public inbox for isar-users@googlegroups.com
 help / color / mirror / Atom feed
From: Jan Kiszka <jan.kiszka@siemens.com>
To: "Su, Bao Cheng (DI FA CTR IPC CN PRC4)" <baocheng.su@siemens.com>,
	"isar-users@googlegroups.com" <isar-users@googlegroups.com>
Cc: "Gylstorff, Quirin (T CED SES-DE)" <quirin.gylstorff@siemens.com>
Subject: Re: [PATCH] optee-os: Add package optee-os-tadevkit
Date: Mon, 5 Jun 2023 06:45:12 +0200	[thread overview]
Message-ID: <3cc67f5c-e1ce-6957-00b7-bdb3c67b3983@siemens.com> (raw)
In-Reply-To: <120d890083412d2d91ca83886a5300f21e1d0d64.camel@siemens.com>

On 05.06.23 05:33, Su, Bao Cheng (DI FA CTR IPC CN PRC4) wrote:
> On Mon, 2023-05-29 at 07:51 +0000, 'Su, Bao Cheng' via isar-users wrote:
>> On Wed, 2023-05-24 at 13:34 +0200, Jan Kiszka wrote:
>>> On 23.05.23 05:27, Su, Bao Cheng (DI FA CTR IPC CN PRC4) wrote:
>>>> The TA dev kit is used to build trusted applications, details refer to
>>>> [1]. A typical use case of this devkit is a firmware TPM reference
>>>> implementation, see [2].
>>>>
>>>> 1. https://optee.readthedocs.io/en/3.21.0/building/trusted_applications.html
>>>> 2. https://github.com/microsoft/ms-tpm-20-ref
>>>>
>>>> Signed-off-by: Su Baocheng <baocheng.su@siemens.com>
>>>> ---
>>>>  .../optee-os/files/debian/control.tmpl        |  4 +--
>>>>  meta/recipes-bsp/optee-os/optee-os-custom.inc | 29 +++----------------
>>>>  .../optee-os/optee-os-tadevkit-custom.inc     | 20 +++++++++++++
>>>>  .../{optee-os-custom.inc => optee-os.inc}     | 14 +++------
>>>>  4 files changed, 30 insertions(+), 37 deletions(-)
>>>>  create mode 100644 meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc
>>>>  copy meta/recipes-bsp/optee-os/{optee-os-custom.inc => optee-os.inc} (62%)
>>>>
>>>> diff --git a/meta/recipes-bsp/optee-os/files/debian/control.tmpl b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
>>>> index 60b3927..fdf898e 100644
>>>> --- a/meta/recipes-bsp/optee-os/files/debian/control.tmpl
>>>> +++ b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
>>>> @@ -5,6 +5,6 @@ Standards-Version: 3.9.6
>>>>  Build-Depends: ${DEBIAN_BUILD_DEPENDS}
>>>>  Maintainer: ISAR project <isar-users@googlegroups.com>
>>>>
>>>> -Package: optee-os-${OPTEE_NAME}
>>>> +Package: ${DEBIAN_PACKAGE_NAME}
>>>>  Architecture: ${DISTRO_ARCH}
>>>> -Description: ${DESCRIPTION}, firmware binaries
>>>> +Description: ${DESCRIPTION}
>>>> diff --git a/meta/recipes-bsp/optee-os/optee-os-custom.inc b/meta/recipes-bsp/optee-os/optee-os-custom.inc
>>>> index d48827a..abe46e8 100644
>>>> --- a/meta/recipes-bsp/optee-os/optee-os-custom.inc
>>>> +++ b/meta/recipes-bsp/optee-os/optee-os-custom.inc
>>>> @@ -1,38 +1,17 @@
>>>>  # Custom OP-TEE OS build
>>>>  #
>>>>  # This software is a part of ISAR.
>>>> -# Copyright (c) Siemens AG, 2020
>>>> +# Copyright (c) Siemens AG, 2020-2023
>>>>  #
>>>>  # SPDX-License-Identifier: MIT
>>>>
>>>> -inherit dpkg
>>>> +require optee-os.inc
>>>>
>>>> -FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/files:"
>>>> -
>>>> -SRC_URI += "file://debian/"
>>>> -
>>>> -DESCRIPTION ?= "Custom OP-TEE OS"
>>>> -
>>>> -OPTEE_NAME ?= "${MACHINE}"
>>>> -OPTEE_PLATFORM ?= "unknown"
>>>> -OPTEE_EXTRA_BUILDARGS ?= ""
>>>> -OPTEE_BINARIES ?= "tee-pager_v2.bin"
>>>> -
>>>> -DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
>>>> +DESCRIPTION:append = ", firmware binaries"
>>>>
>>>>  PROVIDES += "optee-os-${OPTEE_NAME}"
>>>>
>>>> -TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
>>>> -TEMPLATE_VARS += "OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
>>>> -
>>>> -# split strip platform flavor, if any, from the specified platform string
>>>> -OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}"
>>>> -
>>>> -do_prepare_build() {
>>>> -    cp -r ${WORKDIR}/debian ${S}/
>>>> -
>>>> -    deb_add_changelog
>>>> -
>>>> +do_prepare_build:append() {
>>>>      rm -f ${S}/debian/optee-os-${OPTEE_NAME}.install
>>>>      for binary in ${OPTEE_BINARIES}; do
>>>>          echo "out/arm-plat-${OPTEE_PLATFORM_BASE}/core/$binary /usr/lib/optee-os/${OPTEE_NAME}/" >> \
>>>> diff --git a/meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc b/meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc
>>>> new file mode 100644
>>>> index 0000000..85d6c25
>>>> --- /dev/null
>>>> +++ b/meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc
>>>> @@ -0,0 +1,20 @@
>>>> +
>>>> +# Custom OP-TEE OS build
>>>> +#
>>>> +# This software is a part of ISAR.
>>>> +# Copyright (c) Siemens AG, 2023
>>>> +#
>>>> +# SPDX-License-Identifier: MIT
>>>> +
>>>> +require optee-os.inc
>>>> +
>>>> +DEBIAN_PACKAGE_NAME = "optee-os-tadevkit-${OPTEE_NAME}"
>>>> +DESCRIPTION:append = ", trust application development kit."
>>>> +
>>>> +PROVIDES += "${DEBIAN_PACKAGE_NAME}"
>>>> +
>>>> +do_prepare_build:append() {
>>>> +    rm -f ${S}/debian/optee-os-tadevkit-${OPTEE_NAME}.install
>>>> +    echo "out/arm-plat-${OPTEE_PLATFORM_BASE}/export-ta_${DISTRO_ARCH} /usr/lib/optee-os/" > \
>>>> +        ${S}/debian/optee-os-tadevkit-${OPTEE_NAME}.install
>>>> +}
>>>> diff --git a/meta/recipes-bsp/optee-os/optee-os-custom.inc b/meta/recipes-bsp/optee-os/optee-os.inc
>>>> similarity index 62%
>>>> copy from meta/recipes-bsp/optee-os/optee-os-custom.inc
>>>> copy to meta/recipes-bsp/optee-os/optee-os.inc
>>>> index d48827a..198746b 100644
>>>> --- a/meta/recipes-bsp/optee-os/optee-os-custom.inc
>>>> +++ b/meta/recipes-bsp/optee-os/optee-os.inc
>>>> @@ -1,7 +1,7 @@
>>>>  # Custom OP-TEE OS build
>>>>  #
>>>>  # This software is a part of ISAR.
>>>> -# Copyright (c) Siemens AG, 2020
>>>> +# Copyright (c) Siemens AG, 2020-2023
>>>>  #
>>>>  # SPDX-License-Identifier: MIT
>>>>
>>>> @@ -18,12 +18,12 @@ OPTEE_PLATFORM ?= "unknown"
>>>>  OPTEE_EXTRA_BUILDARGS ?= ""
>>>>  OPTEE_BINARIES ?= "tee-pager_v2.bin"
>>>>
>>>> -DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
>>>> +DEBIAN_PACKAGE_NAME ?= "optee-os-${OPTEE_NAME}"
>>>>
>>>> -PROVIDES += "optee-os-${OPTEE_NAME}"
>>>> +DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
>>>>
>>>>  TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
>>>> -TEMPLATE_VARS += "OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
>>>> +TEMPLATE_VARS += "DEBIAN_PACKAGE_NAME OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
>>>>
>>>>  # split strip platform flavor, if any, from the specified platform string
>>>>  OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}"
>>>> @@ -32,10 +32,4 @@ do_prepare_build() {
>>>>      cp -r ${WORKDIR}/debian ${S}/
>>>>
>>>>      deb_add_changelog
>>>> -
>>>> -    rm -f ${S}/debian/optee-os-${OPTEE_NAME}.install
>>>> -    for binary in ${OPTEE_BINARIES}; do
>>>> -        echo "out/arm-plat-${OPTEE_PLATFORM_BASE}/core/$binary /usr/lib/optee-os/${OPTEE_NAME}/" >> \
>>>> -            ${S}/debian/optee-os-${OPTEE_NAME}.install
>>>> -    done
>>>>  }
>>>>
>>>
>>> We will need some demo recipes that actually pulls the new package. Is
>>> there some "hello world" TA that we could include and build into the
>>> stm32mp15x demo image? Would it actually be better to also include the
>>> fTPM recipe in Isar and use that at the same time as stress test?
>>>
>>
>> There is a helloworld ta in
>> https://github.com/linaro-swg/optee_examples, so we can integrate it
>> into that demo image.
>>
>> It's better to integrate fTPM into the isar, but maybe it's hard to
>> find a demo image target for it.
>>
> One thing I forgot to mention is that to verify the example TA working,
> you have to build the host side to use the TA, then you will need the
> libteec and the headers from optee-client... So eventually the optee-
> client need be included into isar.
> 
> Currently I am upstreaming the optee-client into the isar-cip-core, so
> should I upstream it here instead?
> 
> Or at this moment, only the example TA is necessary to verify the
> integration of the optee-ta-devkit?

How would a complete demo with that example TA look like then?

Note, though, that the only in-tree optee-os user, stm32mp15x, is not
part of any regular runtime tests (AFAIK). From that perspective, having
a build test would be fine for now.

Jan

-- 
Siemens AG, Technology
Competence Center Embedded Linux


  reply	other threads:[~2023-06-05  4:45 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-23  3:27 Su, Bao Cheng
2023-05-24 11:34 ` Jan Kiszka
2023-05-29  7:51   ` Su, Bao Cheng
2023-06-05  3:33     ` Su, Bao Cheng
2023-06-05  4:45       ` Jan Kiszka [this message]
2023-06-05  8:59         ` Su, Bao Cheng
2023-06-05 10:28           ` Jan Kiszka

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3cc67f5c-e1ce-6957-00b7-bdb3c67b3983@siemens.com \
    --to=jan.kiszka@siemens.com \
    --cc=baocheng.su@siemens.com \
    --cc=isar-users@googlegroups.com \
    --cc=quirin.gylstorff@siemens.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox