From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7252203608347770880 X-Received: by 2002:a05:6000:150:b0:306:46c4:d313 with SMTP id r16-20020a056000015000b0030646c4d313mr16098183wrx.28.1689164203949; Wed, 12 Jul 2023 05:16:43 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:adf:eccb:0:b0:313:f555:72b3 with SMTP id s11-20020adfeccb000000b00313f55572b3ls984911wro.0.-pod-prod-05-eu; Wed, 12 Jul 2023 05:16:42 -0700 (PDT) X-Google-Smtp-Source: APBJJlFI8dnO8B2iWPXb2mISKADVUaubBsiyl/hUU1fDjdfLqWVfUNwQKF/plZUinvdRktK4JHR7 X-Received: by 2002:a5d:4f0f:0:b0:315:8fc0:915e with SMTP id c15-20020a5d4f0f000000b003158fc0915emr13689837wru.56.1689164202040; Wed, 12 Jul 2023 05:16:42 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1689164202; cv=pass; d=google.com; s=arc-20160816; b=gQobeDkLJBOJbtVCt4FhzPisLdIzQOJ4SfumHUK+/eInsa3BGaZZWPf4gqlo35yI8o mfJjACtYqXDZUlXp17a39XQRygJlxokYF/hIryqA5YxL3L0wkYElTFnn1fUM1Dx3PMjz 6l7sCnPIRRmHDGDixgXxAnhRA841j27onH6LWak9BQ0RKNNrZxf+/m/KWHkblVcT7xQV fWzw6RFeASmWfkiic4FkKPJk4d60zIrO4/9r6Prt83wBPqrmNNHSyBfzqPxgjPP2bhOi 5fvDTk2yibRgg/R95GdOGNMeVFK7o6B1Qy+t6+5icuE8e39h7gaygHG4PF7h9+pWhjxV j/ww== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:in-reply-to:from:references :cc:to:content-language:subject:user-agent:date:message-id :dkim-signature; bh=vuFM+iSGCS9QohjElduQEdDmMyPBEc2WDM6TVb4TDnU=; fh=sMH6kOCT33P4TRGPHaa4jjAtFiS0nlKKNaXSf3h3mwk=; b=SVkHWvHggVRXIgOyt2fVxIliOQH9ETMLF1X/t+ax8HmCin8V42P4VXP4EsOV1zi+al 7E5cQlIYNqGWxK+dIgkuDwOAXe4XWw3sCIk4IgnmJO7Wd4u4vlXkWuq2/OxlQ9LY2m+A PeA6CM2KzcGl6fd4sLrk1pMfmutulH+raXO3b64sTYSNGMvke9nlwhfcgZUDMqQ02hkv dnJGvkcLqcduGSiA7bOT3T014l4yFGq4i+397kx1sI0msmue0JQxYtXkOu/dCg7JNLIu /vlXx0u6LndE1TIxqbkaTYSuQtjF+YtQi/3lZZVEBQXe2q2WOcUgARw//QEqayoRMddg feaA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=J4p57CMy; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:7eaf::619 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Return-Path: Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on20619.outbound.protection.outlook.com. [2a01:111:f400:7eaf::619]) by gmr-mx.google.com with ESMTPS id bs27-20020a056000071b00b003159158ef6asi302679wrb.1.2023.07.12.05.16.41 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Jul 2023 05:16:42 -0700 (PDT) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:7eaf::619 as permitted sender) client-ip=2a01:111:f400:7eaf::619; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=J4p57CMy; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:7eaf::619 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PIuONeyQYaPQffo+ypqLV37fNH4h+bPZgpZO5GupRyvhXy+503N1h2rPzfcpHLGgwb8EuM4QhxfYh5JfIGZhOFum6SyJwqwjLAwiWmWAONjWN9GYkZhrRMCKyQm0SNDzcBiypHNklMS27li+9k3TYsyto4jyBGP3iUy1lEW5r2KBx/IPHiPhqN/2mwjpa0BrYXKuX5xXNzERE4PYfmq8o9Tsa/l16BZ3mSU+KbOMkcrZPlL9ehwLgdbimxFDFJyBpuqXvBxvNJZHR9H+Y4kc/Dtl03IrzXAHHhScqt4PCb5LCWSp3OuCi3VBdJLkYP1irBO+FbtcjWDG+d3jqzMHLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vuFM+iSGCS9QohjElduQEdDmMyPBEc2WDM6TVb4TDnU=; b=K/OloO/szPIS2CQNW6AnE6XyavWsL3VRwSp5UUmbbVgHJKqOtf1RWBPBhh01Gcq/IRq7R/ht1iH5BaV2ZB7XHdg31+VkQZeoDbcjxsXlSVdXpO/Xlzr3deBPO2NSnv/BYn7TcsJHIdFL1wyKtV9g+qGyjFpDElCm1q0S+iIBFfnRAuKVDghgd9clhdLtMJvyBA79ltxNyIQlXUGWDw8w00S1CTSemPNPNtjfFXYwsR/1Mb91VrCoFyO13X3BYlw9MaZCWeGbWi5VfX2skg5Q7qtwSKm9g5umyF/tqGAFnjF9zm8oCCUWAFRwNi28IKakBFX/FiyNl+EeCb0ld6hr3w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vuFM+iSGCS9QohjElduQEdDmMyPBEc2WDM6TVb4TDnU=; b=J4p57CMySNu3txcAVMG/pUJHdHDfQm/QZ9UXuBePnlNgJT3Mio6s38NeK0DoTIKYJkjZad6P9nr7eEyFwsYex99yasBhhC0anQGgJy8nYOuf8oOfF3hGXdd+BXxaKY5pNpSPgjcUFRWzZsbO/9v/n9MLshgCVlXGb4tA1F0FHkopf/B7lNtuh44hDkRuhk2xnT7EIPda/1N4n/U2Ym3GrBBZb/5cnXDel1VdRvdnNfX8TUdDYYrIGo23wJLanPsja2jTya+4kVzkJ/NOchFqHPzYAl2aJfGoOXobkdffJ80ENuZEj+wu1xsYvsgY8M+KJO/3YLawNynqVcjgwwwGIQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) by PAXPR10MB5567.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:242::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.30; Wed, 12 Jul 2023 12:16:40 +0000 Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::f964:e0e9:199:9246]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::f964:e0e9:199:9246%6]) with mapi id 15.20.6565.028; Wed, 12 Jul 2023 12:16:40 +0000 Message-ID: Date: Wed, 12 Jul 2023 14:16:33 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [PATCH v3 5/7] Add recipe for optee ftpm Content-Language: en-US To: baocheng.su@siemens.com, isar-users@googlegroups.com Cc: felix.moessbauer@siemens.com, christian.storm@siemens.com, quirin.gylstorff@siemens.com, baocheng_su@163.com, henning.schild@siemens.com References: <20230705053340.1158024-1-baocheng.su@siemens.com> <20230705053340.1158024-6-baocheng.su@siemens.com> From: Jan Kiszka In-Reply-To: <20230705053340.1158024-6-baocheng.su@siemens.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: CH0PR13CA0046.namprd13.prod.outlook.com (2603:10b6:610:b2::21) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) Return-Path: jan.kiszka@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|PAXPR10MB5567:EE_ X-MS-Office365-Filtering-Correlation-Id: 9d6486ee-6910-47b6-5bf6-08db82d1d8f5 X-LD-Processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: shqn6blK4r7Yyex5/o6fED9qzWFlQa3JhgKX29q/xIhqdeQfxXggoXinp5rDypUIIPpJEToAtvUtRqklozdlMMbZHLVIBX9e7kvvcm7bqHhP79MZx3Z48RJfZyqTfhq9MAM118iD88EfTblJpt4Zx2+y9qG34XTu9HkUfM0TijYNvu8wETlKv/dmN7mOtvh8ySPvJlxt+ZL1DScCBgsQQAlzklBPPOGe3hJaVZAt9YzJ+sBtKp1ZrhLfTLv26vGWF+8kk1emF7rNkGE+myItaE9uJfnMU4a5UY3gcIiTqK8OAiTzyK/BRYLL3YeIUbWHKmTgj06zxhVcttwia3a5ax7nWY8jG0qBRfn7IPl+3VurtdEIF0Fs/L5vaCM1/J0Gt60if8Dp9WgRUfSte5bq4MYKyURcV5EXnkY3S1SD4ASahmA/B1i3F8kV5K6GjzgqcSIMYAWKprDLTBNjaQcQRFGBXKwmAxACuRouH9Yz2t9cfygjs5lE1xE4NUfw1a7obctue39q5nLb/6zOQhzOW+oDTsyXWKZGbaEXIRCI+euVf0ZRjauqAFN7EmiV+2nyQ26BYyJPnuIoqRHTSUUPnJaG1P1D20JyIUtyKz7RCdnelYFWpw9gTG/SHfsf5c+MeZ5jk3dF3Lq6vtpSiQ46F09TA37xdyqdV8UKcHa7/4zZpQjFFBzFMTPZEeek8c8E X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230028)(4636009)(396003)(346002)(136003)(376002)(366004)(39860400002)(451199021)(86362001)(31696002)(38100700002)(82960400001)(31686004)(36756003)(6666004)(6486002)(19627235002)(6506007)(107886003)(26005)(186003)(966005)(478600001)(6512007)(2616005)(53546011)(2906002)(316002)(45080400002)(5660300002)(66556008)(66946007)(66476007)(8936002)(8676002)(83380400001)(44832011)(41300700001)(30864003)(4326008)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?NUZmbFZINk4zejFZOURmdzBxM2lWemJ3anhIS21Xa1pwajJKTUJUMERZTXZt?= =?utf-8?B?bHF1eDlVZEErKzlzdmdrOS9ieW1PcFlDMVpkbnh6RmdxTU8vdXRHVTRMZWJs?= =?utf-8?B?K2RGNGxWYk12TTd3TnZDZGhFajZyTFFnTlN4aEUzeVpqcFJ0bERTdmVRUnU3?= =?utf-8?B?Si8zU2VURVExNWZOcElZRW5jTUJBdE90WldyYlNsbll3c0ZBYXpoaU5xN2hY?= =?utf-8?B?V01SS0wzNThINk0xb3ozWlJ3VktSTk9lVHZYVkR2akovd041NHVWV3Z4eHl0?= =?utf-8?B?eWNCK2dnaEM0dTJZTndleTk1UVkzUXM0RnNwMmlEMkcvUHNyZ29wRW9wNGw4?= =?utf-8?B?eGdrb1FiYjM4Z3cvdUYwUWxNVXZHU3BXNmNkZUZVZ1RSYktlc1d0VHhDcjNp?= =?utf-8?B?YzZCTkhMb0U3ME9GNGp2NDBxbXZubEZvTWxhZFZnVnNocVVJMytyVW1IY1kz?= =?utf-8?B?MHFWU2NMZG83bk1wRG5vb3l2VkJrUFd0YUYxOHVMTXNNUnhMaTVZSm9UT0Z2?= =?utf-8?B?dmtVZ3RaWWU1b0pFQjViaWE5RXlpUVlBSkhzbmlCbmZWNjVyWXFkT1NlY1E5?= =?utf-8?B?bk0yc1lRR1NMK1NHRFBiWHoxdGhnd0M4ZjUrU0JzQXN2MXlVM2k4Yi9weFdO?= =?utf-8?B?Mm9CNEpXYlUrTTg3Z3pKTmtSMDg0TU5uTFpzaEllbkhoUFk3YmpPNWFaNmlD?= =?utf-8?B?MWFCYU1wMXZoQy90SGNSeGc3Zll6d3cvMDF0Q1RCWSt0ODBqSklGN2QxbTRo?= =?utf-8?B?aE1mV0VRbklWUVJZcVJQYmplMUNYZUNlS1ZSVDBvZ1dkY0FSOVEyS3BUY0Rq?= =?utf-8?B?eW0vb3l6UkpkQkEwNlRNdjlvbkhpK2xCcjEwMitqT1dza3FSbmNaZk15aHhP?= =?utf-8?B?b0ozWGJYbmg0ZFpYajBHSDk0UXg4TFJIVzhKSzhXMDFSSkllalV3NGk2S0dx?= =?utf-8?B?NTRSNWsrSCsrZmFCUlpTK0I2YkQ2eURXVzBZTk5XcEpBR0dJWEFlUW1DaUJP?= =?utf-8?B?NWhQS2ZFT0VLSG85eVF0NlhqbVhRV09xNlJocDRsOFN1eG9JSHVaV0QzRTE4?= =?utf-8?B?UFF5UTF3L3FFbDJKczFqVHVnTGdxczNzc09jM21VbEQ2VjI2c05STXRGV1BI?= =?utf-8?B?Vy9DVHRmRUpTMllOSHJVK2VhZy9tNjJZRXlVSEJCcmNHR0xsVXpJKzRFLy9I?= =?utf-8?B?ZXdwY3FDSCtLN1VzNG1lWWdsVHJGVVdxejQ5ejU1YVlUK0pxQnVTNkE5OUto?= =?utf-8?B?ckxGMGtTd0I3bXZLeG1XWDdDTE1SZkc2RXl4SzhuOFdRdUpTaXFkNnowU0FO?= =?utf-8?B?ZS9oSkZNYXZyRFQ4TWhlNVNUR0RmWjRyRDlVMnluM3B1dFVtTW8wbE5hZm1i?= =?utf-8?B?dHB1cDBEeUlyLzBFY2xLZ3kwWjR5amxKY1VRYzlzM1lqSjFxOWh1NGQyVjE1?= =?utf-8?B?NnpkSWRaL3kycjBTdU45VWtOcjU3U1liWmlaZ0tMOE9YTmFzQUE1Uk50TXNp?= =?utf-8?B?R2NsenRHM3Z2WHBLUEg2dkJCOFlBNnlNVGgxbzUxVmxUekFvYytsU09zN01z?= =?utf-8?B?VlhKcDJIdnVwNGpNemdQRVpjZ3l5R01rNkd3dmJ5U0ZaVlpIUUkvMTJWcEda?= =?utf-8?B?dVVQUG9nY1YvVHJBenU5RVMyQmh1R0JiQWJGVldUSWRwb2J1bDJoQlFmZlRq?= =?utf-8?B?dGVwdkMvekJmSlZkaW4yWGN5ZkhnZHB1QThmcU9maGRNTG9UUGhaZjEwZzc3?= =?utf-8?B?cm8zcDVyTk42TFlCay9sTnpld2lXNkZRSGJrek4rNVFnYlh2eE0wQjJzZzQv?= =?utf-8?B?Wi9XZG8wZVBkL1FrUGlodVVjK054Q0VsM0YwTEVqYkhoSTAzODMzNG8vbnhK?= =?utf-8?B?TUI3MXlCdGFUZ0YzaFpJaFVZc3BtWWFSc2gwYTJQWFJNT1BFZzFvZjB1cnNM?= =?utf-8?B?a3RKbmZ2WWE3U1cvODBSVFQyTXBJcEp4T0hibmJIdDNtTmRyTWRBS25jdkdC?= =?utf-8?B?UGZYNTdIOFBCWE5JWmlDdyszYmhJWnp1V004aHp3RUV0eDcrR0NNNWdXbm5n?= =?utf-8?B?ZzZHOTdaNG1NQngxT3NRS2NrZWdWdjNPRHNpYVNLa0FweVFNeGQyeG9kampQ?= =?utf-8?B?bzBDU01RMWZDcjNzaUMxZ1JWSTJUeisxTmduMFJxZzdNalpCV3dqcmptaGR4?= =?utf-8?B?MHc9PQ==?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9d6486ee-6910-47b6-5bf6-08db82d1d8f5 X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2023 12:16:40.4458 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Fz6RTnIycgGu0y4GODR/GfqsfJC23XCISaxkg4Dscm3KCvLXUGQP+OXZZcQy3RYXht6eH5tRy3wVkdEDMFFVFg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR10MB5567 X-TUID: mQYMwdBXSKJr On 05.07.23 07:33, baocheng.su@siemens.com wrote: > From: Baocheng Su > > This integrate Microsoft's reference implementation of the TCG TPM2.0 as an > OPTee trusted application, see [1] and [2] for details, esp. > meta-ts/layers/meta-arm/meta-arm/recipes-security/optee-ftpm > > Since the OPTee secure storage on IOT2050 is RPMB-based, and the RPMB accessing > is provided by linux tee-supplicant, this TA is only discoverable when > tee-supplicant is running. > > To help to gracefully manage the tee-supplicant, the kernel drive > tpm_ftpm_tee should be compile as .ko and be loaded/unloaded dynamically. > > [1]: https://github.com/microsoft/ms-tpm-20-ref/ > [2]: https://gitlab.com/Linaro/trustedsubstrate/meta-ts > > Signed-off-by: Baocheng Su > --- > .../files/0001-add-enum-to-ta-flags.patch | 27 +++++++++++ > .../optee-ftpm-stm32mp15x_0~230316+git.bb | 35 ++++++++++++++ > .../optee-os/optee-os-stm32mp15x_3.21.0.bb | 10 +++- > .../optee-ftpm/files/debian/compat | 1 + > .../optee-ftpm/files/debian/control.tmpl | 11 +++++ > .../optee-ftpm/files/debian/rules.tmpl | 25 ++++++++++ > meta/recipes-bsp/optee-ftpm/optee-ftpm.inc | 47 +++++++++++++++++++ > 7 files changed, 155 insertions(+), 1 deletion(-) > create mode 100644 meta-isar/recipes-bsp/optee-ftpm/files/0001-add-enum-to-ta-flags.patch > create mode 100644 meta-isar/recipes-bsp/optee-ftpm/optee-ftpm-stm32mp15x_0~230316+git.bb > create mode 100644 meta/recipes-bsp/optee-ftpm/files/debian/compat > create mode 100644 meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl > create mode 100755 meta/recipes-bsp/optee-ftpm/files/debian/rules.tmpl > create mode 100644 meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > > diff --git a/meta-isar/recipes-bsp/optee-ftpm/files/0001-add-enum-to-ta-flags.patch b/meta-isar/recipes-bsp/optee-ftpm/files/0001-add-enum-to-ta-flags.patch > new file mode 100644 > index 0000000..57917ba > --- /dev/null > +++ b/meta-isar/recipes-bsp/optee-ftpm/files/0001-add-enum-to-ta-flags.patch > @@ -0,0 +1,27 @@ > +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 > +From: Maxim Uvarov > +Date: Fri, 17 Apr 2020 12:05:53 +0100 > +Subject: [PATCH] add enum to ta flags > + > +If we compile this TA into OPTEE-OS we need to define a flag > +that this TA can be discovered on the optee bus. > +Upstream-Status: Submitted [https://github.com/microsoft/MSRSec/pull/34] > + > +Signed-off-by: Maxim Uvarov > +--- > + .../ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h b/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h > +index 92c33c1..e83619d 100644 > +--- a/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h > ++++ b/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h > +@@ -44,7 +44,7 @@ > + > + #define TA_UUID TA_FTPM_UUID > + > +-#define TA_FLAGS (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE) > ++#define TA_FLAGS (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE | TA_FLAG_DEVICE_ENUM_SUPP) > + #define TA_STACK_SIZE (64 * 1024) > + #define TA_DATA_SIZE (32 * 1024) > + > diff --git a/meta-isar/recipes-bsp/optee-ftpm/optee-ftpm-stm32mp15x_0~230316+git.bb b/meta-isar/recipes-bsp/optee-ftpm/optee-ftpm-stm32mp15x_0~230316+git.bb > new file mode 100644 > index 0000000..de26ec3 > --- /dev/null > +++ b/meta-isar/recipes-bsp/optee-ftpm/optee-ftpm-stm32mp15x_0~230316+git.bb > @@ -0,0 +1,35 @@ > +# Copyright (c) Siemens AG, 2023 > +# > +# Authors: > +# Su Bao Cheng > +# > +# SPDX-License-Identifier: MIT > +# > +require recipes-bsp/optee-ftpm/optee-ftpm.inc > + > +# CHANGELOG_V = "0.1+git+isar" > + > +SRC_URI += " \ > + https://github.com/Microsoft/ms-tpm-20-ref/archive/${SRCREV}.tar.gz \ > + https://github.com/wolfSSL/wolfssl/archive/${SRCREV-wolfssl}.tar.gz;name=wolfssl \ > + file://0001-add-enum-to-ta-flags.patch \ > + " > + > +SRCREV = "f74c0d9686625c02b0fdd5b2bbe792a22aa96cb6" > +# according to ms-tpm-20-ref submodules > +SRCREV-wolfssl = "9c87f979a7f1d3a6d786b260653d566c1d31a1c4" > + > +SRC_URI[sha256sum] = "16fabc6ad6cc700d947dbc96efc30ff8ae97e577944466f08193bb37bc1eb64d" > +SRC_URI[wolfssl.sha256sum] = "a68c301fa0ee6197158912d808c4258605a2d001e458fd958257cafba17bfd14" > + > +S = "${WORKDIR}/ms-tpm-20-ref-${SRCREV}" > + > +OPTEE_NAME = "${MACHINE}" > +TA_CPU = "cortex-a7" > +TA_DEV_KIT_DIR = "/usr/lib/optee-os/${OPTEE_NAME}/export-ta_arm32" > +OPTEE_FTPM_BUILD_ARGS_EXTRA = "CFG_FTPM_USE_WOLF=y" > + > +do_prepare_build:append() { > + rm -rf ${S}/external/wolfssl > + cp -a ${S}/../wolfssl-${SRCREV-wolfssl} ${S}/external/wolfssl > +} > diff --git a/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb b/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb > index 7468ca6..1b920cd 100644 > --- a/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb > +++ b/meta-isar/recipes-bsp/optee-os/optee-os-stm32mp15x_3.21.0.bb > @@ -16,7 +16,7 @@ DEBIAN_BUILD_DEPENDS += " \ > , optee-examples-stm32mp15x-random-ta \ > , optee-examples-stm32mp15x-secure-storage-ta \ > " > -EARLY_TA_PATHS = " \ > +EARLY_TA_PATHS += " \ > /usr/lib/optee-os/${OPTEE_NAME}/ta/a734eed9-d6a1-4244-aa50-7c99719e7b7b.stripped.elf \ > /usr/lib/optee-os/${OPTEE_NAME}/ta/5dbac793-f574-4871-8ad3-04331ec17f24.stripped.elf \ > /usr/lib/optee-os/${OPTEE_NAME}/ta/8aaaf200-2450-11e4-abe2-0002a5d5c51b.stripped.elf \ > @@ -24,6 +24,14 @@ EARLY_TA_PATHS = " \ > /usr/lib/optee-os/${OPTEE_NAME}/ta/b6c53aba-9669-4668-a7f2-205629d00f86.stripped.elf \ > /usr/lib/optee-os/${OPTEE_NAME}/ta/f4e750bb-1437-4fbf-8785-8d3580c34994.stripped.elf \ > " > + > +# optee-ftpm integration > +DEPENDS += "optee-ftpm-stm32mp15x" > +DEBIAN_BUILD_DEPENDS += ", optee-ftpm-stm32mp15x" > +EARLY_TA_PATHS += " \ > + /usr/lib/optee-os/${OPTEE_NAME}/ta/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf \ > + " > + > OPTEE_EXTRA_BUILDARGS += " \ > CFG_EARLY_TA=y \ > EARLY_TA_PATHS='${EARLY_TA_PATHS}' \ > diff --git a/meta/recipes-bsp/optee-ftpm/files/debian/compat b/meta/recipes-bsp/optee-ftpm/files/debian/compat > new file mode 100644 > index 0000000..f599e28 > --- /dev/null > +++ b/meta/recipes-bsp/optee-ftpm/files/debian/compat > @@ -0,0 +1 @@ > +10 > diff --git a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl > new file mode 100644 > index 0000000..abab42e > --- /dev/null > +++ b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl > @@ -0,0 +1,11 @@ > +Source: ${PN} > +Section: misc > +Priority: optional > +Standards-Version: 3.9.6 > +Maintainer: Unknown maintainer > +Build-Depends: debhelper (>= 10), ${DEBIAN_BUILD_DEPENDS} > + > +Package: ${PN} > +Architecture: any > +Depends: > +Description: TCG reference implementation of the TPM 2.0 Specification. > diff --git a/meta/recipes-bsp/optee-ftpm/files/debian/rules.tmpl b/meta/recipes-bsp/optee-ftpm/files/debian/rules.tmpl > new file mode 100755 > index 0000000..19d4e08 > --- /dev/null > +++ b/meta/recipes-bsp/optee-ftpm/files/debian/rules.tmpl > @@ -0,0 +1,25 @@ > +#!/usr/bin/make -f > +# Debian rules for optee-ftpm > +# > +# Copyright (c) Siemens AG, 2023 > +# > +# Authors: > +# Su Bao Cheng > +# > +# SPDX-License-Identifier: MIT > + > +ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) > +export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- > +endif > + > +override_dh_auto_build: > + cd Samples/ARM32-FirmwareTPM/optee_ta && \ > + TA_CROSS_COMPILE=${CROSS_COMPILE} \ > + TA_CPU=${TA_CPU} \ > + TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ > + CFG_TEE_TA_LOG_LEVEL=2 \ > + ${OPTEE_FTPM_BUILD_ARGS_EXTRA} \ > + $(MAKE) $(PARALLEL_MAKE) > + > +%: > + dh $@ > diff --git a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > new file mode 100644 > index 0000000..2f6dc30 > --- /dev/null > +++ b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > @@ -0,0 +1,47 @@ > +# Copyright (c) Siemens AG, 2023 > +# > +# Authors: > +# Su Bao Cheng > +# > +# SPDX-License-Identifier: MIT > +# > +inherit dpkg > + > +SUMMARY = "OPTEE fTPM Microsoft TA" > +DESCRIPTION = "TCG reference implementation of the TPM 2.0 Specification." > +HOMEPAGE = "https://github.com/microsoft/ms-tpm-20-ref/" > + > +FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/files:" > + > +SRC_URI += "file://debian" > + > +OPTEE_NAME ?= "${MACHINE}" > + > +DEPENDS = "optee-os-tadevkit-${OPTEE_NAME}" > +DEBIAN_BUILD_DEPENDS ?= " \ > + python3-cryptography:native, \ > + optee-os-tadevkit-${OPTEE_NAME} \ > + " > + > +TA_CPU ?= "unknown" > +TA_DEV_KIT_DIR ?= "unknown" > +OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " " > + > +TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl" > +TEMPLATE_VARS += "DEBIAN_BUILD_DEPENDS \ > + OPTEE_FTPM_BUILD_ARGS_EXTRA \ > + TA_CPU \ > + TA_DEV_KIT_DIR" > + > +do_prepare_build() { > + rm -rf ${S}/debian > + cp -r ${WORKDIR}/debian ${S}/ > + > + deb_add_changelog > + > + rm -f ${S}/debian/optee-ftpm-${OPTEE_NAME}.install > + echo "Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/bc50d971-d4c9-42c4-82cb-343fb7f37896.ta /usr/lib/optee-os/${OPTEE_NAME}/ta" > \ > + ${S}/debian/optee-ftpm-${OPTEE_NAME}.install > + echo "Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf /usr/lib/optee-os/${OPTEE_NAME}/ta" >> \ > + ${S}/debian/optee-ftpm-${OPTEE_NAME}.install > +} I randomly get this on boot-up, but some boots pass: [...] ## Executing script at c4100000 Loading /usr/lib/linux-image-5.4.203-isar/stm32mp157c-ev1.dtb... 44180 bytes read in 67 ms (643.6 KiB/s) Loading /boot/vmlinuz-5.4.203-isar... 9007616 bytes read in 410 ms (21 MiB/s) Loading /boot/initrd.img-5.4.203-isar... 4196539 bytes read in 208 ms (19.2 MiB/s) Kernel image @ 0xc2000000 [ 0x000000 - 0x897200 ] ## Flattened Device Tree blob at c4000000 Booting using the fdt blob at 0xc4000000 Loading Ramdisk to cfbff000, end cffff8bb ... OK E/TC:0 tzc_it_handler:26 TZC permission failure E/TC:0 dump_fail_filter:420 Permission violation on filter 0 E/TC:0 dump_fail_filter:425 Violation @0xfe33ed00, non-secure privileged read, AXI ID 5c0 E/TC:0 Panic I suspect that the to-be-reserved memory is now larger with fTPM, and Linux either has this hard-coded or U-Boot/TF-A/OP-TEE fails to report that size properly. Jan -- Siemens AG, Technology Competence Center Embedded Linux