From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7247222195536003072 X-Received: by 2002:a2e:8812:0:b0:2b5:8c49:7577 with SMTP id x18-20020a2e8812000000b002b58c497577mr1531447ljh.21.1687413762461; Wed, 21 Jun 2023 23:02:42 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:a7cd:0:b0:2b5:8023:2433 with SMTP id x13-20020a2ea7cd000000b002b580232433ls164588ljp.2.-pod-prod-02-eu; Wed, 21 Jun 2023 23:02:40 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6h0XLgmVNoZLzlAI1+wkwiYx4JmXotQNV1rJ9nIrraH68aOKbFgOAWOXHlkTwN0fmDCUAB X-Received: by 2002:a2e:834b:0:b0:2af:25cf:92ae with SMTP id l11-20020a2e834b000000b002af25cf92aemr10971198ljh.22.1687413760603; Wed, 21 Jun 2023 23:02:40 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1687413760; cv=pass; d=google.com; s=arc-20160816; b=dusU0CmJtwK1w1tcXWRFG/2PJxPlv7OuN4N1uMCwfs5IykcF90kehpxBlI7ewzsDfS NwwnRuCk0KLKtuC4AeJu0uNZipvFmZt9vdY0CS34vjpgSg/V7xgLovDnXjhb2Y9kNEPn dEQ6De+BWoO+vHXiN5GW6rEYATh08SLAp0q+EJEWwZ08U1cWnKnZBBbrkF/fNdv+o6+0 IMed2N6tyFBCGCEvUj6IX3iixkxxAL6ZDkqdwqnIbqxdkKs2uclXgF2/wtvtzKLgAbOu reIgvLthZ/X7L1f2yBFEn35w8wHHTafgKBFrCoVwXN+m2ZaFsV2XQU44OQUTCuZW/5JP XSPw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:in-reply-to:from:references :cc:to:content-language:subject:user-agent:date:message-id :dkim-signature; bh=xYfZ39tN34IqRrXyciMFIRmWVhhcEw0N35lPjObE7Pw=; b=CDGG/WA33s4zjKaDtUvF+xoqY0MkpSkQ6hCt1uWuwbW6AwRgcux3EVmQtADtTLjwhW QNpG1CJSpCvs8VavoxJ+NW73wAKm6Ompn9NUSvkJmhs99c5AHlB261jjUDJAQspsyFbU z6SojO5VJ11ScVVu348YwZFik2+KHl0ONqRaxvmtet5EvXYzY4SCINo9f5OBh198IUCY 62eVOkXsHa/piFRd6wZS5I8dcCIHHhA9CxLpj7lR/+jTBTpEikLEnsjQH5TxQnO0keMJ SDzdxzG/pvI55SCv37Wj3Zq8JEpzITdgFpVgThTx3QTmqJxN8tEvA57brC9WKDAm1XKx +Qlg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=MLTrdziq; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe0c::613 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Return-Path: Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on0613.outbound.protection.outlook.com. [2a01:111:f400:fe0c::613]) by gmr-mx.google.com with ESMTPS id s11-20020a2e98cb000000b002b45bc7e209si324374ljj.6.2023.06.21.23.02.40 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 21 Jun 2023 23:02:40 -0700 (PDT) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe0c::613 as permitted sender) client-ip=2a01:111:f400:fe0c::613; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=MLTrdziq; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe0c::613 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Pa95FGRnfqXdh0UVTSurOqD3AklU6GcHb0j+uM5V/hBCeGEFUh04PAQHT5XAWTA1vR//fLGlleEmBk8AQtB+iWObGX+8p/F8J26VvISHvwbPNVu8ItXXM212H9fcF0QxzCQJaZjPOHkew5jBZVBnz6WyXa1o8lxrmNz0ZtLXFiqBajq4eTisBqz+x2f+aEO/JSEgV0I/EC3LL1nN/H1/cTbBMr4EBOjlwdnLvs4ZKPmSiJiPDIFJMhqb8MU13Rt3j27DyvC/R365EwcpZz9dIkOqVyVOMKri1kae8s2DB51JLriyCSNOgvwDcTJOHsb6Gi6qcwruX8da2jwW4YLKOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xYfZ39tN34IqRrXyciMFIRmWVhhcEw0N35lPjObE7Pw=; b=Jd2EYSr1MSFE75FV31rVu3ml2tZsiFOQCh27nmeUQdLWUS/VUEeWx63xezHsfytoxsKJh5GgxBedM2vCEAjo4JU8skIxZgVHxZzjwVYgJLHizsOJPUEq33BgWigAIaI+woghBjfcW546KshmFHNppAvk1xgkd2uH4nmk/kQ4x7VH7iYnkzxBnqK1mUlBb7mQk514/qD3mttWMtw3/9qIrKBtdu/OCtmwMNVijOlIvv9O1FbRcgBo83eVaBgPBAc9eDdoPdhLec68mw23kzsbyG5eDfFjL3xlOEkwG2csS+QOj6LakJkvy9USOmeOWQTSAMvZzw8IQtqKUXNcU+8keA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xYfZ39tN34IqRrXyciMFIRmWVhhcEw0N35lPjObE7Pw=; b=MLTrdziqlgNMeXzr+x44IgUBzDIT4cGhG3Wp15J4BDIKL4rlpg3pEXU7ymh6LgmnyBJ5Fe4B9IRhdNCPFV2DKTbb6DNYkXT1ltyw+Ei4tvxeLni8fTeJNCn2cK84/IQUMoy81UQ8lnILO7Xgc0skv7i6wud6a+Ce6xU9mSdvW4QS8SFynthuZjW4vIk0A3jwHB6twc4jyvaKCQKRuSDpySsO1Fw/3QJb+zNLxRm1LT16AaNlu/psj9xaRy+0xv6TlY0aTL9V2712284XhyAncA0S+rc3xHkCKCtjByyhKmB25+DBbXZwwM95Dpq4/DaNlcmBqpsEkM1xzNTIsGanFQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) by AM7PR10MB3907.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:178::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.24; Thu, 22 Jun 2023 06:02:38 +0000 Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::53c2:174a:8b13:ce94]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::53c2:174a:8b13:ce94%3]) with mapi id 15.20.6521.024; Thu, 22 Jun 2023 06:02:38 +0000 Message-ID: <08d9440a-0680-e0af-dd50-2705c0f8d56b@siemens.com> Date: Thu, 22 Jun 2023 08:02:35 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH v2 5/7] Add recipe for optee ftpm Content-Language: en-US To: baocheng_su@163.com, isar-users@googlegroups.com, felix.moessbauer@siemens.com Cc: christian.storm@siemens.com, quirin.gylstorff@siemens.com, baocheng.su@siemens.com References: <20230621192217.2045717-1-baocheng_su@163.com> <20230621192217.2045717-6-baocheng_su@163.com> From: Jan Kiszka In-Reply-To: <20230621192217.2045717-6-baocheng_su@163.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: FR2P281CA0152.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::19) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) Return-Path: jan.kiszka@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|AM7PR10MB3907:EE_ X-MS-Office365-Filtering-Correlation-Id: cf8b5dac-6b76-485b-503a-08db72e6483f X-LD-Processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: TIN2q8WXOB9RX9jUst/L1aZyFhnhhaenx+jet8Iqkt/1S4JMGXxLnhQjnfsUn2IGOq/JwC9iVMUySMgjEvgFMTjXivpkFrzcXqng4v5/bRGOAOzCv1xdB7pxNMGo3jj5T5jP35mLOPJeFqnWhZpDJ+5A5ywEtoUK1go7jXXsRAd7COs7CfJv7NS7UwnoT0L6Webpm+DbPLefhyqV6/zWTy9HycmPFsKC+jn4OwAy2FEOUprU1g5C5Hsmje0KD8AszlMN+bfNipTcGwla/OX8HwQWJ9PVeHLY0GivUyj04gZQ97bcyNpu5MXriEt54iYEEw65oPsqw53V9i4/ImjRIkmXabUoyJPI2lp+GZuh9VkHbxZK+LooffuPFtVUJbfzNMu5akeGW879Ds+MV2Zs1uy8q0ijWbTuXbQrqQOF8QfaYJlsP+xGs3mMFJuTWrhBj2bi4Vdf46SYOuf64t8pZNJDG5TQwnhfqGRZQH60zHKmQT/DDMSAGW8i/Kjk71cvax7T/QU3XOKmcsudG5im9RLw5Bpb7MvqgT+lnSuqyuqOFsjQQH+bdkOk1Hk4QR7PePwSn4LnUiJK4V5SJT9uC34dP0t8CMZS7cMcvLlCnYTR0OeK7I+XNOofLOc4EMb7nrGd3KmSlGdcJaHGZqG/j4zSnLrgNrx4T021AOc1LnGMfRX2t3y+/4XxhCQAbRjc X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230028)(4636009)(346002)(39860400002)(396003)(376002)(136003)(366004)(451199021)(31686004)(44832011)(966005)(5660300002)(2906002)(6506007)(53546011)(6512007)(8936002)(186003)(8676002)(41300700001)(26005)(2616005)(107886003)(478600001)(45080400002)(38100700002)(82960400001)(83380400001)(36756003)(66946007)(66476007)(66556008)(4326008)(86362001)(19627235002)(6666004)(316002)(6636002)(6486002)(31696002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?UVhXVHA2amlvSnljQ21LZzJLdmZEU1FsS0M0WEhTRU4xMkVsdDJucCtzSk1I?= =?utf-8?B?d0cyblE1MVl0OTVHNXZqREZjckJOTG85RFJmRHpTM1R2VlVFeTU1Uzd1SDY5?= =?utf-8?B?MVp0VWNnYnE3MEJnZzdMZmVBZTdLMXM2QzV2bkd4bE54SEpWTmNIZ2Q1VnNT?= =?utf-8?B?ZVVOQTNlN0I1cUhXaktSVWVWdWNJZ0JFcXZMZGdqTFlqcXFYd1lRbXhER0xv?= =?utf-8?B?TXlqQXFCVlFISWJNQmF5UFc0STQ2aGRhd2FsVnAwQmY0YzA1NVVCUEl5RVNT?= =?utf-8?B?bm1YRUNIMnJyTG1rSUhhakI3b2Rhbm1sNkdVK0thT2hCSWkrdjltcjBXOG9G?= =?utf-8?B?TE1qTWVJWWlYZXp3V1FCcVhzUmtEcGlBZkc0RmowMzVxUExMMzllUHhlekoy?= =?utf-8?B?UGlzd3ozL0JhOHZzMm1XM3ZWNmdkSlJJMnQvOTFSSmJSM3dhTDdYWWdlL2tt?= =?utf-8?B?bXhhODdYQUxISVJReVNLckcxcWxxVXlPdUJZT29pZXUzcXluam5ZcXY2OE9H?= =?utf-8?B?MCtuMWl4eXJkb0tETklDWE1Sa0E1R2VxS2Z3QkdrR1VBOHJXbW1qazhTbHFt?= =?utf-8?B?QmgwdDh1WjgvUW45Q2gzV1dZbEh1N0hsMFlLcEZadEhFS3FmQ2hJZEY4RWhS?= =?utf-8?B?d3VBcXZleTEzaHJ6bTFJRk5ycmVETkt5SG1ZQjFveStNVHZPVlU5bUpnL05t?= =?utf-8?B?V1lyckJSUWRrSlhHMXdDNjBwMTNGUHhzTk5lVXdoRUZOU2F4T1BNd1JtQ0lF?= =?utf-8?B?TWoyZWxpSUpoMi9MTzQzbDdpbyttVEZjSnZWK2RZdU9aNThoM043K012aGNh?= =?utf-8?B?cmZ4NDc5L2RlRTY2OGx6R2NBYXJYNEVvZUxsTzQ4TjJ2c2EvNENYVk5hcE1M?= =?utf-8?B?c1ZjSEY1OFg4UXlHOWdjaFo4TTNmcUE3YUgrbDUzOEVvV3dNVmpvNU5UWnYw?= =?utf-8?B?NVE5aTBqWFN2aTJIVDlnQ01iTE1kaWZ5clQvQlVNNVhiZkhmOUIzRURJRTN6?= =?utf-8?B?eGhpZFNtMzZCY0pRSlV6Z0tpNXFNL1NUa0ZGNW5iR1BwN0NiQ3ZYUHB3MWJV?= =?utf-8?B?RkE1dGt5T29xanBzMHF1ZXB1cmdKVnVoOUx1a2JDZ1hQS0FWemNHdjNNbWxX?= =?utf-8?B?UklXVW8weDhmUkRtZk5uczgwWXJvMUdiMzM3VUlOK0gyME1IZlNzNzFjQ1Bw?= =?utf-8?B?MXVWSmJmeThVVVo3SDZWZ1JoVE5JbkNBUnVYS2lSSzBvYUFlclQwb1VzTlhV?= =?utf-8?B?cnpiRjNIQnJLdHAxdDRGL0pVSjRJZG5KNWdhc2RnTmdnZXgvQ213N1lvT002?= =?utf-8?B?SEJxYTFCOWZOZnhFUDhjMmRrS1pvVG5ReU1sNVhmbksxeEd6SDF4eGpPT0M5?= =?utf-8?B?amVpd0luN1JVYWRDL3dtNnRIdGxoSmhyL1NVNEFDSC9Fd1lsNGVsYXZCbXRM?= =?utf-8?B?eGdPcVFWRTNOc2xnOHJ2cG51TWtqZ1B4STZZYWhYWTFlR2RudWtYQVVDTG9Y?= =?utf-8?B?ckNoMm5nTVd0emJpbyswaEV2STVCUUVCK2hEdWprcTZuaGNIeWFRZUFvTjR0?= =?utf-8?B?Z2txWGhzTWZlN0ZiTVAwaUE1aFcrYVJDRHhTK3JtNDN4RjJDTFBSNmdqL0xs?= =?utf-8?B?bzZmL2tFVlBUME5nYkRNRzZhdUY0L0tBcTkxek9WQjkybVdJNXZDR1JSSVBP?= =?utf-8?B?VXBnYmRYQitlQlQvVDVoWEpFekdoNVlEL3JrSzNPRVEzRjRPbjM0QTRGb1pp?= =?utf-8?B?TWVsRk1LWHQvWE43SXhSUHNoWHA5UmNRQnR6bnZCTGwxSWZnaWR5cmlJMmpq?= =?utf-8?B?ckhIZjJHKzZ2dUplWlRGNTI1Y0RvazVUSmN1UzNFb1BnU3lMQzhFY1VTNmV4?= =?utf-8?B?UDRMSGVVNUZVbVR3UFZZYmRvMTRPTGdocHhkVGtjTGFqUTM3OWVpUnN4SWpX?= =?utf-8?B?NjR4bGpsRmdrV25FLzVGY1p0djY1MHNXSlVmNWJITTBxQlhCYndHSy9qdE54?= =?utf-8?B?cVpxTG5LMDJkME01ZTVxdFR3Q2FNTE5ZdWVNWVdXVDNra1FLTEI3YW92MHRR?= =?utf-8?B?bmw1VEt5WmU1S21MMjg2SXlPaThjT0xwM1hiTW52c2tHbk5Vak10ZU5YeERN?= =?utf-8?B?Y1EzVzVWSmJNUWxHZUNIY2xPUDNKUU9iTjIxV1V4RjFPUU92a3BpVVFRMmxV?= =?utf-8?B?TWc9PQ==?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: cf8b5dac-6b76-485b-503a-08db72e6483f X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jun 2023 06:02:38.4277 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: YI6Qtx3hF+Bu8x1eId1U8sJU+oserdkqL5ST1SiAD9t3aHN3WCSwvPRbakkeMEMaYW3MCPa8RxrVpXiH2jUwJw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3907 X-TUID: lheuEHvaSMu2 On 21.06.23 21:22, baocheng_su@163.com wrote: > From: Baocheng Su > > This integrate Microsoft's reference implementation of the TCG TPM2.0 as an > OPTee trusted application, see [1] and [2] for details, esp. > meta-ts/layers/meta-arm/meta-arm/recipes-security/optee-ftpm > > Since the OPTee secure storage on IOT2050 is RPMB-based, and the RPMB accessing > is provided by linux tee-supplicant, this TA is only discoverable when > tee-supplicant is running. > > To help to gracefully manage the tee-supplicant, the kernel drive > tpm_ftpm_tee should be compile as .ko and be loaded/unloaded dynamically. > > [1]: https://github.com/microsoft/ms-tpm-20-ref/ > [2]: https://gitlab.com/Linaro/trustedsubstrate/meta-ts > > Signed-off-by: Baocheng Su > --- > .../files/0001-add-enum-to-ta-flags.patch | 27 +++++++++++ > .../optee-ftpm-stm32mp15x_0~230316+git.bb | 35 ++++++++++++++ The version should probably be 0~20230316+git when following Debian suggestions. Jan > .../optee-os/optee-os-stm32mp15x_3.21.0.bb | 10 +++- > .../optee-ftpm/files/debian/compat | 1 + > .../optee-ftpm/files/debian/control.tmpl | 11 +++++ > .../optee-ftpm/files/debian/rules.tmpl | 25 ++++++++++ > meta/recipes-bsp/optee-ftpm/optee-ftpm.inc | 47 +++++++++++++++++++ > 7 files changed, 155 insertions(+), 1 deletion(-) > create mode 100644 meta-isar/recipes-bsp/optee-ftpm/files/0001-add-enum-to-ta-flags.patch > create mode 100644 meta-isar/recipes-bsp/optee-ftpm/optee-ftpm-stm32mp15x_0~230316+git.bb > create mode 100644 meta/recipes-bsp/optee-ftpm/files/debian/compat > create mode 100644 meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl > create mode 100755 meta/recipes-bsp/optee-ftpm/files/debian/rules.tmpl > create mode 100644 meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > > diff --git a/meta-isar/recipes-bsp/optee-ftpm/files/0001-add-enum-to-ta-flags.patch b/meta-isar/recipes-bsp/optee-ftpm/files/0001-add-enum-to-ta-flags.patch > new file mode 100644 > index 0000000..57917ba > --- /dev/null > +++ b/meta-isar/recipes-bsp/optee-ftpm/files/0001-add-enum-to-ta-flags.patch > @@ -0,0 +1,27 @@ > +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 > +From: Maxim Uvarov > +Date: Fri, 17 Apr 2020 12:05:53 +0100 > +Subject: [PATCH] add enum to ta flags > + > +If we compile this TA into OPTEE-OS we need to define a flag > +that this TA can be discovered on the optee bus. > +Upstream-Status: Submitted [https://github.com/microsoft/MSRSec/pull/34] > + > +Signed-off-by: Maxim Uvarov > +--- > + .../ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h b/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h > +index 92c33c1..e83619d 100644 > +--- a/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h > ++++ b/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h > +@@ -44,7 +44,7 @@ > + > + #define TA_UUID TA_FTPM_UUID > + > +-#define TA_FLAGS (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE) > ++#define TA_FLAGS (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE | TA_FLAG_DEVICE_ENUM_SUPP) > + #define TA_STACK_SIZE (64 * 1024) > + #define TA_DATA_SIZE (32 * 1024) > + > diff --git a/meta-isar/recipes-bsp/optee-ftpm/optee-ftpm-stm32mp15x_0~230316+git.bb b/meta-isar/recipes-bsp/optee-ftpm/optee-ftpm-stm32mp15x_0~230316+git.bb > new file mode 100644 > index 0000000..de26ec3 > --- /dev/null > +++ b/meta-isar/recipes-bsp/optee-ftpm/optee-ftpm-stm32mp15x_0~230316+git.bb > @@ -0,0 +1,35 @@ > +# Copyright (c) Siemens AG, 2023 > +# > +# Authors: > +# Su Bao Cheng > +# > +# SPDX-License-Identifier: MIT > +# > +require recipes-bsp/optee-ftpm/optee-ftpm.inc > + > +# CHANGELOG_V = "0.1+git+isar" > + > +SRC_URI += " \ > + https://github.com/Microsoft/ms-tpm-20-ref/archive/${SRCREV}.tar.gz \ > + https://github.com/wolfSSL/wolfssl/archive/${SRCREV-wolfssl}.tar.gz;name=wolfssl \ > + file://0001-add-enum-to-ta-flags.patch \ > + " > + > +SRCREV = "f74c0d9686625c02b0fdd5b2bbe792a22aa96cb6" > +# according to ms-tpm-20-ref submodules > +SRCREV-wolfssl = "9c87f979a7f1d3a6d786b260653d566c1d31a1c4" > + > +SRC_URI[sha256sum] = "16fabc6ad6cc700d947dbc96efc30ff8ae97e577944466f08193bb37bc1eb64d" > +SRC_URI[wolfssl.sha256sum] = "a68c301fa0ee6197158912d808c4258605a2d001e458fd958257cafba17bfd14" > + > +S = "${WORKDIR}/ms-tpm-20-ref-${SRCREV}" > + > +OPTEE_NAME = "${MACHINE}" > +TA_CPU = "cortex-a7" > +TA_DEV_KIT_DIR = "/usr/lib/optee-os/${OPTEE_NAME}/export-ta_arm32" > +OPTEE_FTPM_BUILD_ARGS_EXTRA = "CFG_FTPM_USE_WOLF=y" > + > +do_prepare_build:append() { > + rm -rf ${S}/external/wolfssl > + cp -a ${S}/../wolfssl-${SRCREV-wolfssl} ${S}/external/wolfssl > +} > diff --git a/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb b/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb > index 7468ca6..1b920cd 100644 > --- a/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb > +++ b/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb > @@ -16,7 +16,7 @@ DEBIAN_BUILD_DEPENDS += " \ > , optee-examples-stm32mp15x-random-ta \ > , optee-examples-stm32mp15x-secure-storage-ta \ > " > -EARLY_TA_PATHS = " \ > +EARLY_TA_PATHS += " \ > /usr/lib/optee-os/${OPTEE_NAME}/ta/a734eed9-d6a1-4244-aa50-7c99719e7b7b.stripped.elf \ > /usr/lib/optee-os/${OPTEE_NAME}/ta/5dbac793-f574-4871-8ad3-04331ec17f24.stripped.elf \ > /usr/lib/optee-os/${OPTEE_NAME}/ta/8aaaf200-2450-11e4-abe2-0002a5d5c51b.stripped.elf \ > @@ -24,6 +24,14 @@ EARLY_TA_PATHS = " \ > /usr/lib/optee-os/${OPTEE_NAME}/ta/b6c53aba-9669-4668-a7f2-205629d00f86.stripped.elf \ > /usr/lib/optee-os/${OPTEE_NAME}/ta/f4e750bb-1437-4fbf-8785-8d3580c34994.stripped.elf \ > " > + > +# optee-ftpm integration > +DEPENDS += "optee-ftpm-stm32mp15x" > +DEBIAN_BUILD_DEPENDS += ", optee-ftpm-stm32mp15x" > +EARLY_TA_PATHS += " \ > + /usr/lib/optee-os/${OPTEE_NAME}/ta/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf \ > + " > + > OPTEE_EXTRA_BUILDARGS += " \ > CFG_EARLY_TA=y \ > EARLY_TA_PATHS='${EARLY_TA_PATHS}' \ > diff --git a/meta/recipes-bsp/optee-ftpm/files/debian/compat b/meta/recipes-bsp/optee-ftpm/files/debian/compat > new file mode 100644 > index 0000000..f599e28 > --- /dev/null > +++ b/meta/recipes-bsp/optee-ftpm/files/debian/compat > @@ -0,0 +1 @@ > +10 > diff --git a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl > new file mode 100644 > index 0000000..abab42e > --- /dev/null > +++ b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl > @@ -0,0 +1,11 @@ > +Source: ${PN} > +Section: misc > +Priority: optional > +Standards-Version: 3.9.6 > +Maintainer: Unknown maintainer > +Build-Depends: debhelper (>= 10), ${DEBIAN_BUILD_DEPENDS} > + > +Package: ${PN} > +Architecture: any > +Depends: > +Description: TCG reference implementation of the TPM 2.0 Specification. > diff --git a/meta/recipes-bsp/optee-ftpm/files/debian/rules.tmpl b/meta/recipes-bsp/optee-ftpm/files/debian/rules.tmpl > new file mode 100755 > index 0000000..19d4e08 > --- /dev/null > +++ b/meta/recipes-bsp/optee-ftpm/files/debian/rules.tmpl > @@ -0,0 +1,25 @@ > +#!/usr/bin/make -f > +# Debian rules for optee-ftpm > +# > +# Copyright (c) Siemens AG, 2023 > +# > +# Authors: > +# Su Bao Cheng > +# > +# SPDX-License-Identifier: MIT > + > +ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) > +export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- > +endif > + > +override_dh_auto_build: > + cd Samples/ARM32-FirmwareTPM/optee_ta && \ > + TA_CROSS_COMPILE=${CROSS_COMPILE} \ > + TA_CPU=${TA_CPU} \ > + TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ > + CFG_TEE_TA_LOG_LEVEL=2 \ > + ${OPTEE_FTPM_BUILD_ARGS_EXTRA} \ > + $(MAKE) $(PARALLEL_MAKE) > + > +%: > + dh $@ > diff --git a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > new file mode 100644 > index 0000000..2f6dc30 > --- /dev/null > +++ b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > @@ -0,0 +1,47 @@ > +# Copyright (c) Siemens AG, 2023 > +# > +# Authors: > +# Su Bao Cheng > +# > +# SPDX-License-Identifier: MIT > +# > +inherit dpkg > + > +SUMMARY = "OPTEE fTPM Microsoft TA" > +DESCRIPTION = "TCG reference implementation of the TPM 2.0 Specification." > +HOMEPAGE = "https://github.com/microsoft/ms-tpm-20-ref/" > + > +FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/files:" > + > +SRC_URI += "file://debian" > + > +OPTEE_NAME ?= "${MACHINE}" > + > +DEPENDS = "optee-os-tadevkit-${OPTEE_NAME}" > +DEBIAN_BUILD_DEPENDS ?= " \ > + python3-cryptography:native, \ > + optee-os-tadevkit-${OPTEE_NAME} \ > + " > + > +TA_CPU ?= "unknown" > +TA_DEV_KIT_DIR ?= "unknown" > +OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " " > + > +TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl" > +TEMPLATE_VARS += "DEBIAN_BUILD_DEPENDS \ > + OPTEE_FTPM_BUILD_ARGS_EXTRA \ > + TA_CPU \ > + TA_DEV_KIT_DIR" > + > +do_prepare_build() { > + rm -rf ${S}/debian > + cp -r ${WORKDIR}/debian ${S}/ > + > + deb_add_changelog > + > + rm -f ${S}/debian/optee-ftpm-${OPTEE_NAME}.install > + echo "Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/bc50d971-d4c9-42c4-82cb-343fb7f37896.ta /usr/lib/optee-os/${OPTEE_NAME}/ta" > \ > + ${S}/debian/optee-ftpm-${OPTEE_NAME}.install > + echo "Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf /usr/lib/optee-os/${OPTEE_NAME}/ta" >> \ > + ${S}/debian/optee-ftpm-${OPTEE_NAME}.install > +} -- Siemens AG, Technology Competence Center Embedded Linux