From patchwork Mon Aug 22 16:55:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 11707 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 711ACC32789 for ; Mon, 22 Aug 2022 16:55:16 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web08.20644.1661187308662372202 for ; Mon, 22 Aug 2022 09:55:09 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6360811FB; Mon, 22 Aug 2022 09:55:11 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 98A2C3F70D; Mon, 22 Aug 2022 09:55:07 -0700 (PDT) From: Ross Burton To: meta-arm@lists.yoctoproject.org Cc: nd@arm.com Subject: [PATCH 1/3] arm/trusted-firmware-a: remove redundant patches Date: Mon, 22 Aug 2022 17:55:03 +0100 Message-Id: <20220822165505.3603138-1-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Aug 2022 16:55:16 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3708 These were integrated into the 2.7.0 release, but were not removed when the recipe was upgraded. Signed-off-by: Ross Burton --- ...uild-deps-upgrade-to-mbed-TLS-2.28.0.patch | 72 ------------------- .../trusted-firmware-a/files/ssl.patch | 52 -------------- 2 files changed, 124 deletions(-) delete mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/files/build-deps-upgrade-to-mbed-TLS-2.28.0.patch delete mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/files/ssl.patch diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/build-deps-upgrade-to-mbed-TLS-2.28.0.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/build-deps-upgrade-to-mbed-TLS-2.28.0.patch deleted file mode 100644 index 058423c6..00000000 --- a/meta-arm/recipes-bsp/trusted-firmware-a/files/build-deps-upgrade-to-mbed-TLS-2.28.0.patch +++ /dev/null @@ -1,72 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Emekcan Aras - -From a93084be95634b66b917f1c8baf403067dc75c5d Mon Sep 17 00:00:00 2001 -From: Sandrine Bailleux -Date: Thu, 21 Apr 2022 10:21:29 +0200 -Subject: [PATCH] build(deps): upgrade to mbed TLS 2.28.0 - -Upgrade to the latest and greatest 2.x release of Mbed TLS library -(i.e. v2.28.0) to take advantage of their bug fixes. - -Note that the Mbed TLS project published version 3.x some time -ago. However, as this is a major release with API breakages, upgrading -to 3.x might require some more involved changes in TF-A, which we are -not ready to do. We shall upgrade to mbed TLS 3.x after the v2.7 -release of TF-A. - -Actually, the upgrade this time simply boils down to including the new -source code module 'constant_time.c' into the firmware. - -To quote mbed TLS v2.28.0 release notes [1]: - - The mbedcrypto library includes a new source code module - constant_time.c, containing various functions meant to resist timing - side channel attacks. This module does not have a separate - configuration option, and functions from this module will be - included in the build as required. - -As a matter of fact, if one is attempting to link TF-A against mbed -TLS v2.28.0 without the present patch, one gets some linker errors -due to missing symbols from this new module. - -Apart from this, none of the items listed in mbed TLS release -notes [1] directly affect TF-A. Special note on the following one: - - Fix a bug in mbedtls_gcm_starts() when the bit length of the iv - exceeds 2^32. - -In TF-A, we do use mbedtls_gcm_starts() when the firmware decryption -feature is enabled with AES-GCM as the authenticated decryption -algorithm (DECRYPTION_SUPPORT=aes_gcm). However, the iv_len variable -which gets passed to mbedtls_gcm_starts() is an unsigned int, i.e. a -32-bit value which by definition is always less than 2**32. Therefore, -we are immune to this bug. - -With this upgrade, the size of BL1 and BL2 binaries does not appear to -change on a standard sample test build (with trusted boot and measured -boot enabled). - -[1] https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.0 - -Change-Id: Icd5dbf527395e9e22c8fd6b77427188bd7237fd6 -Signed-off-by: Sandrine Bailleux ---- - drivers/auth/mbedtls/mbedtls_common.mk | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk -index 0a4775d00..3eb41617f 100644 ---- a/drivers/auth/mbedtls/mbedtls_common.mk -+++ b/drivers/auth/mbedtls/mbedtls_common.mk -@@ -48,6 +48,7 @@ LIBMBEDTLS_SRCS := $(addprefix ${MBEDTLS_DIR}/library/, \ - rsa_internal.c \ - x509.c \ - x509_crt.c \ -+ constant_time.c \ - ) - - # The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key --- -2.25.1 - diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/ssl.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/ssl.patch deleted file mode 100644 index cdabd1b7..00000000 --- a/meta-arm/recipes-bsp/trusted-firmware-a/files/ssl.patch +++ /dev/null @@ -1,52 +0,0 @@ -fiptool: respect OPENSSL_DIR - -fiptool links to libcrypto, so as with the other tools it should respect -OPENSSL_DIR for include/library paths. - -Upstream-Status: Submitted -Signed-off-by: Ross Burton - -diff --git a/Makefile b/Makefile -index ec6f88585..2d3b9fc26 100644 ---- a/Makefile -+++ b/Makefile -@@ -1388,7 +1388,7 @@ fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME} - - ${FIPTOOL}: FORCE - ifdef UNIX_MK -- ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} --no-print-directory -C ${FIPTOOLPATH} -+ ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} --no-print-directory -C ${FIPTOOLPATH} - else - # Clear the MAKEFLAGS as we do not want - # to pass the gnumake flags to nmake. -diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile -index 11d2e7b0b..7c2a08379 100644 ---- a/tools/fiptool/Makefile -+++ b/tools/fiptool/Makefile -@@ -12,6 +12,8 @@ FIPTOOL ?= fiptool${BIN_EXT} - PROJECT := $(notdir ${FIPTOOL}) - OBJECTS := fiptool.o tbbr_config.o - V ?= 0 -+OPENSSL_DIR := /usr -+ - - override CPPFLAGS += -D_GNU_SOURCE -D_XOPEN_SOURCE=700 - HOSTCCFLAGS := -Wall -Werror -pedantic -std=c99 -@@ -20,7 +22,7 @@ ifeq (${DEBUG},1) - else - HOSTCCFLAGS += -O2 - endif --LDLIBS := -lcrypto -+LDLIBS := -L${OPENSSL_DIR}/lib -lcrypto - - ifeq (${V},0) - Q := @ -@@ -28,7 +30,7 @@ else - Q := - endif - --INCLUDE_PATHS := -I../../include/tools_share -+INCLUDE_PATHS := -I../../include/tools_share -I${OPENSSL_DIR}/include - - HOSTCC ?= gcc - From patchwork Mon Aug 22 16:55:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 11708 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6F3B0C28D13 for ; Mon, 22 Aug 2022 16:55:16 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web08.20645.1661187309294406149 for ; Mon, 22 Aug 2022 09:55:09 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 3384C13D5; Mon, 22 Aug 2022 09:55:12 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 681633F70D; Mon, 22 Aug 2022 09:55:08 -0700 (PDT) From: Ross Burton To: meta-arm@lists.yoctoproject.org Cc: nd@arm.com Subject: [PATCH 2/3] arm/trusted-firmware-a: work around RWX permission error on segment Date: Mon, 22 Aug 2022 17:55:04 +0100 Message-Id: <20220822165505.3603138-2-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220822165505.3603138-1-ross.burton@arm.com> References: <20220822165505.3603138-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Aug 2022 16:55:16 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3709 Binutils 2.39 now warns when a segment has RXW permissions[1]: aarch64-none-elf-ld.bfd: warning: bl31.elf has a LOAD segment with RWX permissions However, TF-A passes --fatal-warnings to LD, so this is a build failure. There is a ticket filed upstream[2], so until that is resolved we can disable this warning. [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 [2] https://developer.trustedfirmware.org/T996 Signed-off-by: Ross Burton --- .../files/rwx-segments.patch | 38 +++++++++++++++++++ .../trusted-firmware-a/trusted-firmware-a.inc | 3 +- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch new file mode 100644 index 00000000..a4518ec6 --- /dev/null +++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch @@ -0,0 +1,38 @@ +Binutils 2.39 now warns when a segment has RXW permissions[1]: + +aarch64-none-elf-ld.bfd: warning: bl31.elf has a LOAD segment with RWX +permissions + +However, TF-A passes --fatal-warnings to LD, so this is a build failure. + +There is a ticket filed upstream[2], so until that is resolved just +remove --fatal-warnings. + +[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 +[2] https://developer.trustedfirmware.org/T996 + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton + +diff --git a/Makefile b/Makefile +index 3941f8698..13bbac348 100644 +--- a/Makefile ++++ b/Makefile +@@ -418,7 +418,7 @@ TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) + # LD = gcc (used when GCC LTO is enabled) + else ifneq ($(findstring gcc,$(notdir $(LD))),) + # Pass ld options with Wl or Xlinker switches +-TF_LDFLAGS += -Wl,--fatal-warnings -O1 ++TF_LDFLAGS += -O1 + TF_LDFLAGS += -Wl,--gc-sections + ifeq ($(ENABLE_LTO),1) + ifeq (${ARCH},aarch64) +@@ -435,7 +435,7 @@ TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH))) + + # LD = gcc-ld (ld) or llvm-ld (ld.lld) or other + else +-TF_LDFLAGS += --fatal-warnings -O1 ++TF_LDFLAGS += -O1 + TF_LDFLAGS += --gc-sections + # ld.lld doesn't recognize the errata flags, + # therefore don't add those in that case diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc index c5b695e4..a8343434 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc @@ -5,7 +5,8 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" inherit deploy -SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https;name=tfa;branch=master" +SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https;name=tfa;branch=master \ + file://rwx-segments.patch" UPSTREAM_CHECK_GITTAGREGEX = "^v(?P\d+(\.\d+)+)$" From patchwork Mon Aug 22 16:55:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 11706 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 702DDC32772 for ; Mon, 22 Aug 2022 16:55:16 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web08.20646.1661187310370383571 for ; Mon, 22 Aug 2022 09:55:10 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 081881516; Mon, 22 Aug 2022 09:55:13 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 38EE53F70D; Mon, 22 Aug 2022 09:55:09 -0700 (PDT) From: Ross Burton To: meta-arm@lists.yoctoproject.org Cc: nd@arm.com Subject: [PATCH 3/3] arm/optee-os: backport RWX permission error patch Date: Mon, 22 Aug 2022 17:55:05 +0100 Message-Id: <20220822165505.3603138-3-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220822165505.3603138-1-ross.burton@arm.com> References: <20220822165505.3603138-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 22 Aug 2022 16:55:16 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3710 From: Anton Antonov Signed-off-by: Anton Antonov --- meta-arm/recipes-security/optee/optee-os.inc | 1 + .../optee-os/0008-no-warn-rwx-segments.patch | 64 +++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc index fe0f8b0a..a03ea6a3 100644 --- a/meta-arm/recipes-security/optee/optee-os.inc +++ b/meta-arm/recipes-security/optee/optee-os.inc @@ -19,6 +19,7 @@ SRC_URI = "git://github.com/OP-TEE/optee_os.git;branch=master;protocol=https" SRC_URI:append = " \ file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \ file://0007-allow-setting-sysroot-for-clang.patch \ + file://0008-no-warn-rwx-segments.patch \ " S = "${WORKDIR}/git" diff --git a/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch b/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch new file mode 100644 index 00000000..1dd70b31 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch @@ -0,0 +1,64 @@ +Signed-off-by: Anton Antonov +Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] + +From 0b8a917fa51a366806edc0f04b88cd23b24098c4 Mon Sep 17 00:00:00 2001 +From: Jerome Forissier +Date: Fri, 5 Aug 2022 09:48:03 +0200 +Subject: [PATCH] core: link: add --no-warn-rwx-segments + +binutils ld.bfd generates one RWX LOAD segment by merging several sections +with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it +also warns by default when that happens [1], which breaks the build due to +--fatal-warnings. The RWX segment is not a problem for the TEE core, since +that information is not used to set memory permissions. Therefore, silence +the warning. + +Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 +Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 +Reported-by: Dominique Martinet +Signed-off-by: Jerome Forissier +Acked-by: Jens Wiklander +--- + core/arch/arm/kernel/link.mk | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk +index 7eed333a32..c39d43cbfc 100644 +--- a/core/arch/arm/kernel/link.mk ++++ b/core/arch/arm/kernel/link.mk +@@ -31,6 +31,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map + link-ldflags += --sort-section=alignment + link-ldflags += --fatal-warnings + link-ldflags += --gc-sections ++link-ldflags += $(call ld-option,--no-warn-rwx-segments) + + link-ldadd = $(LDADD) + link-ldadd += $(ldflags-external) +@@ -55,6 +56,7 @@ link-script-cppflags := \ + $(cppflagscore)) + + ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \ ++ $(call ld-option,--no-warn-rwx-segments) \ + $(link-objs) $(link-ldadd) $(libgcccore) + cleanfiles += $(link-out-dir)/all_objs.o + $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST) +@@ -67,7 +69,8 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o + $(q)$(NMcore) $< | \ + $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@ + +-unpaged-ldargs = -T $(link-script-dummy) --no-check-sections --gc-sections ++unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ ++ $(call ld-option,--no-warn-rwx-segments) + unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore) + cleanfiles += $(link-out-dir)/unpaged.o + $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt +@@ -95,7 +98,8 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o + $(q)$(NMcore) $< | \ + $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@ + +-init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections ++init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ ++ $(call ld-option,--no-warn-rwx-segments) + init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \ + $(libgcccore) + cleanfiles += $(link-out-dir)/init.o