-42c4-82cb-343fb7f37896" + +SRC_URI_ms-tpm ?= "gitsm://github.com/Microsoft/ms-tpm-20-ref;protocol=https" +SRC_URI_optee-ta ?= "gitsm://github.com/OP-TEE/optee_ftpm.git;protocol=https" + +SRCBRANCH_ms-tpm = "main" +SRCBRANCH_optee-ta = "master" + +SRC_URI = "\ + ${SRC_URI_ms-tpm};branch=${SRCBRANCH_ms-tpm};name=ms-tpm;destsuffix=ms-tpm \ + ${SRC_URI_optee-ta};branch=${SRCBRANCH_optee-ta};name=optee-ta;destsuffix=ms-tpm/optee-ta \ +" + +# As per optee-ftpm TA documentation, we have to use this SHA of MS TPM reference +SRCREV_ms-tpm ?= "98b60a44aba79b15fcce1c0d1e46cf5918400f6a" + +# v4.9.0 +SRCREV_optee-ta ?= "a09269b15de635e1816fe832e26adfbfb44c5455" + +SRCREV_FORMAT = "ms-tpm_optee-ta" + +UPSTREAM_CHECK_COMMITS = "1" + +S = "${UNPACKDIR}/ms-tpm" + +OPTEE_CLIENT_EXPORT = "${STAGING_DIR_HOST}${prefix}" +TEEC_EXPORT = "${STAGING_DIR_HOST}${prefix}" +TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta" + +EXTRA_OEMAKE += '\ + COMPILER=${TOOLCHAIN} \ + TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ + CROSS_COMPILE=${TARGET_PREFIX} \ + CFG_MS_TPM_20_REF="${S}" \ + CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST}" \ +' + +EXTRA_OEMAKE:append:aarch64:qemuall = "\ + CFG_ARM64_ta_arm64=y \ +" + +CFLAGS:append:toolchain-clang = " -Wno-unknown-warning-option" + +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES = "${STAGING_LIBDIR_NATIVE}/ossl-modules" + +PARALLEL_MAKE = "" + +do_compile() { + cd ${S}/optee-ta + oe_runmake +} + +do_install () { + mkdir -p ${D}/${nonarch_base_libdir}/optee_armtz + install -D -p -m 0644 ${S}/optee-ta/${FTPM_UUID}.ta ${D}/${nonarch_base_libdir}/optee_armtz/ + install -D -p -m 0644 ${S}/optee-ta/${FTPM_UUID}.stripped.elf ${D}/${nonarch_base_libdir}/optee_armtz/ +} + +do_deploy () { + install -d ${DEPLOYDIR}/optee + install -D -p -m 0644 ${S}/optee-ta/${FTPM_UUID}.stripped.elf ${DEPLOYDIR}/optee/ +} + +addtask deploy before do_build after do_install + +FILES:${PN} += " \ + ${nonarch_base_libdir}/optee_armtz/${FTPM_UUID}.ta \ + ${nonarch_base_libdir}/optee_armtz/${FTPM_UUID}.stripped.elf \ + " + +# Imports machine specific configs from staging to build +PACKAGE_ARCH = "${MACHINE_ARCH}" +INSANE_SKIP:${PN} += "ldflags" diff --git a/meta-arm/recipes-security/optee/optee-client_4.9.0.bb b/meta-arm/recipes-security/optee/optee-client_4.9.0.bb new file mode 100644 index 00000000..b5c3f0a2 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-client_4.9.0.bb @@ -0,0 +1,4 @@ +require recipes-security/optee/optee-client.inc + +# v4.9.0 +SRCREV = "9f5e90918093c1d1cd264d8149081b64ab7ba672" diff --git a/meta-arm/recipes-security/optee/optee-examples_4.9.0.bb b/meta-arm/recipes-security/optee/optee-examples_4.9.0.bb new file mode 100644 index 00000000..7c9bd972 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-examples_4.9.0.bb @@ -0,0 +1,4 @@ +require recipes-security/optee/optee-examples.inc + +# v4.9.0 +SRCREV = "934c7edb74a26e90f68024cf441073528444177f" diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_4.9.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_4.9.0.bb new file mode 100644 index 00000000..cca9f62a --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_4.9.0.bb @@ -0,0 +1,30 @@ +require recipes-security/optee/optee-os_${PV}.bb + +SUMMARY = "OP-TEE Trusted OS TA devkit" +DESCRIPTION = "OP-TEE TA devkit for build TAs" +HOMEPAGE = "https://www.op-tee.org/" + +DEPENDS += "python3-pycryptodome-native" +DEPENDS:append:toolchain-clang = " lld-native" + +do_install() { + #install TA devkit + install -d ${D}${includedir}/optee/export-user_ta/ + for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do + cp -aR $f ${D}${includedir}/optee/export-user_ta/ + done +} + +do_deploy() { + echo "Do not inherit do_deploy from optee-os." +} + +FILES:${PN} = "${includedir}/optee/" + +# Build paths are currently embedded +INSANE_SKIP:${PN}-dev += "buildpaths" + +# Include extra headers needed by SPMC tests to TA DEVKIT. +# Supported after op-tee v3.20 +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' CFG_SPMC_TESTS=y', '' , d)}" diff --git a/meta-arm/recipes-security/optee/optee-os_4.9.0.bb b/meta-arm/recipes-security/optee/optee-os_4.9.0.bb new file mode 100644 index 00000000..8e64a636 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os_4.9.0.bb @@ -0,0 +1,8 @@ +require recipes-security/optee/optee-os.inc + +DEPENDS += "dtc-native" + +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +# 4.9.0 +SRCREV = "c2b0684fcd89929976a8726e6e3af922b48dd2c7" diff --git a/meta-arm/recipes-security/optee/optee-test_4.9.0.bb b/meta-arm/recipes-security/optee/optee-test_4.9.0.bb new file mode 100644 index 00000000..ddb574fc --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-test_4.9.0.bb @@ -0,0 +1,14 @@ +require recipes-security/optee/optee-test.inc + +# v4.9.0 +SRCREV = "b27648ea8472cceceb8dda368a965c709066f7aa" + +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a8fa504109e4cd7ea575bc49ea4be560" + +# Include ffa_spmc test group if the SPMC test is enabled. +# Supported after op-tee v3.20 +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' CFG_SPMC_TESTS=y CFG_SECURE_PARTITION=y', '' , d)}" + +RDEPENDS:${PN} += "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' arm-ffa-user', '' , d)}" From patchwork Wed Jan 21 14:03:35 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Hugues KAMBA MPIANA X-Patchwork-Id: 79339 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 585CAD26296 for ; Wed, 21 Jan 2026 14:04:12 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.12416.1769004244530220699 for ; Wed, 21 Jan 2026 06:04:04 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: hugues.kambampiana@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8E3B71476; Wed, 21 Jan 2026 06:03:57 -0800 (PST) Received: from LXKV206JHX.arm.com (unknown [10.57.80.132]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 682853F694; Wed, 21 Jan 2026 06:04:03 -0800 (PST) From: Hugues KAMBA MPIANA To: meta-arm@lists.yoctoproject.org Cc: Hugues KAMBA MPIANA Subject: [PATCH 2/3] arm-bsp/corstone1000: move to support OP-TEE version 4.9 Date: Wed, 21 Jan 2026 14:03:35 +0000 Message-ID: <20260121140356.16818-3-hugues.kambampiana@arm.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20260121140356.16818-1-hugues.kambampiana@arm.com> References: <20260121140356.16818-1-hugues.kambampiana@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 21 Jan 2026 14:04:12 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6862 Bump Corstone-1000 machine OP-TEE version from 4.7.0 to version 4.9.0. Signed-off-by: Hugues KAMBA MPIANA --- .../conf/machine/include/corstone1000.inc | 4 +- .../documentation/corstone1000/conf.py | 2 +- .../documentation/corstone1000/user-guide.rst | 6 +- ...corstone1000-Add-Cortex-A320-support.patch | 143 ------------------ .../optee/optee-os-corstone1000-common.inc | 4 - .../optee/optee-client_git.bb | 7 +- 6 files changed, 8 insertions(+), 158 deletions(-) delete mode 100644 meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-Add-Cortex-A320-support.patch diff --git a/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm-bsp/conf/machine/include/corstone1000.inc index e3c726e5..175a89e0 100644 --- a/meta-arm-bsp/conf/machine/include/corstone1000.inc +++ b/meta-arm-bsp/conf/machine/include/corstone1000.inc @@ -16,8 +16,8 @@ TFA_BL2_BINARY = "bl2-corstone1000.bin" TFA_FIP_BINARY = "fip-corstone1000.bin" # optee -PREFERRED_VERSION_optee-os ?= "4.7.%" -PREFERRED_VERSION_optee-client ?= "4.7.%" +PREFERRED_VERSION_optee-os ?= "4.9.%" +PREFERRED_VERSION_optee-client ?= "4.9.%" # Trusted Services TS_PLATFORM = "arm/corstone1000" diff --git a/meta-arm-bsp/documentation/corstone1000/conf.py b/meta-arm-bsp/documentation/corstone1000/conf.py index 0202e574..4cc5fbbb 100644 --- a/meta-arm-bsp/documentation/corstone1000/conf.py +++ b/meta-arm-bsp/documentation/corstone1000/conf.py @@ -27,7 +27,7 @@ sys.path.append(os.path.dirname(__file__)) # -- Project information ----------------------------------------------------- project = 'corstone1000' -copyright = '2020-2024, Arm Limited' +copyright = '2020-2026, Arm Limited' author = 'Arm Limited' diff --git a/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm-bsp/documentation/corstone1000/user-guide.rst index f4f4c794..38d2116a 100644 --- a/meta-arm-bsp/documentation/corstone1000/user-guide.rst +++ b/meta-arm-bsp/documentation/corstone1000/user-guide.rst @@ -91,7 +91,7 @@ Host Processor Components +----------+-------------------------------------------------------------------------------------------------------+ | bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend`` | +----------+-------------------------------------------------------------------------------------------------------+ -| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.13.0.bb`` | +| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.14.0.bb`` | +----------+-------------------------------------------------------------------------------------------------------+ `Trusted Services `__ @@ -133,7 +133,7 @@ Host Processor Components +----------+------------------------------------------------------------------------------------------+ | bbappend | ``${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend`` | +----------+------------------------------------------------------------------------------------------+ -| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-security/optee/optee-os_4.7.0.bb`` | +| Recipe | ``${WORKSPACE}/meta-arm/meta-arm/recipes-security/optee/optee-os_4.9.0.bb`` | +----------+------------------------------------------------------------------------------------------+ `U-Boot `__ @@ -2365,7 +2365,7 @@ and `Arm Development Studio `__ versions 2022.2, 2022.c, or 202 -------------- -*Copyright (c) 2022-2025, Arm Limited. All rights reserved.* +*Copyright (c) 2022-2026, Arm Limited. All rights reserved.* .. _arm-developer-fvp: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps .. _secure-debug-manager-repo-readme: https://github.com/ARM-software/secure-debug-manager/tree/master?tab=readme-ov-file#secure-debug-manager-psa-adac--sdc-600 diff --git a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-Add-Cortex-A320-support.patch b/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-Add-Cortex-A320-support.patch deleted file mode 100644 index 4d4847a5..00000000 --- a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-Add-Cortex-A320-support.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 4a8fa965a39879d98eac1626c4c756043985726d Mon Sep 17 00:00:00 2001 -From: Hugues KAMBA MPIANA -Date: Tue, 11 Nov 2025 08:09:40 +0000 -Subject: [PATCH] plat-corstone1000: Add Cortex-A320 support -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Convert arm64-platform-cpuarch from a hard-coded cortex-a35 into a “?=” -(default) assignment so users can override it (for example to -cortex-a320) via the make command line. - -The Cortex-A320 core is not yet supported via -mcpu=cortex-a320. -When arm64-platform-cpuarch is set to cortex-a320, switch to --march=armv9.2-a. - -The new Corstone-1000 variant with Cortex-A320 replaces the original -GIC-400 (v2) interrupt controller with a GIC-600, which is -architecturally compliant with GICv3. Since OP-TEE already provides -a generic GICv3 driver, only minimal platform changes are needed -to expose the updated register map and initialize the GICv3 interface. - -**Changes introduced** - -* When `cortex-a320` is selected: - * Force `CFG_ARM_GICV3=y`. - * Introduce `CFG_CORSTONE1000_CORTEX_A320` to guard - Cortex-A320–specific code. -* Map the Redistributor region (`GICR_BASE`). -* Use `gic_init_v3(…)` instead of the v2 helper for Cortex-A320 builds. -* Add `GICR_BASE`, `GIC_REDIST_REG_SIZE`, and related offsets. -* Retain legacy `GICC_BASE` definitions under the GICv2 path so that - the Cortex-A35 + GIC-400 variant continues to build unchanged. - -Upstream-Status: Submitted (https://github.com/OP-TEE/optee_os/pull/7627) -Signed-off-by: Hugues KAMBA MPIANA -Signed-off-by: Harsimran Singh Tungal ---- - core/arch/arm/plat-corstone1000/conf.mk | 11 ++++++++++- - core/arch/arm/plat-corstone1000/main.c | 11 ++++++++++- - .../arm/plat-corstone1000/platform_config.h | 19 +++++++++++++++++-- - 3 files changed, 37 insertions(+), 4 deletions(-) - -diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk -index 86b8d8480..147b6972f 100644 ---- a/core/arch/arm/plat-corstone1000/conf.mk -+++ b/core/arch/arm/plat-corstone1000/conf.mk -@@ -23,9 +23,18 @@ $(call force,CFG_PL011,y) - $(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y) - $(call force,CFG_ARM64_core,y) - --arm64-platform-cpuarch := cortex-a35 -+# Default CPU core for Corstone1000 platform; override for other cores (e.g. cortex-a320) -+arm64-platform-cpuarch ?= cortex-a35 -+ -+ifeq ($(arm64-platform-cpuarch),cortex-a320) -+arm64-platform-cflags += -march=armv9.2-a -+arm64-platform-aflags += -march=armv9.2-a -+$(call force,CFG_ARM_GICV3,y) -+$(call force,CFG_CORSTONE1000_CORTEX_A320,y) -+else - arm64-platform-cflags += -mcpu=$(arm64-platform-cpuarch) - arm64-platform-aflags += -mcpu=$(arm64-platform-cpuarch) -+endif - - CFG_WITH_STATS ?= y - CFG_WITH_ARM_TRUSTED_FW ?= y -diff --git a/core/arch/arm/plat-corstone1000/main.c b/core/arch/arm/plat-corstone1000/main.c -index 9e1482a7b..fd2dd888c 100644 ---- a/core/arch/arm/plat-corstone1000/main.c -+++ b/core/arch/arm/plat-corstone1000/main.c -@@ -1,6 +1,6 @@ - // SPDX-License-Identifier: BSD-2-Clause - /* -- * Copyright (c) 2022, Arm Limited -+ * Copyright (c) 2022, 2025, Arm Limited - */ - - #include -@@ -18,11 +18,20 @@ register_ddr(DRAM0_BASE, DRAM0_SIZE); - - register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE); - register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE); -+ -+#if defined(CFG_CORSTONE1000_CORTEX_A320) && defined(CFG_ARM_GICV3) -+register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICR_BASE, GIC_REDIST_REG_SIZE); -+#else - register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICC_BASE, GIC_CPU_REG_SIZE); -+#endif - - void boot_primary_init_intc(void) - { -+#if defined(CFG_CORSTONE1000_CORTEX_A320) && defined(CFG_ARM_GICV3) -+ gic_init_v3(0, GICD_BASE, GICR_BASE); -+#else - gic_init(GICC_BASE, GICD_BASE); -+#endif - } - - void boot_secondary_init_intc(void) -diff --git a/core/arch/arm/plat-corstone1000/platform_config.h b/core/arch/arm/plat-corstone1000/platform_config.h -index f59c93a14..600b2c02e 100644 ---- a/core/arch/arm/plat-corstone1000/platform_config.h -+++ b/core/arch/arm/plat-corstone1000/platform_config.h -@@ -1,6 +1,6 @@ - /* SPDX-License-Identifier: BSD-2-Clause */ - /* -- * Copyright (c) 2022, Arm Limited -+ * Copyright (c) 2022, 2025 Arm Limited - */ - - #ifndef PLATFORM_CONFIG_H -@@ -20,11 +20,26 @@ - #define DRAM0_BASE 0x80000000 - #define DRAM0_SIZE CFG_DDR_SIZE - -+#if defined(CFG_CORSTONE1000_CORTEX_A320) && defined(CFG_ARM_GICV3) -+#define GICR_SIZE_PER_CORE 0x20000 -+#define GIC_REDIST_REG_SIZE (GICR_SIZE_PER_CORE * CFG_TEE_CORE_NB_CORE) -+#endif -+ -+#if defined(CFG_CORSTONE1000_CORTEX_A320) && defined(CFG_ARM_GICV3) -+/* Corstone-1000 with Cortex-A320 uses GIC-v3 which supports GICR */ -+#define GICD_OFFSET 0x00000 -+#define GICR_OFFSET 0x40000 -+#else - #define GICD_OFFSET 0x10000 - #define GICC_OFFSET 0x2F000 -+#endif - --#define GICD_BASE (GIC_BASE + GICD_OFFSET) -+#if defined(CFG_CORSTONE1000_CORTEX_A320) && defined(CFG_ARM_GICV3) -+#define GICR_BASE (GIC_BASE + GICR_OFFSET) -+#else - #define GICC_BASE (GIC_BASE + GICC_OFFSET) -+#endif -+#define GICD_BASE (GIC_BASE + GICD_OFFSET) - - #define UART_BAUDRATE 115200 - #define CONSOLE_BAUDRATE UART_BAUDRATE --- -2.50.1 - diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc b/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc index 028027f5..ee8e4df3 100644 --- a/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc +++ b/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc @@ -1,9 +1,5 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:" -SRC_URI:append = " \ - file://0001-plat-corstone1000-Add-Cortex-A320-support.patch \ -" - COMPATIBLE_MACHINE = "corstone1000" OPTEEMACHINE = "corstone1000" diff --git a/meta-arm/recipes-security/optee/optee-client_git.bb b/meta-arm/recipes-security/optee/optee-client_git.bb index 9c1c622f..b974e012 100644 --- a/meta-arm/recipes-security/optee/optee-client_git.bb +++ b/meta-arm/recipes-security/optee/optee-client_git.bb @@ -1,11 +1,8 @@ require recipes-security/optee/optee-client.inc -# v4.8.0 -SRCREV = "9d6f69844ff60ec0966cf3659abcc38eda8b31ea" +# v4.9.0 +SRCREV = "9f5e90918093c1d1cd264d8149081b64ab7ba672" PV .= "+git" -FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" -SRC_URI += "file://0001-tee-supplicant-update-udev-systemd-install-code.patch" - # Not a release recipe, try our hardest to not pull this in implicitly DEFAULT_PREFERENCE = "-1" From patchwork Wed Jan 21 14:03:36 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hugues KAMBA MPIANA X-Patchwork-Id: 79340 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5DD52CA5FDF for ; Wed, 21 Jan 2026 14:04:12 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.12417.1769004245646665348 for ; Wed, 21 Jan 2026 06:04:05 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: hugues.kambampiana@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A27531517; Wed, 21 Jan 2026 06:03:58 -0800 (PST) Received: from LXKV206JHX.arm.com (unknown [10.57.80.132]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 731F53F694; Wed, 21 Jan 2026 06:04:04 -0800 (PST) From: Hugues KAMBA MPIANA To: meta-arm@lists.yoctoproject.org Cc: Hugues KAMBA MPIANA Subject: [PATCH 3/3] arm/arm-bsp: optee: drop version 4.7.0 Date: Wed, 21 Jan 2026 14:03:36 +0000 Message-ID: <20260121140356.16818-4-hugues.kambampiana@arm.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20260121140356.16818-1-hugues.kambampiana@arm.com> References: <20260121140356.16818-1-hugues.kambampiana@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 21 Jan 2026 14:04:12 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/6863 Drop support for OP-TEE version 4.7.0 from the layer as version 4.9.0 is present. Signed-off-by: Hugues KAMBA MPIANA --- .../optee-ftpm/optee-ftpm_4.7.0.bb | 94 ------------------- ...ant-update-udev-systemd-install-code.patch | 78 --------------- .../optee/optee-client_4.7.0.bb | 5 - .../optee/optee-examples_4.7.0.bb | 4 - .../optee/optee-os-tadevkit_4.7.0.bb | 30 ------ .../recipes-security/optee/optee-os_4.7.0.bb | 8 -- .../optee/optee-test_4.7.0.bb | 14 --- 7 files changed, 233 deletions(-) delete mode 100644 meta-arm/recipes-security/optee-ftpm/optee-ftpm_4.7.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-client/0001-tee-supplicant-update-udev-systemd-install-code.patch delete mode 100644 meta-arm/recipes-security/optee/optee-client_4.7.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-examples_4.7.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-os-tadevkit_4.7.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-os_4.7.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-test_4.7.0.bb diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_4.7.0.bb b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_4.7.0.bb deleted file mode 100644 index 9164f31b..00000000 --- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_4.7.0.bb +++ /dev/null @@ -1,94 +0,0 @@ -SUMMARY = "OPTEE fTPM Microsoft TA" -DESCRIPTION = "TCG reference implementation of the TPM 2.0 Specification." -HOMEPAGE = "https://github.com/microsoft/ms-tpm-20-ref/" - -COMPATIBLE_MACHINE ?= "invalid" -COMPATIBLE_MACHINE:genericarm64 = "genericarm64" -COMPATIBLE_MACHINE:qemuarm64 = "qemuarm64" -COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64" -COMPATIBLE_MACHINE:qemuarm-secureboot = "qemuarm" - -inherit deploy python3native - -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=5a3925ece0806073ae9ebbb08ff6f11e" -LIC_FILES_CHKSUM += "file://optee-ta/LICENSE;md5=5a3925ece0806073ae9ebbb08ff6f11e" - -DEPENDS = "python3-pyelftools-native optee-os-tadevkit python3-cryptography-native" -DEPENDS:append:toolchain-clang = " lld-native" - -FTPM_UUID = "bc50d971-d4c9-42c4-82cb-343fb7f37896" - -SRC_URI_ms-tpm ?= "gitsm://github.com/Microsoft/ms-tpm-20-ref;protocol=https" -SRC_URI_optee-ta ?= "gitsm://github.com/OP-TEE/optee_ftpm.git;protocol=https" - -SRCBRANCH_ms-tpm = "main" -SRCBRANCH_optee-ta = "master" - -SRC_URI = "\ - ${SRC_URI_ms-tpm};branch=${SRCBRANCH_ms-tpm};name=ms-tpm;destsuffix=ms-tpm \ - ${SRC_URI_optee-ta};branch=${SRCBRANCH_optee-ta};name=optee-ta;destsuffix=ms-tpm/optee-ta \ -" - -# As per optee-ftpm TA documentation, we have to use this SHA of MS TPM reference -SRCREV_ms-tpm ?= "98b60a44aba79b15fcce1c0d1e46cf5918400f6a" - -# v4.7.0 -SRCREV_optee-ta ?= "ce33372ab772e879826361a1ca91126260bd9be1" - -SRCREV_FORMAT = "ms-tpm_optee-ta" - -UPSTREAM_CHECK_COMMITS = "1" - -S = "${UNPACKDIR}/ms-tpm" - -OPTEE_CLIENT_EXPORT = "${STAGING_DIR_HOST}${prefix}" -TEEC_EXPORT = "${STAGING_DIR_HOST}${prefix}" -TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta" - -EXTRA_OEMAKE += '\ - COMPILER=${TOOLCHAIN} \ - TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ - CROSS_COMPILE=${TARGET_PREFIX} \ - CFG_MS_TPM_20_REF="${S}" \ - CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST}" \ -' - -EXTRA_OEMAKE:append:aarch64:qemuall = "\ - CFG_ARM64_ta_arm64=y \ -" - -CFLAGS:append:toolchain-clang = " -Wno-unknown-warning-option" - -# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the -# right path until this is relocated automatically. -export OPENSSL_MODULES = "${STAGING_LIBDIR_NATIVE}/ossl-modules" - -PARALLEL_MAKE = "" - -do_compile() { - cd ${S}/optee-ta - oe_runmake -} - -do_install () { - mkdir -p ${D}/${nonarch_base_libdir}/optee_armtz - install -D -p -m 0644 ${S}/optee-ta/${FTPM_UUID}.ta ${D}/${nonarch_base_libdir}/optee_armtz/ - install -D -p -m 0644 ${S}/optee-ta/${FTPM_UUID}.stripped.elf ${D}/${nonarch_base_libdir}/optee_armtz/ -} - -do_deploy () { - install -d ${DEPLOYDIR}/optee - install -D -p -m 0644 ${S}/optee-ta/${FTPM_UUID}.stripped.elf ${DEPLOYDIR}/optee/ -} - -addtask deploy before do_build after do_install - -FILES:${PN} += " \ - ${nonarch_base_libdir}/optee_armtz/${FTPM_UUID}.ta \ - ${nonarch_base_libdir}/optee_armtz/${FTPM_UUID}.stripped.elf \ - " - -# Imports machine specific configs from staging to build -PACKAGE_ARCH = "${MACHINE_ARCH}" -INSANE_SKIP:${PN} += "ldflags" diff --git a/meta-arm/recipes-security/optee/optee-client/0001-tee-supplicant-update-udev-systemd-install-code.patch b/meta-arm/recipes-security/optee/optee-client/0001-tee-supplicant-update-udev-systemd-install-code.patch deleted file mode 100644 index cd367124..00000000 --- a/meta-arm/recipes-security/optee/optee-client/0001-tee-supplicant-update-udev-systemd-install-code.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 5ddaac7c0770a423eca0cb727403b2f06657ffea Mon Sep 17 00:00:00 2001 -From: Gyorgy Szing -Date: Tue, 14 Jan 2025 09:42:25 +0100 -Subject: [PATCH 1/1] tee-supplicant: update udev & systemd install code - -- Allow optionally using pkg-config to discover install location of - systemd service and udev rule files. -- Make systemd service file generation and installation optional. -- Make udev rule file generation and installation optional. - -Changes are backwards compatible and the default operation is unchanged. - -Upstream-Status: Submitted [https://github.com/OP-TEE/optee_client/pull/402] - -Signed-off-by: Gyorgy Szing ---- - tee-supplicant/CMakeLists.txt | 39 +++++++++++++++++++++++++++++++---- - 1 file changed, 35 insertions(+), 4 deletions(-) - -diff --git a/tee-supplicant/CMakeLists.txt b/tee-supplicant/CMakeLists.txt -index 8df9bef..ae1f5a4 100644 ---- a/tee-supplicant/CMakeLists.txt -+++ b/tee-supplicant/CMakeLists.txt -@@ -7,6 +7,9 @@ option(RPMB_EMU "Enable tee-supplicant to emulate RPMB" ON) - option(CFG_TA_GPROF_SUPPORT "Enable tee-supplicant support for TAs instrumented with gprof" ON) - option(CFG_FTRACE_SUPPORT "Enable tee-supplicant support for TAs instrumented with ftrace" ON) - option(CFG_TEE_SUPP_PLUGINS "Enable tee-supplicant plugin support" ON) -+option(CFG_ENABLE_SYSTEMD "Enable systemd service unit file generation." ON) -+option(CFG_ENABLE_UDEV "Enable udev rules file generation." ON) -+option(CFG_USE_PKGCONFIG "Use pkg-config for discovering install target directory for systemd and udev files." OFF) - - set(CFG_TEE_SUPP_LOG_LEVEL "1" CACHE STRING "tee-supplicant log level") - # FIXME: Question is, is this really needed? Should just use defaults from # GNUInstallDirs? -@@ -117,8 +120,36 @@ endif() - ################################################################################ - # Install targets - ################################################################################ -+# Discover target install location of the systemd and udev files using pkg-config -+if (CFG_USE_PKGCONFIG) -+ # Note: pkg-config should return setting valid for the target platform and not the host. -+ include(FindPkgConfig) -+ if (PKG_CONFIG_FOUND) -+ pkg_search_module(SYSTEMD systemd) -+ if (SYSTEMD_FOUND AND CFG_ENABLE_SYSTEMD) -+ pkg_get_variable(UNIT_DIR systemd systemd_system_unit_dir) -+ set(SYSTEMD_UNIT_DIR "${UNIT_DIR}" CACHE PATH "Location of systemd unit files.") -+ unset(UNIT_DIR) -+ endif() -+ pkg_search_module(UDEV udev) -+ if (UDEV_FOUND) -+ pkg_get_variable(UDEV_DIR udev udev_dir) -+ set(UDEV_UDEV_DIR "${UDEV_DIR}" CACHE PATH "Location of udev files.") -+ unset(UDEV_DIR) -+ endif() -+ endif() -+endif() -+ -+# Some sane defaults is discovering through pkgconfig fails or is disabled. -+set(SYSTEMD_UNIT_DIR "${CMAKE_INSTALL_LIBDIR}/systemd/system" CACHE PATH "Location of systemd unit files.") -+set(UDEV_UDEV_DIR "${CMAKE_INSTALL_SYSCONFDIR}/udev/rules.d" CACHE PATH "Location of udev files.") -+ - install(TARGETS ${PROJECT_NAME} RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}) --configure_file(tee-supplicant@.service.in tee-supplicant@.service @ONLY) --install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/tee-supplicant@.service DESTINATION ${CMAKE_INSTALL_LIBDIR}/systemd/system) --configure_file(optee-udev.rules.in optee-udev.rules @ONLY) --install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/optee-udev.rules DESTINATION ${CMAKE_INSTALL_SYSCONFDIR}/udev/rules.d) -+if (CFG_ENABLE_SYSTEMD) -+ configure_file(tee-supplicant@.service.in tee-supplicant@.service @ONLY) -+ install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/tee-supplicant@.service DESTINATION ${SYSTEMD_UNIT_DIR}) -+endif() -+if (CFG_ENABLE_UDEV) -+ configure_file(optee-udev.rules.in optee-udev.rules @ONLY) -+ install(FILES ${CMAKE_BINARY_DIR}/${PROJECT_NAME}/optee-udev.rules DESTINATION ${UDEV_UDEV_DIR}) -+endif() -\ No newline at end of file --- -2.43.0 - diff --git a/meta-arm/recipes-security/optee/optee-client_4.7.0.bb b/meta-arm/recipes-security/optee/optee-client_4.7.0.bb deleted file mode 100644 index 2fb157df..00000000 --- a/meta-arm/recipes-security/optee/optee-client_4.7.0.bb +++ /dev/null @@ -1,5 +0,0 @@ -require recipes-security/optee/optee-client.inc - -# v4.7.0 -SRCREV = "23c112a6f05cc5e39bd4aaf52ad515cad532237d" -SRC_URI += "file://0001-tee-supplicant-update-udev-systemd-install-code.patch" diff --git a/meta-arm/recipes-security/optee/optee-examples_4.7.0.bb b/meta-arm/recipes-security/optee/optee-examples_4.7.0.bb deleted file mode 100644 index a926f819..00000000 --- a/meta-arm/recipes-security/optee/optee-examples_4.7.0.bb +++ /dev/null @@ -1,4 +0,0 @@ -require recipes-security/optee/optee-examples.inc - -# v4.7.0 -SRCREV = "14321a0607db16099d158478b21a2b2e37b3a935" diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_4.7.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_4.7.0.bb deleted file mode 100644 index cca9f62a..00000000 --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_4.7.0.bb +++ /dev/null @@ -1,30 +0,0 @@ -require recipes-security/optee/optee-os_${PV}.bb - -SUMMARY = "OP-TEE Trusted OS TA devkit" -DESCRIPTION = "OP-TEE TA devkit for build TAs" -HOMEPAGE = "https://www.op-tee.org/" - -DEPENDS += "python3-pycryptodome-native" -DEPENDS:append:toolchain-clang = " lld-native" - -do_install() { - #install TA devkit - install -d ${D}${includedir}/optee/export-user_ta/ - for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do - cp -aR $f ${D}${includedir}/optee/export-user_ta/ - done -} - -do_deploy() { - echo "Do not inherit do_deploy from optee-os." -} - -FILES:${PN} = "${includedir}/optee/" - -# Build paths are currently embedded -INSANE_SKIP:${PN}-dev += "buildpaths" - -# Include extra headers needed by SPMC tests to TA DEVKIT. -# Supported after op-tee v3.20 -EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ - ' CFG_SPMC_TESTS=y', '' , d)}" diff --git a/meta-arm/recipes-security/optee/optee-os_4.7.0.bb b/meta-arm/recipes-security/optee/optee-os_4.7.0.bb deleted file mode 100644 index 1d5d8ccc..00000000 --- a/meta-arm/recipes-security/optee/optee-os_4.7.0.bb +++ /dev/null @@ -1,8 +0,0 @@ -require recipes-security/optee/optee-os.inc - -DEPENDS += "dtc-native" - -FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" - -# v4.7.0 -SRCREV = "86846f4fdf14f25b50fd64a87888ca9fe85a9e2b" diff --git a/meta-arm/recipes-security/optee/optee-test_4.7.0.bb b/meta-arm/recipes-security/optee/optee-test_4.7.0.bb deleted file mode 100644 index f42e254a..00000000 --- a/meta-arm/recipes-security/optee/optee-test_4.7.0.bb +++ /dev/null @@ -1,14 +0,0 @@ -require recipes-security/optee/optee-test.inc - -# v4.7.0 -SRCREV = "a15be9eca1b7e935917d834284726027dffc8cfb" - -LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a8fa504109e4cd7ea575bc49ea4be560" - -# Include ffa_spmc test group if the SPMC test is enabled. -# Supported after op-tee v3.20 -EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ - ' CFG_SPMC_TESTS=y CFG_SECURE_PARTITION=y', '' , d)}" - -RDEPENDS:${PN} += "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ - ' arm-ffa-user', '' , d)}"