From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7252203608347770880 X-Received: by 2002:a4a:4942:0:b0:566:669d:bed0 with SMTP id z63-20020a4a4942000000b00566669dbed0mr10823036ooa.3.1689057795480; Mon, 10 Jul 2023 23:43:15 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6820:16a3:b0:563:4373:e65a with SMTP id bc35-20020a05682016a300b005634373e65als1871434oob.1.-pod-prod-05-us; Mon, 10 Jul 2023 23:43:14 -0700 (PDT) X-Google-Smtp-Source: APBJJlHYjzlTM+G8PopngGOAWXoD+oTYA68xfAgrQIlQFaPiiruapgPJCwG9pz/nigZ++Ho08V1w X-Received: by 2002:a9d:68c4:0:b0:6b5:f457:adaa with SMTP id i4-20020a9d68c4000000b006b5f457adaamr12657495oto.29.1689057794911; Mon, 10 Jul 2023 23:43:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689057794; cv=none; d=google.com; s=arc-20160816; b=hIunMwfbgSHkjgcgkzuhZlgn4hzG84p0QVOaVjRHpFhLWraApeN97VkAF5Ovr1ZInH o/nJ4Ev9F2tWSRyHlDAMRp1Xw0PhYefpZtfu1OPconHtUf9HmZmQs0XxquhPizvjFMkL q5HK3OIWgL2vm9imNyF7oitv+FvUa2n2fEVqRUcM9GfavwqCUu7ynaIlZzyU7W2uE3b7 0HcwpfgxNmRewOUnROKaJTaJFJ+FaLf27a4gEBu3b1ablS5PqAyR4a6dIlo9TykA1B4z gtWr7+O3BblEgI6b5jhusLlMavTbszC99eh0BDRVgeY+eaMqu7qt5CYWZtBCR29jKQYn FTFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:to:from:subject:message-id; bh=Avk+q8RLlQCdrPoE1O/EF7cPo+Z5vfI8HDUCXdfK7vQ=; fh=swRs1+OhWjovx1IrvOlKBWsdq9manB5qdcuGoHoh5Ak=; b=yEmjiTSsSeXKvrEN/A4cufWxcOudFd1XezJc5qGNFzcYO2zorRAPKFn/vehBvRxiUJ QwaH9+LEkh9mAu95Pr8XTA0wefjPGp0QnZvfzemH4/0ziY6F+kKlTKqRBgUPuJowaAwe tqYVN9w7q8+Q5UIeK3pN1z84v6co/N/RjIgFD5pH0KWuvMopJ4kF+VKt0IbXs1zubkKn UJg20cY2RRhvacphCROyuXrfchxv/9+Ut1X2Snx2pSTDqDAidL58PUmx7fBQlD+aK9GK g7OOthRFhZThwxlgo/Vf0I54fqOSsVs/4Rnu32KBn0QMm3jepg/Wp+w11N64GqDaDaUo X2nw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Return-Path: Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id bm3-20020a056830374300b006b8bf761730si282063otb.3.2023.07.10.23.43.14 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 10 Jul 2023 23:43:14 -0700 (PDT) Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Received: from [127.0.0.1] (host-80-81-17-52.static.customer.m-online.net [80.81.17.52]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 36B6hChD028589 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 11 Jul 2023 08:43:13 +0200 Message-ID: <0f7af277b33c42bd0e1b90ad0d8ed49ce28953ee.camel@ilbers.de> Subject: Re: [PATCH v3 0/7] Add optee family and friends From: Uladzimir Bely To: isar-users@googlegroups.com Date: Tue, 11 Jul 2023 09:43:16 +0300 In-Reply-To: <20230705053340.1158024-1-baocheng.su@siemens.com> References: <20230705053340.1158024-1-baocheng.su@siemens.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.48.3 (by Flathub.org) MIME-Version: 1.0 X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: xkbf0XDYH98q On Wed, 2023-07-05 at 13:33 +0800, baocheng.su via isar-users wrote: > From: Baocheng Su >=20 > This brings below optee family members: > =C2=A0 optee-ta-devkit, optee-client, optee-examples > and a fTPM running in optee-os, plus some initramfs hooks for tee- > supplicant and > the optee-ftpm. >=20 > The optee-ta-devkit is used to provide a sdk for building trusted > application of > optee. >=20 > The optee-client provides the libteec1, the optee-client-dev, and the > tee-supplicant daemon. >=20 > The optee-examples provides both the optee TAs and host applications > for > demostrating how to use optee-ta-devkit and optee-client-dev. >=20 > The initramfs hooks for tee-supplicant and optee-ftpm is used to > support > initramfs stage applications that needs the optee-ftpm or other TAs, > such as the > disk encryption based on TPM. An example is the LUKS2 implementation > in > isar-cip-core. >=20 > Also bump the stm32mp15x optee-os version to 3.21.0 to ease the > integration. >=20 > Since these bits are the common foundation for applications based on > ARM=20 > trustzone, isar should be the best place to hold them. >=20 > The idea is partly inspired by the ARM trusted substrate. >=20 > This integration use stm32mp15x as the demo platform. However, I > might need some > help to verify on the real hardware, since I don't have one :) >=20 > Changes since v2: > - update copyright header to 2023 > - define RPMB_EMU to replace the RPMB_EMU_BUILD_OPT > - depends systemd for tee-supplicant > - add new line EOF for some source files. >=20 > Baocheng Su (7): > =C2=A0 stm32mp15x: Bump optee-os to 3.21.0 > =C2=A0 Add recipe for optee TA devkit > =C2=A0 Add recipe for optee-client > =C2=A0 Add recipe for optee examples > =C2=A0 Add recipe for optee ftpm > =C2=A0 initramfs: Add recipe for tee-supplicant hook > =C2=A0 initramfs: Add recipe for tee-ftpm hook >=20 > =C2=A0meta-isar/conf/machine/stm32mp15x.conf=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0 |=C2=A0=C2=A0 9 +- > =C2=A0.../optee-client-stm32mp15x_3.21.0.bb=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 |=C2=A0 18 +++ > =C2=A0.../optee-examples/files/debian/compat=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0 |=C2=A0=C2=A0 1 + > =C2=A0.../optee-examples/files/debian/control.tmpl=C2=A0 | 112 > ++++++++++++++++++ > =C2=A0.../optee-examples/files/debian/rules.tmpl=C2=A0=C2=A0=C2=A0 |=C2= =A0 21 ++++ > =C2=A0.../optee-examples-stm32mp15x_3.21.0.bb=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 | 100 ++++++++++++++++ > =C2=A0.../files/0001-add-enum-to-ta-flags.patch=C2=A0=C2=A0=C2=A0=C2=A0 |= =C2=A0 27 +++++ > =C2=A0.../optee-ftpm-stm32mp15x_0~230316+git.bb=C2=A0=C2=A0=C2=A0=C2=A0 |= =C2=A0 35 ++++++ > =C2=A0.../optee-os/optee-os-stm32mp15x_3.11.0.bb=C2=A0=C2=A0=C2=A0 |=C2= =A0 29 ----- > =C2=A0.../optee-os/optee-os-stm32mp15x_3.21.0.bb=C2=A0=C2=A0=C2=A0 |=C2= =A0 38 ++++++ > =C2=A0.../optee-os/optee-os-stm32mp15x_3.21.0.inc=C2=A0=C2=A0 |=C2=A0 18 = +++ > =C2=A0.../optee-os-tadevkit-stm32mp15x_3.21.0.bb=C2=A0=C2=A0=C2=A0 |=C2= =A0=C2=A0 7 ++ > =C2=A0.../images/stm32mp15x-initramfs.bb=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0 15 +++ > =C2=A0.../lib/wic/canned-wks/stm32mp15x.wks.in=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 |=C2=A0=C2=A0 2 +- > =C2=A0.../optee-client/files/debian/compat=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0 1 + > =C2=A0.../optee-client/files/debian/control.tmpl=C2=A0=C2=A0=C2=A0 |=C2= =A0 51 ++++++++ > =C2=A0.../optee-client/files/debian/rules.tmpl=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 |=C2=A0 27 +++++ > =C2=A0.../files/debian/tee-supplicant.service=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 |=C2=A0 21 ++++ > =C2=A0.../optee-client/optee-client-custom.inc=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 |=C2=A0 41 +++++++ > =C2=A0.../optee-ftpm/files/debian/compat=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0 1 + > =C2=A0.../optee-ftpm/files/debian/control.tmpl=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 |=C2=A0 11 ++ > =C2=A0.../optee-ftpm/files/debian/rules.tmpl=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0 |=C2=A0 25 ++++ > =C2=A0meta/recipes-bsp/optee-ftpm/optee-ftpm.inc=C2=A0=C2=A0=C2=A0 |=C2= =A0 47 ++++++++ > =C2=A0.../optee-os/files/debian/control.tmpl=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0 |=C2=A0=C2=A0 4 +- > =C2=A0meta/recipes-bsp/optee-os/optee-os-custom.inc |=C2=A0 29 +---- > =C2=A0.../optee-os/optee-os-tadevkit-custom.inc=C2=A0=C2=A0=C2=A0=C2=A0 |= =C2=A0 26 ++++ > =C2=A0.../{optee-os-custom.inc =3D> optee-os.inc}=C2=A0=C2=A0=C2=A0=C2=A0= |=C2=A0 14 +-- > =C2=A0.../files/tee-ftpm.hook=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0 |=C2=A0 25 ++++ > =C2=A0.../files/tee-ftpm.script=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 |=C2=A0 26 ++++ > =C2=A0.../initramfs-tee-ftpm-hook_0.1.bb=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0 27 +++++ > =C2=A0.../files/tee-supplicant.hook=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0 33 +++= +++ > =C2=A0.../files/tee-supplicant.script=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0 33 ++++++ > =C2=A0.../initramfs-tee-supplicant-hook_0.1.bb=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 |=C2=A0 27 +++++ > =C2=A0testsuite/citest.py=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0=C2=A0 1 + > =C2=A034 files changed, 834 insertions(+), 68 deletions(-) > =C2=A0create mode 100644 meta-isar/recipes-bsp/optee-client/optee-client- > stm32mp15x_3.21.0.bb > =C2=A0create mode 100644 meta-isar/recipes-bsp/optee- > examples/files/debian/compat > =C2=A0create mode 100644 meta-isar/recipes-bsp/optee- > examples/files/debian/control.tmpl > =C2=A0create mode 100644 meta-isar/recipes-bsp/optee- > examples/files/debian/rules.tmpl > =C2=A0create mode 100644 meta-isar/recipes-bsp/optee-examples/optee- > examples-stm32mp15x_3.21.0.bb > =C2=A0create mode 100644 meta-isar/recipes-bsp/optee-ftpm/files/0001-add- > enum-to-ta-flags.patch > =C2=A0create mode 100644 meta-isar/recipes-bsp/optee-ftpm/optee-ftpm- > stm32mp15x_0~230316+git.bb > =C2=A0delete mode 100644 meta-isar/recipes-bsp/optee-os/optee-os- > stm32mp15x_3.11.0.bb > =C2=A0create mode 100644 meta-isar/recipes-bsp/optee-os/optee-os- > stm32mp15x_3.21.0.bb > =C2=A0create mode 100644 meta-isar/recipes-bsp/optee-os/optee-os- > stm32mp15x_3.21.0.inc > =C2=A0create mode 100644 meta-isar/recipes-bsp/optee-os/optee-os-tadevkit= - > stm32mp15x_3.21.0.bb > =C2=A0create mode 100644 meta-isar/recipes-initramfs/images/stm32mp15x- > initramfs.bb > =C2=A0create mode 100644 meta/recipes-bsp/optee-client/files/debian/compa= t > =C2=A0create mode 100644 meta/recipes-bsp/optee- > client/files/debian/control.tmpl > =C2=A0create mode 100755 meta/recipes-bsp/optee- > client/files/debian/rules.tmpl > =C2=A0create mode 100644 meta/recipes-bsp/optee-client/files/debian/tee- > supplicant.service > =C2=A0create mode 100644 meta/recipes-bsp/optee-client/optee-client- > custom.inc > =C2=A0create mode 100644 meta/recipes-bsp/optee-ftpm/files/debian/compat > =C2=A0create mode 100644 meta/recipes-bsp/optee- > ftpm/files/debian/control.tmpl > =C2=A0create mode 100755 meta/recipes-bsp/optee- > ftpm/files/debian/rules.tmpl > =C2=A0create mode 100644 meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > =C2=A0create mode 100644 meta/recipes-bsp/optee-os/optee-os-tadevkit- > custom.inc > =C2=A0copy meta/recipes-bsp/optee-os/{optee-os-custom.inc =3D> optee-os.i= nc} > (62%) > =C2=A0create mode 100644 meta/recipes-initramfs/initramfs-tee-ftpm- > hook/files/tee-ftpm.hook > =C2=A0create mode 100644 meta/recipes-initramfs/initramfs-tee-ftpm- > hook/files/tee-ftpm.script > =C2=A0create mode 100644 meta/recipes-initramfs/initramfs-tee-ftpm- > hook/initramfs-tee-ftpm-hook_0.1.bb > =C2=A0create mode 100644 meta/recipes-initramfs/initramfs-tee-supplicant- > hook/files/tee-supplicant.hook > =C2=A0create mode 100644 meta/recipes-initramfs/initramfs-tee-supplicant- > hook/files/tee-supplicant.script > =C2=A0create mode 100644 meta/recipes-initramfs/initramfs-tee-supplicant- > hook/initramfs-tee-supplicant-hook_0.1.bb >=20 > --=20 > 2.39.2 >=20 Applied to next, thanks.