From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7247222195536003072 X-Received: by 2002:a4a:a592:0:b0:55b:2f80:39e4 with SMTP id d18-20020a4aa592000000b0055b2f8039e4mr10131772oom.4.1687375408571; Wed, 21 Jun 2023 12:23:28 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a4a:982:0:b0:555:2ca4:c9c with SMTP id 124-20020a4a0982000000b005552ca40c9cls1744836ooa.1.-pod-prod-06-us; Wed, 21 Jun 2023 12:23:28 -0700 (PDT) X-Received: by 2002:aca:f208:0:b0:39c:f0c2:e3ad with SMTP id q8-20020acaf208000000b0039cf0c2e3admr3641945oih.5.1687375408003; Wed, 21 Jun 2023 12:23:28 -0700 (PDT) Received: by 2002:a05:6808:138f:b0:39d:f026:da7f with SMTP id 5614622812f47-39ee049e5f5msb6e; Wed, 21 Jun 2023 12:22:38 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7o3gLH9eTFhWpXqCAlL9UjZPICiO3evM/+PU2je60Tifo/B0T2Bpb38LzdWG4kKEDJyWgK X-Received: by 2002:a6b:8d4a:0:b0:780:c872:5df7 with SMTP id p71-20020a6b8d4a000000b00780c8725df7mr515266iod.9.1687375357479; Wed, 21 Jun 2023 12:22:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687375357; cv=none; d=google.com; s=arc-20160816; b=r7l3wbTyerYuvFNELk3Fqe37EQTrgYLDYxajk8et0nKI+zkRjaWPXsk06XHg9ArXhB LovG6VRmqqvNvHB5J937cYVvO/kTW4ZGXRQNvzTbb9Dq2pQ2HUTv7+6B+WrCor2SKBVS e8TlVI8vpno67fmzBUFV3Nt1iCq7jNM9n2AhjjeCZDhFAJDyQccyZ7MUOiPKjMgOnnPc scogply2GzYHeKlnVAsd3mNP2pHeKhLRiFWwPAd8sRiKi6EX2WNbqinKj8M36gbfFBeP kFYFyueXTxPYj2lxzvtWnZDKc8ckitWbc+Jbn1blMUUOS9Jdjz2oQzVwNmQowUP1+yKd Zx6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=sQoExtFxB1M9EHtQISv2ApHZY9vTQnzDEWk4HhwikHc=; b=Aps+R5+JybElEdXV2j8R0bivMsiVCzOvkoF8QDRo1LIydqo2tm9eDRUQuo1Kx1VWAb hoWUB4QsCAIA2g6eyfvSDhxoQU8++gXz0bfUN6Zm5hHRbIgGoRF+KYsgNdyav1OnAZ/1 fJ54RoRbCicdUPErWpEonKJdninhBTqk1sPQjY5zIjX6IHDS6Y0Av6VqpL9NTYwO6YJW KCQqMYgI5JR2VxWro8YmrnRIdb7gMXSTI4Pj0fpn73/TYO2IBuAkHQ5osnHsExXx/Th4 B+lFlfWRqTZP6lNpG6h/ZE2rpMgbLHHjiFJVp5On4n+4LHnquMpLJfnL7MtxpwR7CYFI 247w== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@163.com header.s=s110527 header.b="XM4M/YwU"; spf=pass (google.com: domain of baocheng_su@163.com designates 220.181.12.215 as permitted sender) smtp.mailfrom=baocheng_su@163.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com Return-Path: Received: from m12.mail.163.com (m12.mail.163.com. [220.181.12.215]) by gmr-mx.google.com with ESMTP id p19-20020a02b393000000b004231b1887b2si413376jan.3.2023.06.21.12.22.36 for ; Wed, 21 Jun 2023 12:22:37 -0700 (PDT) Received-SPF: pass (google.com: domain of baocheng_su@163.com designates 220.181.12.215 as permitted sender) client-ip=220.181.12.215; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@163.com header.s=s110527 header.b="XM4M/YwU"; spf=pass (google.com: domain of baocheng_su@163.com designates 220.181.12.215 as permitted sender) smtp.mailfrom=baocheng_su@163.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=sQoEx tFxB1M9EHtQISv2ApHZY9vTQnzDEWk4HhwikHc=; b=XM4M/YwUEEIH2xfBVAZmd 00+pSYCGjylPCI1Qirkd565qmqbeac+xdZHpxvdEWXWVj2Ksz5aV0rOfbHvITlCe +BrYjH0oyxw7R3ohj4whoVYBTPtfSUyBKqqAkY9lHekpucgoL78XnRElZSVrJvaa WAHGX+Z+2XTR+lb9zKByqU= Received: from debian-sie.lan (unknown [182.148.93.108]) by zwqz-smtp-mta-g2-4 (Coremail) with SMTP id _____wCXC+XvTZNkxagjAg--.40412S4; Thu, 22 Jun 2023 03:22:33 +0800 (CST) From: baocheng_su@163.com To: isar-users@googlegroups.com, jan.kiszka@siemens.com, felix.moessbauer@siemens.com Cc: christian.storm@siemens.com, quirin.gylstorff@siemens.com, baocheng.su@siemens.com, baocheng_su@163.com Subject: [PATCH v2 2/7] Add recipe for optee TA devkit Date: Thu, 22 Jun 2023 03:22:12 +0800 Message-Id: <20230621192217.2045717-3-baocheng_su@163.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230621192217.2045717-1-baocheng_su@163.com> References: <20230621192217.2045717-1-baocheng_su@163.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID:_____wCXC+XvTZNkxagjAg--.40412S4 X-Coremail-Antispam: 1Uf129KBjvJXoW3uFy7Zr4kCr15Gr1ftFWUurg_yoWDAw1fpF 1Sqa4UJr4UJa43W3yDCrWxZrW5JayUAas5Ar4fG34rZryIyr1Dtw1xKFyUGFZxG3yrZw18 XFn0qas5urZrJaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07UzlkxUUUUU= X-Originating-IP: [182.148.93.108] X-CM-SenderInfo: pedrux5hqjs2rx6rljoofrz/1tbisRmVJ2Mr+oeXiwAAsz X-TUID: zk218HvW9udx From: Baocheng Su The TA dev kit is used to build trusted applications, details refer to [1]. A typical use case of this devkit is a firmware TPM reference implementation, see [2]. 1. https://optee.readthedocs.io/en/3.21.0/building/trusted_applications.html 2. https://github.com/microsoft/ms-tpm-20-ref This brings the .inc for customization, and also an example for stm32mp15x. Signed-off-by: Baocheng Su --- .../optee-os/optee-os-stm32mp15x_3.21.0.bb | 25 ++-------------- ...21.0.bb => optee-os-stm32mp15x_3.21.0.inc} | 17 ++--------- .../optee-os-tadevkit-stm32mp15x_3.21.0.bb | 7 +++++ .../optee-os/files/debian/control.tmpl | 4 +-- meta/recipes-bsp/optee-os/optee-os-custom.inc | 29 +++---------------- .../optee-os/optee-os-tadevkit-custom.inc | 26 +++++++++++++++++ .../{optee-os-custom.inc => optee-os.inc} | 14 +++------ 7 files changed, 48 insertions(+), 74 deletions(-) copy meta-isar/recipes-bsp/optee-os/{optee-os-stm32mp15x_3.21.0.bb => optee-os-stm32mp15x_3.21.0.inc} (57%) create mode 100644 meta-isar/recipes-bsp/optee-os/optee-os-tadevkit-stm32mp15x_3.21.0.bb create mode 100644 meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc copy meta/recipes-bsp/optee-os/{optee-os-custom.inc => optee-os.inc} (62%) diff --git a/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb b/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb index b605149..096e263 100644 --- a/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb +++ b/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb @@ -1,29 +1,8 @@ # -# Copyright (c) Siemens AG, 2020 +# Copyright (c) Siemens AG, 2020-2023 # # SPDX-License-Identifier: MIT require recipes-bsp/optee-os/optee-os-custom.inc +require optee-os-stm32mp15x_${PV}.inc -SRC_URI += "https://github.com/OP-TEE/optee_os/archive/${PV}.tar.gz" -SRC_URI[sha256sum] = "92a16e841b0bdb4bfcb1c20b6a1bd3309092203d534ed167dfdb5a5f395bf60b" - -S = "${WORKDIR}/optee_os-${PV}" - -DEBIAN_BUILD_DEPENDS += ", device-tree-compiler, python3-cryptography:native" - -OPTEE_PLATFORM = "stm32mp1" -OPTEE_EXTRA_BUILDARGS = " \ - ARCH=arm CFG_EMBED_DTB_SOURCE_FILE=stm32mp157c-ev1.dts \ - CFG_TEE_CORE_LOG_LEVEL=2" -OPTEE_BINARIES = "tee-header_v2.stm32 tee-pageable_v2.stm32 tee-pager_v2.stm32" - -# Set version manually to PV, the tarball does not contain any hint. -# Alternative: pull from git and add git as build dependency. -dpkg_runbuild:prepend() { - grep -q "^export TEE_IMPL_VERSION" ${S}/debian/rules || - cat << EOF >> ${S}/debian/rules - -export TEE_IMPL_VERSION=${PV} -EOF -} diff --git a/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb b/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.inc similarity index 57% copy from meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb copy to meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.inc index b605149..cbf6974 100644 --- a/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb +++ b/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.inc @@ -1,11 +1,9 @@ # -# Copyright (c) Siemens AG, 2020 +# Copyright (c) Siemens AG, 2020-2023 # # SPDX-License-Identifier: MIT -require recipes-bsp/optee-os/optee-os-custom.inc - -SRC_URI += "https://github.com/OP-TEE/optee_os/archive/${PV}.tar.gz" +SRC_URI += "https://github.com/OP-TEE/optee_os/archive/${PV}.tar.gz;downloadfilename=optee_os-${PV}.tar.gz" SRC_URI[sha256sum] = "92a16e841b0bdb4bfcb1c20b6a1bd3309092203d534ed167dfdb5a5f395bf60b" S = "${WORKDIR}/optee_os-${PV}" @@ -14,16 +12,7 @@ DEBIAN_BUILD_DEPENDS += ", device-tree-compiler, python3-cryptography:native" OPTEE_PLATFORM = "stm32mp1" OPTEE_EXTRA_BUILDARGS = " \ + TEE_IMPL_VERSION=${PV} \ ARCH=arm CFG_EMBED_DTB_SOURCE_FILE=stm32mp157c-ev1.dts \ CFG_TEE_CORE_LOG_LEVEL=2" OPTEE_BINARIES = "tee-header_v2.stm32 tee-pageable_v2.stm32 tee-pager_v2.stm32" - -# Set version manually to PV, the tarball does not contain any hint. -# Alternative: pull from git and add git as build dependency. -dpkg_runbuild:prepend() { - grep -q "^export TEE_IMPL_VERSION" ${S}/debian/rules || - cat << EOF >> ${S}/debian/rules - -export TEE_IMPL_VERSION=${PV} -EOF -} diff --git a/meta-isar/recipes-bsp/optee-os/optee-os-tadevkit-stm32mp15x_3.21.0.bb b/meta-isar/recipes-bsp/optee-os/optee-os-tadevkit-stm32mp15x_3.21.0.bb new file mode 100644 index 0000000..2be7a9d --- /dev/null +++ b/meta-isar/recipes-bsp/optee-os/optee-os-tadevkit-stm32mp15x_3.21.0.bb @@ -0,0 +1,7 @@ +# +# Copyright (c) Siemens AG, 2023 +# +# SPDX-License-Identifier: MIT + +require recipes-bsp/optee-os/optee-os-tadevkit-custom.inc +require optee-os-stm32mp15x_${PV}.inc diff --git a/meta/recipes-bsp/optee-os/files/debian/control.tmpl b/meta/recipes-bsp/optee-os/files/debian/control.tmpl index 60b3927..fdf898e 100644 --- a/meta/recipes-bsp/optee-os/files/debian/control.tmpl +++ b/meta/recipes-bsp/optee-os/files/debian/control.tmpl @@ -5,6 +5,6 @@ Standards-Version: 3.9.6 Build-Depends: ${DEBIAN_BUILD_DEPENDS} Maintainer: ISAR project -Package: optee-os-${OPTEE_NAME} +Package: ${DEBIAN_PACKAGE_NAME} Architecture: ${DISTRO_ARCH} -Description: ${DESCRIPTION}, firmware binaries +Description: ${DESCRIPTION} diff --git a/meta/recipes-bsp/optee-os/optee-os-custom.inc b/meta/recipes-bsp/optee-os/optee-os-custom.inc index d48827a..abe46e8 100644 --- a/meta/recipes-bsp/optee-os/optee-os-custom.inc +++ b/meta/recipes-bsp/optee-os/optee-os-custom.inc @@ -1,38 +1,17 @@ # Custom OP-TEE OS build # # This software is a part of ISAR. -# Copyright (c) Siemens AG, 2020 +# Copyright (c) Siemens AG, 2020-2023 # # SPDX-License-Identifier: MIT -inherit dpkg +require optee-os.inc -FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/files:" - -SRC_URI += "file://debian/" - -DESCRIPTION ?= "Custom OP-TEE OS" - -OPTEE_NAME ?= "${MACHINE}" -OPTEE_PLATFORM ?= "unknown" -OPTEE_EXTRA_BUILDARGS ?= "" -OPTEE_BINARIES ?= "tee-pager_v2.bin" - -DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools" +DESCRIPTION:append = ", firmware binaries" PROVIDES += "optee-os-${OPTEE_NAME}" -TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl" -TEMPLATE_VARS += "OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS" - -# split strip platform flavor, if any, from the specified platform string -OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}" - -do_prepare_build() { - cp -r ${WORKDIR}/debian ${S}/ - - deb_add_changelog - +do_prepare_build:append() { rm -f ${S}/debian/optee-os-${OPTEE_NAME}.install for binary in ${OPTEE_BINARIES}; do echo "out/arm-plat-${OPTEE_PLATFORM_BASE}/core/$binary /usr/lib/optee-os/${OPTEE_NAME}/" >> \ diff --git a/meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc b/meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc new file mode 100644 index 0000000..cfb2cfd --- /dev/null +++ b/meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc @@ -0,0 +1,26 @@ +# Custom OP-TEE OS build for TA devkit +# +# This software is a part of ISAR. +# Copyright (c) Siemens AG, 2023 +# +# SPDX-License-Identifier: MIT + +require optee-os.inc + +DEBIAN_PACKAGE_NAME = "optee-os-tadevkit-${OPTEE_NAME}" +DESCRIPTION:append = ", trust application development kit." + +PROVIDES += "${DEBIAN_PACKAGE_NAME}" + +do_prepare_build:append() { + if [ "${DISTRO_ARCH}" = "arm64" ]; then + TADEVKIT_DIR="export-ta_arm64" + elif [ "${DISTRO_ARCH}" = "armhf" ]; then + TADEVKIT_DIR="export-ta_arm32" + else + bbfatal "${DISTRO_ARCH} does not have a compat arch for optee TA devkit!" + fi + + echo "out/arm-plat-${OPTEE_PLATFORM_BASE}/${TADEVKIT_DIR} /usr/lib/optee-os/${OPTEE_NAME}/" > \ + ${S}/debian/optee-os-tadevkit-${OPTEE_NAME}.install +} diff --git a/meta/recipes-bsp/optee-os/optee-os-custom.inc b/meta/recipes-bsp/optee-os/optee-os.inc similarity index 62% copy from meta/recipes-bsp/optee-os/optee-os-custom.inc copy to meta/recipes-bsp/optee-os/optee-os.inc index d48827a..198746b 100644 --- a/meta/recipes-bsp/optee-os/optee-os-custom.inc +++ b/meta/recipes-bsp/optee-os/optee-os.inc @@ -1,7 +1,7 @@ # Custom OP-TEE OS build # # This software is a part of ISAR. -# Copyright (c) Siemens AG, 2020 +# Copyright (c) Siemens AG, 2020-2023 # # SPDX-License-Identifier: MIT @@ -18,12 +18,12 @@ OPTEE_PLATFORM ?= "unknown" OPTEE_EXTRA_BUILDARGS ?= "" OPTEE_BINARIES ?= "tee-pager_v2.bin" -DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools" +DEBIAN_PACKAGE_NAME ?= "optee-os-${OPTEE_NAME}" -PROVIDES += "optee-os-${OPTEE_NAME}" +DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools" TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl" -TEMPLATE_VARS += "OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS" +TEMPLATE_VARS += "DEBIAN_PACKAGE_NAME OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS" # split strip platform flavor, if any, from the specified platform string OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}" @@ -32,10 +32,4 @@ do_prepare_build() { cp -r ${WORKDIR}/debian ${S}/ deb_add_changelog - - rm -f ${S}/debian/optee-os-${OPTEE_NAME}.install - for binary in ${OPTEE_BINARIES}; do - echo "out/arm-plat-${OPTEE_PLATFORM_BASE}/core/$binary /usr/lib/optee-os/${OPTEE_NAME}/" >> \ - ${S}/debian/optee-os-${OPTEE_NAME}.install - done } -- 2.30.2