From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7247222195536003072 X-Received: by 2002:a05:6870:5a81:b0:1a6:c8bf:b411 with SMTP id dt1-20020a0568705a8100b001a6c8bfb411mr14482673oab.2.1687375408553; Wed, 21 Jun 2023 12:23:28 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6870:d998:b0:1ac:e9c5:77c3 with SMTP id gn24-20020a056870d99800b001ace9c577c3ls566801oab.1.-pod-prod-06-us; Wed, 21 Jun 2023 12:23:28 -0700 (PDT) X-Received: by 2002:aca:e157:0:b0:38d:fc2a:161a with SMTP id y84-20020acae157000000b0038dfc2a161amr3715432oig.6.1687375408004; Wed, 21 Jun 2023 12:23:28 -0700 (PDT) Received: by 2002:a05:6808:138f:b0:39d:f026:da7f with SMTP id 5614622812f47-39ee049e5f5msb6e; Wed, 21 Jun 2023 12:22:33 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4/IAUL4o/0rJ5/eMDUDE74DHSjvzgai8hm9r/ckyLePndhNcLplSsujuDsSx0Pha/jlgLn X-Received: by 2002:a92:cac8:0:b0:341:d30d:173e with SMTP id m8-20020a92cac8000000b00341d30d173emr15206333ilq.15.1687375352558; Wed, 21 Jun 2023 12:22:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687375352; cv=none; d=google.com; s=arc-20160816; b=U8xLVZui7pR0SI/CgA8BnbvW3WlRN67wh8pClkp7pk45TadsavsdBx1RFVuo+DimZM xd/CTPVgXG/v/U54M2WccX0l+CtB++bIamnKr7AlIHao2AAhTY1XGXSUpAkqMRSd3agV FDYP93lgebxs7nSHAZkI5+QAOreux4/mCpcvNS3GRB7unrs2f5EWCQm/FrNwSWIZh3Vk SE5lKdQo/cU1OYlf/ZNySHCHsNmvigexQfeVP/iyMePYUZaxR6z9tH0QPhaauSEOm/uC hPYOhU2fhJQ8CWcsSIrF06dUmYn/ILlYqoEovCCjFSuNAPuKTbUeh/4jnAY5y0cN2o2S X7Ow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature; bh=fLF8s9e1+ssIxYbQXG7jm9ghekokEJG0Ilk+t0wrPi0=; b=RKJISihgIJrvHJi8DGCOxi3QfG0BsgLTPSJQU4MoXbMih8Y5wE8II60PMgscXgXRiD kzxSW+0YewbBQIkRfRD1HJGpZD2jGRVFJ+yTn2E1D1nk85BUJ4olOw0n92aI2MgDaZYJ XbloVtNGU18j5JntiHfHU6YhxAUnpd5Z+lqKWUQ4c/GZSY006SDh+mce4ZQGDVqfthri fB6BWMuQmmSGcCw4i1a5vOPdxExqdqJsHZ03kwdRdLFmfC6FSyrpaGgDSYqlQxvcxYof itXPPsBPavT14LXgmeaz9e9rE+kaOs9DwxqVesJRVaZvGzMAsI9E4ofBrwXt4n2osoXl 38Ow== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@163.com header.s=s110527 header.b=Sj1pF8Kz; spf=pass (google.com: domain of baocheng_su@163.com designates 220.181.12.217 as permitted sender) smtp.mailfrom=baocheng_su@163.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com Return-Path: Received: from m12.mail.163.com (m12.mail.163.com. [220.181.12.217]) by gmr-mx.google.com with ESMTP id i7-20020a056e020ec700b0033e5251ba4fsi496040ilk.2.2023.06.21.12.22.31 for ; Wed, 21 Jun 2023 12:22:32 -0700 (PDT) Received-SPF: pass (google.com: domain of baocheng_su@163.com designates 220.181.12.217 as permitted sender) client-ip=220.181.12.217; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@163.com header.s=s110527 header.b=Sj1pF8Kz; spf=pass (google.com: domain of baocheng_su@163.com designates 220.181.12.217 as permitted sender) smtp.mailfrom=baocheng_su@163.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=fLF8s 9e1+ssIxYbQXG7jm9ghekokEJG0Ilk+t0wrPi0=; b=Sj1pF8KzPJ4T8oi8Em7Ik SL5IzAsANpajlMJipsteLusPuWUGiDTAYXbj1MM67XtnaGYdJ/K8ZqQjMLPP+52p quIDz9o04+HZ4DAAaYHWW/8m5z2wod4PRTxTQuXcYWNjSiaVXMEvvFKgE+m1UOAs nEiO+rbzySBQMAiHF3DAT4= Received: from debian-sie.lan (unknown [182.148.93.108]) by zwqz-smtp-mta-g2-4 (Coremail) with SMTP id _____wCXC+XvTZNkxagjAg--.40412S2; Thu, 22 Jun 2023 03:22:24 +0800 (CST) From: baocheng_su@163.com To: isar-users@googlegroups.com, jan.kiszka@siemens.com, felix.moessbauer@siemens.com Cc: christian.storm@siemens.com, quirin.gylstorff@siemens.com, baocheng.su@siemens.com, baocheng_su@163.com Subject: [PATCH v2 0/7] Add optee family and friends Date: Thu, 22 Jun 2023 03:22:10 +0800 Message-Id: <20230621192217.2045717-1-baocheng_su@163.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID:_____wCXC+XvTZNkxagjAg--.40412S2 X-Coremail-Antispam: 1Uf129KBjvJXoW3Xr43Jw43KFy3KFyUZr18Zrb_yoWxJw1UpF 4YkFy5JanrAF17W392k3WxurW3t348A3Z5urn3Ww4jy34Skrn8tr4xKFyUGFZxGry8Jw10 qF4Dta43WFyIyFJanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0zRYLv_UUUUU= X-Originating-IP: [182.148.93.108] X-CM-SenderInfo: pedrux5hqjs2rx6rljoofrz/1tbisBWVJ2NfwY45bAAAsx X-TUID: j1GHaBNWn8DS From: Baocheng Su This brings below optee family members: optee-ta-devkit, optee-client, optee-examples and a fTPM running in optee-os, plus some initramfs hooks for tee-supplicant and the optee-ftpm. The optee-ta-devkit is used to provide a sdk for building trusted application of optee. The optee-client provides the libteec1, the optee-client-dev, and the tee-supplicant daemon. The optee-examples provides both the optee TAs and host applications for demostrating how to use optee-ta-devkit and optee-client-dev. The initramfs hooks for tee-supplicant and optee-ftpm is used to support initramfs stage applications that needs the optee-ftpm or other TAs, such as the disk encryption based on TPM. An example is the LUKS2 implementation in isar-cip-core. Also bump the stm32mp15x optee-os version to 3.21.0 to ease the integration. Since these bits are the common foundation for applications based on ARM trustzone, isar should be the best place to hold them. The idea is partly inspired by the ARM trusted substrace. This integration use stm32mp15x as the demo platform. However, I might need some help to verify on the real hardware, since I don't have one :) Baocheng Su (7): stm32mp15x: Bump optee-os to 3.21.0 Add recipe for optee TA devkit Add recipe for optee-client Add recipe for optee examples Add recipe for optee ftpm initramfs: Add recipe for tee-supplicant hook initramfs: Add recipe for tee-ftpm hook meta-isar/conf/machine/stm32mp15x.conf | 9 +- .../optee-client-stm32mp15x_3.21.0.bb | 18 +++ .../optee-examples/files/debian/compat | 1 + .../optee-examples/files/debian/control.tmpl | 112 ++++++++++++++++++ .../optee-examples/files/debian/rules.tmpl | 21 ++++ .../optee-examples-stm32mp15x_3.21.0.bb | 100 ++++++++++++++++ .../files/0001-add-enum-to-ta-flags.patch | 27 +++++ .../optee-ftpm-stm32mp15x_0~230316+git.bb | 35 ++++++ .../optee-os/optee-os-stm32mp15x_3.11.0.bb | 29 ----- .../optee-os/optee-os-stm32mp15x_3.21.0.bb | 38 ++++++ .../optee-os/optee-os-stm32mp15x_3.21.0.inc | 18 +++ .../optee-os-tadevkit-stm32mp15x_3.21.0.bb | 7 ++ .../images/stm32mp15x-initramfs.bb | 15 +++ .../lib/wic/canned-wks/stm32mp15x.wks.in | 2 +- .../optee-client/files/debian/compat | 1 + .../optee-client/files/debian/control.tmpl | 51 ++++++++ .../optee-client/files/debian/rules.tmpl | 27 +++++ .../files/debian/tee-supplicant.service | 21 ++++ .../optee-client/optee-client-custom.inc | 41 +++++++ .../optee-ftpm/files/debian/compat | 1 + .../optee-ftpm/files/debian/control.tmpl | 11 ++ .../optee-ftpm/files/debian/rules.tmpl | 25 ++++ meta/recipes-bsp/optee-ftpm/optee-ftpm.inc | 47 ++++++++ .../optee-os/files/debian/control.tmpl | 4 +- meta/recipes-bsp/optee-os/optee-os-custom.inc | 29 +---- .../optee-os/optee-os-tadevkit-custom.inc | 26 ++++ .../{optee-os-custom.inc => optee-os.inc} | 14 +-- .../files/tee-ftpm.hook | 25 ++++ .../files/tee-ftpm.script | 26 ++++ .../initramfs-tee-ftpm-hook_0.1.bb | 27 +++++ .../files/tee-supplicant.hook | 33 ++++++ .../files/tee-supplicant.script | 33 ++++++ .../initramfs-tee-supplicant-hook_0.1.bb | 27 +++++ testsuite/citest.py | 1 + 34 files changed, 834 insertions(+), 68 deletions(-) create mode 100644 meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb create mode 100644 meta-isar/recipes-bsp/optee-examples/files/debian/compat create mode 100644 meta-isar/recipes-bsp/optee-examples/files/debian/control.tmpl create mode 100644 meta-isar/recipes-bsp/optee-examples/files/debian/rules.tmpl create mode 100644 meta-isar/recipes-bsp/optee-examples/optee-examples-stm32mp15x_3.21.0.bb create mode 100644 meta-isar/recipes-bsp/optee-ftpm/files/0001-add-enum-to-ta-flags.patch create mode 100644 meta-isar/recipes-bsp/optee-ftpm/optee-ftpm-stm32mp15x_0~230316+git.bb delete mode 100644 meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.11.0.bb create mode 100644 meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb create mode 100644 meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.inc create mode 100644 meta-isar/recipes-bsp/optee-os/optee-os-tadevkit-stm32mp15x_3.21.0.bb create mode 100644 meta-isar/recipes-initramfs/images/stm32mp15x-initramfs.bb create mode 100644 meta/recipes-bsp/optee-client/files/debian/compat create mode 100644 meta/recipes-bsp/optee-client/files/debian/control.tmpl create mode 100755 meta/recipes-bsp/optee-client/files/debian/rules.tmpl create mode 100644 meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service create mode 100644 meta/recipes-bsp/optee-client/optee-client-custom.inc create mode 100644 meta/recipes-bsp/optee-ftpm/files/debian/compat create mode 100644 meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl create mode 100755 meta/recipes-bsp/optee-ftpm/files/debian/rules.tmpl create mode 100644 meta/recipes-bsp/optee-ftpm/optee-ftpm.inc create mode 100644 meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc copy meta/recipes-bsp/optee-os/{optee-os-custom.inc => optee-os.inc} (62%) create mode 100644 meta/recipes-initramfs/initramfs-tee-ftpm-hook/files/tee-ftpm.hook create mode 100644 meta/recipes-initramfs/initramfs-tee-ftpm-hook/files/tee-ftpm.script create mode 100644 meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb create mode 100644 meta/recipes-initramfs/initramfs-tee-supplicant-hook/files/tee-supplicant.hook create mode 100644 meta/recipes-initramfs/initramfs-tee-supplicant-hook/files/tee-supplicant.script create mode 100644 meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb -- 2.30.2