From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7252203608347770880 X-Received: by 2002:a05:6512:3991:b0:4f8:49a8:a0e2 with SMTP id j17-20020a056512399100b004f849a8a0e2mr12215434lfu.16.1688535234749; Tue, 04 Jul 2023 22:33:54 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:600c:1c88:b0:3fb:422d:5013 with SMTP id k8-20020a05600c1c8800b003fb422d5013ls417579wms.1.-pod-prod-07-eu; Tue, 04 Jul 2023 22:33:53 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ77I5wn6ujgsIRcz70z7kzjwtCiZ0HEZIuyAxTQtptJ8gyD2CalkluHNkV3YOzsHQp9OKBP X-Received: by 2002:a7b:c315:0:b0:3f4:d18f:b2fb with SMTP id k21-20020a7bc315000000b003f4d18fb2fbmr14669158wmj.8.1688535233126; Tue, 04 Jul 2023 22:33:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688535233; cv=none; d=google.com; s=arc-20160816; b=va+xx7cbkuiKCMznG9MVXdtn8m/iTD0SRQOsXwmXuHSScHK22xMGR8j4OSsSxnEUiv 7F/sG7FfgNX/g5EIV9/Mom06y4Sh44S0IZMd1T8YLL7mf1pVH3WPadZGTB5S4CNEk+zl UCr2Pf8FE0sJgLRyfpJuuIF/UEAD2vsaBojpMa1f+y9Nz3SMzvcr22vsbuqQzHXT6R44 KlEcLr9wHW2lPFDDsGcf/eKip1iXX9cO6TPVuOgU2CmbATLWGMCA4Cade2NBgblyYlRD jwBvFiVrYevVxhGc8JEiuASC9i55Drc3ZeQ7VD3Buq/pFlTG1PSD29ArcdemQwRxi5xS bumA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:mime-version:message-id:date :subject:cc:to:from:dkim-signature; bh=JcoECgiiD2HoZKgWoEq6H9SxdYiuTWxJVIMzwm2P83A=; fh=zeq4V+FUVVI2f9Ivx965+McAJkxSDosb/5yCI9B0DjU=; b=VnWAYMbmMyGckX4VGyaKbfMIhDbZuhw1CB1yDv+r6+L507MvRoKgscrRjN9vu88IRk FjcEoZAtqnc/G00zIYThkO6tBOFqVaS/ukMU1qVAJcSYBLoIiqNGD8saHKTna/8ASOnH HZYIi2QFZCaQRD8vHWNWd07Cfiysvq6WACYiF20uoZI9LrCpXEPnMO0Ck3BnftEvesl/ AWzrklHseGhVBS9HYgw+jLpYwO59172CeMqdsKujNKOsW911buSW/wvEZVrlfecyW/IS 027vEHpLZAqwIhiGICRM/RWPiefhR2TaoB/iSJUJ4y6UHnD63nfQQZpQEAPiAH7FaR6V Sqyg== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b="NkU9G68/"; spf=pass (google.com: domain of fm-909155-20230705053352fd7a6fe5c379780f8a-dnc6tx@rts-flowmailer.siemens.com designates 185.136.64.228 as permitted sender) smtp.mailfrom=fm-909155-20230705053352fd7a6fe5c379780f8a-dNC6Tx@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Return-Path: Received: from mta-64-228.siemens.flowmailer.net (mta-64-228.siemens.flowmailer.net. [185.136.64.228]) by gmr-mx.google.com with ESMTPS id cc9-20020a5d5c09000000b0031119eb29b4si1482940wrb.4.2023.07.04.22.33.53 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Jul 2023 22:33:53 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-909155-20230705053352fd7a6fe5c379780f8a-dnc6tx@rts-flowmailer.siemens.com designates 185.136.64.228 as permitted sender) client-ip=185.136.64.228; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b="NkU9G68/"; spf=pass (google.com: domain of fm-909155-20230705053352fd7a6fe5c379780f8a-dnc6tx@rts-flowmailer.siemens.com designates 185.136.64.228 as permitted sender) smtp.mailfrom=fm-909155-20230705053352fd7a6fe5c379780f8a-dNC6Tx@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: by mta-64-228.siemens.flowmailer.net with ESMTPSA id 20230705053352fd7a6fe5c379780f8a for ; Wed, 05 Jul 2023 07:33:52 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=baocheng.su@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc; bh=JcoECgiiD2HoZKgWoEq6H9SxdYiuTWxJVIMzwm2P83A=; b=NkU9G68/uz7QsIp6eNuiQCgHixT4u0MsQfsf4yFE8UZl6el+WyXpzNodAoaUGzJdzvhrWU Yol5ZxCoc8FWdT0UlmQ941y0FeWRql/r2hCUY8mohGOVbXaw8nuc9aEppeQSBFwi6rWLoqUB VAbThVWBc05V7zPHNDTQKflhAVAwE=; From: baocheng.su@siemens.com To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, felix.moessbauer@siemens.com, christian.storm@siemens.com, quirin.gylstorff@siemens.com, baocheng_su@163.com, henning.schild@siemens.com, baocheng.su@siemens.com Subject: [PATCH v3 0/7] Add optee family and friends Date: Wed, 5 Jul 2023 13:33:33 +0800 Message-Id: <20230705053340.1158024-1-baocheng.su@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-909155:519-21489:flowmailer X-TUID: m7NXlq5x5yl8 From: Baocheng Su This brings below optee family members: optee-ta-devkit, optee-client, optee-examples and a fTPM running in optee-os, plus some initramfs hooks for tee-supplicant and the optee-ftpm. The optee-ta-devkit is used to provide a sdk for building trusted application of optee. The optee-client provides the libteec1, the optee-client-dev, and the tee-supplicant daemon. The optee-examples provides both the optee TAs and host applications for demostrating how to use optee-ta-devkit and optee-client-dev. The initramfs hooks for tee-supplicant and optee-ftpm is used to support initramfs stage applications that needs the optee-ftpm or other TAs, such as the disk encryption based on TPM. An example is the LUKS2 implementation in isar-cip-core. Also bump the stm32mp15x optee-os version to 3.21.0 to ease the integration. Since these bits are the common foundation for applications based on ARM trustzone, isar should be the best place to hold them. The idea is partly inspired by the ARM trusted substrate. This integration use stm32mp15x as the demo platform. However, I might need some help to verify on the real hardware, since I don't have one :) Changes since v2: - update copyright header to 2023 - define RPMB_EMU to replace the RPMB_EMU_BUILD_OPT - depends systemd for tee-supplicant - add new line EOF for some source files. Baocheng Su (7): stm32mp15x: Bump optee-os to 3.21.0 Add recipe for optee TA devkit Add recipe for optee-client Add recipe for optee examples Add recipe for optee ftpm initramfs: Add recipe for tee-supplicant hook initramfs: Add recipe for tee-ftpm hook meta-isar/conf/machine/stm32mp15x.conf | 9 +- .../optee-client-stm32mp15x_3.21.0.bb | 18 +++ .../optee-examples/files/debian/compat | 1 + .../optee-examples/files/debian/control.tmpl | 112 ++++++++++++++++++ .../optee-examples/files/debian/rules.tmpl | 21 ++++ .../optee-examples-stm32mp15x_3.21.0.bb | 100 ++++++++++++++++ .../files/0001-add-enum-to-ta-flags.patch | 27 +++++ .../optee-ftpm-stm32mp15x_0~230316+git.bb | 35 ++++++ .../optee-os/optee-os-stm32mp15x_3.11.0.bb | 29 ----- .../optee-os/optee-os-stm32mp15x_3.21.0.bb | 38 ++++++ .../optee-os/optee-os-stm32mp15x_3.21.0.inc | 18 +++ .../optee-os-tadevkit-stm32mp15x_3.21.0.bb | 7 ++ .../images/stm32mp15x-initramfs.bb | 15 +++ .../lib/wic/canned-wks/stm32mp15x.wks.in | 2 +- .../optee-client/files/debian/compat | 1 + .../optee-client/files/debian/control.tmpl | 51 ++++++++ .../optee-client/files/debian/rules.tmpl | 27 +++++ .../files/debian/tee-supplicant.service | 21 ++++ .../optee-client/optee-client-custom.inc | 41 +++++++ .../optee-ftpm/files/debian/compat | 1 + .../optee-ftpm/files/debian/control.tmpl | 11 ++ .../optee-ftpm/files/debian/rules.tmpl | 25 ++++ meta/recipes-bsp/optee-ftpm/optee-ftpm.inc | 47 ++++++++ .../optee-os/files/debian/control.tmpl | 4 +- meta/recipes-bsp/optee-os/optee-os-custom.inc | 29 +---- .../optee-os/optee-os-tadevkit-custom.inc | 26 ++++ .../{optee-os-custom.inc => optee-os.inc} | 14 +-- .../files/tee-ftpm.hook | 25 ++++ .../files/tee-ftpm.script | 26 ++++ .../initramfs-tee-ftpm-hook_0.1.bb | 27 +++++ .../files/tee-supplicant.hook | 33 ++++++ .../files/tee-supplicant.script | 33 ++++++ .../initramfs-tee-supplicant-hook_0.1.bb | 27 +++++ testsuite/citest.py | 1 + 34 files changed, 834 insertions(+), 68 deletions(-) create mode 100644 meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb create mode 100644 meta-isar/recipes-bsp/optee-examples/files/debian/compat create mode 100644 meta-isar/recipes-bsp/optee-examples/files/debian/control.tmpl create mode 100644 meta-isar/recipes-bsp/optee-examples/files/debian/rules.tmpl create mode 100644 meta-isar/recipes-bsp/optee-examples/optee-examples-stm32mp15x_3.21.0.bb create mode 100644 meta-isar/recipes-bsp/optee-ftpm/files/0001-add-enum-to-ta-flags.patch create mode 100644 meta-isar/recipes-bsp/optee-ftpm/optee-ftpm-stm32mp15x_0~230316+git.bb delete mode 100644 meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.11.0.bb create mode 100644 meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb create mode 100644 meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.inc create mode 100644 meta-isar/recipes-bsp/optee-os/optee-os-tadevkit-stm32mp15x_3.21.0.bb create mode 100644 meta-isar/recipes-initramfs/images/stm32mp15x-initramfs.bb create mode 100644 meta/recipes-bsp/optee-client/files/debian/compat create mode 100644 meta/recipes-bsp/optee-client/files/debian/control.tmpl create mode 100755 meta/recipes-bsp/optee-client/files/debian/rules.tmpl create mode 100644 meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service create mode 100644 meta/recipes-bsp/optee-client/optee-client-custom.inc create mode 100644 meta/recipes-bsp/optee-ftpm/files/debian/compat create mode 100644 meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl create mode 100755 meta/recipes-bsp/optee-ftpm/files/debian/rules.tmpl create mode 100644 meta/recipes-bsp/optee-ftpm/optee-ftpm.inc create mode 100644 meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc copy meta/recipes-bsp/optee-os/{optee-os-custom.inc => optee-os.inc} (62%) create mode 100644 meta/recipes-initramfs/initramfs-tee-ftpm-hook/files/tee-ftpm.hook create mode 100644 meta/recipes-initramfs/initramfs-tee-ftpm-hook/files/tee-ftpm.script create mode 100644 meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb create mode 100644 meta/recipes-initramfs/initramfs-tee-supplicant-hook/files/tee-supplicant.hook create mode 100644 meta/recipes-initramfs/initramfs-tee-supplicant-hook/files/tee-supplicant.script create mode 100644 meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb -- 2.39.2