* [PATCHv3 2/5] add optee-ftpm
2021-11-15 14:00 [PATCHv3 1/5] optee: updae optee-os.inc to support external TAs Maxim Uvarov
@ 2021-11-15 14:00 ` Maxim Uvarov
2021-11-15 17:06 ` [meta-arm] " Jon Mason
2021-11-15 14:00 ` [PATCHv3 3/5] ci/qemuarm64-secureboot.yml: add optee and tf-a Maxim Uvarov
` (4 subsequent siblings)
5 siblings, 1 reply; 15+ messages in thread
From: Maxim Uvarov @ 2021-11-15 14:00 UTC (permalink / raw)
To: meta-arm; +Cc: jon.mason, ross.burton, Maxim Uvarov
Add software TPM emulated in the OPTEE-OS.
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
---
.../optee-ftpm/0000-fix-ssl-fallthrough.patch | 20 ++++++
.../0002-add-enum-to-ta-flags.patch | 30 ++++++++
.../optee-ftpm/optee-ftpm_git.bb | 71 +++++++++++++++++++
.../optee-ftpm/optee-os_%.bbappend | 14 ++++
4 files changed, 135 insertions(+)
create mode 100644 meta-arm/recipes-security/optee-ftpm/optee-ftpm/0000-fix-ssl-fallthrough.patch
create mode 100644 meta-arm/recipes-security/optee-ftpm/optee-ftpm/0002-add-enum-to-ta-flags.patch
create mode 100644 meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
create mode 100644 meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend
diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0000-fix-ssl-fallthrough.patch b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0000-fix-ssl-fallthrough.patch
new file mode 100644
index 0000000..08acde2
--- /dev/null
+++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0000-fix-ssl-fallthrough.patch
@@ -0,0 +1,20 @@
+fix gcc compilation
+
+just fix compilation under gcc.
+Upstream-Status: Submitted [https://github.com/wolfSSL/wolfssl/pull/4563]
+
+Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
+
+diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
+index 7b3a953aebda..e156ae5c7909 100755
+--- a/external/wolfssl/wolfssl/wolfcrypt/types.h
++++ b/external/wolfssl/wolfssl/wolfcrypt/types.h
+@@ -181,7 +181,7 @@
+ /* GCC 7 has new switch() fall-through detection */
+ #if defined(__GNUC__)
+ #if ((__GNUC__ > 7) || ((__GNUC__ == 7) && (__GNUC_MINOR__ >= 1)))
+- #define FALL_THROUGH __attribute__ ((fallthrough));
++ #define FALL_THROUGH __attribute__ ((__fallthrough__));
+ #endif
+ #endif
+ #ifndef FALL_THROUGH
diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0002-add-enum-to-ta-flags.patch b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0002-add-enum-to-ta-flags.patch
new file mode 100644
index 0000000..bbc1107
--- /dev/null
+++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0002-add-enum-to-ta-flags.patch
@@ -0,0 +1,30 @@
+From 2d00f16058529eb9f4d4d2bcaeed91fd53b43989 Mon Sep 17 00:00:00 2001
+From: Maxim Uvarov <maxim.uvarov@linaro.org>
+Date: Fri, 17 Apr 2020 12:05:53 +0100
+Subject: [PATCH 2/2] add enum to ta flags
+
+If we compile this TA into OPTEE-OS we need to define a flag
+that this TA can be discovered on the optee bus.
+Upstream-Status: Submitted [https://github.com/microsoft/MSRSec/pull/34]
+
+Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
+---
+ TAs/optee_ta/fTPM/user_ta_header_defines.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/TAs/optee_ta/fTPM/user_ta_header_defines.h b/TAs/optee_ta/fTPM/user_ta_header_defines.h
+index 6ff62d1..685b54a 100644
+--- a/TAs/optee_ta/fTPM/user_ta_header_defines.h
++++ b/TAs/optee_ta/fTPM/user_ta_header_defines.h
+@@ -44,7 +44,7 @@
+
+ #define TA_UUID TA_FTPM_UUID
+
+-#define TA_FLAGS (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE )
++#define TA_FLAGS (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE | TA_FLAG_DEVICE_ENUM_SUPP)
+ #define TA_STACK_SIZE (64 * 1024)
+ #define TA_DATA_SIZE (64 * 1024)
+
+--
+2.17.1
+
diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
new file mode 100644
index 0000000..6c72c7f
--- /dev/null
+++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
@@ -0,0 +1,71 @@
+SUMMARY = "OPTEE fTPM Microsoft TA"
+DESCRIPTION = "TCG reference implementation of the TPM 2.0 Specification."
+HOMEPAGE = "https://github.com/microsoft/ms-tpm-20-ref/"
+
+inherit autotools-brokensep deploy pkgconfig gettext python3native
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5"
+
+DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native"
+DEPENDS += " optee-os-tadevkit"
+
+FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"
+
+# SRC_URI = "git://github.com/Microsoft/ms-tpm-20-ref;branch=master"
+# Since this is not built as a pseudo TA, we can only use it as a kernel module and not built in.
+# The TEE supplicant is also needed to provide access to secure storage.
+# Secure storage access required by OP-TEE fTPM TA
+# is provided via OP-TEE supplicant that's not available during boot.
+# Fix this once we replace this with the MS implementation
+SRC_URI = "gitsm://github.com/microsoft/MSRSec;protocol=https;branch=master"
+SRC_URI += "file://0000-fix-ssl-fallthrough.patch"
+SRC_URI += "file://0002-add-enum-to-ta-flags.patch"
+SRCREV = "76f81b36efbb1a366b0d382bc0defe677f1f0534"
+
+S = "${WORKDIR}/git"
+
+OPTEE_CLIENT_EXPORT = "${STAGING_DIR_HOST}${prefix}"
+TEEC_EXPORT = "${STAGING_DIR_HOST}${prefix}"
+TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta"
+
+EXTRA_OEMAKE += '\
+ CFG_FTPM_USE_WOLF=y \
+ TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
+ TA_CROSS_COMPILE=${TARGET_PREFIX} \
+ CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST} -I${WORKDIR}/optee-os" \
+'
+
+EXTRA_OEMAKE:append:aarch64:qemuall = "\
+ CFG_ARM64_ta_arm64=y \
+"
+
+B = "${S}"
+
+# fails with j > 1
+PARALLEL_MAKE = ""
+
+do_compile() {
+ sed -i 's/-mcpu=$(TA_CPU)//' TAs/optee_ta/fTPM/sub.mk
+ # there's also a secure variable storage TA called authvars
+ cd ${S}/TAs/optee_ta
+ oe_runmake ftpm
+}
+
+do_install () {
+ mkdir -p ${D}/lib/optee_armtz
+ install -D -p -m 0644 ${S}/TAs/optee_ta/out/fTPM/${FTPM_UUID}.ta ${D}/lib/optee_armtz/
+}
+
+do_deploy () {
+ install -d ${DEPLOYDIR}/optee
+ install -D -p -m 0644 ${S}/TAs/optee_ta/out/fTPM/${FTPM_UUID}.stripped.elf ${DEPLOYDIR}/optee/
+}
+
+addtask deploy before do_build after do_install
+
+FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/${FTPM_UUID}.ta"
+
+# Imports machine specific configs from staging to build
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+INSANE_SKIP:${PN} += "ldflags"
diff --git a/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend b/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend
new file mode 100644
index 0000000..0cfa949
--- /dev/null
+++ b/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend
@@ -0,0 +1,14 @@
+FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"
+
+DEPENDS:append = "\
+ ${@bb.utils.contains('MACHINE_FEATURES', \
+ 'optee-ftpm', \
+ 'optee-ftpm', \
+ '' , \
+ d)}"
+
+EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', \
+ 'optee-ftpm', \
+ 'CFG_EARLY_TA=y EARLY_TA_PATHS="${DEPLOY_DIR_IMAGE}/optee/${FTPM_UUID}.stripped.elf"', \
+ '', \
+ d)} "
--
2.17.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [meta-arm] [PATCHv3 2/5] add optee-ftpm
2021-11-15 14:00 ` [PATCHv3 2/5] add optee-ftpm Maxim Uvarov
@ 2021-11-15 17:06 ` Jon Mason
2021-11-16 9:44 ` Maxim Uvarov
0 siblings, 1 reply; 15+ messages in thread
From: Jon Mason @ 2021-11-15 17:06 UTC (permalink / raw)
To: Maxim Uvarov; +Cc: meta-arm, jon.mason, ross.burton
On Mon, Nov 15, 2021 at 05:00:57PM +0300, Maxim Uvarov wrote:
> Add software TPM emulated in the OPTEE-OS.
>
> Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
> ---
> .../optee-ftpm/0000-fix-ssl-fallthrough.patch | 20 ++++++
> .../0002-add-enum-to-ta-flags.patch | 30 ++++++++
> .../optee-ftpm/optee-ftpm_git.bb | 71 +++++++++++++++++++
> .../optee-ftpm/optee-os_%.bbappend | 14 ++++
> 4 files changed, 135 insertions(+)
> create mode 100644 meta-arm/recipes-security/optee-ftpm/optee-ftpm/0000-fix-ssl-fallthrough.patch
> create mode 100644 meta-arm/recipes-security/optee-ftpm/optee-ftpm/0002-add-enum-to-ta-flags.patch
> create mode 100644 meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> create mode 100644 meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend
>
> diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0000-fix-ssl-fallthrough.patch b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0000-fix-ssl-fallthrough.patch
> new file mode 100644
> index 0000000..08acde2
> --- /dev/null
> +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0000-fix-ssl-fallthrough.patch
> @@ -0,0 +1,20 @@
> +fix gcc compilation
> +
> +just fix compilation under gcc.
> +Upstream-Status: Submitted [https://github.com/wolfSSL/wolfssl/pull/4563]
> +
> +Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
> +
> +diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
> +index 7b3a953aebda..e156ae5c7909 100755
> +--- a/external/wolfssl/wolfssl/wolfcrypt/types.h
> ++++ b/external/wolfssl/wolfssl/wolfcrypt/types.h
> +@@ -181,7 +181,7 @@
> + /* GCC 7 has new switch() fall-through detection */
> + #if defined(__GNUC__)
> + #if ((__GNUC__ > 7) || ((__GNUC__ == 7) && (__GNUC_MINOR__ >= 1)))
> +- #define FALL_THROUGH __attribute__ ((fallthrough));
> ++ #define FALL_THROUGH __attribute__ ((__fallthrough__));
> + #endif
> + #endif
> + #ifndef FALL_THROUGH
> diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0002-add-enum-to-ta-flags.patch b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0002-add-enum-to-ta-flags.patch
> new file mode 100644
> index 0000000..bbc1107
> --- /dev/null
> +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0002-add-enum-to-ta-flags.patch
> @@ -0,0 +1,30 @@
> +From 2d00f16058529eb9f4d4d2bcaeed91fd53b43989 Mon Sep 17 00:00:00 2001
> +From: Maxim Uvarov <maxim.uvarov@linaro.org>
> +Date: Fri, 17 Apr 2020 12:05:53 +0100
> +Subject: [PATCH 2/2] add enum to ta flags
> +
> +If we compile this TA into OPTEE-OS we need to define a flag
> +that this TA can be discovered on the optee bus.
> +Upstream-Status: Submitted [https://github.com/microsoft/MSRSec/pull/34]
> +
> +Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
> +---
> + TAs/optee_ta/fTPM/user_ta_header_defines.h | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/TAs/optee_ta/fTPM/user_ta_header_defines.h b/TAs/optee_ta/fTPM/user_ta_header_defines.h
> +index 6ff62d1..685b54a 100644
> +--- a/TAs/optee_ta/fTPM/user_ta_header_defines.h
> ++++ b/TAs/optee_ta/fTPM/user_ta_header_defines.h
> +@@ -44,7 +44,7 @@
> +
> + #define TA_UUID TA_FTPM_UUID
> +
> +-#define TA_FLAGS (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE )
> ++#define TA_FLAGS (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE | TA_FLAG_DEVICE_ENUM_SUPP)
> + #define TA_STACK_SIZE (64 * 1024)
> + #define TA_DATA_SIZE (64 * 1024)
> +
> +--
> +2.17.1
> +
> diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> new file mode 100644
> index 0000000..6c72c7f
> --- /dev/null
> +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> @@ -0,0 +1,71 @@
> +SUMMARY = "OPTEE fTPM Microsoft TA"
> +DESCRIPTION = "TCG reference implementation of the TPM 2.0 Specification."
> +HOMEPAGE = "https://github.com/microsoft/ms-tpm-20-ref/"
> +
> +inherit autotools-brokensep deploy pkgconfig gettext python3native
> +
> +LICENSE = "MIT"
> +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5"
> +
> +DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native"
> +DEPENDS += " optee-os-tadevkit"
Is there a reason why this isn't on the previous line?
> +
> +FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"
> +
> +# SRC_URI = "git://github.com/Microsoft/ms-tpm-20-ref;branch=master"
> +# Since this is not built as a pseudo TA, we can only use it as a kernel module and not built in.
> +# The TEE supplicant is also needed to provide access to secure storage.
> +# Secure storage access required by OP-TEE fTPM TA
> +# is provided via OP-TEE supplicant that's not available during boot.
> +# Fix this once we replace this with the MS implementation
> +SRC_URI = "gitsm://github.com/microsoft/MSRSec;protocol=https;branch=master"
> +SRC_URI += "file://0000-fix-ssl-fallthrough.patch"
> +SRC_URI += "file://0002-add-enum-to-ta-flags.patch"
While this does work, it would be better to follow how other recipes
in meta-arm are doing it and make it a single SRC_URI entry.
Also, it's super odd to me that the patches are 0000 and 0002, not
0001 and 0002 (but this is being super pedantic).
> +SRCREV = "76f81b36efbb1a366b0d382bc0defe677f1f0534"
> +
> +S = "${WORKDIR}/git"
> +
> +OPTEE_CLIENT_EXPORT = "${STAGING_DIR_HOST}${prefix}"
> +TEEC_EXPORT = "${STAGING_DIR_HOST}${prefix}"
> +TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta"
> +
> +EXTRA_OEMAKE += '\
> + CFG_FTPM_USE_WOLF=y \
> + TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
> + TA_CROSS_COMPILE=${TARGET_PREFIX} \
> + CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST} -I${WORKDIR}/optee-os" \
> +'
> +
> +EXTRA_OEMAKE:append:aarch64:qemuall = "\
> + CFG_ARM64_ta_arm64=y \
> +"
> +
> +B = "${S}"
> +
> +# fails with j > 1
> +PARALLEL_MAKE = ""
> +
> +do_compile() {
> + sed -i 's/-mcpu=$(TA_CPU)//' TAs/optee_ta/fTPM/sub.mk
shouldn't this have a ${S} in the file path?
> + # there's also a secure variable storage TA called authvars
> + cd ${S}/TAs/optee_ta
> + oe_runmake ftpm
> +}
> +
> +do_install () {
> + mkdir -p ${D}/lib/optee_armtz
> + install -D -p -m 0644 ${S}/TAs/optee_ta/out/fTPM/${FTPM_UUID}.ta ${D}/lib/optee_armtz/
> +}
> +
> +do_deploy () {
> + install -d ${DEPLOYDIR}/optee
> + install -D -p -m 0644 ${S}/TAs/optee_ta/out/fTPM/${FTPM_UUID}.stripped.elf ${DEPLOYDIR}/optee/
> +}
> +
> +addtask deploy before do_build after do_install
> +
> +FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/${FTPM_UUID}.ta"
> +
> +# Imports machine specific configs from staging to build
> +PACKAGE_ARCH = "${MACHINE_ARCH}"
> +INSANE_SKIP:${PN} += "ldflags"
> diff --git a/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend b/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend
> new file mode 100644
> index 0000000..0cfa949
> --- /dev/null
> +++ b/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend
> @@ -0,0 +1,14 @@
> +FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"
> +
> +DEPENDS:append = "\
> + ${@bb.utils.contains('MACHINE_FEATURES', \
> + 'optee-ftpm', \
> + 'optee-ftpm', \
> + '' , \
> + d)}"
> +
> +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', \
> + 'optee-ftpm', \
> + 'CFG_EARLY_TA=y EARLY_TA_PATHS="${DEPLOY_DIR_IMAGE}/optee/${FTPM_UUID}.stripped.elf"', \
> + '', \
> + d)} "
> --
> 2.17.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#2387): https://lists.yoctoproject.org/g/meta-arm/message/2387
> Mute This Topic: https://lists.yoctoproject.org/mt/87069391/3616920
> Group Owner: meta-arm+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [jdmason@kudzu.us]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [meta-arm] [PATCHv3 2/5] add optee-ftpm
2021-11-15 17:06 ` [meta-arm] " Jon Mason
@ 2021-11-16 9:44 ` Maxim Uvarov
0 siblings, 0 replies; 15+ messages in thread
From: Maxim Uvarov @ 2021-11-16 9:44 UTC (permalink / raw)
To: Jon Mason; +Cc: meta-arm, Jon.Mason, Ross.Burton
On Mon, 15 Nov 2021 at 20:06, Jon Mason <jdmason@kudzu.us> wrote:
>
> On Mon, Nov 15, 2021 at 05:00:57PM +0300, Maxim Uvarov wrote:
> > Add software TPM emulated in the OPTEE-OS.
> >
> > Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
> > ---
> > .../optee-ftpm/0000-fix-ssl-fallthrough.patch | 20 ++++++
> > .../0002-add-enum-to-ta-flags.patch | 30 ++++++++
> > .../optee-ftpm/optee-ftpm_git.bb | 71 +++++++++++++++++++
> > .../optee-ftpm/optee-os_%.bbappend | 14 ++++
> > 4 files changed, 135 insertions(+)
> > create mode 100644 meta-arm/recipes-security/optee-ftpm/optee-ftpm/0000-fix-ssl-fallthrough.patch
> > create mode 100644 meta-arm/recipes-security/optee-ftpm/optee-ftpm/0002-add-enum-to-ta-flags.patch
> > create mode 100644 meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> > create mode 100644 meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend
> >
> > diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0000-fix-ssl-fallthrough.patch b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0000-fix-ssl-fallthrough.patch
> > new file mode 100644
> > index 0000000..08acde2
> > --- /dev/null
> > +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0000-fix-ssl-fallthrough.patch
> > @@ -0,0 +1,20 @@
> > +fix gcc compilation
> > +
> > +just fix compilation under gcc.
> > +Upstream-Status: Submitted [https://github.com/wolfSSL/wolfssl/pull/4563]
> > +
> > +Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
> > +
> > +diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
> > +index 7b3a953aebda..e156ae5c7909 100755
> > +--- a/external/wolfssl/wolfssl/wolfcrypt/types.h
> > ++++ b/external/wolfssl/wolfssl/wolfcrypt/types.h
> > +@@ -181,7 +181,7 @@
> > + /* GCC 7 has new switch() fall-through detection */
> > + #if defined(__GNUC__)
> > + #if ((__GNUC__ > 7) || ((__GNUC__ == 7) && (__GNUC_MINOR__ >= 1)))
> > +- #define FALL_THROUGH __attribute__ ((fallthrough));
> > ++ #define FALL_THROUGH __attribute__ ((__fallthrough__));
> > + #endif
> > + #endif
> > + #ifndef FALL_THROUGH
> > diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0002-add-enum-to-ta-flags.patch b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0002-add-enum-to-ta-flags.patch
> > new file mode 100644
> > index 0000000..bbc1107
> > --- /dev/null
> > +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0002-add-enum-to-ta-flags.patch
> > @@ -0,0 +1,30 @@
> > +From 2d00f16058529eb9f4d4d2bcaeed91fd53b43989 Mon Sep 17 00:00:00 2001
> > +From: Maxim Uvarov <maxim.uvarov@linaro.org>
> > +Date: Fri, 17 Apr 2020 12:05:53 +0100
> > +Subject: [PATCH 2/2] add enum to ta flags
> > +
> > +If we compile this TA into OPTEE-OS we need to define a flag
> > +that this TA can be discovered on the optee bus.
> > +Upstream-Status: Submitted [https://github.com/microsoft/MSRSec/pull/34]
> > +
> > +Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
> > +---
> > + TAs/optee_ta/fTPM/user_ta_header_defines.h | 2 +-
> > + 1 file changed, 1 insertion(+), 1 deletion(-)
> > +
> > +diff --git a/TAs/optee_ta/fTPM/user_ta_header_defines.h b/TAs/optee_ta/fTPM/user_ta_header_defines.h
> > +index 6ff62d1..685b54a 100644
> > +--- a/TAs/optee_ta/fTPM/user_ta_header_defines.h
> > ++++ b/TAs/optee_ta/fTPM/user_ta_header_defines.h
> > +@@ -44,7 +44,7 @@
> > +
> > + #define TA_UUID TA_FTPM_UUID
> > +
> > +-#define TA_FLAGS (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE )
> > ++#define TA_FLAGS (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE | TA_FLAG_DEVICE_ENUM_SUPP)
> > + #define TA_STACK_SIZE (64 * 1024)
> > + #define TA_DATA_SIZE (64 * 1024)
> > +
> > +--
> > +2.17.1
> > +
> > diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> > new file mode 100644
> > index 0000000..6c72c7f
> > --- /dev/null
> > +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> > @@ -0,0 +1,71 @@
> > +SUMMARY = "OPTEE fTPM Microsoft TA"
> > +DESCRIPTION = "TCG reference implementation of the TPM 2.0 Specification."
> > +HOMEPAGE = "https://github.com/microsoft/ms-tpm-20-ref/"
> > +
> > +inherit autotools-brokensep deploy pkgconfig gettext python3native
> > +
> > +LICENSE = "MIT"
> > +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5"
> > +
> > +DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native"
> > +DEPENDS += " optee-os-tadevkit"
>
> Is there a reason why this isn't on the previous line?
>
> > +
> > +FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"
> > +
> > +# SRC_URI = "git://github.com/Microsoft/ms-tpm-20-ref;branch=master"
> > +# Since this is not built as a pseudo TA, we can only use it as a kernel module and not built in.
> > +# The TEE supplicant is also needed to provide access to secure storage.
> > +# Secure storage access required by OP-TEE fTPM TA
> > +# is provided via OP-TEE supplicant that's not available during boot.
> > +# Fix this once we replace this with the MS implementation
> > +SRC_URI = "gitsm://github.com/microsoft/MSRSec;protocol=https;branch=master"
> > +SRC_URI += "file://0000-fix-ssl-fallthrough.patch"
> > +SRC_URI += "file://0002-add-enum-to-ta-flags.patch"
>
> While this does work, it would be better to follow how other recipes
> in meta-arm are doing it and make it a single SRC_URI entry.
>
> Also, it's super odd to me that the patches are 0000 and 0002, not
> 0001 and 0002 (but this is being super pedantic).
>
yes, v4 for this one.
> > +SRCREV = "76f81b36efbb1a366b0d382bc0defe677f1f0534"
> > +
> > +S = "${WORKDIR}/git"
> > +
> > +OPTEE_CLIENT_EXPORT = "${STAGING_DIR_HOST}${prefix}"
> > +TEEC_EXPORT = "${STAGING_DIR_HOST}${prefix}"
> > +TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta"
> > +
> > +EXTRA_OEMAKE += '\
> > + CFG_FTPM_USE_WOLF=y \
> > + TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
> > + TA_CROSS_COMPILE=${TARGET_PREFIX} \
> > + CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST} -I${WORKDIR}/optee-os" \
> > +'
> > +
> > +EXTRA_OEMAKE:append:aarch64:qemuall = "\
> > + CFG_ARM64_ta_arm64=y \
> > +"
> > +
> > +B = "${S}"
> > +
> > +# fails with j > 1
> > +PARALLEL_MAKE = ""
> > +
> > +do_compile() {
> > + sed -i 's/-mcpu=$(TA_CPU)//' TAs/optee_ta/fTPM/sub.mk
>
> shouldn't this have a ${S} in the file path?
>
do_compile() should enter the right build directory. I think
everything is correct here.
> > + # there's also a secure variable storage TA called authvars
> > + cd ${S}/TAs/optee_ta
> > + oe_runmake ftpm
> > +}
> > +
> > +do_install () {
> > + mkdir -p ${D}/lib/optee_armtz
> > + install -D -p -m 0644 ${S}/TAs/optee_ta/out/fTPM/${FTPM_UUID}.ta ${D}/lib/optee_armtz/
> > +}
> > +
> > +do_deploy () {
> > + install -d ${DEPLOYDIR}/optee
> > + install -D -p -m 0644 ${S}/TAs/optee_ta/out/fTPM/${FTPM_UUID}.stripped.elf ${DEPLOYDIR}/optee/
> > +}
> > +
> > +addtask deploy before do_build after do_install
> > +
> > +FILES:${PN} += "${nonarch_base_libdir}/optee_armtz/${FTPM_UUID}.ta"
> > +
> > +# Imports machine specific configs from staging to build
> > +PACKAGE_ARCH = "${MACHINE_ARCH}"
> > +INSANE_SKIP:${PN} += "ldflags"
> > diff --git a/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend b/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend
> > new file mode 100644
> > index 0000000..0cfa949
> > --- /dev/null
> > +++ b/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend
> > @@ -0,0 +1,14 @@
> > +FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"
> > +
> > +DEPENDS:append = "\
> > + ${@bb.utils.contains('MACHINE_FEATURES', \
> > + 'optee-ftpm', \
> > + 'optee-ftpm', \
> > + '' , \
> > + d)}"
> > +
> > +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', \
> > + 'optee-ftpm', \
> > + 'CFG_EARLY_TA=y EARLY_TA_PATHS="${DEPLOY_DIR_IMAGE}/optee/${FTPM_UUID}.stripped.elf"', \
> > + '', \
> > + d)} "
> > --
> > 2.17.1
> >
>
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#2387): https://lists.yoctoproject.org/g/meta-arm/message/2387
> > Mute This Topic: https://lists.yoctoproject.org/mt/87069391/3616920
> > Group Owner: meta-arm+owner@lists.yoctoproject.org
> > Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [jdmason@kudzu.us]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCHv3 3/5] ci/qemuarm64-secureboot.yml: add optee and tf-a
2021-11-15 14:00 [PATCHv3 1/5] optee: updae optee-os.inc to support external TAs Maxim Uvarov
2021-11-15 14:00 ` [PATCHv3 2/5] add optee-ftpm Maxim Uvarov
@ 2021-11-15 14:00 ` Maxim Uvarov
2021-11-15 16:52 ` [meta-arm] " Jon Mason
2021-11-15 14:00 ` [PATCHv3 4/5] machine/qemuarm64-secureboot.conf: add optee-ftpm Maxim Uvarov
` (3 subsequent siblings)
5 siblings, 1 reply; 15+ messages in thread
From: Maxim Uvarov @ 2021-11-15 14:00 UTC (permalink / raw)
To: meta-arm; +Cc: jon.mason, ross.burton, Maxim Uvarov
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
---
ci/qemuarm64-secureboot.yml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ci/qemuarm64-secureboot.yml b/ci/qemuarm64-secureboot.yml
index b7f3cb4..a7e89d4 100644
--- a/ci/qemuarm64-secureboot.yml
+++ b/ci/qemuarm64-secureboot.yml
@@ -14,3 +14,5 @@ target:
- core-image-base
- perf
- optee-examples
+ - optee-os
+ - trusted-firmware-a
--
2.17.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [meta-arm] [PATCHv3 3/5] ci/qemuarm64-secureboot.yml: add optee and tf-a
2021-11-15 14:00 ` [PATCHv3 3/5] ci/qemuarm64-secureboot.yml: add optee and tf-a Maxim Uvarov
@ 2021-11-15 16:52 ` Jon Mason
0 siblings, 0 replies; 15+ messages in thread
From: Jon Mason @ 2021-11-15 16:52 UTC (permalink / raw)
To: Maxim Uvarov; +Cc: meta-arm, jon.mason, ross.burton
On Mon, Nov 15, 2021 at 05:00:58PM +0300, Maxim Uvarov wrote:
> Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
> ---
> ci/qemuarm64-secureboot.yml | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/ci/qemuarm64-secureboot.yml b/ci/qemuarm64-secureboot.yml
> index b7f3cb4..a7e89d4 100644
> --- a/ci/qemuarm64-secureboot.yml
> +++ b/ci/qemuarm64-secureboot.yml
> @@ -14,3 +14,5 @@ target:
> - core-image-base
> - perf
> - optee-examples
> + - optee-os
> + - trusted-firmware-a
I don't think we should be added tf-a or optee-os as a target. tf-a is
already being built as a dependency of the machine, and optee-os is a
dependency of tf-a for qemu machines. So, this is not adding
anything, and I think the patch should be dropped.
Thanks,
Jon
> --
> 2.17.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#2386): https://lists.yoctoproject.org/g/meta-arm/message/2386
> Mute This Topic: https://lists.yoctoproject.org/mt/87069390/3616920
> Group Owner: meta-arm+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [jdmason@kudzu.us]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCHv3 4/5] machine/qemuarm64-secureboot.conf: add optee-ftpm
2021-11-15 14:00 [PATCHv3 1/5] optee: updae optee-os.inc to support external TAs Maxim Uvarov
2021-11-15 14:00 ` [PATCHv3 2/5] add optee-ftpm Maxim Uvarov
2021-11-15 14:00 ` [PATCHv3 3/5] ci/qemuarm64-secureboot.yml: add optee and tf-a Maxim Uvarov
@ 2021-11-15 14:00 ` Maxim Uvarov
2021-11-15 17:19 ` [meta-arm] " Jon Mason
2021-11-15 14:01 ` [PATCHv3 5/5] tfa: add depends on openssl Maxim Uvarov
` (2 subsequent siblings)
5 siblings, 1 reply; 15+ messages in thread
From: Maxim Uvarov @ 2021-11-15 14:00 UTC (permalink / raw)
To: meta-arm; +Cc: jon.mason, ross.burton, Maxim Uvarov
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
---
meta-arm/conf/machine/qemuarm64-secureboot.conf | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-arm/conf/machine/qemuarm64-secureboot.conf b/meta-arm/conf/machine/qemuarm64-secureboot.conf
index c45924a..b664dac 100644
--- a/meta-arm/conf/machine/qemuarm64-secureboot.conf
+++ b/meta-arm/conf/machine/qemuarm64-secureboot.conf
@@ -20,4 +20,6 @@ WKS_FILE ?= "qemuarm64.wks"
WKS_FILE_DEPENDS = "trusted-firmware-a"
IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}"
+MACHINE_FEATURES += "optee-ftpm"
+
PREFERRED_VERSION_linux-yocto ?= "5.10%"
--
2.17.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [meta-arm] [PATCHv3 4/5] machine/qemuarm64-secureboot.conf: add optee-ftpm
2021-11-15 14:00 ` [PATCHv3 4/5] machine/qemuarm64-secureboot.conf: add optee-ftpm Maxim Uvarov
@ 2021-11-15 17:19 ` Jon Mason
2021-11-16 9:42 ` Maxim Uvarov
0 siblings, 1 reply; 15+ messages in thread
From: Jon Mason @ 2021-11-15 17:19 UTC (permalink / raw)
To: Maxim Uvarov; +Cc: meta-arm, jon.mason, ross.burton
On Mon, Nov 15, 2021 at 05:00:59PM +0300, Maxim Uvarov wrote:
> Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
> ---
> meta-arm/conf/machine/qemuarm64-secureboot.conf | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/meta-arm/conf/machine/qemuarm64-secureboot.conf b/meta-arm/conf/machine/qemuarm64-secureboot.conf
> index c45924a..b664dac 100644
> --- a/meta-arm/conf/machine/qemuarm64-secureboot.conf
> +++ b/meta-arm/conf/machine/qemuarm64-secureboot.conf
> @@ -20,4 +20,6 @@ WKS_FILE ?= "qemuarm64.wks"
> WKS_FILE_DEPENDS = "trusted-firmware-a"
> IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}"
>
> +MACHINE_FEATURES += "optee-ftpm"
I'm wondering if this wouldn't be better described as simply tpm.
Then do a check to see if one is described anywhere and if not, then
do the software tpm. Does this make sense?
Thanks,
Jon
> +
> PREFERRED_VERSION_linux-yocto ?= "5.10%"
> --
> 2.17.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#2388): https://lists.yoctoproject.org/g/meta-arm/message/2388
> Mute This Topic: https://lists.yoctoproject.org/mt/87069392/3616920
> Group Owner: meta-arm+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [jdmason@kudzu.us]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [meta-arm] [PATCHv3 4/5] machine/qemuarm64-secureboot.conf: add optee-ftpm
2021-11-15 17:19 ` [meta-arm] " Jon Mason
@ 2021-11-16 9:42 ` Maxim Uvarov
0 siblings, 0 replies; 15+ messages in thread
From: Maxim Uvarov @ 2021-11-16 9:42 UTC (permalink / raw)
To: Jon Mason; +Cc: meta-arm, Jon.Mason, Ross.Burton
On Mon, 15 Nov 2021 at 20:19, Jon Mason <jdmason@kudzu.us> wrote:
>
> On Mon, Nov 15, 2021 at 05:00:59PM +0300, Maxim Uvarov wrote:
> > Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
> > ---
> > meta-arm/conf/machine/qemuarm64-secureboot.conf | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/meta-arm/conf/machine/qemuarm64-secureboot.conf b/meta-arm/conf/machine/qemuarm64-secureboot.conf
> > index c45924a..b664dac 100644
> > --- a/meta-arm/conf/machine/qemuarm64-secureboot.conf
> > +++ b/meta-arm/conf/machine/qemuarm64-secureboot.conf
> > @@ -20,4 +20,6 @@ WKS_FILE ?= "qemuarm64.wks"
> > WKS_FILE_DEPENDS = "trusted-firmware-a"
> > IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}"
> >
> > +MACHINE_FEATURES += "optee-ftpm"
>
> I'm wondering if this wouldn't be better described as simply tpm.
> Then do a check to see if one is described anywhere and if not, then
> do the software tpm. Does this make sense?
>
> Thanks,
> Jon
Interesting question. Theoretically one machine can have several tpm
devices. If we just set tpm then how will we difference them in
future?
I would prefer to be more concrete here.
BR,
Maxim.
>
> > +
> > PREFERRED_VERSION_linux-yocto ?= "5.10%"
> > --
> > 2.17.1
> >
>
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#2388): https://lists.yoctoproject.org/g/meta-arm/message/2388
> > Mute This Topic: https://lists.yoctoproject.org/mt/87069392/3616920
> > Group Owner: meta-arm+owner@lists.yoctoproject.org
> > Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [jdmason@kudzu.us]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCHv3 5/5] tfa: add depends on openssl
2021-11-15 14:00 [PATCHv3 1/5] optee: updae optee-os.inc to support external TAs Maxim Uvarov
` (2 preceding siblings ...)
2021-11-15 14:00 ` [PATCHv3 4/5] machine/qemuarm64-secureboot.conf: add optee-ftpm Maxim Uvarov
@ 2021-11-15 14:01 ` Maxim Uvarov
2021-11-15 14:03 ` [meta-arm] " Ross Burton
2021-11-15 16:47 ` [meta-arm] [PATCHv3 1/5] optee: updae optee-os.inc to support external TAs Jon Mason
[not found] ` <16B7C62271B94CA7.23622@lists.yoctoproject.org>
5 siblings, 1 reply; 15+ messages in thread
From: Maxim Uvarov @ 2021-11-15 14:01 UTC (permalink / raw)
To: meta-arm; +Cc: jon.mason, ross.burton, Maxim Uvarov
build ci/corstone1000-fvp.yml: generated the following error for me:
libcrypto.so.3: cannot open shared object file: No such file or directory
Add openssl to DEPENDS.
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
---
meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
index 243e641..0f7d3de 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
+++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
@@ -87,7 +87,7 @@ DEPENDS:remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc"
# We need dtc for dtbs compilation
# We need openssl for fiptool
-DEPENDS = "dtc-native openssl-native"
+DEPENDS = "dtc-native openssl-native openssl"
DEPENDS:append:toolchain-clang = " compiler-rt"
# CC and LD introduce arguments which conflict with those otherwise provided by
--
2.17.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [meta-arm] [PATCHv3 5/5] tfa: add depends on openssl
2021-11-15 14:01 ` [PATCHv3 5/5] tfa: add depends on openssl Maxim Uvarov
@ 2021-11-15 14:03 ` Ross Burton
2021-11-15 16:02 ` Maxim Uvarov
0 siblings, 1 reply; 15+ messages in thread
From: Ross Burton @ 2021-11-15 14:03 UTC (permalink / raw)
To: Maxim Uvarov; +Cc: meta-arm, Jon.Mason, ross.burton
Rebase to current master and this will go away. TF-A doesn't link to
the target libcrypto.
Ross
On Mon, 15 Nov 2021 at 14:01, Maxim Uvarov <maxim.uvarov@linaro.org> wrote:
>
> build ci/corstone1000-fvp.yml: generated the following error for me:
> libcrypto.so.3: cannot open shared object file: No such file or directory
> Add openssl to DEPENDS.
>
> Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
> ---
> meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
> index 243e641..0f7d3de 100644
> --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
> +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
> @@ -87,7 +87,7 @@ DEPENDS:remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc"
>
> # We need dtc for dtbs compilation
> # We need openssl for fiptool
> -DEPENDS = "dtc-native openssl-native"
> +DEPENDS = "dtc-native openssl-native openssl"
> DEPENDS:append:toolchain-clang = " compiler-rt"
>
> # CC and LD introduce arguments which conflict with those otherwise provided by
> --
> 2.17.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#2389): https://lists.yoctoproject.org/g/meta-arm/message/2389
> Mute This Topic: https://lists.yoctoproject.org/mt/87069393/1676615
> Group Owner: meta-arm+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [ross@burtonini.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [meta-arm] [PATCHv3 5/5] tfa: add depends on openssl
2021-11-15 14:03 ` [meta-arm] " Ross Burton
@ 2021-11-15 16:02 ` Maxim Uvarov
0 siblings, 0 replies; 15+ messages in thread
From: Maxim Uvarov @ 2021-11-15 16:02 UTC (permalink / raw)
To: Ross Burton; +Cc: meta-arm, Jon.Mason, Ross.Burton
Ross, quick compilation passed without this patch. Please just skip
this v3 series. I will run the build without cache to double check
that it's already fixed.
On Mon, 15 Nov 2021 at 17:03, Ross Burton <ross@burtonini.com> wrote:
>
> Rebase to current master and this will go away. TF-A doesn't link to
> the target libcrypto.
>
> Ross
>
> On Mon, 15 Nov 2021 at 14:01, Maxim Uvarov <maxim.uvarov@linaro.org> wrote:
> >
> > build ci/corstone1000-fvp.yml: generated the following error for me:
> > libcrypto.so.3: cannot open shared object file: No such file or directory
> > Add openssl to DEPENDS.
> >
> > Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
> > ---
> > meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
> > index 243e641..0f7d3de 100644
> > --- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
> > +++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
> > @@ -87,7 +87,7 @@ DEPENDS:remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc"
> >
> > # We need dtc for dtbs compilation
> > # We need openssl for fiptool
> > -DEPENDS = "dtc-native openssl-native"
> > +DEPENDS = "dtc-native openssl-native openssl"
> > DEPENDS:append:toolchain-clang = " compiler-rt"
> >
> > # CC and LD introduce arguments which conflict with those otherwise provided by
> > --
> > 2.17.1
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#2389): https://lists.yoctoproject.org/g/meta-arm/message/2389
> > Mute This Topic: https://lists.yoctoproject.org/mt/87069393/1676615
> > Group Owner: meta-arm+owner@lists.yoctoproject.org
> > Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [ross@burtonini.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [meta-arm] [PATCHv3 1/5] optee: updae optee-os.inc to support external TAs
2021-11-15 14:00 [PATCHv3 1/5] optee: updae optee-os.inc to support external TAs Maxim Uvarov
` (3 preceding siblings ...)
2021-11-15 14:01 ` [PATCHv3 5/5] tfa: add depends on openssl Maxim Uvarov
@ 2021-11-15 16:47 ` Jon Mason
[not found] ` <16B7C62271B94CA7.23622@lists.yoctoproject.org>
5 siblings, 0 replies; 15+ messages in thread
From: Jon Mason @ 2021-11-15 16:47 UTC (permalink / raw)
To: Maxim Uvarov; +Cc: meta-arm, jon.mason, ross.burton
CI is still running, but it is already failing check-layers (again) with
ERROR: Nothing PROVIDES 'optee-os-tadevkit' (but /builds/jonmason00/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb DEPENDS on or otherwise requires it)
See https://gitlab.com/jonmason00/meta-arm/-/jobs/1783827221
Thanks,
Jon
On Mon, Nov 15, 2021 at 05:00:56PM +0300, Maxim Uvarov wrote:
> Separate recipe for TA devkit is needed to solve
> circular dependency to build TAs withthe devkit
> and integrate it inside optee-os.
>
> Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
> ---
> .../recipes-security/optee/optee-examples.inc | 2 +-
> .../optee/optee-os-tadevkit_3.14.0.bb | 20 +++++++++++++++++++
> meta-arm/recipes-security/optee/optee-os.inc | 7 -------
> 3 files changed, 21 insertions(+), 8 deletions(-)
> create mode 100644 meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
>
> diff --git a/meta-arm/recipes-security/optee/optee-examples.inc b/meta-arm/recipes-security/optee/optee-examples.inc
> index 921fa18..656722e 100644
> --- a/meta-arm/recipes-security/optee/optee-examples.inc
> +++ b/meta-arm/recipes-security/optee/optee-examples.inc
> @@ -5,7 +5,7 @@ HOMEPAGE = "https://github.com/linaro-swg/optee_examples"
> LICENSE = "BSD-2-Clause"
> LIC_FILES_CHKSUM = "file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30"
>
> -DEPENDS = "optee-client optee-os python3-pycryptodome-native"
> +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
>
> inherit python3native
>
> diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> new file mode 100644
> index 0000000..0d37a52
> --- /dev/null
> +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> @@ -0,0 +1,20 @@
> +FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:"
> +require optee-os_3.14.0.bb
> +
> +SUMMARY = "OP-TEE Trusted OS TA devkit"
> +DESCRIPTION = "OP-TEE TA devkit for build TAs"
> +HOMEPAGE = "https://www.op-tee.org/"
> +
> +do_install() {
> + #install TA devkit
> + install -d ${D}${includedir}/optee/export-user_ta/
> + for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do
> + cp -aR $f ${D}${includedir}/optee/export-user_ta/
> + done
> +}
> +
> +do_deploy() {
> + echo "Do not inherit do_deploy from optee-os."
> +}
> +
> +FILES:${PN} = "${includedir}/optee/"
> diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc
> index 277646e..1506a58 100644
> --- a/meta-arm/recipes-security/optee/optee-os.inc
> +++ b/meta-arm/recipes-security/optee/optee-os.inc
> @@ -46,12 +46,6 @@ do_install() {
> #install core in firmware
> install -d ${D}${nonarch_base_libdir}/firmware/
> install -m 644 ${B}/core/*.bin ${B}/core/tee.elf ${D}${nonarch_base_libdir}/firmware/
> -
> - #install TA devkit
> - install -d ${D}${includedir}/optee/export-user_ta/
> - for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do
> - cp -aR $f ${D}${includedir}/optee/export-user_ta/
> - done
> }
>
> PACKAGE_ARCH = "${MACHINE_ARCH}"
> @@ -66,7 +60,6 @@ addtask deploy before do_build after do_install
> SYSROOT_DIRS += "${nonarch_base_libdir}/firmware"
>
> FILES:${PN} = "${nonarch_base_libdir}/firmware/"
> -FILES:${PN}-dev = "${includedir}/optee/"
>
> # note: "textrel" is not triggered on all archs
> INSANE_SKIP:${PN} = "textrel"
> --
> 2.17.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#2391): https://lists.yoctoproject.org/g/meta-arm/message/2391
> Mute This Topic: https://lists.yoctoproject.org/mt/87069528/3616920
> Group Owner: meta-arm+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [jdmason@kudzu.us]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 15+ messages in thread
[parent not found: <16B7C62271B94CA7.23622@lists.yoctoproject.org>]
* Re: [meta-arm] [PATCHv3 1/5] optee: updae optee-os.inc to support external TAs
[not found] ` <16B7C62271B94CA7.23622@lists.yoctoproject.org>
@ 2021-11-15 19:05 ` Jon Mason
2021-11-16 9:36 ` Maxim Uvarov
0 siblings, 1 reply; 15+ messages in thread
From: Jon Mason @ 2021-11-15 19:05 UTC (permalink / raw)
To: Maxim Uvarov, meta-arm, jon.mason, ross.burton
On Mon, Nov 15, 2021 at 11:47:17AM -0500, Jon Mason via lists.yoctoproject.org wrote:
> CI is still running, but it is already failing check-layers (again) with
> ERROR: Nothing PROVIDES 'optee-os-tadevkit' (but /builds/jonmason00/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb DEPENDS on or otherwise requires it)
> See https://gitlab.com/jonmason00/meta-arm/-/jobs/1783827221
Looks like it's not clang safe either
https://gitlab.com/jonmason00/meta-arm/-/jobs/1783827269
>
> Thanks,
> Jon
>
> On Mon, Nov 15, 2021 at 05:00:56PM +0300, Maxim Uvarov wrote:
> > Separate recipe for TA devkit is needed to solve
> > circular dependency to build TAs withthe devkit
> > and integrate it inside optee-os.
> >
> > Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
> > ---
> > .../recipes-security/optee/optee-examples.inc | 2 +-
> > .../optee/optee-os-tadevkit_3.14.0.bb | 20 +++++++++++++++++++
> > meta-arm/recipes-security/optee/optee-os.inc | 7 -------
> > 3 files changed, 21 insertions(+), 8 deletions(-)
> > create mode 100644 meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> >
> > diff --git a/meta-arm/recipes-security/optee/optee-examples.inc b/meta-arm/recipes-security/optee/optee-examples.inc
> > index 921fa18..656722e 100644
> > --- a/meta-arm/recipes-security/optee/optee-examples.inc
> > +++ b/meta-arm/recipes-security/optee/optee-examples.inc
> > @@ -5,7 +5,7 @@ HOMEPAGE = "https://github.com/linaro-swg/optee_examples"
> > LICENSE = "BSD-2-Clause"
> > LIC_FILES_CHKSUM = "file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30"
> >
> > -DEPENDS = "optee-client optee-os python3-pycryptodome-native"
> > +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
> >
> > inherit python3native
> >
> > diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> > new file mode 100644
> > index 0000000..0d37a52
> > --- /dev/null
> > +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> > @@ -0,0 +1,20 @@
> > +FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:"
> > +require optee-os_3.14.0.bb
> > +
> > +SUMMARY = "OP-TEE Trusted OS TA devkit"
> > +DESCRIPTION = "OP-TEE TA devkit for build TAs"
> > +HOMEPAGE = "https://www.op-tee.org/"
> > +
> > +do_install() {
> > + #install TA devkit
> > + install -d ${D}${includedir}/optee/export-user_ta/
> > + for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do
> > + cp -aR $f ${D}${includedir}/optee/export-user_ta/
> > + done
> > +}
> > +
> > +do_deploy() {
> > + echo "Do not inherit do_deploy from optee-os."
> > +}
> > +
> > +FILES:${PN} = "${includedir}/optee/"
> > diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc
> > index 277646e..1506a58 100644
> > --- a/meta-arm/recipes-security/optee/optee-os.inc
> > +++ b/meta-arm/recipes-security/optee/optee-os.inc
> > @@ -46,12 +46,6 @@ do_install() {
> > #install core in firmware
> > install -d ${D}${nonarch_base_libdir}/firmware/
> > install -m 644 ${B}/core/*.bin ${B}/core/tee.elf ${D}${nonarch_base_libdir}/firmware/
> > -
> > - #install TA devkit
> > - install -d ${D}${includedir}/optee/export-user_ta/
> > - for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do
> > - cp -aR $f ${D}${includedir}/optee/export-user_ta/
> > - done
> > }
> >
> > PACKAGE_ARCH = "${MACHINE_ARCH}"
> > @@ -66,7 +60,6 @@ addtask deploy before do_build after do_install
> > SYSROOT_DIRS += "${nonarch_base_libdir}/firmware"
> >
> > FILES:${PN} = "${nonarch_base_libdir}/firmware/"
> > -FILES:${PN}-dev = "${includedir}/optee/"
> >
> > # note: "textrel" is not triggered on all archs
> > INSANE_SKIP:${PN} = "textrel"
> > --
> > 2.17.1
> >
>
> >
> >
> >
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#2397): https://lists.yoctoproject.org/g/meta-arm/message/2397
> Mute This Topic: https://lists.yoctoproject.org/mt/87069528/3616920
> Group Owner: meta-arm+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [jdmason@kudzu.us]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [meta-arm] [PATCHv3 1/5] optee: updae optee-os.inc to support external TAs
2021-11-15 19:05 ` Jon Mason
@ 2021-11-16 9:36 ` Maxim Uvarov
0 siblings, 0 replies; 15+ messages in thread
From: Maxim Uvarov @ 2021-11-16 9:36 UTC (permalink / raw)
To: Jon Mason; +Cc: meta-arm, Jon.Mason, Ross.Burton
On Mon, 15 Nov 2021 at 22:05, Jon Mason <jdmason@kudzu.us> wrote:
>
> On Mon, Nov 15, 2021 at 11:47:17AM -0500, Jon Mason via lists.yoctoproject.org wrote:
> > CI is still running, but it is already failing check-layers (again) with
> > ERROR: Nothing PROVIDES 'optee-os-tadevkit' (but /builds/jonmason00/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb DEPENDS on or otherwise requires it)
> > See https://gitlab.com/jonmason00/meta-arm/-/jobs/1783827221
>
> Looks like it's not clang safe either
> https://gitlab.com/jonmason00/meta-arm/-/jobs/1783827269
>
From log above error is:
| /bin/sh: 1: aarch64-poky-linux-gcc: not found
Interesting how I can reproduce it...
BR,
Maxim.
> >
> > Thanks,
> > Jon
> >
> > On Mon, Nov 15, 2021 at 05:00:56PM +0300, Maxim Uvarov wrote:
> > > Separate recipe for TA devkit is needed to solve
> > > circular dependency to build TAs withthe devkit
> > > and integrate it inside optee-os.
> > >
> > > Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
> > > ---
> > > .../recipes-security/optee/optee-examples.inc | 2 +-
> > > .../optee/optee-os-tadevkit_3.14.0.bb | 20 +++++++++++++++++++
> > > meta-arm/recipes-security/optee/optee-os.inc | 7 -------
> > > 3 files changed, 21 insertions(+), 8 deletions(-)
> > > create mode 100644 meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> > >
> > > diff --git a/meta-arm/recipes-security/optee/optee-examples.inc b/meta-arm/recipes-security/optee/optee-examples.inc
> > > index 921fa18..656722e 100644
> > > --- a/meta-arm/recipes-security/optee/optee-examples.inc
> > > +++ b/meta-arm/recipes-security/optee/optee-examples.inc
> > > @@ -5,7 +5,7 @@ HOMEPAGE = "https://github.com/linaro-swg/optee_examples"
> > > LICENSE = "BSD-2-Clause"
> > > LIC_FILES_CHKSUM = "file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30"
> > >
> > > -DEPENDS = "optee-client optee-os python3-pycryptodome-native"
> > > +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
> > >
> > > inherit python3native
> > >
> > > diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> > > new file mode 100644
> > > index 0000000..0d37a52
> > > --- /dev/null
> > > +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> > > @@ -0,0 +1,20 @@
> > > +FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:"
> > > +require optee-os_3.14.0.bb
> > > +
> > > +SUMMARY = "OP-TEE Trusted OS TA devkit"
> > > +DESCRIPTION = "OP-TEE TA devkit for build TAs"
> > > +HOMEPAGE = "https://www.op-tee.org/"
> > > +
> > > +do_install() {
> > > + #install TA devkit
> > > + install -d ${D}${includedir}/optee/export-user_ta/
> > > + for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do
> > > + cp -aR $f ${D}${includedir}/optee/export-user_ta/
> > > + done
> > > +}
> > > +
> > > +do_deploy() {
> > > + echo "Do not inherit do_deploy from optee-os."
> > > +}
> > > +
> > > +FILES:${PN} = "${includedir}/optee/"
> > > diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc
> > > index 277646e..1506a58 100644
> > > --- a/meta-arm/recipes-security/optee/optee-os.inc
> > > +++ b/meta-arm/recipes-security/optee/optee-os.inc
> > > @@ -46,12 +46,6 @@ do_install() {
> > > #install core in firmware
> > > install -d ${D}${nonarch_base_libdir}/firmware/
> > > install -m 644 ${B}/core/*.bin ${B}/core/tee.elf ${D}${nonarch_base_libdir}/firmware/
> > > -
> > > - #install TA devkit
> > > - install -d ${D}${includedir}/optee/export-user_ta/
> > > - for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do
> > > - cp -aR $f ${D}${includedir}/optee/export-user_ta/
> > > - done
> > > }
> > >
> > > PACKAGE_ARCH = "${MACHINE_ARCH}"
> > > @@ -66,7 +60,6 @@ addtask deploy before do_build after do_install
> > > SYSROOT_DIRS += "${nonarch_base_libdir}/firmware"
> > >
> > > FILES:${PN} = "${nonarch_base_libdir}/firmware/"
> > > -FILES:${PN}-dev = "${includedir}/optee/"
> > >
> > > # note: "textrel" is not triggered on all archs
> > > INSANE_SKIP:${PN} = "textrel"
> > > --
> > > 2.17.1
> > >
> >
> > >
> > >
> > >
> >
>
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#2397): https://lists.yoctoproject.org/g/meta-arm/message/2397
> > Mute This Topic: https://lists.yoctoproject.org/mt/87069528/3616920
> > Group Owner: meta-arm+owner@lists.yoctoproject.org
> > Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [jdmason@kudzu.us]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>
^ permalink raw reply [flat|nested] 15+ messages in thread