From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 7252203608347770880
X-Received: by 2002:adf:fc4e:0:b0:313:f8de:1ff6 with SMTP id e14-20020adffc4e000000b00313f8de1ff6mr12755118wrs.51.1688535241460;
        Tue, 04 Jul 2023 22:34:01 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:adf:cf06:0:b0:314:c05:57de with SMTP id o6-20020adfcf06000000b003140c0557dels1602467wrj.0.-pod-prod-04-eu;
 Tue, 04 Jul 2023 22:34:00 -0700 (PDT)
X-Google-Smtp-Source: APBJJlFW80GDzevr4xZJIgZmXP+lubUflQtvuqBPucunzsyMlEhwlwqyz1OBFoki4vWaThiir5NR
X-Received: by 2002:a05:6000:4c1:b0:314:2fe5:b4cf with SMTP id h1-20020a05600004c100b003142fe5b4cfmr9199636wri.53.1688535240100;
        Tue, 04 Jul 2023 22:34:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1688535240; cv=none;
        d=google.com; s=arc-20160816;
        b=VdEGRKalICesig9HZga4iLo6jZ9PxHCqeT+d+6bGvhBYkJHWqSQY+ul9Mnw5dyROG2
         PUwyBqJ/K9IDZ2Gh2ApZRFlMubXdZGkqWDPWPX/Fcjf1VwA92sOdlgzWdMBUGWrOwkAR
         fRNn1QJA5WAObZpCvUV2TpsNRjgdwSvd9DKzz0Gkh/HVCFZd66h24qwJjqjGD7mYJKzx
         FqKG8XbxrqRA27GJ+V0XrR3jQOFI8UjQWroFgy4BQ3Jij0RECTTW1iFW+T3HpFxzIPn4
         edj/hCQ/cQYTeO9ZXAFvOa6p1/1KEV4F9MwrkO9T8SW7yH9LiVmjTUvdJA+zL9iCYFs3
         fJHA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=feedback-id:content-transfer-encoding:mime-version:references
         :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature;
        bh=4/WezfA/GonyQWnQZKnYdjud/0BZa8RTsVQdWsQ36sY=;
        fh=zeq4V+FUVVI2f9Ivx965+McAJkxSDosb/5yCI9B0DjU=;
        b=F1+v0LMLpqZrIcYlVmWF6gZ3vwVTSk5X5jSjhQURUecFat1pJJgfGlesfYDttZmxZM
         Gg9l75G12m58z9j4783AqKT4ZzYRelrOfH+1nxhIiMl50SNmCecgHVRkn6g6GbxRS1zV
         BHwQD57iLdKmkt6n4rUICi8jsqvup4M6dlZty2YsWVeGHPMPfEmBEGBWYvTS6uM/3ya6
         SXRXykZqZH/FigT4Cu6Ko4GUvEaqAM8eKKAHKAEiqMaiu5DeXB0Rjbrsixl8ABnZthW1
         vYMcTita8gYMl9EK3frevKPbby779kxEdexy9/tZ24SRLeX0yksPB63C1l2KLh1w7LsC
         RzgQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm1 header.b=Kk0OV1J6;
       spf=pass (google.com: domain of fm-909155-20230705053359c344439bd322bb00cd-z6yfoj@rts-flowmailer.siemens.com designates 185.136.64.228 as permitted sender) smtp.mailfrom=fm-909155-20230705053359c344439bd322bb00cd-Z6YFOj@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Return-Path: <fm-909155-20230705053359c344439bd322bb00cd-Z6YFOj@rts-flowmailer.siemens.com>
Received: from mta-64-228.siemens.flowmailer.net (mta-64-228.siemens.flowmailer.net. [185.136.64.228])
        by gmr-mx.google.com with ESMTPS id ck7-20020a5d5e87000000b00311110bace1si1607878wrb.8.2023.07.04.22.34.00
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 04 Jul 2023 22:34:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of fm-909155-20230705053359c344439bd322bb00cd-z6yfoj@rts-flowmailer.siemens.com designates 185.136.64.228 as permitted sender) client-ip=185.136.64.228;
Authentication-Results: gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm1 header.b=Kk0OV1J6;
       spf=pass (google.com: domain of fm-909155-20230705053359c344439bd322bb00cd-z6yfoj@rts-flowmailer.siemens.com designates 185.136.64.228 as permitted sender) smtp.mailfrom=fm-909155-20230705053359c344439bd322bb00cd-Z6YFOj@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: by mta-64-228.siemens.flowmailer.net with ESMTPSA id 20230705053359c344439bd322bb00cd
        for <isar-users@googlegroups.com>;
        Wed, 05 Jul 2023 07:33:59 +0200
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=baocheng.su@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=4/WezfA/GonyQWnQZKnYdjud/0BZa8RTsVQdWsQ36sY=;
 b=Kk0OV1J6gYwhY5meua/8kACcJUgBKdCGevfxlufJTSiFYwGpxWrdqaor7d+F8C7Fh7oe5B
 AWXSA8ZFRDnREc4bMGTZtCo8WB/CeXL9gt69nAmdz1szRdpldZK7oBbjj3tXtviv2EUSOl97
 4TCQrNlY/101sCzXqql1M9phqJGpE=;
From: baocheng.su@siemens.com
To: isar-users@googlegroups.com
Cc: jan.kiszka@siemens.com,
	felix.moessbauer@siemens.com,
	christian.storm@siemens.com,
	quirin.gylstorff@siemens.com,
	baocheng_su@163.com,
	henning.schild@siemens.com,
	baocheng.su@siemens.com
Subject: [PATCH v3 2/7] Add recipe for optee TA devkit
Date: Wed,  5 Jul 2023 13:33:35 +0800
Message-Id: <20230705053340.1158024-3-baocheng.su@siemens.com>
In-Reply-To: <20230705053340.1158024-1-baocheng.su@siemens.com>
References: <20230705053340.1158024-1-baocheng.su@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-909155:519-21489:flowmailer
X-TUID: AimYc473Xt2o

From: Baocheng Su <baocheng.su@siemens.com>

The TA dev kit is used to build trusted applications, details refer to
[1]. A typical use case of this devkit is a firmware TPM reference
implementation, see [2].

1. https://optee.readthedocs.io/en/3.21.0/building/trusted_applications.html
2. https://github.com/microsoft/ms-tpm-20-ref

This brings the .inc for customization, and also an example for
stm32mp15x.

Signed-off-by: Baocheng Su <baocheng.su@siemens.com>
---
 .../optee-os/optee-os-stm32mp15x_3.21.0.bb    | 23 +--------------
 ...21.0.bb => optee-os-stm32mp15x_3.21.0.inc} | 15 ++--------
 .../optee-os-tadevkit-stm32mp15x_3.21.0.bb    |  7 +++++
 .../optee-os/files/debian/control.tmpl        |  4 +--
 meta/recipes-bsp/optee-os/optee-os-custom.inc | 29 +++----------------
 .../optee-os/optee-os-tadevkit-custom.inc     | 26 +++++++++++++++++
 .../{optee-os-custom.inc => optee-os.inc}     | 14 +++------
 7 files changed, 46 insertions(+), 72 deletions(-)
 copy meta-isar/recipes-bsp/optee-os/{optee-os-stm32mp15x_3.21.0.bb => optee-os-stm32mp15x_3.21.0.inc} (61%)
 create mode 100644 meta-isar/recipes-bsp/optee-os/optee-os-tadevkit-stm32mp15x_3.21.0.bb
 create mode 100644 meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc
 copy meta/recipes-bsp/optee-os/{optee-os-custom.inc => optee-os.inc} (62%)

diff --git a/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb b/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb
index 14485f4..096e263 100644
--- a/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb
+++ b/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb
@@ -4,26 +4,5 @@
 # SPDX-License-Identifier: MIT
 
 require recipes-bsp/optee-os/optee-os-custom.inc
+require optee-os-stm32mp15x_${PV}.inc
 
-SRC_URI += "https://github.com/OP-TEE/optee_os/archive/${PV}.tar.gz"
-SRC_URI[sha256sum] = "92a16e841b0bdb4bfcb1c20b6a1bd3309092203d534ed167dfdb5a5f395bf60b"
-
-S = "${WORKDIR}/optee_os-${PV}"
-
-DEBIAN_BUILD_DEPENDS += ", device-tree-compiler, python3-cryptography:native"
-
-OPTEE_PLATFORM = "stm32mp1"
-OPTEE_EXTRA_BUILDARGS = " \
-    ARCH=arm CFG_EMBED_DTB_SOURCE_FILE=stm32mp157c-ev1.dts \
-    CFG_TEE_CORE_LOG_LEVEL=2"
-OPTEE_BINARIES = "tee-header_v2.stm32 tee-pageable_v2.stm32 tee-pager_v2.stm32"
-
-# Set version manually to PV, the tarball does not contain any hint.
-# Alternative: pull from git and add git as build dependency.
-dpkg_runbuild:prepend() {
-    grep -q "^export TEE_IMPL_VERSION" ${S}/debian/rules ||
-        cat << EOF >> ${S}/debian/rules
-
-export TEE_IMPL_VERSION=${PV}
-EOF
-}
diff --git a/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb b/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.inc
similarity index 61%
copy from meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb
copy to meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.inc
index 14485f4..cbf6974 100644
--- a/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb
+++ b/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.inc
@@ -3,9 +3,7 @@
 #
 # SPDX-License-Identifier: MIT
 
-require recipes-bsp/optee-os/optee-os-custom.inc
-
-SRC_URI += "https://github.com/OP-TEE/optee_os/archive/${PV}.tar.gz"
+SRC_URI += "https://github.com/OP-TEE/optee_os/archive/${PV}.tar.gz;downloadfilename=optee_os-${PV}.tar.gz"
 SRC_URI[sha256sum] = "92a16e841b0bdb4bfcb1c20b6a1bd3309092203d534ed167dfdb5a5f395bf60b"
 
 S = "${WORKDIR}/optee_os-${PV}"
@@ -14,16 +12,7 @@ DEBIAN_BUILD_DEPENDS += ", device-tree-compiler, python3-cryptography:native"
 
 OPTEE_PLATFORM = "stm32mp1"
 OPTEE_EXTRA_BUILDARGS = " \
+    TEE_IMPL_VERSION=${PV} \
     ARCH=arm CFG_EMBED_DTB_SOURCE_FILE=stm32mp157c-ev1.dts \
     CFG_TEE_CORE_LOG_LEVEL=2"
 OPTEE_BINARIES = "tee-header_v2.stm32 tee-pageable_v2.stm32 tee-pager_v2.stm32"
-
-# Set version manually to PV, the tarball does not contain any hint.
-# Alternative: pull from git and add git as build dependency.
-dpkg_runbuild:prepend() {
-    grep -q "^export TEE_IMPL_VERSION" ${S}/debian/rules ||
-        cat << EOF >> ${S}/debian/rules
-
-export TEE_IMPL_VERSION=${PV}
-EOF
-}
diff --git a/meta-isar/recipes-bsp/optee-os/optee-os-tadevkit-stm32mp15x_3.21.0.bb b/meta-isar/recipes-bsp/optee-os/optee-os-tadevkit-stm32mp15x_3.21.0.bb
new file mode 100644
index 0000000..2be7a9d
--- /dev/null
+++ b/meta-isar/recipes-bsp/optee-os/optee-os-tadevkit-stm32mp15x_3.21.0.bb
@@ -0,0 +1,7 @@
+#
+# Copyright (c) Siemens AG, 2023
+#
+# SPDX-License-Identifier: MIT
+
+require recipes-bsp/optee-os/optee-os-tadevkit-custom.inc
+require optee-os-stm32mp15x_${PV}.inc
diff --git a/meta/recipes-bsp/optee-os/files/debian/control.tmpl b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
index 60b3927..fdf898e 100644
--- a/meta/recipes-bsp/optee-os/files/debian/control.tmpl
+++ b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
@@ -5,6 +5,6 @@ Standards-Version: 3.9.6
 Build-Depends: ${DEBIAN_BUILD_DEPENDS}
 Maintainer: ISAR project <isar-users@googlegroups.com>
 
-Package: optee-os-${OPTEE_NAME}
+Package: ${DEBIAN_PACKAGE_NAME}
 Architecture: ${DISTRO_ARCH}
-Description: ${DESCRIPTION}, firmware binaries
+Description: ${DESCRIPTION}
diff --git a/meta/recipes-bsp/optee-os/optee-os-custom.inc b/meta/recipes-bsp/optee-os/optee-os-custom.inc
index d48827a..abe46e8 100644
--- a/meta/recipes-bsp/optee-os/optee-os-custom.inc
+++ b/meta/recipes-bsp/optee-os/optee-os-custom.inc
@@ -1,38 +1,17 @@
 # Custom OP-TEE OS build
 #
 # This software is a part of ISAR.
-# Copyright (c) Siemens AG, 2020
+# Copyright (c) Siemens AG, 2020-2023
 #
 # SPDX-License-Identifier: MIT
 
-inherit dpkg
+require optee-os.inc
 
-FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/files:"
-
-SRC_URI += "file://debian/"
-
-DESCRIPTION ?= "Custom OP-TEE OS"
-
-OPTEE_NAME ?= "${MACHINE}"
-OPTEE_PLATFORM ?= "unknown"
-OPTEE_EXTRA_BUILDARGS ?= ""
-OPTEE_BINARIES ?= "tee-pager_v2.bin"
-
-DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
+DESCRIPTION:append = ", firmware binaries"
 
 PROVIDES += "optee-os-${OPTEE_NAME}"
 
-TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
-TEMPLATE_VARS += "OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
-
-# split strip platform flavor, if any, from the specified platform string
-OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}"
-
-do_prepare_build() {
-    cp -r ${WORKDIR}/debian ${S}/
-
-    deb_add_changelog
-
+do_prepare_build:append() {
     rm -f ${S}/debian/optee-os-${OPTEE_NAME}.install
     for binary in ${OPTEE_BINARIES}; do
         echo "out/arm-plat-${OPTEE_PLATFORM_BASE}/core/$binary /usr/lib/optee-os/${OPTEE_NAME}/" >> \
diff --git a/meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc b/meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc
new file mode 100644
index 0000000..cfb2cfd
--- /dev/null
+++ b/meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc
@@ -0,0 +1,26 @@
+# Custom OP-TEE OS build for TA devkit
+#
+# This software is a part of ISAR.
+# Copyright (c) Siemens AG, 2023
+#
+# SPDX-License-Identifier: MIT
+
+require optee-os.inc
+
+DEBIAN_PACKAGE_NAME = "optee-os-tadevkit-${OPTEE_NAME}"
+DESCRIPTION:append = ", trust application development kit."
+
+PROVIDES += "${DEBIAN_PACKAGE_NAME}"
+
+do_prepare_build:append() {
+    if [ "${DISTRO_ARCH}" = "arm64" ]; then
+        TADEVKIT_DIR="export-ta_arm64"
+    elif [ "${DISTRO_ARCH}" = "armhf" ]; then
+        TADEVKIT_DIR="export-ta_arm32"
+    else
+        bbfatal "${DISTRO_ARCH} does not have a compat arch for optee TA devkit!"
+    fi
+
+    echo "out/arm-plat-${OPTEE_PLATFORM_BASE}/${TADEVKIT_DIR} /usr/lib/optee-os/${OPTEE_NAME}/" > \
+        ${S}/debian/optee-os-tadevkit-${OPTEE_NAME}.install
+}
diff --git a/meta/recipes-bsp/optee-os/optee-os-custom.inc b/meta/recipes-bsp/optee-os/optee-os.inc
similarity index 62%
copy from meta/recipes-bsp/optee-os/optee-os-custom.inc
copy to meta/recipes-bsp/optee-os/optee-os.inc
index d48827a..198746b 100644
--- a/meta/recipes-bsp/optee-os/optee-os-custom.inc
+++ b/meta/recipes-bsp/optee-os/optee-os.inc
@@ -1,7 +1,7 @@
 # Custom OP-TEE OS build
 #
 # This software is a part of ISAR.
-# Copyright (c) Siemens AG, 2020
+# Copyright (c) Siemens AG, 2020-2023
 #
 # SPDX-License-Identifier: MIT
 
@@ -18,12 +18,12 @@ OPTEE_PLATFORM ?= "unknown"
 OPTEE_EXTRA_BUILDARGS ?= ""
 OPTEE_BINARIES ?= "tee-pager_v2.bin"
 
-DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
+DEBIAN_PACKAGE_NAME ?= "optee-os-${OPTEE_NAME}"
 
-PROVIDES += "optee-os-${OPTEE_NAME}"
+DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
 
 TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
-TEMPLATE_VARS += "OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
+TEMPLATE_VARS += "DEBIAN_PACKAGE_NAME OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
 
 # split strip platform flavor, if any, from the specified platform string
 OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}"
@@ -32,10 +32,4 @@ do_prepare_build() {
     cp -r ${WORKDIR}/debian ${S}/
 
     deb_add_changelog
-
-    rm -f ${S}/debian/optee-os-${OPTEE_NAME}.install
-    for binary in ${OPTEE_BINARIES}; do
-        echo "out/arm-plat-${OPTEE_PLATFORM_BASE}/core/$binary /usr/lib/optee-os/${OPTEE_NAME}/" >> \
-            ${S}/debian/optee-os-${OPTEE_NAME}.install
-    done
 }
-- 
2.39.2