diff options
Diffstat (limited to 'bsp/meta-arm/meta-arm')
14 files changed, 604 insertions, 0 deletions
diff --git a/bsp/meta-arm/meta-arm/conf/layer.conf b/bsp/meta-arm/meta-arm/conf/layer.conf new file mode 100644 index 00000000..d96e9f1b --- /dev/null +++ b/bsp/meta-arm/meta-arm/conf/layer.conf @@ -0,0 +1,16 @@ +# We have a conf and classes directory, add to BBPATH +BBPATH .= ":${LAYERDIR}" + +# We have recipes-* directories, add to BBFILES +BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \ + ${LAYERDIR}/recipes-*/*/*.bbappend" + +BBFILE_COLLECTIONS += "meta-arm" +BBFILE_PATTERN_meta-arm = "^${LAYERDIR}/" +BBFILE_PRIORITY_meta-arm = "6" + +LAYERDEPENDS_meta-arm = " \ + core \ + meta-python \ +" +LAYERSERIES_COMPAT_meta-arm = "warrior zeus dunfell" diff --git a/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc new file mode 100644 index 00000000..fe9a4e09 --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc @@ -0,0 +1,169 @@ +DESCRIPTION = "Trusted Firmware-A" +LICENSE = "BSD & Apache-2.0" + +PROVIDES = "virtual/trusted-firmware-a" + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +inherit deploy + +COMPATIBLE_MACHINE ?= "invalid" + +# Platform must be set for each machine +TFA_PLATFORM ?= "invalid" + +# Some platforms can have multiple board configurations +# Leave empty for default behavior +TFA_BOARD ?= "" + +# Some platforms use SPD (Secure Payload Dispatcher) services +# Few options are "opteed", "tlkd", "trusty", "tspd"... +# Leave empty to not use SPD +TFA_SPD ?= "" + +# Build for debug (set TFA_DEBUG to 1 to activate) +TFA_DEBUG ?= "0" + +B = "${WORKDIR}/build" + +# mbed TLS support (set TFA_MBEDTLS to 1 to activate) +TFA_MBEDTLS ?= "0" +# sub-directory in which mbedtls will be downloaded +TFA_MBEDTLS_DIR ?= "mbedtls" +# This should be set to MBEDTLS download URL if MBEDTLS is needed +SRC_URI_MBEDTLS ??= "" +# This should be set to MBEDTLS LIC FILES checksum +LIC_FILES_CHKSUM_MBEDTLS ??= "" +# add MBEDTLS to our sources if activated +SRC_URI += "${@bb.utils.contains('TFA_MBEDTLS', '1', '${SRC_URI_MBEDTLS}', '', d)}" +# add mbed TLS chksum +LIC_FILES_CHKSUM += "${@bb.utils.contains('TFA_MBEDTLS', '1', '${LIC_FILES_CHKSUM_MBEDTLS}', '', d)}" +# add mbed TLS to version +SRCREV_FORMAT_append = "${@bb.utils.contains('TFA_MBEDTLS', '1', '_mbedtls', '', d)}" + +# U-boot support (set TFA_UBOOT to 1 to activate) +# When U-Boot support is activated BL33 is activated with u-boot.bin file +TFA_UBOOT ?= "0" + +# What to build +# By default we only build bl1, do_deploy will copy +# everything listed in this variable (by default bl1.bin) +TFA_BUILD_TARGET ?= "bl1" + +# What to install +# do_install and do_deploy will install everything listed in this +# variable. It is set by default to TFA_BUILD_TARGET +TFA_INSTALL_TARGET ?= "${TFA_BUILD_TARGET}" + +# Requires CROSS_COMPILE set by hand as there is no configure script +export CROSS_COMPILE="${TARGET_PREFIX}" + +# Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application +CFLAGS[unexport] = "1" +LDFLAGS[unexport] = "1" +AS[unexport] = "1" +LD[unexport] = "1" + +# No configure +do_configure[noexec] = "1" + +# We need dtc for dtbs compilation +# We need openssl for fiptool +DEPENDS_append = " dtc-native openssl-native" + +# Add platform parameter +EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}" + +# Handle TFA_BOARD parameter +EXTRA_OEMAKE += "${@'TARGET_BOARD=${TFA_BOARD}' if d.getVar('TFA_BOARD') else ''}" +BUILD_DIR = "${TFA_PLATFORM}${@'/${TFA_BOARD}' if d.getVar('TFA_BOARD') else ''}" + +# Handle TFA_SPD parameter +EXTRA_OEMAKE += "${@'SPD=${TFA_SPD}' if d.getVar('TFA_SPD') else ''}" + +# Handle TFA_DEBUG parameter +EXTRA_OEMAKE += "${@bb.utils.contains('TFA_DEBUG', '1', 'DEBUG=${TFA_DEBUG}', '', d)}" + +# Handle MBEDTLS +EXTRA_OEMAKE += "${@bb.utils.contains('TFA_MBEDTLS', '1', 'MBEDTLS_DIR=${TFA_MBEDTLS_DIR}', '', d)}" + +# Uboot support +DEPENDS += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot', '', d)}" +do_compile[depends] += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot:do_deploy', '', d)}" +EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UBOOT', '1', 'BL33=${DEPLOY_DIR_IMAGE}/u-boot.bin', '',d)}" + +# The following hack is needed to fit properly in yocto build environment +# TFA is forcing the host compiler and its flags in the Makefile using := +# assignment for GCC and CFLAGS. +do_compile() { + cd ${S} + + # These changes are needed to have the fiptool compiling and executing properly + sed -i '/^LDLIBS/ s,$, \-L${RECIPE_SYSROOT_NATIVE}${libdir},' ${S}/tools/fiptool/Makefile + sed -i '/^INCLUDE_PATHS/ s,$, \-I${RECIPE_SYSROOT_NATIVE}${includedir},' ${S}/tools/fiptool/Makefile + export LD_LIBRARY_PATH=${STAGING_DIR_NATIVE}${libdir}:$LD_LIBRARY_PATH + + oe_runmake ${TFA_BUILD_TARGET} +} +do_compile[cleandirs] = "${B}" + +do_install() { + if ${@"true" if d.getVar('TFA_DEBUG') == '1' else "false"}; then + BUILD_PLAT=${B}/${BUILD_DIR}/debug/ + else + BUILD_PLAT=${B}/${BUILD_DIR}/release/ + fi + + install -d -m 755 ${D}/firmware + for atfbin in ${TFA_INSTALL_TARGET}; do + processes="0" + if [ "$atfbin" = "all" ]; then + # Target all is not handled by default + bberror "all as TFA_INSTALL_TARGET is not handled by do_install" + bberror "Please specify valid targets in TFA_INSTALL_TARGET or" + bberror "rewrite or turn off do_install" + exit 1 + fi + + if [ -f $BUILD_PLAT/$atfbin.bin ]; then + echo "Install $atfbin.bin" + install -m 0644 $BUILD_PLAT/$atfbin.bin \ + ${D}/firmware/$atfbin-${TFA_PLATFORM}.bin + ln -sf $atfbin-${TFA_PLATFORM}.bin ${D}/firmware/$atfbin.bin + processes="1" + fi + if [ -f $BUILD_PLAT/$atfbin/$atfbin.elf ]; then + echo "Install $atfbin.elf" + install -m 0644 $BUILD_PLAT/$atfbin/$atfbin.elf \ + ${D}/firmware/$atfbin-${TFA_PLATFORM}.elf + ln -sf $atfbin-${TFA_PLATFORM}.elf ${D}/firmware/$atfbin.elf + processes="1" + fi + if [ -f $BUILD_PLAT/$atfbin ]; then + echo "Install $atfbin" + install -m 0644 $BUILD_PLAT/$atfbin \ + ${D}/firmware/$atfbin-${TFA_PLATFORM} + ln -sf $atfbin-${TFA_PLATFORM} ${D}/firmware/$atfbin + processes="1" + fi + + if [ "$atfbin" = "dtbs" ]; then + echo "dtbs install, skipped" + elif [ -f ${B}/tools/$atfbin/$atfbin ]; then + echo "Tools $atfbin install, skipped" + elif [ "$processed" = "0" ]; then + bberror "Unsupported TFA_INSTALL_TARGET target $atfbin" + exit 1 + fi + done +} + +FILES_${PN} = "/firmware" +SYSROOT_DIRS += "/firmware" +# Skip QA check for relocations in .text of elf binaries +INSANE_SKIP_${PN} = "textrel" + +do_deploy() { + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ +} +addtask deploy after do_install diff --git a/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.1.bb b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.1.bb new file mode 100644 index 00000000..4d412027 --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.1.bb @@ -0,0 +1,38 @@ +# +# Trusted firmware-A 2.1 +# + +require trusted-firmware-a.inc + +SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https;name=tfa" + +# Use TF-A for version +SRCREV_FORMAT = "tfa" + +# TF-A v2.1 +SRCREV_tfa = "e1286bdb968ee74fc52f96cf303a4218e1ae2950" + +S = "${WORKDIR}/git" + +LIC_FILES_CHKSUM = "file://license.rst;md5=c709b197e22b81ede21109dbffd5f363" + +SRC_URI[tfa.md5sum] = "75c8f4958fb493d9bd7a8e5a9636ec18" +SRC_URI[tfa.sha256sum] = "7c4c00a4f28d3cfbb235fd1a1fb28c4d2fc1d657c9301686e7d8824ef575d059" + +# +# mbed TLS source +# Those are used in trusted-firmware-a.inc if TFA_MBEDTLS is set to 1 +# + +SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls" + +# mbed TLS v2.16.2 +SRCREV_mbedtls = "d81c11b8ab61fd5b2da8133aa73c5fe33a0633eb" + +LIC_FILES_CHKSUM_MBEDTLS += " \ + file://mbedtls/apache-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57 \ + file://mbedtls/LICENSE;md5=302d50a6369f5f22efdb674db908167a \ + " + +SRC_URI[mbedtls.md5sum] = "37cdec398ae9ebdd4640df74af893c95" +SRC_URI[mbedtls.sha256sum] = "a6834fcd7b7e64b83dfaaa6ee695198cb5019a929b2806cb0162e049f98206a4" diff --git a/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.2.bb b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.2.bb new file mode 100644 index 00000000..4d5316ea --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.2.bb @@ -0,0 +1,38 @@ +# +# Trusted firmware-A 2.2 +# + +require trusted-firmware-a.inc + +SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https;name=tfa" + +# Use TF-A for version +SRCREV_FORMAT = "tfa" + +# TF-A v2.2 +SRCREV_tfa = "7192b956bde11652a835eee0724dca0e403fee90" + +S = "${WORKDIR}/git" + +LIC_FILES_CHKSUM = "file://docs/license.rst;md5=189505435dbcdcc8caa63c46fe93fa89" + +SRC_URI[tfa.md5sum] = "75c8f4958fb493d9bd7a8e5a9636ec18" +SRC_URI[tfa.sha256sum] = "7c4c00a4f28d3cfbb235fd1a1fb28c4d2fc1d657c9301686e7d8824ef575d059" + +# +# mbed TLS source +# Those are used in trusted-firmware-a.inc if TFA_MBEDTLS is set to 1 +# + +SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls" + +# mbed TLS v2.16.2 +SRCREV_mbedtls = "d81c11b8ab61fd5b2da8133aa73c5fe33a0633eb" + +LIC_FILES_CHKSUM_MBEDTLS += " \ + file://mbedtls/apache-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57 \ + file://mbedtls/LICENSE;md5=302d50a6369f5f22efdb674db908167a \ + " + +SRC_URI[mbedtls.md5sum] = "37cdec398ae9ebdd4640df74af893c95" +SRC_URI[mbedtls.sha256sum] = "a6834fcd7b7e64b83dfaaa6ee695198cb5019a929b2806cb0162e049f98206a4" diff --git a/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.3.bb b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.3.bb new file mode 100644 index 00000000..bfda87bc --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.3.bb @@ -0,0 +1,38 @@ +# +# Trusted firmware-A 2.3 +# + +require trusted-firmware-a.inc + +SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https;name=tfa" + +# Use TF-A for version +SRCREV_FORMAT = "tfa" + +# TF-A v2.3 +SRCREV_tfa = "ecd27ad85f1eba29f6bf92c39dc002c85b07dad5" + +S = "${WORKDIR}/git" + +LIC_FILES_CHKSUM = "file://docs/license.rst;md5=189505435dbcdcc8caa63c46fe93fa89" + +SRC_URI[tfa.md5sum] = "75c8f4958fb493d9bd7a8e5a9636ec18" +SRC_URI[tfa.sha256sum] = "7c4c00a4f28d3cfbb235fd1a1fb28c4d2fc1d657c9301686e7d8824ef575d059" + +# +# mbed TLS source +# Those are used in trusted-firmware-a.inc if TFA_MBEDTLS is set to 1 +# + +SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls" + +# mbed TLS v2.18.1 +SRCREV_mbedtls = "ca933c7e0c9e84738b168b6b0feb89af4183a60a" + +LIC_FILES_CHKSUM_MBEDTLS += " \ + file://mbedtls/apache-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57 \ + file://mbedtls/LICENSE;md5=302d50a6369f5f22efdb674db908167a \ + " + +SRC_URI[mbedtls.md5sum] = "37cdec398ae9ebdd4640df74af893c95" +SRC_URI[mbedtls.sha256sum] = "a6834fcd7b7e64b83dfaaa6ee695198cb5019a929b2806cb0162e049f98206a4" diff --git a/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_git.bb b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_git.bb new file mode 100644 index 00000000..c443ecd6 --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_git.bb @@ -0,0 +1,31 @@ +# Trusted firmware-A points a commit rather a tag +# +# This is only a base receipt and should be bbextended with suitable SRCREV_tfa +# and SRCREV_MBEDTLS and target TFA_* variables + +# Never select this if another version is available +DEFAULT_PREFERENCE = "-1" + +require trusted-firmware-a.inc + +SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https;name=tfa" + +# Use TF-A for version +SRCREV_FORMAT = "tfa" + +S = "${WORKDIR}/git" + +LIC_FILES_CHKSUM = "file://docs/license.rst;md5=189505435dbcdcc8caa63c46fe93fa89" + +# +# mbed TLS source +# Those are used in trusted-firmware-a.inc if TFA_MBEDTLS is set to 1 +# + +SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls" + +LIC_FILES_CHKSUM_MBEDTLS += " \ + file://mbedtls/apache-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57 \ + file://mbedtls/LICENSE;md5=302d50a6369f5f22efdb674db908167a \ + " + diff --git a/bsp/meta-arm/meta-arm/recipes-devtools/opencsd/opencsd_git.bb b/bsp/meta-arm/meta-arm/recipes-devtools/opencsd/opencsd_git.bb new file mode 100644 index 00000000..f1d4cac6 --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-devtools/opencsd/opencsd_git.bb @@ -0,0 +1,31 @@ +SUMMARY = "OpenCSD - An open source CoreSight(tm) Trace Decode library" +HOMEPAGE = "https://github.com/Linaro/OpenCSD" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=ad8cb685eb324d2fa2530b985a43f3e5" + +SRC_URI = "git://github.com/Linaro/OpenCSD;protocol=http;branch=master" +SRCREV = "03c194117971e4ad0598df29395757ced2e6e9bd" + +S = "${WORKDIR}/git" + +COMPATIBLE_HOST = "(x86_64.*|aarch64.*)-linux" + +EXTRA_OEMAKE = "ARCH='${TARGET_ARCH}' \ + CROSS_COMPILE='${TARGET_SYS}-' \ + CC='${CC}' \ + CXX='${CXX}' \ + LIB='${AR}' \ + LINKER='${CXX}' \ + LINUX64=1 \ + DEBUG=1 \ + " + +do_compile() { + oe_runmake -C ${S}/decoder/build/linux ${EXTRA_OEMAKE} +} + +do_install() { + oe_runmake -C ${S}/decoder/build/linux PREFIX=${D}/usr install +} + +BBCLASSEXTEND = "native" diff --git a/bsp/meta-arm/meta-arm/recipes-security/optee/optee-client/tee-supplicant.service b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-client/tee-supplicant.service new file mode 100644 index 00000000..ffb54d39 --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-client/tee-supplicant.service @@ -0,0 +1,10 @@ +[Unit] +Description=TEE Supplicant + +[Service] +User=root +EnvironmentFile=-/etc/default/tee-supplicant +ExecStart=/usr/sbin/tee-supplicant $OPTARGS + +[Install] +WantedBy=basic.target diff --git a/bsp/meta-arm/meta-arm/recipes-security/optee/optee-client_git.bb b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-client_git.bb new file mode 100644 index 00000000..bae7b20f --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-client_git.bb @@ -0,0 +1,41 @@ +SUMMARY = "OP-TEE Client API" +DESCRIPTION = "Open Portable Trusted Execution Environment - Normal World Client side of the TEE" +HOMEPAGE = "https://www.op-tee.org/" + +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=69663ab153298557a59c67a60a743e5b" + +PV = "3.8.0+git${SRCPV}" + +require optee.inc + +inherit python3native systemd + +SRCREV = "be4fa2e36f717f03ca46e574aa66f697a897d090" +SRC_URI = " \ + git://github.com/OP-TEE/optee_client.git \ + file://tee-supplicant.service \ +" + +S = "${WORKDIR}/git" + +SYSTEMD_SERVICE_${PN} = "tee-supplicant.service" + +do_install() { + oe_runmake install + + install -D -p -m0755 ${S}/out/export/usr/sbin/tee-supplicant ${D}${sbindir}/tee-supplicant + + install -D -p -m0644 ${S}/out/export/usr/lib/libteec.so.1.0 ${D}${libdir}/libteec.so.1.0 + ln -sf libteec.so.1.0 ${D}${libdir}/libteec.so + ln -sf libteec.so.1.0 ${D}${libdir}/libteec.so.1 + + install -d ${D}${includedir} + install -p -m0644 ${S}/out/export/usr/include/*.h ${D}${includedir} + + sed -i -e s:/etc:${sysconfdir}:g \ + -e s:/usr/bin:${bindir}:g \ + ${WORKDIR}/tee-supplicant.service + + install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service +} diff --git a/bsp/meta-arm/meta-arm/recipes-security/optee/optee-examples_git.bb b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-examples_git.bb new file mode 100644 index 00000000..996e2cd5 --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-examples_git.bb @@ -0,0 +1,47 @@ +SUMMARY = "OP-TEE examples" +DESCRIPTION = "Open Portable Trusted Execution Environment - Sample Applications" +HOMEPAGE = "https://github.com/linaro-swg/optee_examples" + +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=cd95ab417e23b94f381dafc453d70c30" + +PV = "3.8.0+git${SRCPV}" + +DEPENDS = "optee-client optee-os python3-pycryptodomex-native" + +inherit python3native + +require optee.inc + +SRC_URI = "git://github.com/linaro-swg/optee_examples.git" +SRCREV = "559b2141c16bf0f57ccd72f60e4deb84fc2a05b0" + +S = "${WORKDIR}/git" + +OPTEE_CLIENT_EXPORT = "${STAGING_DIR_HOST}${prefix}" +TEEC_EXPORT = "${STAGING_DIR_HOST}${prefix}" +TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta" + +EXTRA_OEMAKE = " TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ + OPTEE_CLIENT_EXPORT=${OPTEE_CLIENT_EXPORT} \ + TEEC_EXPORT=${TEEC_EXPORT} \ + HOST_CROSS_COMPILE=${TARGET_PREFIX} \ + TA_CROSS_COMPILE=${TARGET_PREFIX} \ + V=1 \ + " + +do_compile() { + oe_runmake +} + +do_install () { + mkdir -p ${D}${nonarch_base_libdir}/optee_armtz + mkdir -p ${D}${bindir} + install -D -p -m0755 ${S}/out/ca/* ${D}${bindir} + install -D -p -m0444 ${S}/out/ta/* ${D}${nonarch_base_libdir}/optee_armtz +} + +FILES_${PN} += "${nonarch_base_libdir}/optee_armtz/" + +# Imports machine specific configs from staging to build +PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/bsp/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-allow-setting-sysroot-for-libgcc-lookup.patch b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-allow-setting-sysroot-for-libgcc-lookup.patch new file mode 100644 index 00000000..17127d0b --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-allow-setting-sysroot-for-libgcc-lookup.patch @@ -0,0 +1,13 @@ +diff --git a/mk/gcc.mk b/mk/gcc.mk +index fc38c4d..77b8d74 100644 +--- a/mk/gcc.mk ++++ b/mk/gcc.mk +@@ -12,7 +12,7 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \ + -print-file-name=include 2> /dev/null) + + # Get location of libgcc from gcc +-libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) $(comp-cflags$(sm)) \ ++libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) $(comp-cflags$(sm)) \ + -print-libgcc-file-name 2> /dev/null) + + # Define these to something to discover accidental use diff --git a/bsp/meta-arm/meta-arm/recipes-security/optee/optee-os_git.bb b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-os_git.bb new file mode 100644 index 00000000..dfff6d10 --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-os_git.bb @@ -0,0 +1,80 @@ +SUMMARY = "OP-TEE Trusted OS" +DESCRIPTION = "Open Portable Trusted Execution Environment - Trusted side of the TEE" +HOMEPAGE = "https://www.op-tee.org/" + +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173" + +PV = "3.8.0+git${SRCPV}" + +inherit deploy python3native +require optee.inc + +DEPENDS = "python3-pycrypto-native python3-pyelftools-native python3-pycryptodomex-native" + +SRCREV = "023e33656e2c9557ce50ad63a98b2e2c9b51c118" +SRC_URI = " \ + git://github.com/OP-TEE/optee_os.git \ + file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \ +" + +S = "${WORKDIR}/git" + +OPTEEMACHINE ?= "${MACHINE}" +OPTEEOUTPUTMACHINE ?= "${MACHINE}" + +OPTEE_ARCH = "null" +OPTEE_ARCH_armv7a = "arm32" +OPTEE_ARCH_aarch64 = "arm64" +OPTEE_CORE = "${@d.getVar('OPTEE_ARCH').upper()}" + +EXTRA_OEMAKE = " \ + PLATFORM=${OPTEEMACHINE} \ + CFG_${OPTEE_CORE}_core=y \ + CROSS_COMPILE_core=${HOST_PREFIX} \ + CROSS_COMPILE_ta_${OPTEE_ARCH}=${HOST_PREFIX} \ + NOWERROR=1 \ + V=1 \ + ta-targets=ta_${OPTEE_ARCH} \ + LIBGCC_LOCATE_CFLAGS=--sysroot=${STAGING_DIR_HOST} \ +" + +CFLAGS[unexport] = "1" +LDFLAGS[unexport] = "1" +CPPFLAGS[unexport] = "1" +AS[unexport] = "1" +LD[unexport] = "1" + +do_configure[noexec] = "1" + +do_compile() { + oe_runmake all CFG_TEE_TA_LOG_LEVEL=0 +} + +do_install() { + #install core in firmware + install -d ${D}${nonarch_base_libdir}/firmware/ + install -m 644 ${B}/out/arm-plat-${OPTEEOUTPUTMACHINE}/core/*.bin ${D}${nonarch_base_libdir}/firmware/ + + #install TA devkit + install -d ${D}${includedir}/optee/export-user_ta/ + for f in ${B}/out/arm-plat-${OPTEEOUTPUTMACHINE}/export-ta_${OPTEE_ARCH}/* ; do + cp -aR $f ${D}${includedir}/optee/export-user_ta/ + done +} + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +do_deploy() { + install -d ${DEPLOYDIR}/optee + install -m 644 ${D}${nonarch_base_libdir}/firmware/* ${DEPLOYDIR}/optee/ +} + +addtask deploy before do_build after do_install + +FILES_${PN} = "${nonarch_base_libdir}/firmware/" +FILES_${PN}-dev = "${includedir}/optee/" + +INSANE_SKIP_${PN}-dev = "staticdev" + +INHIBIT_PACKAGE_STRIP = "1" diff --git a/bsp/meta-arm/meta-arm/recipes-security/optee/optee-test_git.bb b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-test_git.bb new file mode 100644 index 00000000..ee73a2c6 --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-security/optee/optee-test_git.bb @@ -0,0 +1,50 @@ +SUMMARY = "OP-TEE sanity testsuite" +DESCRIPTION = "Open Portable Trusted Execution Environment - Test suite" +HOMEPAGE = "https://www.op-tee.org/" + +LICENSE = "BSD & GPLv2" +LIC_FILES_CHKSUM = "file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" + +inherit python3native +require optee.inc + +DEPENDS = "optee-client optee-os python3-pycryptodomex-native" + +PV = "3.8.0+git${SRCPV}" + +SRCREV = "30481e381cb4285706e7516853495a7699c93b2c" +SRC_URI = "git://github.com/OP-TEE/optee_test.git" + +S = "${WORKDIR}/git" + +OPTEE_CLIENT_EXPORT = "${STAGING_DIR_HOST}${prefix}" +TEEC_EXPORT = "${STAGING_DIR_HOST}${prefix}" +TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta" + +EXTRA_OEMAKE = " TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ + OPTEE_CLIENT_EXPORT=${OPTEE_CLIENT_EXPORT} \ + TEEC_EXPORT=${TEEC_EXPORT} \ + CROSS_COMPILE_HOST=${TARGET_PREFIX} \ + CROSS_COMPILE_TA=${TARGET_PREFIX} \ + V=1 \ + " + +do_compile() { + # Top level makefile doesn't seem to handle parallel make gracefully + oe_runmake xtest + oe_runmake ta +} + +do_install () { + install -D -p -m0755 ${S}/out/xtest/xtest ${D}${bindir}/xtest + + # install path should match the value set in optee-client/tee-supplicant + # default TEEC_LOAD_PATH is /lib + mkdir -p ${D}${nonarch_base_libdir}/optee_armtz/ + install -D -p -m0444 ${S}/out/ta/*/*.ta ${D}${nonarch_base_libdir}/optee_armtz/ +} + +FILES_${PN} += "${nonarch_base_libdir}/optee_armtz/" + +# Imports machine specific configs from staging to build +PACKAGE_ARCH = "${MACHINE_ARCH}" diff --git a/bsp/meta-arm/meta-arm/recipes-security/optee/optee.inc b/bsp/meta-arm/meta-arm/recipes-security/optee/optee.inc new file mode 100644 index 00000000..b3e52713 --- /dev/null +++ b/bsp/meta-arm/meta-arm/recipes-security/optee/optee.inc @@ -0,0 +1,2 @@ +COMPATIBLE_MACHINE ?= "invalid" +# Please add supported machines below or set it in .bbappend or .conf |