From: sven.schultschik@siemens.com
To: isar-users@googlegroups.com
Cc: jan.kiszka@siemens.com, Sven Schultschik <sven.schultschik@siemens.com>
Subject: [PATCH 1/7] add recipe for optee
Date: Tue, 18 Oct 2022 12:25:27 +0200 [thread overview]
Message-ID: <20221018102533.10390-1-sven.schultschik@siemens.com> (raw)
From: Sven Schultschik <sven.schultschik@siemens.com>
---
.../op-tee/optee-os-qemu-arm64_3.17.0.bb | 57 +++++++++++++++++++
recipes-bsp/u-boot/files/secure-boot.cfg.tmpl | 7 +++
recipes-bsp/u-boot/u-boot-common.inc | 6 +-
3 files changed, 67 insertions(+), 3 deletions(-)
create mode 100644 recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb
diff --git a/recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb b/recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb
new file mode 100644
index 00000000..5e60041a
--- /dev/null
+++ b/recipes-bsp/op-tee/optee-os-qemu-arm64_3.17.0.bb
@@ -0,0 +1,57 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022
+#
+# Authors:
+# Sven Schultschik <sven.schultschik@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+HOMEPAGE = "https://github.com/OP-TEE/optee_os"
+MAINTAINER = "Sven Schultschik <sven.schultschik@siemens.com>"
+LICENSE = "BSD-2-Clause"
+
+require recipes-bsp/optee-os/optee-os-custom.inc
+
+SRC_URI += " \
+ gitsm://github.com/OP-TEE/optee_os.git;branch=master;protocol=https;destsuffix=git;rev=${PV}"
+
+S = "${WORKDIR}/git"
+
+OPTEE_PLATFORM = "vexpress-qemu_armv8a"
+
+OPTEE_BINARIES = "tee-header_v2.bin \
+ tee-pager_v2.bin \
+ tee-pageable_v2.bin"
+
+DEPENDS = "edk2"
+DEBIAN_BUILD_DEPENDS += " ,\
+ debhelper(>= 11~), \
+ build-essential, \
+ cpio, \
+ python3-cryptography, \
+ python3-pycryptodome, \
+ python3-serial, \
+ device-tree-compiler, \
+ edk2, \
+ gcc-arm-linux-gnueabihf,"
+
+OPTEE_EXTRA_BUILDARGS = "CFG_STMM_PATH=/usr/lib/edk2/BL32_AP_MM.fd CFG_RPMB_FS=y \
+ CFG_RPMB_FS_DEV_ID=0 CFG_CORE_HEAP_SIZE=524288 CFG_RPMB_WRITE_KEY=1 \
+ CFG_CORE_DYN_SHM=y CFG_RPMB_TESTKEY=y \
+ CFG_REE_FS=n\
+ CFG_TEE_CORE_LOG_LEVEL=1 CFG_TEE_TA_LOG_LEVEL=1 CFG_SCTLR_ALIGNMENT_CHECK=n \
+ CFG_ARM64_core=y CFG_CORE_ARM64_PA_BITS=48"
+
+ISAR_CROSS_COMPILE = "0"
+
+dpkg_runbuild_prepend() {
+ # $(ARCH) is the CPU architecture to be built.
+ # Currently, the only supported value is arm for 32-bit or 64-bit Armv7-A or Armv8-A.
+ # Please note that contrary to the Linux kernel, $(ARCH) should not be set to arm64 for 64-bit builds.
+ export ARCH="arm"
+ export CROSS_COMPILE32=arm-linux-gnueabihf-
+ export CROSS_COMPILE64=aarch64-linux-gnu-
+}
\ No newline at end of file
diff --git a/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl b/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl
index 956dcbfe..8e642823 100644
--- a/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl
+++ b/recipes-bsp/u-boot/files/secure-boot.cfg.tmpl
@@ -4,3 +4,10 @@ CONFIG_USE_BOOTCOMMAND=y
CONFIG_BOOTCOMMAND="setenv scan_dev_for_boot 'if test -e ${devtype} ${devnum}:${distro_bootpart} efi/boot/boot${EFI_ARCH}.efi; then load ${devtype} ${devnum}:${distro_bootpart} ${kernel_addr_r} efi/boot/boot${EFI_ARCH}.efi; bootefi ${kernel_addr_r} ${fdtcontroladdr}; fi'; run distro_bootcmd; echo 'EFI Boot failed!'; sleep 1000; reset"
CONFIG_EFI_VARIABLES_PRESEED=y
CONFIG_EFI_SECURE_BOOT=y
+### OPTEE config
+CONFIG_CMD_OPTEE_RPMB=y
+CONFIG_MMC=y
+CONFIG_SUPPORT_EMMC_RPMB=y
+CONFIG_TEE=y
+CONFIG_OPTEE=y
+CONFIG_EFI_MM_COMM_TEE=y
diff --git a/recipes-bsp/u-boot/u-boot-common.inc b/recipes-bsp/u-boot/u-boot-common.inc
index 60f0da36..7fe4d3fa 100644
--- a/recipes-bsp/u-boot/u-boot-common.inc
+++ b/recipes-bsp/u-boot/u-boot-common.inc
@@ -25,12 +25,12 @@ DEBIAN_BUILD_DEPENDS += ", libssl-dev:native, libssl-dev:${DISTRO_ARCH}"
DEBIAN_BUILD_DEPENDS_append_secureboot = ", \
openssl, pesign, secure-boot-secrets, python3-openssl:native"
-DEPENDS_append_secureboot = " secure-boot-secrets"
+DEPENDS_append_secureboot = " secure-boot-secrets optee-os-${MACHINE}"
TEMPLATE_FILES_append_secureboot = " secure-boot.cfg.tmpl"
TEMPLATE_VARS_append_secureboot = " EFI_ARCH"
do_prepare_build_append_secureboot() {
sed -ni '/### Secure boot config/q;p' ${S}/configs/${U_BOOT_CONFIG}
- cat ${WORKDIR}/secure-boot.cfg >> ${S}/configs/${U_BOOT_CONFIG}
-}
+ cat ${WORKDIR}/secure-boot.cfg >> ${S}/configs/${U_BOOT_CONFIG}
+}
\ No newline at end of file
--
2.30.2
next reply other threads:[~2022-10-18 10:25 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-18 10:25 sven.schultschik [this message]
2022-10-18 10:25 ` [PATCH 2/7] add recipe for for edk2 sven.schultschik
2022-10-18 10:25 ` [PATCH 3/7] add recipe for trusted firmware a sven.schultschik
2022-10-18 10:25 ` [PATCH 4/7] add u-boot patch for qemu to support RPMB sven.schultschik
2022-10-18 10:25 ` [PATCH 5/7] add kas files for building qemu secure boot images sven.schultschik
2022-10-18 10:25 ` [PATCH 6/7] enhance start-qemu.sh for arm64 secure boot sven.schultschik
2022-10-18 10:25 ` [PATCH 7/7] test patch sven.schultschik
2022-10-18 10:34 ` [PATCH 1/7] add recipe for optee Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221018102533.10390-1-sven.schultschik@siemens.com \
--to=sven.schultschik@siemens.com \
--cc=isar-users@googlegroups.com \
--cc=jan.kiszka@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox