Re: [PATCH] optee-os: Add package optee-os-tadevkit

public inbox for isar-users@googlegroups.com
 help / color / mirror / Atom feed

From: "Su, Bao Cheng" <baocheng.su@siemens.com>
To: "isar-users@googlegroups.com" <isar-users@googlegroups.com>,
	"Kiszka, Jan" <jan.kiszka@siemens.com>
Cc: "Gylstorff, Quirin" <quirin.gylstorff@siemens.com>
Subject: Re: [PATCH] optee-os: Add package optee-os-tadevkit
Date: Mon, 5 Jun 2023 03:33:46 +0000	[thread overview]
Message-ID: <120d890083412d2d91ca83886a5300f21e1d0d64.camel@siemens.com> (raw)
In-Reply-To: <fa566340505686fd1d078984bff5010f36bc8529.camel@siemens.com>

On Mon, 2023-05-29 at 07:51 +0000, 'Su, Bao Cheng' via isar-users wrote:
> On Wed, 2023-05-24 at 13:34 +0200, Jan Kiszka wrote:
> > On 23.05.23 05:27, Su, Bao Cheng (DI FA CTR IPC CN PRC4) wrote:
> > > The TA dev kit is used to build trusted applications, details refer to
> > > [1]. A typical use case of this devkit is a firmware TPM reference
> > > implementation, see [2].
> > > 
> > > 1. https://optee.readthedocs.io/en/3.21.0/building/trusted_applications.html
> > > 2. https://github.com/microsoft/ms-tpm-20-ref
> > > 
> > > Signed-off-by: Su Baocheng <baocheng.su@siemens.com>
> > > ---
> > >  .../optee-os/files/debian/control.tmpl        |  4 +--
> > >  meta/recipes-bsp/optee-os/optee-os-custom.inc | 29 +++----------------
> > >  .../optee-os/optee-os-tadevkit-custom.inc     | 20 +++++++++++++
> > >  .../{optee-os-custom.inc => optee-os.inc}     | 14 +++------
> > >  4 files changed, 30 insertions(+), 37 deletions(-)
> > >  create mode 100644 meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc
> > >  copy meta/recipes-bsp/optee-os/{optee-os-custom.inc => optee-os.inc} (62%)
> > > 
> > > diff --git a/meta/recipes-bsp/optee-os/files/debian/control.tmpl b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> > > index 60b3927..fdf898e 100644
> > > --- a/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> > > +++ b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> > > @@ -5,6 +5,6 @@ Standards-Version: 3.9.6
> > >  Build-Depends: ${DEBIAN_BUILD_DEPENDS}
> > >  Maintainer: ISAR project <isar-users@googlegroups.com>
> > > 
> > > -Package: optee-os-${OPTEE_NAME}
> > > +Package: ${DEBIAN_PACKAGE_NAME}
> > >  Architecture: ${DISTRO_ARCH}
> > > -Description: ${DESCRIPTION}, firmware binaries
> > > +Description: ${DESCRIPTION}
> > > diff --git a/meta/recipes-bsp/optee-os/optee-os-custom.inc b/meta/recipes-bsp/optee-os/optee-os-custom.inc
> > > index d48827a..abe46e8 100644
> > > --- a/meta/recipes-bsp/optee-os/optee-os-custom.inc
> > > +++ b/meta/recipes-bsp/optee-os/optee-os-custom.inc
> > > @@ -1,38 +1,17 @@
> > >  # Custom OP-TEE OS build
> > >  #
> > >  # This software is a part of ISAR.
> > > -# Copyright (c) Siemens AG, 2020
> > > +# Copyright (c) Siemens AG, 2020-2023
> > >  #
> > >  # SPDX-License-Identifier: MIT
> > > 
> > > -inherit dpkg
> > > +require optee-os.inc
> > > 
> > > -FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/files:"
> > > -
> > > -SRC_URI += "file://debian/"
> > > -
> > > -DESCRIPTION ?= "Custom OP-TEE OS"
> > > -
> > > -OPTEE_NAME ?= "${MACHINE}"
> > > -OPTEE_PLATFORM ?= "unknown"
> > > -OPTEE_EXTRA_BUILDARGS ?= ""
> > > -OPTEE_BINARIES ?= "tee-pager_v2.bin"
> > > -
> > > -DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
> > > +DESCRIPTION:append = ", firmware binaries"
> > > 
> > >  PROVIDES += "optee-os-${OPTEE_NAME}"
> > > 
> > > -TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
> > > -TEMPLATE_VARS += "OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
> > > -
> > > -# split strip platform flavor, if any, from the specified platform string
> > > -OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}"
> > > -
> > > -do_prepare_build() {
> > > -    cp -r ${WORKDIR}/debian ${S}/
> > > -
> > > -    deb_add_changelog
> > > -
> > > +do_prepare_build:append() {
> > >      rm -f ${S}/debian/optee-os-${OPTEE_NAME}.install
> > >      for binary in ${OPTEE_BINARIES}; do
> > >          echo "out/arm-plat-${OPTEE_PLATFORM_BASE}/core/$binary /usr/lib/optee-os/${OPTEE_NAME}/" >> \
> > > diff --git a/meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc b/meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc
> > > new file mode 100644
> > > index 0000000..85d6c25
> > > --- /dev/null
> > > +++ b/meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc
> > > @@ -0,0 +1,20 @@
> > > +
> > > +# Custom OP-TEE OS build
> > > +#
> > > +# This software is a part of ISAR.
> > > +# Copyright (c) Siemens AG, 2023
> > > +#
> > > +# SPDX-License-Identifier: MIT
> > > +
> > > +require optee-os.inc
> > > +
> > > +DEBIAN_PACKAGE_NAME = "optee-os-tadevkit-${OPTEE_NAME}"
> > > +DESCRIPTION:append = ", trust application development kit."
> > > +
> > > +PROVIDES += "${DEBIAN_PACKAGE_NAME}"
> > > +
> > > +do_prepare_build:append() {
> > > +    rm -f ${S}/debian/optee-os-tadevkit-${OPTEE_NAME}.install
> > > +    echo "out/arm-plat-${OPTEE_PLATFORM_BASE}/export-ta_${DISTRO_ARCH} /usr/lib/optee-os/" > \
> > > +        ${S}/debian/optee-os-tadevkit-${OPTEE_NAME}.install
> > > +}
> > > diff --git a/meta/recipes-bsp/optee-os/optee-os-custom.inc b/meta/recipes-bsp/optee-os/optee-os.inc
> > > similarity index 62%
> > > copy from meta/recipes-bsp/optee-os/optee-os-custom.inc
> > > copy to meta/recipes-bsp/optee-os/optee-os.inc
> > > index d48827a..198746b 100644
> > > --- a/meta/recipes-bsp/optee-os/optee-os-custom.inc
> > > +++ b/meta/recipes-bsp/optee-os/optee-os.inc
> > > @@ -1,7 +1,7 @@
> > >  # Custom OP-TEE OS build
> > >  #
> > >  # This software is a part of ISAR.
> > > -# Copyright (c) Siemens AG, 2020
> > > +# Copyright (c) Siemens AG, 2020-2023
> > >  #
> > >  # SPDX-License-Identifier: MIT
> > > 
> > > @@ -18,12 +18,12 @@ OPTEE_PLATFORM ?= "unknown"
> > >  OPTEE_EXTRA_BUILDARGS ?= ""
> > >  OPTEE_BINARIES ?= "tee-pager_v2.bin"
> > > 
> > > -DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
> > > +DEBIAN_PACKAGE_NAME ?= "optee-os-${OPTEE_NAME}"
> > > 
> > > -PROVIDES += "optee-os-${OPTEE_NAME}"
> > > +DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
> > > 
> > >  TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
> > > -TEMPLATE_VARS += "OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
> > > +TEMPLATE_VARS += "DEBIAN_PACKAGE_NAME OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
> > > 
> > >  # split strip platform flavor, if any, from the specified platform string
> > >  OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}"
> > > @@ -32,10 +32,4 @@ do_prepare_build() {
> > >      cp -r ${WORKDIR}/debian ${S}/
> > > 
> > >      deb_add_changelog
> > > -
> > > -    rm -f ${S}/debian/optee-os-${OPTEE_NAME}.install
> > > -    for binary in ${OPTEE_BINARIES}; do
> > > -        echo "out/arm-plat-${OPTEE_PLATFORM_BASE}/core/$binary /usr/lib/optee-os/${OPTEE_NAME}/" >> \
> > > -            ${S}/debian/optee-os-${OPTEE_NAME}.install
> > > -    done
> > >  }
> > > 
> > 
> > We will need some demo recipes that actually pulls the new package. Is
> > there some "hello world" TA that we could include and build into the
> > stm32mp15x demo image? Would it actually be better to also include the
> > fTPM recipe in Isar and use that at the same time as stress test?
> > 
> 
> There is a helloworld ta in
> https://github.com/linaro-swg/optee_examples, so we can integrate it
> into that demo image.
> 
> It's better to integrate fTPM into the isar, but maybe it's hard to
> find a demo image target for it.
> 
One thing I forgot to mention is that to verify the example TA working,
you have to build the host side to use the TA, then you will need the
libteec and the headers from optee-client... So eventually the optee-
client need be included into isar.

Currently I am upstreaming the optee-client into the isar-cip-core, so
should I upstream it here instead?

Or at this moment, only the example TA is necessary to verify the
integration of the optee-ta-devkit?

- Baocheng

> - Baocheng
> 
> > Jan
> > 
>

next prev parent reply	other threads:[~2023-06-05  3:33 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-23  3:27 Su, Bao Cheng
2023-05-24 11:34 ` Jan Kiszka
2023-05-29  7:51   ` Su, Bao Cheng
2023-06-05  3:33     ` Su, Bao Cheng [this message]
2023-06-05  4:45       ` Jan Kiszka
2023-06-05  8:59         ` Su, Bao Cheng
2023-06-05 10:28           ` Jan Kiszka

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=120d890083412d2d91ca83886a5300f21e1d0d64.camel@siemens.com \
    --to=baocheng.su@siemens.com \
    --cc=isar-users@googlegroups.com \
    --cc=jan.kiszka@siemens.com \
    --cc=quirin.gylstorff@siemens.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox