diff options
Diffstat (limited to 'bsp/meta-arm/meta-arm/recipes-security/optee')
7 files changed, 243 insertions, 0 deletions
diff --git a/bsp/meta-arm/meta-arm/recipes-security/optee/optee-client/tee-supplicant.service b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-client/tee-supplicant.service new file mode 100644 index 00000000..ffb54d39 --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-client/tee-supplicant.service @@ -0,0 +1,10 @@ +[Unit] +Description=TEE Supplicant + +[Service] +User=root +EnvironmentFile=-/etc/default/tee-supplicant +ExecStart=/usr/sbin/tee-supplicant $OPTARGS + +[Install] +WantedBy=basic.target diff --git a/bsp/meta-arm/meta-arm/recipes-security/optee/optee-client_git.bb b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-client_git.bb new file mode 100644 index 00000000..bae7b20f --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-client_git.bb @@ -0,0 +1,41 @@ +SUMMARY = "OP-TEE Client API" +DESCRIPTION = "Open Portable Trusted Execution Environment - Normal World Client side of the TEE" +HOMEPAGE = "https://www.op-tee.org/" + +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=69663ab153298557a59c67a60a743e5b" + +PV = "3.8.0+git${SRCPV}" + +require optee.inc + +inherit python3native systemd + +SRCREV = "be4fa2e36f717f03ca46e574aa66f697a897d090" +SRC_URI = " \ + git://github.com/OP-TEE/optee_client.git \ + file://tee-supplicant.service \ +" + +S = "${WORKDIR}/git" + +SYSTEMD_SERVICE_${PN} = "tee-supplicant.service" + +do_install() { + oe_runmake install + + install -D -p -m0755 ${S}/out/export/usr/sbin/tee-supplicant ${D}${sbindir}/tee-supplicant + + install -D -p -m0644 ${S}/out/export/usr/lib/libteec.so.1.0 ${D}${libdir}/libteec.so.1.0 + ln -sf libteec.so.1.0 ${D}${libdir}/libteec.so + ln -sf libteec.so.1.0 ${D}${libdir}/libteec.so.1 + + install -d ${D}${includedir} + install -p -m0644 ${S}/out/export/usr/include/*.h ${D}${includedir} + + sed -i -e s:/etc:${sysconfdir}:g \ + -e s:/usr/bin:${bindir}:g \ + ${WORKDIR}/tee-supplicant.service + + install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service +} diff --git a/bsp/meta-arm/meta-arm/recipes-security/optee/optee-examples_git.bb b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-examples_git.bb new file mode 100644 index 00000000..996e2cd5 --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-examples_git.bb @@ -0,0 +1,47 @@ +SUMMARY = "OP-TEE examples" +DESCRIPTION = "Open Portable Trusted Execution Environment - Sample Applications" +HOMEPAGE = "https://github.com/linaro-swg/optee_examples" + +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=cd95ab417e23b94f381dafc453d70c30" + +PV = "3.8.0+git${SRCPV}" + +DEPENDS = "optee-client optee-os python3-pycryptodomex-native" + +inherit python3native + +require optee.inc + +SRC_URI = "git://github.com/linaro-swg/optee_examples.git" +SRCREV = "559b2141c16bf0f57ccd72f60e4deb84fc2a05b0" + +S = "${WORKDIR}/git" + +OPTEE_CLIENT_EXPORT = "${STAGING_DIR_HOST}${prefix}" +TEEC_EXPORT = "${STAGING_DIR_HOST}${prefix}" +TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta" + +EXTRA_OEMAKE = " TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ + OPTEE_CLIENT_EXPORT=${OPTEE_CLIENT_EXPORT} \ + TEEC_EXPORT=${TEEC_EXPORT} \ + HOST_CROSS_COMPILE=${TARGET_PREFIX} \ + TA_CROSS_COMPILE=${TARGET_PREFIX} \ + V=1 \ + " + +do_compile() { + oe_runmake +} + +do_install () { + mkdir -p ${D}${nonarch_base_libdir}/optee_armtz + mkdir -p ${D}${bindir} + install -D -p -m0755 ${S}/out/ca/* ${D}${bindir} + install -D -p -m0444 ${S}/out/ta/* ${D}${nonarch_base_libdir}/optee_armtz +} + +FILES_${PN} += "${nonarch_base_libdir}/optee_armtz/" + +# Imports machine specific configs from staging to build +PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/bsp/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-allow-setting-sysroot-for-libgcc-lookup.patch b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-allow-setting-sysroot-for-libgcc-lookup.patch new file mode 100644 index 00000000..17127d0b --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-allow-setting-sysroot-for-libgcc-lookup.patch @@ -0,0 +1,13 @@ +diff --git a/mk/gcc.mk b/mk/gcc.mk +index fc38c4d..77b8d74 100644 +--- a/mk/gcc.mk ++++ b/mk/gcc.mk +@@ -12,7 +12,7 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \ + -print-file-name=include 2> /dev/null) + + # Get location of libgcc from gcc +-libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) $(comp-cflags$(sm)) \ ++libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) $(comp-cflags$(sm)) \ + -print-libgcc-file-name 2> /dev/null) + + # Define these to something to discover accidental use diff --git a/bsp/meta-arm/meta-arm/recipes-security/optee/optee-os_git.bb b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-os_git.bb new file mode 100644 index 00000000..dfff6d10 --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-os_git.bb @@ -0,0 +1,80 @@ +SUMMARY = "OP-TEE Trusted OS" +DESCRIPTION = "Open Portable Trusted Execution Environment - Trusted side of the TEE" +HOMEPAGE = "https://www.op-tee.org/" + +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" + +PV = "3.8.0+git${SRCPV}" + +inherit deploy python3native +require optee.inc + +DEPENDS = "python3-pycrypto-native python3-pyelftools-native python3-pycryptodomex-native" + +SRCREV = "023e33656e2c9557ce50ad63a98b2e2c9b51c118" +SRC_URI = " \ + git://github.com/OP-TEE/optee_os.git \ + file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \ +" + +S = "${WORKDIR}/git" + +OPTEEMACHINE ?= "${MACHINE}" +OPTEEOUTPUTMACHINE ?= "${MACHINE}" + +OPTEE_ARCH = "null" +OPTEE_ARCH_armv7a = "arm32" +OPTEE_ARCH_aarch64 = "arm64" +OPTEE_CORE = "${@d.getVar('OPTEE_ARCH').upper()}" + +EXTRA_OEMAKE = " \ + PLATFORM=${OPTEEMACHINE} \ + CFG_${OPTEE_CORE}_core=y \ + CROSS_COMPILE_core=${HOST_PREFIX} \ + CROSS_COMPILE_ta_${OPTEE_ARCH}=${HOST_PREFIX} \ + NOWERROR=1 \ + V=1 \ + ta-targets=ta_${OPTEE_ARCH} \ + LIBGCC_LOCATE_CFLAGS=--sysroot=${STAGING_DIR_HOST} \ +" + +CFLAGS[unexport] = "1" +LDFLAGS[unexport] = "1" +CPPFLAGS[unexport] = "1" +AS[unexport] = "1" +LD[unexport] = "1" + +do_configure[noexec] = "1" + +do_compile() { + oe_runmake all CFG_TEE_TA_LOG_LEVEL=0 +} + +do_install() { + #install core in firmware + install -d ${D}${nonarch_base_libdir}/firmware/ + install -m 644 ${B}/out/arm-plat-${OPTEEOUTPUTMACHINE}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ + + #install TA devkit + install -d ${D}${includedir}/optee/export-user_ta/ + for f in ${B}/out/arm-plat-${OPTEEOUTPUTMACHINE}/export-ta_${OPTEE_ARCH}/* ; do + cp -aR $f ${D}${includedir}/optee/export-user_ta/ + done +} + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +do_deploy() { + install -d ${DEPLOYDIR}/optee + install -m 644 ${D}${nonarch_base_libdir}/firmware/* ${DEPLOYDIR}/optee/ +} + +addtask deploy before do_build after do_install + +FILES_${PN} = "${nonarch_base_libdir}/firmware/" +FILES_${PN}-dev = "${includedir}/optee/" + +INSANE_SKIP_${PN}-dev = "staticdev" + +INHIBIT_PACKAGE_STRIP = "1" diff --git a/bsp/meta-arm/meta-arm/recipes-security/optee/optee-test_git.bb b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-test_git.bb new file mode 100644 index 00000000..ee73a2c6 --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-test_git.bb @@ -0,0 +1,50 @@ +SUMMARY = "OP-TEE sanity testsuite" +DESCRIPTION = "Open Portable Trusted Execution Environment - Test suite" +HOMEPAGE = "https://www.op-tee.org/" + +LICENSE = "BSD & GPLv2" +LIC_FILES_CHKSUM = "file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" + +inherit python3native +require optee.inc + +DEPENDS = "optee-client optee-os python3-pycryptodomex-native" + +PV = "3.8.0+git${SRCPV}" + +SRCREV = "30481e381cb4285706e7516853495a7699c93b2c" +SRC_URI = "git://github.com/OP-TEE/optee_test.git" + +S = "${WORKDIR}/git" + +OPTEE_CLIENT_EXPORT = "${STAGING_DIR_HOST}${prefix}" +TEEC_EXPORT = "${STAGING_DIR_HOST}${prefix}" +TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta" + +EXTRA_OEMAKE = " TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ + OPTEE_CLIENT_EXPORT=${OPTEE_CLIENT_EXPORT} \ + TEEC_EXPORT=${TEEC_EXPORT} \ + CROSS_COMPILE_HOST=${TARGET_PREFIX} \ + CROSS_COMPILE_TA=${TARGET_PREFIX} \ + V=1 \ + " + +do_compile() { + # Top level makefile doesn't seem to handle parallel make gracefully + oe_runmake xtest + oe_runmake ta +} + +do_install () { + install -D -p -m0755 ${S}/out/xtest/xtest ${D}${bindir}/xtest + + # install path should match the value set in optee-client/tee-supplicant + # default TEEC_LOAD_PATH is /lib + mkdir -p ${D}${nonarch_base_libdir}/optee_armtz/ + install -D -p -m0444 ${S}/out/ta/*/*.ta ${D}${nonarch_base_libdir}/optee_armtz/ +} + +FILES_${PN} += "${nonarch_base_libdir}/optee_armtz/" + +# Imports machine specific configs from staging to build +PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/bsp/meta-arm/meta-arm/recipes-security/optee/optee.inc b/bsp/meta-arm/meta-arm/recipes-security/optee/optee.inc new file mode 100644 index 00000000..b3e52713 --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-security/optee/optee.inc @@ -0,0 +1,2 @@ +COMPATIBLE_MACHINE ?= "invalid" +# Please add supported machines below or set it in .bbappend or .conf |