From: "Su, Bao Cheng" <baocheng.su@siemens.com>
To: "isar-users@googlegroups.com" <isar-users@googlegroups.com>,
"Kiszka, Jan" <jan.kiszka@siemens.com>
Cc: "Gylstorff, Quirin" <quirin.gylstorff@siemens.com>
Subject: Re: [PATCH] optee-os: Add package optee-os-tadevkit
Date: Mon, 29 May 2023 07:51:10 +0000 [thread overview]
Message-ID: <fa566340505686fd1d078984bff5010f36bc8529.camel@siemens.com> (raw)
In-Reply-To: <8942498f-e926-5fb2-c220-4c7562835814@siemens.com>
On Wed, 2023-05-24 at 13:34 +0200, Jan Kiszka wrote:
> On 23.05.23 05:27, Su, Bao Cheng (DI FA CTR IPC CN PRC4) wrote:
> > The TA dev kit is used to build trusted applications, details refer to
> > [1]. A typical use case of this devkit is a firmware TPM reference
> > implementation, see [2].
> >
> > 1. https://optee.readthedocs.io/en/3.21.0/building/trusted_applications.html
> > 2. https://github.com/microsoft/ms-tpm-20-ref
> >
> > Signed-off-by: Su Baocheng <baocheng.su@siemens.com>
> > ---
> > .../optee-os/files/debian/control.tmpl | 4 +--
> > meta/recipes-bsp/optee-os/optee-os-custom.inc | 29 +++----------------
> > .../optee-os/optee-os-tadevkit-custom.inc | 20 +++++++++++++
> > .../{optee-os-custom.inc => optee-os.inc} | 14 +++------
> > 4 files changed, 30 insertions(+), 37 deletions(-)
> > create mode 100644 meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc
> > copy meta/recipes-bsp/optee-os/{optee-os-custom.inc => optee-os.inc} (62%)
> >
> > diff --git a/meta/recipes-bsp/optee-os/files/debian/control.tmpl b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> > index 60b3927..fdf898e 100644
> > --- a/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> > +++ b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> > @@ -5,6 +5,6 @@ Standards-Version: 3.9.6
> > Build-Depends: ${DEBIAN_BUILD_DEPENDS}
> > Maintainer: ISAR project <isar-users@googlegroups.com>
> >
> > -Package: optee-os-${OPTEE_NAME}
> > +Package: ${DEBIAN_PACKAGE_NAME}
> > Architecture: ${DISTRO_ARCH}
> > -Description: ${DESCRIPTION}, firmware binaries
> > +Description: ${DESCRIPTION}
> > diff --git a/meta/recipes-bsp/optee-os/optee-os-custom.inc b/meta/recipes-bsp/optee-os/optee-os-custom.inc
> > index d48827a..abe46e8 100644
> > --- a/meta/recipes-bsp/optee-os/optee-os-custom.inc
> > +++ b/meta/recipes-bsp/optee-os/optee-os-custom.inc
> > @@ -1,38 +1,17 @@
> > # Custom OP-TEE OS build
> > #
> > # This software is a part of ISAR.
> > -# Copyright (c) Siemens AG, 2020
> > +# Copyright (c) Siemens AG, 2020-2023
> > #
> > # SPDX-License-Identifier: MIT
> >
> > -inherit dpkg
> > +require optee-os.inc
> >
> > -FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/files:"
> > -
> > -SRC_URI += "file://debian/"
> > -
> > -DESCRIPTION ?= "Custom OP-TEE OS"
> > -
> > -OPTEE_NAME ?= "${MACHINE}"
> > -OPTEE_PLATFORM ?= "unknown"
> > -OPTEE_EXTRA_BUILDARGS ?= ""
> > -OPTEE_BINARIES ?= "tee-pager_v2.bin"
> > -
> > -DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
> > +DESCRIPTION:append = ", firmware binaries"
> >
> > PROVIDES += "optee-os-${OPTEE_NAME}"
> >
> > -TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
> > -TEMPLATE_VARS += "OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
> > -
> > -# split strip platform flavor, if any, from the specified platform string
> > -OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}"
> > -
> > -do_prepare_build() {
> > - cp -r ${WORKDIR}/debian ${S}/
> > -
> > - deb_add_changelog
> > -
> > +do_prepare_build:append() {
> > rm -f ${S}/debian/optee-os-${OPTEE_NAME}.install
> > for binary in ${OPTEE_BINARIES}; do
> > echo "out/arm-plat-${OPTEE_PLATFORM_BASE}/core/$binary /usr/lib/optee-os/${OPTEE_NAME}/" >> \
> > diff --git a/meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc b/meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc
> > new file mode 100644
> > index 0000000..85d6c25
> > --- /dev/null
> > +++ b/meta/recipes-bsp/optee-os/optee-os-tadevkit-custom.inc
> > @@ -0,0 +1,20 @@
> > +
> > +# Custom OP-TEE OS build
> > +#
> > +# This software is a part of ISAR.
> > +# Copyright (c) Siemens AG, 2023
> > +#
> > +# SPDX-License-Identifier: MIT
> > +
> > +require optee-os.inc
> > +
> > +DEBIAN_PACKAGE_NAME = "optee-os-tadevkit-${OPTEE_NAME}"
> > +DESCRIPTION:append = ", trust application development kit."
> > +
> > +PROVIDES += "${DEBIAN_PACKAGE_NAME}"
> > +
> > +do_prepare_build:append() {
> > + rm -f ${S}/debian/optee-os-tadevkit-${OPTEE_NAME}.install
> > + echo "out/arm-plat-${OPTEE_PLATFORM_BASE}/export-ta_${DISTRO_ARCH} /usr/lib/optee-os/" > \
> > + ${S}/debian/optee-os-tadevkit-${OPTEE_NAME}.install
> > +}
> > diff --git a/meta/recipes-bsp/optee-os/optee-os-custom.inc b/meta/recipes-bsp/optee-os/optee-os.inc
> > similarity index 62%
> > copy from meta/recipes-bsp/optee-os/optee-os-custom.inc
> > copy to meta/recipes-bsp/optee-os/optee-os.inc
> > index d48827a..198746b 100644
> > --- a/meta/recipes-bsp/optee-os/optee-os-custom.inc
> > +++ b/meta/recipes-bsp/optee-os/optee-os.inc
> > @@ -1,7 +1,7 @@
> > # Custom OP-TEE OS build
> > #
> > # This software is a part of ISAR.
> > -# Copyright (c) Siemens AG, 2020
> > +# Copyright (c) Siemens AG, 2020-2023
> > #
> > # SPDX-License-Identifier: MIT
> >
> > @@ -18,12 +18,12 @@ OPTEE_PLATFORM ?= "unknown"
> > OPTEE_EXTRA_BUILDARGS ?= ""
> > OPTEE_BINARIES ?= "tee-pager_v2.bin"
> >
> > -DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
> > +DEBIAN_PACKAGE_NAME ?= "optee-os-${OPTEE_NAME}"
> >
> > -PROVIDES += "optee-os-${OPTEE_NAME}"
> > +DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
> >
> > TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
> > -TEMPLATE_VARS += "OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
> > +TEMPLATE_VARS += "DEBIAN_PACKAGE_NAME OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
> >
> > # split strip platform flavor, if any, from the specified platform string
> > OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}"
> > @@ -32,10 +32,4 @@ do_prepare_build() {
> > cp -r ${WORKDIR}/debian ${S}/
> >
> > deb_add_changelog
> > -
> > - rm -f ${S}/debian/optee-os-${OPTEE_NAME}.install
> > - for binary in ${OPTEE_BINARIES}; do
> > - echo "out/arm-plat-${OPTEE_PLATFORM_BASE}/core/$binary /usr/lib/optee-os/${OPTEE_NAME}/" >> \
> > - ${S}/debian/optee-os-${OPTEE_NAME}.install
> > - done
> > }
> >
>
> We will need some demo recipes that actually pulls the new package. Is
> there some "hello world" TA that we could include and build into the
> stm32mp15x demo image? Would it actually be better to also include the
> fTPM recipe in Isar and use that at the same time as stress test?
>
There is a helloworld ta in
https://github.com/linaro-swg/optee_examples, so we can integrate it
into that demo image.
It's better to integrate fTPM into the isar, but maybe it's hard to
find a demo image target for it.
- Baocheng
> Jan
>
next prev parent reply other threads:[~2023-05-29 7:51 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-23 3:27 Su, Bao Cheng
2023-05-24 11:34 ` Jan Kiszka
2023-05-29 7:51 ` Su, Bao Cheng [this message]
2023-06-05 3:33 ` Su, Bao Cheng
2023-06-05 4:45 ` Jan Kiszka
2023-06-05 8:59 ` Su, Bao Cheng
2023-06-05 10:28 ` Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fa566340505686fd1d078984bff5010f36bc8529.camel@siemens.com \
--to=baocheng.su@siemens.com \
--cc=isar-users@googlegroups.com \
--cc=jan.kiszka@siemens.com \
--cc=quirin.gylstorff@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox