[PATCH] optee-ftpm: Add support for new optee_ftpm repo

[PATCH] optee-ftpm: Add support for new optee_ftpm repo

['Jan Kiszka' via isar-users]

From: Jan Kiszka <jan.kiszka@siemens.com>

Since MS dropped the OP-TEE TA bits from the reference implementation
repo, OP-TEE took over and is now hosting those. This means that
different repos need to be integrated, also because the cryptolib is now
provided by OP-TEE itself (dropped the need for WolfSSL).

Adjust the foundational code for optee-ftpm to the new model while
keeping backward compatibility. Only when MS_TPM_20_REF_DIR is set to
the subdir that contains the ms-tpm-20-ref code (besides optee_ftpm),
the new mode is activated.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---

Build-tested against the stm32mp15x in-tree (old repo) and runtime 
tested out of tree with a full isar-cip-core stack (new optee_ftpm 
repo).

 RECIPE-API-CHANGELOG.md                       |  7 +++++
 .../optee-ftpm/files/debian/rules.tmpl        |  8 +++--
 meta/recipes-bsp/optee-ftpm/optee-ftpm.inc    | 31 ++++++++++++++-----
 3 files changed, 36 insertions(+), 10 deletions(-)

diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md
index 730a4c91..02bc1d93 100644
--- a/RECIPE-API-CHANGELOG.md
+++ b/RECIPE-API-CHANGELOG.md
@@ -734,3 +734,10 @@ Set `TEE_SUPPLICANT_IN_USERLAND` to 0 if you are using a kernel that supports
 `CONFIG_RPMB` and you only need the daemon for RPMB access. Default is 1, but
 this will eventually be changed to 0. Therefore, explicitly set the variable
 to 1 to stay compatible.
+
+### Support for new optee_ftpm
+
+By setting `MS_TPM_20_REF_DIR` in an optee-ftpm recipe, it is now possible to
+use the new optee_ftpm code base from the OP-TEE project. That variable has to
+point to a subdir in `WORKDIR` which contains the unpacked ms-tpm-20-ref source
+code.
diff --git a/meta/recipes-bsp/optee-ftpm/files/debian/rules.tmpl b/meta/recipes-bsp/optee-ftpm/files/debian/rules.tmpl
index 19d4e083..4bfd2f56 100755
--- a/meta/recipes-bsp/optee-ftpm/files/debian/rules.tmpl
+++ b/meta/recipes-bsp/optee-ftpm/files/debian/rules.tmpl
@@ -1,10 +1,11 @@
 #!/usr/bin/make -f
 # Debian rules for optee-ftpm
 #
-# Copyright (c) Siemens AG, 2023
+# Copyright (c) Siemens AG, 2023-2025
 #
 # Authors:
 #  Su Bao Cheng <baocheng.su@siemens.com>
+#  Jan Kiszka <jan.kiszka@siemens.com>
 #
 # SPDX-License-Identifier: MIT
 
@@ -12,8 +13,11 @@ ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
 export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)-
 endif
 
+export CFG_MS_TPM_20_REF=${MS_TPM_20_REF_DIR}
+export O=out
+
 override_dh_auto_build:
-	cd Samples/ARM32-FirmwareTPM/optee_ta && \
+	cd ${OPTEE_FTPM_SRCDIR} && \
 		TA_CROSS_COMPILE=${CROSS_COMPILE} \
 		TA_CPU=${TA_CPU} \
 		TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
diff --git a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
index 738b694a..d7d00ae1 100644
--- a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
+++ b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
@@ -2,14 +2,15 @@
 #
 # Authors:
 #  Su Bao Cheng <baocheng.su@siemens.com>
+#  Jan Kiszka <jan.kiszka@siemens.com>
 #
 # SPDX-License-Identifier: MIT
 #
 inherit dpkg
 
-SUMMARY = "OPTEE fTPM Microsoft TA"
-DESCRIPTION = "TCG reference implementation of the TPM 2.0 Specification."
-HOMEPAGE = "https://github.com/microsoft/ms-tpm-20-ref/"
+SUMMARY = "OP-TEE fTPM TA"
+DESCRIPTION = "Firmware TPM as OP-TEE TCG TA, using Microsoft's TPM 2.0 reference implementation"
+HOMEPAGE = "https://github.com/OP-TEE/optee_ftpm"
 
 FILESPATH:append := ":${FILE_DIRNAME}/files"
 
@@ -27,22 +28,36 @@ TA_CPU ?= "unknown"
 TA_DEV_KIT_DIR ?= "unknown"
 OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " "
 
+# Set to the subdir in WORKDIR containing the unpacked ms-tpm-20-ref sources
+# Leave empty for if still using ms-tpm-20-ref for OP-TEE TA integration
+MS_TPM_20_REF_DIR ?= ""
+
+OPTEE_FTPM_SRCDIR = "${@'Samples/ARM32-FirmwareTPM/optee_ta' if d.getVar('MS_TPM_20_REF_DIR') == '' else '.'}"
+OPTEE_FTPM_BINDIR = "${@'Samples/ARM32-FirmwareTPM/optee_ta/fTPM' if d.getVar('MS_TPM_20_REF_DIR') == '' else '.'}"
+
 TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl"
 TEMPLATE_VARS += "DEBIAN_BUILD_DEPENDS \
     DEBIAN_COMPAT \
     OPTEE_FTPM_BUILD_ARGS_EXTRA \
     TA_CPU \
-    TA_DEV_KIT_DIR"
+    TA_DEV_KIT_DIR \
+    MS_TPM_20_REF_DIR \
+    OPTEE_FTPM_SRCDIR"
 
 do_prepare_build() {
-    rm -rf ${S}/debian
-    cp -r ${WORKDIR}/debian ${S}/
+    rm -rf "${S}/debian"
+    cp -r "${WORKDIR}/debian" "${S}/"
 
     deb_add_changelog
 
     rm -f ${S}/debian/optee-ftpm-${OPTEE_NAME}.install
-    echo "Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/bc50d971-d4c9-42c4-82cb-343fb7f37896.ta /usr/lib/optee-os/${OPTEE_NAME}/ta" > \
+    echo "${OPTEE_FTPM_BINDIR}/out/bc50d971-d4c9-42c4-82cb-343fb7f37896.ta /usr/lib/optee-os/${OPTEE_NAME}/ta" > \
         ${S}/debian/optee-ftpm-${OPTEE_NAME}.install
-    echo "Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf /usr/lib/optee-os/${OPTEE_NAME}/ta" >> \
+    echo "${OPTEE_FTPM_BINDIR}/out/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf /usr/lib/optee-os/${OPTEE_NAME}/ta" >> \
         ${S}/debian/optee-ftpm-${OPTEE_NAME}.install
+
+    if [ -n "${MS_TPM_20_REF_DIR}" ] && [ -e "${WORKDIR}/${MS_TPM_20_REF_DIR}" ]; then
+        rm -rf "${S}/${MS_TPM_20_REF_DIR}"
+        cp -a "${WORKDIR}/${MS_TPM_20_REF_DIR}" "${S}/"
+    fi
 }
-- 
2.43.0

-- 
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/3aa2c323-6299-4f65-a077-4cb7456f5fcf%40siemens.com.