All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] arm/optee: Upgrade from 3.14 to 3.16
@ 2022-02-26  3:04 Alejandro Enedino Hernandez Samaniego
  2022-03-01 16:27 ` Jon Mason
  2022-03-23 13:31 ` Jon Mason
  0 siblings, 2 replies; 21+ messages in thread
From: Alejandro Enedino Hernandez Samaniego @ 2022-02-26  3:04 UTC (permalink / raw)
  To: meta-arm; +Cc: Alejandro Enedino Hernandez Samaniego

- Removes upstreamed patches for optee-examples
- Fixes optee-examples installation
- Includes new python3-cryptography dependency
- Fixes python3-cryptography to work with openssl

Tested on qemuarm64-secureboot via optee-examples xtest -l 15

Signed-off-by: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com>
---
 ....bbappend => optee-client_3.16.0.bbappend} |  0
 ...pend => optee-os-tadevkit_3.16.0.bbappend} |  0
 ...14.0.bbappend => optee-os_3.16.0.bbappend} |  0
 ....0.bbappend => optee-test_3.16.0.bbappend} |  0
 .../optee-ftpm/optee-ftpm_git.bb              |  8 +-
 .../optee/optee-client_3.14.0.bb              |  3 -
 .../optee/optee-client_3.16.0.bb              |  3 +
 .../recipes-security/optee/optee-examples.inc |  7 +-
 ...ix-non-portable-sh-check-for-plugins.patch | 46 ++++++++++
 ...efault-cross-compiler-environment-se.patch | 84 -------------------
 ...nable-plugins-installation-in-rootfs.patch | 37 --------
 .../optee/optee-examples_3.14.0.bb            |  4 -
 .../optee/optee-examples_3.16.0.bb            |  3 +
 ..._3.14.0.bb => optee-os-tadevkit_3.16.0.bb} |  3 +-
 meta-arm/recipes-security/optee/optee-os.inc  |  2 +-
 ...{optee-os_3.14.0.bb => optee-os_3.16.0.bb} |  2 +-
 .../recipes-security/optee/optee-test.inc     |  2 +-
 .../optee/optee-test_3.14.0.bb                |  3 -
 .../optee/optee-test_3.16.0.bb                |  3 +
 meta-arm/recipes-security/optee/optee.inc     |  3 +
 20 files changed, 73 insertions(+), 140 deletions(-)
 rename meta-arm-bsp/recipes-security/optee/{optee-client_3.14.0.bbappend => optee-client_3.16.0.bbappend} (100%)
 rename meta-arm-bsp/recipes-security/optee/{optee-os-tadevkit_3.14.0.bbappend => optee-os-tadevkit_3.16.0.bbappend} (100%)
 rename meta-arm-bsp/recipes-security/optee/{optee-os_3.14.0.bbappend => optee-os_3.16.0.bbappend} (100%)
 rename meta-arm-bsp/recipes-security/optee/{optee-test_3.14.0.bbappend => optee-test_3.16.0.bbappend} (100%)
 delete mode 100644 meta-arm/recipes-security/optee/optee-client_3.14.0.bb
 create mode 100644 meta-arm/recipes-security/optee/optee-client_3.16.0.bb
 create mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
 delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
 delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
 delete mode 100644 meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
 create mode 100644 meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
 rename meta-arm/recipes-security/optee/{optee-os-tadevkit_3.14.0.bb => optee-os-tadevkit_3.16.0.bb} (94%)
 rename meta-arm/recipes-security/optee/{optee-os_3.14.0.bb => optee-os_3.16.0.bb} (76%)
 delete mode 100644 meta-arm/recipes-security/optee/optee-test_3.14.0.bb
 create mode 100644 meta-arm/recipes-security/optee/optee-test_3.16.0.bb

diff --git a/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend
similarity index 100%
rename from meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend
rename to meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend
diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend
similarity index 100%
rename from meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend
rename to meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend
diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend
similarity index 100%
rename from meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend
rename to meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend
diff --git a/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend
similarity index 100%
rename from meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend
rename to meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend
diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
index f2a74da..0eb64cd 100644
--- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
+++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
@@ -15,7 +15,9 @@ inherit deploy python3native
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5"
 
-DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit"
+DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit \
+    python3-cryptography-native \
+    "
 
 FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"
 
@@ -48,6 +50,10 @@ EXTRA_OEMAKE:append:aarch64:qemuall = "\
     CFG_ARM64_ta_arm64=y \
 "
 
+# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
+# right path until this is relocated automatically.
+export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
+
 PARALLEL_MAKE = ""
 
 do_compile() {
diff --git a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb b/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
deleted file mode 100644
index be78b88..0000000
--- a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require optee-client.inc
-
-SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53"
diff --git a/meta-arm/recipes-security/optee/optee-client_3.16.0.bb b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb
new file mode 100644
index 0000000..4a36cbc
--- /dev/null
+++ b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb
@@ -0,0 +1,3 @@
+require optee-client.inc
+
+SRCREV = "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2"
diff --git a/meta-arm/recipes-security/optee/optee-examples.inc b/meta-arm/recipes-security/optee/optee-examples.inc
index 656722e..097f892 100644
--- a/meta-arm/recipes-security/optee/optee-examples.inc
+++ b/meta-arm/recipes-security/optee/optee-examples.inc
@@ -5,16 +5,14 @@ HOMEPAGE = "https://github.com/linaro-swg/optee_examples"
 LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30"
 
-DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
+DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native"
 
 inherit python3native
 
 require optee.inc
 
 SRC_URI = "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https \
-           file://0001-plugins-Honour-default-cross-compiler-environment-se.patch \
-           file://0002-Makefile-Enable-plugins-installation-in-rootfs.patch \
-          "
+           file://0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch"
 
 EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
                  HOST_CROSS_COMPILE=${HOST_PREFIX} \
@@ -25,6 +23,7 @@ EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build"
 
+
 do_compile() {
     oe_runmake -C ${S}
 }
diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
new file mode 100644
index 0000000..70add62
--- /dev/null
+++ b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
@@ -0,0 +1,46 @@
+From 11610debf750f15c7a104db7315dcd7d69e282a8 Mon Sep 17 00:00:00 2001
+From: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com>
+Date: Sat, 26 Feb 2022 01:52:26 +0000
+Subject: [PATCH] Makefile: Fix non-portable sh check for plugins
+
+Upstream-Status: Pending
+
+We previously held a patch that used "=" for comparison, but when
+that patch got upstreamed it was changed to "==" which is non-portable,
+resulting in an error:
+
+/bin/sh: 6: [: acipher: unexpected operator
+/bin/sh: 6: [: plugins: unexpected operator
+/bin/sh: 6: [: hello_world: unexpected operator
+/bin/sh: 6: [: hotp: unexpected operator
+/bin/sh: 6: [: aes: unexpected operator
+/bin/sh: 6: [: random: unexpected operator
+/bin/sh: 6: [: secure_storage: unexpected operator
+
+if /bin/sh doesnt point to bash.
+
+Which in turn causes our do_install task to fail since plugins arent
+where we expect them to be.
+
+
+Signed-off-by: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index b3f16aa..9359d95 100644
+--- a/Makefile
++++ b/Makefile
+@@ -31,7 +31,7 @@ prepare-for-rootfs: examples
+ 			cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
+ 		fi; \
+ 		cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
+-		if [ $$example == plugins ]; then \
++		if [ $$example = plugins ]; then \
+ 			cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \
+ 		fi; \
+ 	done
+-- 
+2.25.1
+
diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch b/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
deleted file mode 100644
index 033e48c..0000000
--- a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From 79c826c249001700007a6dffe80c3d61ff4428ef Mon Sep 17 00:00:00 2001
-From: Sumit Garg <sumit.garg@linaro.org>
-Date: Tue, 20 Jul 2021 13:54:30 +0530
-Subject: [PATCH 1/2] plugins: Honour default cross compiler environment setup
-
-Honour default $(CC), $(CFLAGS) and $(LDFLAGS) variables. Without this
-plugins example fails to build for OE/Yocto.
-
-Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87]
-
-Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
----
- plugins/Makefile        |  2 +-
- plugins/host/Makefile   |  2 +-
- plugins/syslog/Makefile | 16 ++++++++++++----
- 3 files changed, 14 insertions(+), 6 deletions(-)
-
-diff --git a/plugins/Makefile b/plugins/Makefile
-index 2372b38..ea472b4 100644
---- a/plugins/Makefile
-+++ b/plugins/Makefile
-@@ -8,7 +8,7 @@ TA_CROSS_COMPILE ?= $(CROSS_COMPILE)
- all:
- 	$(MAKE) -C host CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
- 	$(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)" LDFLAGS=""
--	$(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)"
-+	$(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
- 
- .PHONY: clean
- clean:
-diff --git a/plugins/host/Makefile b/plugins/host/Makefile
-index 7285104..76244c7 100644
---- a/plugins/host/Makefile
-+++ b/plugins/host/Makefile
-@@ -20,7 +20,7 @@ BINARY = optee_example_plugins
- all: $(BINARY)
- 
- $(BINARY): $(OBJS)
--	$(CC) -o $@ $< $(LDADD)
-+	$(CC) $(LDFLAGS) -o $@ $< $(LDADD)
- 
- .PHONY: clean
- clean:
-diff --git a/plugins/syslog/Makefile b/plugins/syslog/Makefile
-index 62d916a..71f5f92 100644
---- a/plugins/syslog/Makefile
-+++ b/plugins/syslog/Makefile
-@@ -1,3 +1,11 @@
-+CC      ?= $(CROSS_COMPILE)gcc
-+LD      ?= $(CROSS_COMPILE)ld
-+AR      ?= $(CROSS_COMPILE)ar
-+NM      ?= $(CROSS_COMPILE)nm
-+OBJCOPY ?= $(CROSS_COMPILE)objcopy
-+OBJDUMP ?= $(CROSS_COMPILE)objdump
-+READELF ?= $(CROSS_COMPILE)readelf
-+
- PLUGIN_UUID = 96bcf744-4f72-4866-bf1d-8634fd9c65e5
- 
- PLUGIN			= $(PLUGIN_UUID).plugin
-@@ -6,17 +14,17 @@ PLUGIN_OBJ		= $(patsubst %.c, %.o, $(PLUGIN_SRS))
- PLUGIN_INCLUDES_DIR	= $(CURDIR) $(TEEC_EXPORT)/include
- 
- PLUGIN_INCLUDES		= $(addprefix -I, $(PLUGIN_INCLUDES_DIR))
--PLUGIN_CCFLAGS		= -Wall -fPIC
--PLUGIN_LDFLAGS		= -shared
-+PLUGIN_CCFLAGS		= $(CFLAGS) -Wall -fPIC
-+PLUGIN_LDFLAGS		= $(LDFLAGS) -shared
- 
- .PHONY: all
- all: $(PLUGIN)
- 
- $(PLUGIN): $(PLUGIN_OBJ)
--	$(CROSS_COMPILE)gcc $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@
-+	$(CC) $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@
- 
- %.o: %.c
--	$(CROSS_COMPILE)gcc $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o
-+	$(CC) $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o
- 
- .PHONY: clean
- clean:
--- 
-2.25.1
-
diff --git a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch b/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
deleted file mode 100644
index 80e6b5f..0000000
--- a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From f4e5e74548d92258855434b550c58fe44993c148 Mon Sep 17 00:00:00 2001
-From: Sumit Garg <sumit.garg@linaro.org>
-Date: Tue, 20 Jul 2021 14:20:10 +0530
-Subject: [PATCH] Makefile: Enable plugins installation in rootfs
-
-Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87]
-
-Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
-
----
- Makefile | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/Makefile b/Makefile
-index a275842..9359d95 100644
---- a/Makefile
-+++ b/Makefile
-@@ -25,14 +25,19 @@ prepare-for-rootfs: examples
- 	@mkdir -p $(OUTPUT_DIR)
- 	@mkdir -p $(OUTPUT_DIR)/ta
- 	@mkdir -p $(OUTPUT_DIR)/ca
-+	@mkdir -p $(OUTPUT_DIR)/plugins
- 	@for example in $(EXAMPLE_LIST); do \
- 		if [ -e $$example/host/optee_example_$$example ]; then \
- 			cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
- 		fi; \
- 		cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
-+		if [ $$example = plugins ]; then \
-+			cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \
-+		fi; \
- 	done
- 
- prepare-for-rootfs-clean:
- 	@rm -rf $(OUTPUT_DIR)/ta
- 	@rm -rf $(OUTPUT_DIR)/ca
-+	@rm -rf $(OUTPUT_DIR)/plugins
- 	@rmdir --ignore-fail-on-non-empty $(OUTPUT_DIR) || test ! -e $(OUTPUT_DIR)
diff --git a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
deleted file mode 100644
index f2b5f7d..0000000
--- a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
+++ /dev/null
@@ -1,4 +0,0 @@
-require optee-examples.inc
-
-SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec"
-
diff --git a/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
new file mode 100644
index 0000000..b5f6269
--- /dev/null
+++ b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
@@ -0,0 +1,3 @@
+require optee-examples.inc
+
+SRCREV = "65fc74309e12189ad5b6ce3ffec37c8011088a5a"
diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
similarity index 94%
rename from meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
rename to meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
index 0d37a52..c710e27 100644
--- a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
+++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
@@ -1,10 +1,11 @@
 FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:"
-require optee-os_3.14.0.bb
+require optee-os_3.16.0.bb
 
 SUMMARY = "OP-TEE Trusted OS TA devkit"
 DESCRIPTION = "OP-TEE TA devkit for build TAs"
 HOMEPAGE = "https://www.op-tee.org/"
 
+
 do_install() {
     #install TA devkit
     install -d ${D}${includedir}/optee/export-user_ta/
diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc
index 1506a58..57c64fd 100644
--- a/meta-arm/recipes-security/optee/optee-os.inc
+++ b/meta-arm/recipes-security/optee/optee-os.inc
@@ -10,7 +10,7 @@ require optee.inc
 
 CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os"
 
-DEPENDS = "python3-pycryptodome-native python3-pyelftools-native"
+DEPENDS = "python3-pycryptodome-native python3-pyelftools-native python3-cryptography-native"
 
 DEPENDS:append:toolchain-clang = " compiler-rt"
 
diff --git a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb
similarity index 76%
rename from meta-arm/recipes-security/optee/optee-os_3.14.0.bb
rename to meta-arm/recipes-security/optee/optee-os_3.16.0.bb
index 95d82bb..873e964 100644
--- a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb
+++ b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb
@@ -1,6 +1,6 @@
 require optee-os.inc
 
-SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f"
+SRCREV = "d0b742d1564834dac903f906168d7357063d5459"
 
 SRC_URI:append = " \
     file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \
diff --git a/meta-arm/recipes-security/optee/optee-test.inc b/meta-arm/recipes-security/optee/optee-test.inc
index aada243..33eda29 100644
--- a/meta-arm/recipes-security/optee/optee-test.inc
+++ b/meta-arm/recipes-security/optee/optee-test.inc
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa"
 inherit python3native ptest
 require optee.inc
 
-DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
+DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native"
 
 SRC_URI = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \
            file://run-ptest \
diff --git a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb b/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
deleted file mode 100644
index 6367c27..0000000
--- a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require optee-test.inc
-
-SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741"
diff --git a/meta-arm/recipes-security/optee/optee-test_3.16.0.bb b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb
new file mode 100644
index 0000000..03f9c34
--- /dev/null
+++ b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb
@@ -0,0 +1,3 @@
+require optee-test.inc
+
+SRCREV = "1cf0e6d2bdd1145370033d4e182634458528579d"
diff --git a/meta-arm/recipes-security/optee/optee.inc b/meta-arm/recipes-security/optee/optee.inc
index f02a022..beae366 100644
--- a/meta-arm/recipes-security/optee/optee.inc
+++ b/meta-arm/recipes-security/optee/optee.inc
@@ -26,3 +26,6 @@ EXTRA_OEMAKE += "V=1 \
                  OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \
                  TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \
                 "
+# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
+# right path until this is relocated automatically.
+export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 21+ messages in thread
* Re: [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-02-26  3:04 [PATCH] arm/optee: Upgrade from 3.14 to 3.16 Alejandro Enedino Hernandez Samaniego
@ 2022-03-01 16:27 ` Jon Mason
  2022-03-01 21:54   ` [meta-arm] " Alejandro Hernandez
  2022-03-23 13:31 ` Jon Mason
  1 sibling, 1 reply; 21+ messages in thread
From: Jon Mason @ 2022-03-01 16:27 UTC (permalink / raw)
  To: Alejandro Enedino Hernandez Samaniego; +Cc: meta-arm

On Fri, Feb 25, 2022 at 08:04:41PM -0700, Alejandro Enedino Hernandez Samaniego wrote:
> - Removes upstreamed patches for optee-examples
> - Fixes optee-examples installation
> - Includes new python3-cryptography dependency
> - Fixes python3-cryptography to work with openssl
> 
> Tested on qemuarm64-secureboot via optee-examples xtest -l 15

With the new changes in python3-crypto, this is no longer working.
I'm seeing the following error in CI.

--- Error summary ---
ERROR: Nothing PROVIDES 'python3-cryptography-native' (but /builds/jonmason00/meta-arm/meta-arm/recipes-security/optee/optee-os_3.16.0.bb DEPENDS on or otherwise requires it). Close matches:
  python3-cython-native
  python3-pycryptodome-native
  python3-typogrify-native

I _think_ that adding meta-openembedded.yml being adding to the
machines should fix it, but I'm not sure that is the right solution.

Thanks,
Jon

> 
> Signed-off-by: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com>
> ---
>  ....bbappend => optee-client_3.16.0.bbappend} |  0
>  ...pend => optee-os-tadevkit_3.16.0.bbappend} |  0
>  ...14.0.bbappend => optee-os_3.16.0.bbappend} |  0
>  ....0.bbappend => optee-test_3.16.0.bbappend} |  0
>  .../optee-ftpm/optee-ftpm_git.bb              |  8 +-
>  .../optee/optee-client_3.14.0.bb              |  3 -
>  .../optee/optee-client_3.16.0.bb              |  3 +
>  .../recipes-security/optee/optee-examples.inc |  7 +-
>  ...ix-non-portable-sh-check-for-plugins.patch | 46 ++++++++++
>  ...efault-cross-compiler-environment-se.patch | 84 -------------------
>  ...nable-plugins-installation-in-rootfs.patch | 37 --------
>  .../optee/optee-examples_3.14.0.bb            |  4 -
>  .../optee/optee-examples_3.16.0.bb            |  3 +
>  ..._3.14.0.bb => optee-os-tadevkit_3.16.0.bb} |  3 +-
>  meta-arm/recipes-security/optee/optee-os.inc  |  2 +-
>  ...{optee-os_3.14.0.bb => optee-os_3.16.0.bb} |  2 +-
>  .../recipes-security/optee/optee-test.inc     |  2 +-
>  .../optee/optee-test_3.14.0.bb                |  3 -
>  .../optee/optee-test_3.16.0.bb                |  3 +
>  meta-arm/recipes-security/optee/optee.inc     |  3 +
>  20 files changed, 73 insertions(+), 140 deletions(-)
>  rename meta-arm-bsp/recipes-security/optee/{optee-client_3.14.0.bbappend => optee-client_3.16.0.bbappend} (100%)
>  rename meta-arm-bsp/recipes-security/optee/{optee-os-tadevkit_3.14.0.bbappend => optee-os-tadevkit_3.16.0.bbappend} (100%)
>  rename meta-arm-bsp/recipes-security/optee/{optee-os_3.14.0.bbappend => optee-os_3.16.0.bbappend} (100%)
>  rename meta-arm-bsp/recipes-security/optee/{optee-test_3.14.0.bbappend => optee-test_3.16.0.bbappend} (100%)
>  delete mode 100644 meta-arm/recipes-security/optee/optee-client_3.14.0.bb
>  create mode 100644 meta-arm/recipes-security/optee/optee-client_3.16.0.bb
>  create mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
>  delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
>  delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
>  delete mode 100644 meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
>  create mode 100644 meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
>  rename meta-arm/recipes-security/optee/{optee-os-tadevkit_3.14.0.bb => optee-os-tadevkit_3.16.0.bb} (94%)
>  rename meta-arm/recipes-security/optee/{optee-os_3.14.0.bb => optee-os_3.16.0.bb} (76%)
>  delete mode 100644 meta-arm/recipes-security/optee/optee-test_3.14.0.bb
>  create mode 100644 meta-arm/recipes-security/optee/optee-test_3.16.0.bb
> 
> diff --git a/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend
> similarity index 100%
> rename from meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend
> rename to meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend
> diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend
> similarity index 100%
> rename from meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend
> rename to meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend
> diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend
> similarity index 100%
> rename from meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend
> rename to meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend
> diff --git a/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend
> similarity index 100%
> rename from meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend
> rename to meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend
> diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> index f2a74da..0eb64cd 100644
> --- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> @@ -15,7 +15,9 @@ inherit deploy python3native
>  LICENSE = "MIT"
>  LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5"
>  
> -DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit"
> +DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit \
> +    python3-cryptography-native \
> +    "
>  
>  FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"
>  
> @@ -48,6 +50,10 @@ EXTRA_OEMAKE:append:aarch64:qemuall = "\
>      CFG_ARM64_ta_arm64=y \
>  "
>  
> +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
> +# right path until this is relocated automatically.
> +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
> +
>  PARALLEL_MAKE = ""
>  
>  do_compile() {
> diff --git a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb b/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
> deleted file mode 100644
> index be78b88..0000000
> --- a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
> +++ /dev/null
> @@ -1,3 +0,0 @@
> -require optee-client.inc
> -
> -SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53"
> diff --git a/meta-arm/recipes-security/optee/optee-client_3.16.0.bb b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb
> new file mode 100644
> index 0000000..4a36cbc
> --- /dev/null
> +++ b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb
> @@ -0,0 +1,3 @@
> +require optee-client.inc
> +
> +SRCREV = "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2"
> diff --git a/meta-arm/recipes-security/optee/optee-examples.inc b/meta-arm/recipes-security/optee/optee-examples.inc
> index 656722e..097f892 100644
> --- a/meta-arm/recipes-security/optee/optee-examples.inc
> +++ b/meta-arm/recipes-security/optee/optee-examples.inc
> @@ -5,16 +5,14 @@ HOMEPAGE = "https://github.com/linaro-swg/optee_examples"
>  LICENSE = "BSD-2-Clause"
>  LIC_FILES_CHKSUM = "file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30"
>  
> -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
> +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native"
>  
>  inherit python3native
>  
>  require optee.inc
>  
>  SRC_URI = "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https \
> -           file://0001-plugins-Honour-default-cross-compiler-environment-se.patch \
> -           file://0002-Makefile-Enable-plugins-installation-in-rootfs.patch \
> -          "
> +           file://0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch"
>  
>  EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
>                   HOST_CROSS_COMPILE=${HOST_PREFIX} \
> @@ -25,6 +23,7 @@ EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
>  S = "${WORKDIR}/git"
>  B = "${WORKDIR}/build"
>  
> +
>  do_compile() {
>      oe_runmake -C ${S}
>  }
> diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
> new file mode 100644
> index 0000000..70add62
> --- /dev/null
> +++ b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
> @@ -0,0 +1,46 @@
> +From 11610debf750f15c7a104db7315dcd7d69e282a8 Mon Sep 17 00:00:00 2001
> +From: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com>
> +Date: Sat, 26 Feb 2022 01:52:26 +0000
> +Subject: [PATCH] Makefile: Fix non-portable sh check for plugins
> +
> +Upstream-Status: Pending
> +
> +We previously held a patch that used "=" for comparison, but when
> +that patch got upstreamed it was changed to "==" which is non-portable,
> +resulting in an error:
> +
> +/bin/sh: 6: [: acipher: unexpected operator
> +/bin/sh: 6: [: plugins: unexpected operator
> +/bin/sh: 6: [: hello_world: unexpected operator
> +/bin/sh: 6: [: hotp: unexpected operator
> +/bin/sh: 6: [: aes: unexpected operator
> +/bin/sh: 6: [: random: unexpected operator
> +/bin/sh: 6: [: secure_storage: unexpected operator
> +
> +if /bin/sh doesnt point to bash.
> +
> +Which in turn causes our do_install task to fail since plugins arent
> +where we expect them to be.
> +
> +
> +Signed-off-by: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com>
> +---
> + Makefile | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/Makefile b/Makefile
> +index b3f16aa..9359d95 100644
> +--- a/Makefile
> ++++ b/Makefile
> +@@ -31,7 +31,7 @@ prepare-for-rootfs: examples
> + 			cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
> + 		fi; \
> + 		cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
> +-		if [ $$example == plugins ]; then \
> ++		if [ $$example = plugins ]; then \
> + 			cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \
> + 		fi; \
> + 	done
> +-- 
> +2.25.1
> +
> diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch b/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
> deleted file mode 100644
> index 033e48c..0000000
> --- a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
> +++ /dev/null
> @@ -1,84 +0,0 @@
> -From 79c826c249001700007a6dffe80c3d61ff4428ef Mon Sep 17 00:00:00 2001
> -From: Sumit Garg <sumit.garg@linaro.org>
> -Date: Tue, 20 Jul 2021 13:54:30 +0530
> -Subject: [PATCH 1/2] plugins: Honour default cross compiler environment setup
> -
> -Honour default $(CC), $(CFLAGS) and $(LDFLAGS) variables. Without this
> -plugins example fails to build for OE/Yocto.
> -
> -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87]
> -
> -Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
> ----
> - plugins/Makefile        |  2 +-
> - plugins/host/Makefile   |  2 +-
> - plugins/syslog/Makefile | 16 ++++++++++++----
> - 3 files changed, 14 insertions(+), 6 deletions(-)
> -
> -diff --git a/plugins/Makefile b/plugins/Makefile
> -index 2372b38..ea472b4 100644
> ---- a/plugins/Makefile
> -+++ b/plugins/Makefile
> -@@ -8,7 +8,7 @@ TA_CROSS_COMPILE ?= $(CROSS_COMPILE)
> - all:
> - 	$(MAKE) -C host CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
> - 	$(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)" LDFLAGS=""
> --	$(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)"
> -+	$(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
> - 
> - .PHONY: clean
> - clean:
> -diff --git a/plugins/host/Makefile b/plugins/host/Makefile
> -index 7285104..76244c7 100644
> ---- a/plugins/host/Makefile
> -+++ b/plugins/host/Makefile
> -@@ -20,7 +20,7 @@ BINARY = optee_example_plugins
> - all: $(BINARY)
> - 
> - $(BINARY): $(OBJS)
> --	$(CC) -o $@ $< $(LDADD)
> -+	$(CC) $(LDFLAGS) -o $@ $< $(LDADD)
> - 
> - .PHONY: clean
> - clean:
> -diff --git a/plugins/syslog/Makefile b/plugins/syslog/Makefile
> -index 62d916a..71f5f92 100644
> ---- a/plugins/syslog/Makefile
> -+++ b/plugins/syslog/Makefile
> -@@ -1,3 +1,11 @@
> -+CC      ?= $(CROSS_COMPILE)gcc
> -+LD      ?= $(CROSS_COMPILE)ld
> -+AR      ?= $(CROSS_COMPILE)ar
> -+NM      ?= $(CROSS_COMPILE)nm
> -+OBJCOPY ?= $(CROSS_COMPILE)objcopy
> -+OBJDUMP ?= $(CROSS_COMPILE)objdump
> -+READELF ?= $(CROSS_COMPILE)readelf
> -+
> - PLUGIN_UUID = 96bcf744-4f72-4866-bf1d-8634fd9c65e5
> - 
> - PLUGIN			= $(PLUGIN_UUID).plugin
> -@@ -6,17 +14,17 @@ PLUGIN_OBJ		= $(patsubst %.c, %.o, $(PLUGIN_SRS))
> - PLUGIN_INCLUDES_DIR	= $(CURDIR) $(TEEC_EXPORT)/include
> - 
> - PLUGIN_INCLUDES		= $(addprefix -I, $(PLUGIN_INCLUDES_DIR))
> --PLUGIN_CCFLAGS		= -Wall -fPIC
> --PLUGIN_LDFLAGS		= -shared
> -+PLUGIN_CCFLAGS		= $(CFLAGS) -Wall -fPIC
> -+PLUGIN_LDFLAGS		= $(LDFLAGS) -shared
> - 
> - .PHONY: all
> - all: $(PLUGIN)
> - 
> - $(PLUGIN): $(PLUGIN_OBJ)
> --	$(CROSS_COMPILE)gcc $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@
> -+	$(CC) $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@
> - 
> - %.o: %.c
> --	$(CROSS_COMPILE)gcc $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o
> -+	$(CC) $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o
> - 
> - .PHONY: clean
> - clean:
> --- 
> -2.25.1
> -
> diff --git a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch b/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
> deleted file mode 100644
> index 80e6b5f..0000000
> --- a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
> +++ /dev/null
> @@ -1,37 +0,0 @@
> -From f4e5e74548d92258855434b550c58fe44993c148 Mon Sep 17 00:00:00 2001
> -From: Sumit Garg <sumit.garg@linaro.org>
> -Date: Tue, 20 Jul 2021 14:20:10 +0530
> -Subject: [PATCH] Makefile: Enable plugins installation in rootfs
> -
> -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87]
> -
> -Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
> -
> ----
> - Makefile | 5 +++++
> - 1 file changed, 5 insertions(+)
> -
> -diff --git a/Makefile b/Makefile
> -index a275842..9359d95 100644
> ---- a/Makefile
> -+++ b/Makefile
> -@@ -25,14 +25,19 @@ prepare-for-rootfs: examples
> - 	@mkdir -p $(OUTPUT_DIR)
> - 	@mkdir -p $(OUTPUT_DIR)/ta
> - 	@mkdir -p $(OUTPUT_DIR)/ca
> -+	@mkdir -p $(OUTPUT_DIR)/plugins
> - 	@for example in $(EXAMPLE_LIST); do \
> - 		if [ -e $$example/host/optee_example_$$example ]; then \
> - 			cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
> - 		fi; \
> - 		cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
> -+		if [ $$example = plugins ]; then \
> -+			cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \
> -+		fi; \
> - 	done
> - 
> - prepare-for-rootfs-clean:
> - 	@rm -rf $(OUTPUT_DIR)/ta
> - 	@rm -rf $(OUTPUT_DIR)/ca
> -+	@rm -rf $(OUTPUT_DIR)/plugins
> - 	@rmdir --ignore-fail-on-non-empty $(OUTPUT_DIR) || test ! -e $(OUTPUT_DIR)
> diff --git a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
> deleted file mode 100644
> index f2b5f7d..0000000
> --- a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
> +++ /dev/null
> @@ -1,4 +0,0 @@
> -require optee-examples.inc
> -
> -SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec"
> -
> diff --git a/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
> new file mode 100644
> index 0000000..b5f6269
> --- /dev/null
> +++ b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
> @@ -0,0 +1,3 @@
> +require optee-examples.inc
> +
> +SRCREV = "65fc74309e12189ad5b6ce3ffec37c8011088a5a"
> diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
> similarity index 94%
> rename from meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> rename to meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
> index 0d37a52..c710e27 100644
> --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
> @@ -1,10 +1,11 @@
>  FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:"
> -require optee-os_3.14.0.bb
> +require optee-os_3.16.0.bb
>  
>  SUMMARY = "OP-TEE Trusted OS TA devkit"
>  DESCRIPTION = "OP-TEE TA devkit for build TAs"
>  HOMEPAGE = "https://www.op-tee.org/"
>  
> +
>  do_install() {
>      #install TA devkit
>      install -d ${D}${includedir}/optee/export-user_ta/
> diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc
> index 1506a58..57c64fd 100644
> --- a/meta-arm/recipes-security/optee/optee-os.inc
> +++ b/meta-arm/recipes-security/optee/optee-os.inc
> @@ -10,7 +10,7 @@ require optee.inc
>  
>  CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os"
>  
> -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native"
> +DEPENDS = "python3-pycryptodome-native python3-pyelftools-native python3-cryptography-native"
>  
>  DEPENDS:append:toolchain-clang = " compiler-rt"
>  
> diff --git a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb
> similarity index 76%
> rename from meta-arm/recipes-security/optee/optee-os_3.14.0.bb
> rename to meta-arm/recipes-security/optee/optee-os_3.16.0.bb
> index 95d82bb..873e964 100644
> --- a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb
> +++ b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb
> @@ -1,6 +1,6 @@
>  require optee-os.inc
>  
> -SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f"
> +SRCREV = "d0b742d1564834dac903f906168d7357063d5459"
>  
>  SRC_URI:append = " \
>      file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \
> diff --git a/meta-arm/recipes-security/optee/optee-test.inc b/meta-arm/recipes-security/optee/optee-test.inc
> index aada243..33eda29 100644
> --- a/meta-arm/recipes-security/optee/optee-test.inc
> +++ b/meta-arm/recipes-security/optee/optee-test.inc
> @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa"
>  inherit python3native ptest
>  require optee.inc
>  
> -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
> +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native"
>  
>  SRC_URI = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \
>             file://run-ptest \
> diff --git a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb b/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
> deleted file mode 100644
> index 6367c27..0000000
> --- a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
> +++ /dev/null
> @@ -1,3 +0,0 @@
> -require optee-test.inc
> -
> -SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741"
> diff --git a/meta-arm/recipes-security/optee/optee-test_3.16.0.bb b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb
> new file mode 100644
> index 0000000..03f9c34
> --- /dev/null
> +++ b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb
> @@ -0,0 +1,3 @@
> +require optee-test.inc
> +
> +SRCREV = "1cf0e6d2bdd1145370033d4e182634458528579d"
> diff --git a/meta-arm/recipes-security/optee/optee.inc b/meta-arm/recipes-security/optee/optee.inc
> index f02a022..beae366 100644
> --- a/meta-arm/recipes-security/optee/optee.inc
> +++ b/meta-arm/recipes-security/optee/optee.inc
> @@ -26,3 +26,6 @@ EXTRA_OEMAKE += "V=1 \
>                   OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \
>                   TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \
>                  "
> +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
> +# right path until this is relocated automatically.
> +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
> -- 
> 2.25.1
> 
> 


^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-03-01 16:27 ` Jon Mason
@ 2022-03-01 21:54   ` Alejandro Hernandez
       [not found]     ` <Yh+DX8uaoS1VPpQ8@kudzu.us>
  0 siblings, 1 reply; 21+ messages in thread
From: Alejandro Hernandez @ 2022-03-01 21:54 UTC (permalink / raw)
  To: Jon Mason; +Cc: meta-arm

[-- Attachment #1: Type: text/plain, Size: 22393 bytes --]

Hi John,

On 3/1/22 16:27, Jon Mason wrote:
> On Fri, Feb 25, 2022 at 08:04:41PM -0700, Alejandro Enedino Hernandez Samaniego wrote:
>> - Removes upstreamed patches for optee-examples
>> - Fixes optee-examples installation
>> - Includes new python3-cryptography dependency
>> - Fixes python3-cryptography to work with openssl
>>
>> Tested on qemuarm64-secureboot via optee-examples xtest -l 15
> With the new changes in python3-crypto, this is no longer working.
> I'm seeing the following error in CI.
>
> --- Error summary ---
> ERROR: Nothing PROVIDES 'python3-cryptography-native' (but /builds/jonmason00/meta-arm/meta-arm/recipes-security/optee/optee-os_3.16.0.bb DEPENDS on or otherwise requires it). Close matches:
>    python3-cython-native
>    python3-pycryptodome-native
>    python3-typogrify-native
>
> I _think_ that adding meta-openembedded.yml being adding to the
> machines should fix it, but I'm not sure that is the right solution.
>
> Thanks,
> Jon

My apologies, I was testing with meta-oe/meta-python enabled hence I 
didnt see the error before.


I'm not sure its the right solution either, this dependency is coming 
from the pem_to_pub_c.py script which is now using python3-cyrptography 
since commit 
https://github.com/OP-TEE/optee_os/commit/169eac19852d98d8ade821f913bbdd76faf52823 
(this also means we could remove python3-cryptodome from the 
dependencies as well), as far as I can tell this creates a hard 
dependency, passing EXTRA_OEMAKE += " CFG_WITH_USER_TA=n" would avoid 
executing the script completely but I also dont think thats what we want.

Should we include meta-openembedded.yml?,  or what other choice do we 
have? create a python3-cyrptography recipe to meta-arm?, thoughts?

Cheers,

Alejandro

>> Signed-off-by: Alejandro Enedino Hernandez Samaniego<alhe@linux.microsoft.com>
>> ---
>>   ....bbappend => optee-client_3.16.0.bbappend} |  0
>>   ...pend => optee-os-tadevkit_3.16.0.bbappend} |  0
>>   ...14.0.bbappend => optee-os_3.16.0.bbappend} |  0
>>   ....0.bbappend => optee-test_3.16.0.bbappend} |  0
>>   .../optee-ftpm/optee-ftpm_git.bb              |  8 +-
>>   .../optee/optee-client_3.14.0.bb              |  3 -
>>   .../optee/optee-client_3.16.0.bb              |  3 +
>>   .../recipes-security/optee/optee-examples.inc |  7 +-
>>   ...ix-non-portable-sh-check-for-plugins.patch | 46 ++++++++++
>>   ...efault-cross-compiler-environment-se.patch | 84 -------------------
>>   ...nable-plugins-installation-in-rootfs.patch | 37 --------
>>   .../optee/optee-examples_3.14.0.bb            |  4 -
>>   .../optee/optee-examples_3.16.0.bb            |  3 +
>>   ..._3.14.0.bb => optee-os-tadevkit_3.16.0.bb} |  3 +-
>>   meta-arm/recipes-security/optee/optee-os.inc  |  2 +-
>>   ...{optee-os_3.14.0.bb => optee-os_3.16.0.bb} |  2 +-
>>   .../recipes-security/optee/optee-test.inc     |  2 +-
>>   .../optee/optee-test_3.14.0.bb                |  3 -
>>   .../optee/optee-test_3.16.0.bb                |  3 +
>>   meta-arm/recipes-security/optee/optee.inc     |  3 +
>>   20 files changed, 73 insertions(+), 140 deletions(-)
>>   rename meta-arm-bsp/recipes-security/optee/{optee-client_3.14.0.bbappend => optee-client_3.16.0.bbappend} (100%)
>>   rename meta-arm-bsp/recipes-security/optee/{optee-os-tadevkit_3.14.0.bbappend => optee-os-tadevkit_3.16.0.bbappend} (100%)
>>   rename meta-arm-bsp/recipes-security/optee/{optee-os_3.14.0.bbappend => optee-os_3.16.0.bbappend} (100%)
>>   rename meta-arm-bsp/recipes-security/optee/{optee-test_3.14.0.bbappend => optee-test_3.16.0.bbappend} (100%)
>>   delete mode 100644 meta-arm/recipes-security/optee/optee-client_3.14.0.bb
>>   create mode 100644 meta-arm/recipes-security/optee/optee-client_3.16.0.bb
>>   create mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
>>   delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
>>   delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
>>   delete mode 100644 meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
>>   create mode 100644 meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
>>   rename meta-arm/recipes-security/optee/{optee-os-tadevkit_3.14.0.bb => optee-os-tadevkit_3.16.0.bb} (94%)
>>   rename meta-arm/recipes-security/optee/{optee-os_3.14.0.bb => optee-os_3.16.0.bb} (76%)
>>   delete mode 100644 meta-arm/recipes-security/optee/optee-test_3.14.0.bb
>>   create mode 100644 meta-arm/recipes-security/optee/optee-test_3.16.0.bb
>>
>> diff --git a/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend
>> similarity index 100%
>> rename from meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend
>> rename to meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend
>> diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend
>> similarity index 100%
>> rename from meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend
>> rename to meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend
>> diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend
>> similarity index 100%
>> rename from meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend
>> rename to meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend
>> diff --git a/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend
>> similarity index 100%
>> rename from meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend
>> rename to meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend
>> diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
>> index f2a74da..0eb64cd 100644
>> --- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
>> +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
>> @@ -15,7 +15,9 @@ inherit deploy python3native
>>   LICENSE = "MIT"
>>   LIC_FILES_CHKSUM ="file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5"
>>   
>> -DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit"
>> +DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit \
>> +    python3-cryptography-native \
>> +    "
>>   
>>   FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"
>>   
>> @@ -48,6 +50,10 @@ EXTRA_OEMAKE:append:aarch64:qemuall = "\
>>       CFG_ARM64_ta_arm64=y \
>>   "
>>   
>> +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
>> +# right path until this is relocated automatically.
>> +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
>> +
>>   PARALLEL_MAKE = ""
>>   
>>   do_compile() {
>> diff --git a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb b/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
>> deleted file mode 100644
>> index be78b88..0000000
>> --- a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
>> +++ /dev/null
>> @@ -1,3 +0,0 @@
>> -require optee-client.inc
>> -
>> -SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53"
>> diff --git a/meta-arm/recipes-security/optee/optee-client_3.16.0.bb b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb
>> new file mode 100644
>> index 0000000..4a36cbc
>> --- /dev/null
>> +++ b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb
>> @@ -0,0 +1,3 @@
>> +require optee-client.inc
>> +
>> +SRCREV = "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2"
>> diff --git a/meta-arm/recipes-security/optee/optee-examples.inc b/meta-arm/recipes-security/optee/optee-examples.inc
>> index 656722e..097f892 100644
>> --- a/meta-arm/recipes-security/optee/optee-examples.inc
>> +++ b/meta-arm/recipes-security/optee/optee-examples.inc
>> @@ -5,16 +5,14 @@ HOMEPAGE ="https://github.com/linaro-swg/optee_examples"
>>   LICENSE = "BSD-2-Clause"
>>   LIC_FILES_CHKSUM ="file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30"
>>   
>> -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
>> +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native"
>>   
>>   inherit python3native
>>   
>>   require optee.inc
>>   
>>   SRC_URI = "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https \
>> -file://0001-plugins-Honour-default-cross-compiler-environment-se.patch  \
>> -file://0002-Makefile-Enable-plugins-installation-in-rootfs.patch  \
>> -          "
>> +file://0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch"
>>   
>>   EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
>>                    HOST_CROSS_COMPILE=${HOST_PREFIX} \
>> @@ -25,6 +23,7 @@ EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
>>   S = "${WORKDIR}/git"
>>   B = "${WORKDIR}/build"
>>   
>> +
>>   do_compile() {
>>       oe_runmake -C ${S}
>>   }
>> diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
>> new file mode 100644
>> index 0000000..70add62
>> --- /dev/null
>> +++ b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
>> @@ -0,0 +1,46 @@
>> +From 11610debf750f15c7a104db7315dcd7d69e282a8 Mon Sep 17 00:00:00 2001
>> +From: Alejandro Enedino Hernandez Samaniego<alhe@linux.microsoft.com>
>> +Date: Sat, 26 Feb 2022 01:52:26 +0000
>> +Subject: [PATCH] Makefile: Fix non-portable sh check for plugins
>> +
>> +Upstream-Status: Pending
>> +
>> +We previously held a patch that used "=" for comparison, but when
>> +that patch got upstreamed it was changed to "==" which is non-portable,
>> +resulting in an error:
>> +
>> +/bin/sh: 6: [: acipher: unexpected operator
>> +/bin/sh: 6: [: plugins: unexpected operator
>> +/bin/sh: 6: [: hello_world: unexpected operator
>> +/bin/sh: 6: [: hotp: unexpected operator
>> +/bin/sh: 6: [: aes: unexpected operator
>> +/bin/sh: 6: [: random: unexpected operator
>> +/bin/sh: 6: [: secure_storage: unexpected operator
>> +
>> +if /bin/sh doesnt point to bash.
>> +
>> +Which in turn causes our do_install task to fail since plugins arent
>> +where we expect them to be.
>> +
>> +
>> +Signed-off-by: Alejandro Enedino Hernandez Samaniego<alhe@linux.microsoft.com>
>> +---
>> + Makefile | 2 +-
>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>> +
>> +diff --git a/Makefile b/Makefile
>> +index b3f16aa..9359d95 100644
>> +--- a/Makefile
>> ++++ b/Makefile
>> +@@ -31,7 +31,7 @@ prepare-for-rootfs: examples
>> + 			cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
>> + 		fi; \
>> + 		cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
>> +-		if [ $$example == plugins ]; then \
>> ++		if [ $$example = plugins ]; then \
>> + 			cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \
>> + 		fi; \
>> + 	done
>> +--
>> +2.25.1
>> +
>> diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch b/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
>> deleted file mode 100644
>> index 033e48c..0000000
>> --- a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
>> +++ /dev/null
>> @@ -1,84 +0,0 @@
>> -From 79c826c249001700007a6dffe80c3d61ff4428ef Mon Sep 17 00:00:00 2001
>> -From: Sumit Garg<sumit.garg@linaro.org>
>> -Date: Tue, 20 Jul 2021 13:54:30 +0530
>> -Subject: [PATCH 1/2] plugins: Honour default cross compiler environment setup
>> -
>> -Honour default $(CC), $(CFLAGS) and $(LDFLAGS) variables. Without this
>> -plugins example fails to build for OE/Yocto.
>> -
>> -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87]
>> -
>> -Signed-off-by: Sumit Garg<sumit.garg@linaro.org>
>> ----
>> - plugins/Makefile        |  2 +-
>> - plugins/host/Makefile   |  2 +-
>> - plugins/syslog/Makefile | 16 ++++++++++++----
>> - 3 files changed, 14 insertions(+), 6 deletions(-)
>> -
>> -diff --git a/plugins/Makefile b/plugins/Makefile
>> -index 2372b38..ea472b4 100644
>> ---- a/plugins/Makefile
>> -+++ b/plugins/Makefile
>> -@@ -8,7 +8,7 @@ TA_CROSS_COMPILE ?= $(CROSS_COMPILE)
>> - all:
>> - 	$(MAKE) -C host CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
>> - 	$(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)" LDFLAGS=""
>> --	$(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)"
>> -+	$(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
>> -
>> - .PHONY: clean
>> - clean:
>> -diff --git a/plugins/host/Makefile b/plugins/host/Makefile
>> -index 7285104..76244c7 100644
>> ---- a/plugins/host/Makefile
>> -+++ b/plugins/host/Makefile
>> -@@ -20,7 +20,7 @@ BINARY = optee_example_plugins
>> - all: $(BINARY)
>> -
>> - $(BINARY): $(OBJS)
>> --	$(CC) -o $@ $< $(LDADD)
>> -+	$(CC) $(LDFLAGS) -o $@ $< $(LDADD)
>> -
>> - .PHONY: clean
>> - clean:
>> -diff --git a/plugins/syslog/Makefile b/plugins/syslog/Makefile
>> -index 62d916a..71f5f92 100644
>> ---- a/plugins/syslog/Makefile
>> -+++ b/plugins/syslog/Makefile
>> -@@ -1,3 +1,11 @@
>> -+CC      ?= $(CROSS_COMPILE)gcc
>> -+LD      ?= $(CROSS_COMPILE)ld
>> -+AR      ?= $(CROSS_COMPILE)ar
>> -+NM      ?= $(CROSS_COMPILE)nm
>> -+OBJCOPY ?= $(CROSS_COMPILE)objcopy
>> -+OBJDUMP ?= $(CROSS_COMPILE)objdump
>> -+READELF ?= $(CROSS_COMPILE)readelf
>> -+
>> - PLUGIN_UUID = 96bcf744-4f72-4866-bf1d-8634fd9c65e5
>> -
>> - PLUGIN			= $(PLUGIN_UUID).plugin
>> -@@ -6,17 +14,17 @@ PLUGIN_OBJ		= $(patsubst %.c, %.o, $(PLUGIN_SRS))
>> - PLUGIN_INCLUDES_DIR	= $(CURDIR) $(TEEC_EXPORT)/include
>> -
>> - PLUGIN_INCLUDES		= $(addprefix -I, $(PLUGIN_INCLUDES_DIR))
>> --PLUGIN_CCFLAGS		= -Wall -fPIC
>> --PLUGIN_LDFLAGS		= -shared
>> -+PLUGIN_CCFLAGS		= $(CFLAGS) -Wall -fPIC
>> -+PLUGIN_LDFLAGS		= $(LDFLAGS) -shared
>> -
>> - .PHONY: all
>> - all: $(PLUGIN)
>> -
>> - $(PLUGIN): $(PLUGIN_OBJ)
>> --	$(CROSS_COMPILE)gcc $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@
>> -+	$(CC) $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@
>> -
>> - %.o: %.c
>> --	$(CROSS_COMPILE)gcc $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o
>> -+	$(CC) $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o
>> -
>> - .PHONY: clean
>> - clean:
>> ---
>> -2.25.1
>> -
>> diff --git a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch b/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
>> deleted file mode 100644
>> index 80e6b5f..0000000
>> --- a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
>> +++ /dev/null
>> @@ -1,37 +0,0 @@
>> -From f4e5e74548d92258855434b550c58fe44993c148 Mon Sep 17 00:00:00 2001
>> -From: Sumit Garg<sumit.garg@linaro.org>
>> -Date: Tue, 20 Jul 2021 14:20:10 +0530
>> -Subject: [PATCH] Makefile: Enable plugins installation in rootfs
>> -
>> -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87]
>> -
>> -Signed-off-by: Sumit Garg<sumit.garg@linaro.org>
>> -
>> ----
>> - Makefile | 5 +++++
>> - 1 file changed, 5 insertions(+)
>> -
>> -diff --git a/Makefile b/Makefile
>> -index a275842..9359d95 100644
>> ---- a/Makefile
>> -+++ b/Makefile
>> -@@ -25,14 +25,19 @@ prepare-for-rootfs: examples
>> - 	@mkdir -p $(OUTPUT_DIR)
>> - 	@mkdir -p $(OUTPUT_DIR)/ta
>> - 	@mkdir -p $(OUTPUT_DIR)/ca
>> -+	@mkdir -p $(OUTPUT_DIR)/plugins
>> - 	@for example in $(EXAMPLE_LIST); do \
>> - 		if [ -e $$example/host/optee_example_$$example ]; then \
>> - 			cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
>> - 		fi; \
>> - 		cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
>> -+		if [ $$example = plugins ]; then \
>> -+			cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \
>> -+		fi; \
>> - 	done
>> -
>> - prepare-for-rootfs-clean:
>> - 	@rm -rf $(OUTPUT_DIR)/ta
>> - 	@rm -rf $(OUTPUT_DIR)/ca
>> -+	@rm -rf $(OUTPUT_DIR)/plugins
>> - 	@rmdir --ignore-fail-on-non-empty $(OUTPUT_DIR) || test ! -e $(OUTPUT_DIR)
>> diff --git a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
>> deleted file mode 100644
>> index f2b5f7d..0000000
>> --- a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
>> +++ /dev/null
>> @@ -1,4 +0,0 @@
>> -require optee-examples.inc
>> -
>> -SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec"
>> -
>> diff --git a/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
>> new file mode 100644
>> index 0000000..b5f6269
>> --- /dev/null
>> +++ b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
>> @@ -0,0 +1,3 @@
>> +require optee-examples.inc
>> +
>> +SRCREV = "65fc74309e12189ad5b6ce3ffec37c8011088a5a"
>> diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
>> similarity index 94%
>> rename from meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
>> rename to meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
>> index 0d37a52..c710e27 100644
>> --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
>> +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
>> @@ -1,10 +1,11 @@
>>   FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:"
>> -require optee-os_3.14.0.bb
>> +require optee-os_3.16.0.bb
>>   
>>   SUMMARY = "OP-TEE Trusted OS TA devkit"
>>   DESCRIPTION = "OP-TEE TA devkit for build TAs"
>>   HOMEPAGE ="https://www.op-tee.org/"
>>   
>> +
>>   do_install() {
>>       #install TA devkit
>>       install -d ${D}${includedir}/optee/export-user_ta/
>> diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc
>> index 1506a58..57c64fd 100644
>> --- a/meta-arm/recipes-security/optee/optee-os.inc
>> +++ b/meta-arm/recipes-security/optee/optee-os.inc
>> @@ -10,7 +10,7 @@ require optee.inc
>>   
>>   CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os"
>>   
>> -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native"
>> +DEPENDS = "python3-pycryptodome-native python3-pyelftools-native python3-cryptography-native"
>>   
>>   DEPENDS:append:toolchain-clang = " compiler-rt"
>>   
>> diff --git a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb
>> similarity index 76%
>> rename from meta-arm/recipes-security/optee/optee-os_3.14.0.bb
>> rename to meta-arm/recipes-security/optee/optee-os_3.16.0.bb
>> index 95d82bb..873e964 100644
>> --- a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb
>> +++ b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb
>> @@ -1,6 +1,6 @@
>>   require optee-os.inc
>>   
>> -SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f"
>> +SRCREV = "d0b742d1564834dac903f906168d7357063d5459"
>>   
>>   SRC_URI:append = " \
>>       file://0006-allow-setting-sysroot-for-libgcc-lookup.patch  \
>> diff --git a/meta-arm/recipes-security/optee/optee-test.inc b/meta-arm/recipes-security/optee/optee-test.inc
>> index aada243..33eda29 100644
>> --- a/meta-arm/recipes-security/optee/optee-test.inc
>> +++ b/meta-arm/recipes-security/optee/optee-test.inc
>> @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM ="file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa"
>>   inherit python3native ptest
>>   require optee.inc
>>   
>> -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
>> +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native"
>>   
>>   SRC_URI = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \
>>              file://run-ptest  \
>> diff --git a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb b/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
>> deleted file mode 100644
>> index 6367c27..0000000
>> --- a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
>> +++ /dev/null
>> @@ -1,3 +0,0 @@
>> -require optee-test.inc
>> -
>> -SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741"
>> diff --git a/meta-arm/recipes-security/optee/optee-test_3.16.0.bb b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb
>> new file mode 100644
>> index 0000000..03f9c34
>> --- /dev/null
>> +++ b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb
>> @@ -0,0 +1,3 @@
>> +require optee-test.inc
>> +
>> +SRCREV = "1cf0e6d2bdd1145370033d4e182634458528579d"
>> diff --git a/meta-arm/recipes-security/optee/optee.inc b/meta-arm/recipes-security/optee/optee.inc
>> index f02a022..beae366 100644
>> --- a/meta-arm/recipes-security/optee/optee.inc
>> +++ b/meta-arm/recipes-security/optee/optee.inc
>> @@ -26,3 +26,6 @@ EXTRA_OEMAKE += "V=1 \
>>                    OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \
>>                    TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \
>>                   "
>> +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
>> +# right path until this is relocated automatically.
>> +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
>> -- 
>> 2.25.1
>>
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#3088):https://lists.yoctoproject.org/g/meta-arm/message/3088
>> Mute This Topic:https://lists.yoctoproject.org/mt/89404067/4354175
>> Group Owner:meta-arm+owner@lists.yoctoproject.org
>> Unsubscribe:https://lists.yoctoproject.org/g/meta-arm/unsub  [alhe@linux.microsoft.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>

[-- Attachment #2: Type: text/html, Size: 24392 bytes --]

^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
       [not found]     ` <Yh+DX8uaoS1VPpQ8@kudzu.us>
@ 2022-03-03  5:31       ` Sumit Garg
  2022-03-03 10:55         ` Abdellatif El Khlifi
  0 siblings, 1 reply; 21+ messages in thread
From: Sumit Garg @ 2022-03-03  5:31 UTC (permalink / raw)
  To: Jon Mason, Alejandro Hernandez
  Cc: meta-arm, Vishnu Banavath, Maxim Uvarov, Peter Griffin,
	Denys Dmytriyenko, Drew Reed, Abdellatif El Khlifi

On Wed, 2 Mar 2022 at 20:16, Jon Mason <jdmason@kudzu.us> wrote:
>
> On Tue, Mar 01, 2022 at 09:54:04PM +0000, Alejandro Hernandez wrote:
> > Hi John,
> >
> > On 3/1/22 16:27, Jon Mason wrote:
> > > On Fri, Feb 25, 2022 at 08:04:41PM -0700, Alejandro Enedino Hernandez Samaniego wrote:
> > > > - Removes upstreamed patches for optee-examples
> > > > - Fixes optee-examples installation
> > > > - Includes new python3-cryptography dependency
> > > > - Fixes python3-cryptography to work with openssl
> > > >
> > > > Tested on qemuarm64-secureboot via optee-examples xtest -l 15
> > > With the new changes in python3-crypto, this is no longer working.
> > > I'm seeing the following error in CI.
> > >
> > > --- Error summary ---
> > > ERROR: Nothing PROVIDES 'python3-cryptography-native' (but /builds/jonmason00/meta-arm/meta-arm/recipes-security/optee/optee-os_3.16.0.bb DEPENDS on or otherwise requires it). Close matches:
> > >    python3-cython-native
> > >    python3-pycryptodome-native
> > >    python3-typogrify-native
> > >
> > > I _think_ that adding meta-openembedded.yml being adding to the
> > > machines should fix it, but I'm not sure that is the right solution.
> > >
> > > Thanks,
> > > Jon
> >
> > My apologies, I was testing with meta-oe/meta-python enabled hence I didnt
> > see the error before.
> >
> >
> > I'm not sure its the right solution either, this dependency is coming from
> > the pem_to_pub_c.py script which is now using python3-cyrptography since
> > commit https://github.com/OP-TEE/optee_os/commit/169eac19852d98d8ade821f913bbdd76faf52823
> > (this also means we could remove python3-cryptodome from the dependencies as
> > well), as far as I can tell this creates a hard dependency, passing
> > EXTRA_OEMAKE += " CFG_WITH_USER_TA=n" would avoid executing the script
> > completely but I also dont think thats what we want.
> >
> > Should we include meta-openembedded.yml?,  or what other choice do we have?
> > create a python3-cyrptography recipe to meta-arm?, thoughts?

Yes, we should include meta-openembedded.yml as a dependency and
remove python3-cryptodome from the dependencies.

-Sumit

>
> OPTEE isn't an area I understand well (to know whether removing this
> is superior to adding the dependency in the files).  So, I'm directly
> cc'ing contributors that I think will have an opinion to this
> response.
>
> Thanks,
> Jon
>
> >
> > Cheers,
> >
> > Alejandro
> >
> > > > Signed-off-by: Alejandro Enedino Hernandez Samaniego<alhe@linux.microsoft.com>
> > > > ---
> > > >   ....bbappend => optee-client_3.16.0.bbappend} |  0
> > > >   ...pend => optee-os-tadevkit_3.16.0.bbappend} |  0
> > > >   ...14.0.bbappend => optee-os_3.16.0.bbappend} |  0
> > > >   ....0.bbappend => optee-test_3.16.0.bbappend} |  0
> > > >   .../optee-ftpm/optee-ftpm_git.bb              |  8 +-
> > > >   .../optee/optee-client_3.14.0.bb              |  3 -
> > > >   .../optee/optee-client_3.16.0.bb              |  3 +
> > > >   .../recipes-security/optee/optee-examples.inc |  7 +-
> > > >   ...ix-non-portable-sh-check-for-plugins.patch | 46 ++++++++++
> > > >   ...efault-cross-compiler-environment-se.patch | 84 -------------------
> > > >   ...nable-plugins-installation-in-rootfs.patch | 37 --------
> > > >   .../optee/optee-examples_3.14.0.bb            |  4 -
> > > >   .../optee/optee-examples_3.16.0.bb            |  3 +
> > > >   ..._3.14.0.bb => optee-os-tadevkit_3.16.0.bb} |  3 +-
> > > >   meta-arm/recipes-security/optee/optee-os.inc  |  2 +-
> > > >   ...{optee-os_3.14.0.bb => optee-os_3.16.0.bb} |  2 +-
> > > >   .../recipes-security/optee/optee-test.inc     |  2 +-
> > > >   .../optee/optee-test_3.14.0.bb                |  3 -
> > > >   .../optee/optee-test_3.16.0.bb                |  3 +
> > > >   meta-arm/recipes-security/optee/optee.inc     |  3 +
> > > >   20 files changed, 73 insertions(+), 140 deletions(-)
> > > >   rename meta-arm-bsp/recipes-security/optee/{optee-client_3.14.0.bbappend => optee-client_3.16.0.bbappend} (100%)
> > > >   rename meta-arm-bsp/recipes-security/optee/{optee-os-tadevkit_3.14.0.bbappend => optee-os-tadevkit_3.16.0.bbappend} (100%)
> > > >   rename meta-arm-bsp/recipes-security/optee/{optee-os_3.14.0.bbappend => optee-os_3.16.0.bbappend} (100%)
> > > >   rename meta-arm-bsp/recipes-security/optee/{optee-test_3.14.0.bbappend => optee-test_3.16.0.bbappend} (100%)
> > > >   delete mode 100644 meta-arm/recipes-security/optee/optee-client_3.14.0.bb
> > > >   create mode 100644 meta-arm/recipes-security/optee/optee-client_3.16.0.bb
> > > >   create mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
> > > >   delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
> > > >   delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
> > > >   delete mode 100644 meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
> > > >   create mode 100644 meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
> > > >   rename meta-arm/recipes-security/optee/{optee-os-tadevkit_3.14.0.bb => optee-os-tadevkit_3.16.0.bb} (94%)
> > > >   rename meta-arm/recipes-security/optee/{optee-os_3.14.0.bb => optee-os_3.16.0.bb} (76%)
> > > >   delete mode 100644 meta-arm/recipes-security/optee/optee-test_3.14.0.bb
> > > >   create mode 100644 meta-arm/recipes-security/optee/optee-test_3.16.0.bb
> > > >
> > > > diff --git a/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend
> > > > similarity index 100%
> > > > rename from meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend
> > > > rename to meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend
> > > > diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend
> > > > similarity index 100%
> > > > rename from meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend
> > > > rename to meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend
> > > > diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend
> > > > similarity index 100%
> > > > rename from meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend
> > > > rename to meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend
> > > > diff --git a/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend
> > > > similarity index 100%
> > > > rename from meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend
> > > > rename to meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend
> > > > diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> > > > index f2a74da..0eb64cd 100644
> > > > --- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> > > > +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> > > > @@ -15,7 +15,9 @@ inherit deploy python3native
> > > >   LICENSE = "MIT"
> > > >   LIC_FILES_CHKSUM ="file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5"
> > > > -DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit"
> > > > +DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit \
> > > > +    python3-cryptography-native \
> > > > +    "
> > > >   FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"
> > > > @@ -48,6 +50,10 @@ EXTRA_OEMAKE:append:aarch64:qemuall = "\
> > > >       CFG_ARM64_ta_arm64=y \
> > > >   "
> > > > +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
> > > > +# right path until this is relocated automatically.
> > > > +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
> > > > +
> > > >   PARALLEL_MAKE = ""
> > > >   do_compile() {
> > > > diff --git a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb b/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
> > > > deleted file mode 100644
> > > > index be78b88..0000000
> > > > --- a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
> > > > +++ /dev/null
> > > > @@ -1,3 +0,0 @@
> > > > -require optee-client.inc
> > > > -
> > > > -SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53"
> > > > diff --git a/meta-arm/recipes-security/optee/optee-client_3.16.0.bb b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb
> > > > new file mode 100644
> > > > index 0000000..4a36cbc
> > > > --- /dev/null
> > > > +++ b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb
> > > > @@ -0,0 +1,3 @@
> > > > +require optee-client.inc
> > > > +
> > > > +SRCREV = "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2"
> > > > diff --git a/meta-arm/recipes-security/optee/optee-examples.inc b/meta-arm/recipes-security/optee/optee-examples.inc
> > > > index 656722e..097f892 100644
> > > > --- a/meta-arm/recipes-security/optee/optee-examples.inc
> > > > +++ b/meta-arm/recipes-security/optee/optee-examples.inc
> > > > @@ -5,16 +5,14 @@ HOMEPAGE ="https://github.com/linaro-swg/optee_examples"
> > > >   LICENSE = "BSD-2-Clause"
> > > >   LIC_FILES_CHKSUM ="file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30"
> > > > -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
> > > > +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native"
> > > >   inherit python3native
> > > >   require optee.inc
> > > >   SRC_URI = "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https \
> > > > -file://0001-plugins-Honour-default-cross-compiler-environment-se.patch  \
> > > > -file://0002-Makefile-Enable-plugins-installation-in-rootfs.patch  \
> > > > -          "
> > > > +file://0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch"
> > > >   EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
> > > >                    HOST_CROSS_COMPILE=${HOST_PREFIX} \
> > > > @@ -25,6 +23,7 @@ EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
> > > >   S = "${WORKDIR}/git"
> > > >   B = "${WORKDIR}/build"
> > > > +
> > > >   do_compile() {
> > > >       oe_runmake -C ${S}
> > > >   }
> > > > diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
> > > > new file mode 100644
> > > > index 0000000..70add62
> > > > --- /dev/null
> > > > +++ b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
> > > > @@ -0,0 +1,46 @@
> > > > +From 11610debf750f15c7a104db7315dcd7d69e282a8 Mon Sep 17 00:00:00 2001
> > > > +From: Alejandro Enedino Hernandez Samaniego<alhe@linux.microsoft.com>
> > > > +Date: Sat, 26 Feb 2022 01:52:26 +0000
> > > > +Subject: [PATCH] Makefile: Fix non-portable sh check for plugins
> > > > +
> > > > +Upstream-Status: Pending
> > > > +
> > > > +We previously held a patch that used "=" for comparison, but when
> > > > +that patch got upstreamed it was changed to "==" which is non-portable,
> > > > +resulting in an error:
> > > > +
> > > > +/bin/sh: 6: [: acipher: unexpected operator
> > > > +/bin/sh: 6: [: plugins: unexpected operator
> > > > +/bin/sh: 6: [: hello_world: unexpected operator
> > > > +/bin/sh: 6: [: hotp: unexpected operator
> > > > +/bin/sh: 6: [: aes: unexpected operator
> > > > +/bin/sh: 6: [: random: unexpected operator
> > > > +/bin/sh: 6: [: secure_storage: unexpected operator
> > > > +
> > > > +if /bin/sh doesnt point to bash.
> > > > +
> > > > +Which in turn causes our do_install task to fail since plugins arent
> > > > +where we expect them to be.
> > > > +
> > > > +
> > > > +Signed-off-by: Alejandro Enedino Hernandez Samaniego<alhe@linux.microsoft.com>
> > > > +---
> > > > + Makefile | 2 +-
> > > > + 1 file changed, 1 insertion(+), 1 deletion(-)
> > > > +
> > > > +diff --git a/Makefile b/Makefile
> > > > +index b3f16aa..9359d95 100644
> > > > +--- a/Makefile
> > > > ++++ b/Makefile
> > > > +@@ -31,7 +31,7 @@ prepare-for-rootfs: examples
> > > > +                         cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
> > > > +                 fi; \
> > > > +                 cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
> > > > +-                if [ $$example == plugins ]; then \
> > > > ++                if [ $$example = plugins ]; then \
> > > > +                         cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \
> > > > +                 fi; \
> > > > +         done
> > > > +--
> > > > +2.25.1
> > > > +
> > > > diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch b/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
> > > > deleted file mode 100644
> > > > index 033e48c..0000000
> > > > --- a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
> > > > +++ /dev/null
> > > > @@ -1,84 +0,0 @@
> > > > -From 79c826c249001700007a6dffe80c3d61ff4428ef Mon Sep 17 00:00:00 2001
> > > > -From: Sumit Garg<sumit.garg@linaro.org>
> > > > -Date: Tue, 20 Jul 2021 13:54:30 +0530
> > > > -Subject: [PATCH 1/2] plugins: Honour default cross compiler environment setup
> > > > -
> > > > -Honour default $(CC), $(CFLAGS) and $(LDFLAGS) variables. Without this
> > > > -plugins example fails to build for OE/Yocto.
> > > > -
> > > > -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87]
> > > > -
> > > > -Signed-off-by: Sumit Garg<sumit.garg@linaro.org>
> > > > ----
> > > > - plugins/Makefile        |  2 +-
> > > > - plugins/host/Makefile   |  2 +-
> > > > - plugins/syslog/Makefile | 16 ++++++++++++----
> > > > - 3 files changed, 14 insertions(+), 6 deletions(-)
> > > > -
> > > > -diff --git a/plugins/Makefile b/plugins/Makefile
> > > > -index 2372b38..ea472b4 100644
> > > > ---- a/plugins/Makefile
> > > > -+++ b/plugins/Makefile
> > > > -@@ -8,7 +8,7 @@ TA_CROSS_COMPILE ?= $(CROSS_COMPILE)
> > > > - all:
> > > > -         $(MAKE) -C host CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
> > > > -         $(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)" LDFLAGS=""
> > > > --        $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)"
> > > > -+        $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
> > > > -
> > > > - .PHONY: clean
> > > > - clean:
> > > > -diff --git a/plugins/host/Makefile b/plugins/host/Makefile
> > > > -index 7285104..76244c7 100644
> > > > ---- a/plugins/host/Makefile
> > > > -+++ b/plugins/host/Makefile
> > > > -@@ -20,7 +20,7 @@ BINARY = optee_example_plugins
> > > > - all: $(BINARY)
> > > > -
> > > > - $(BINARY): $(OBJS)
> > > > --        $(CC) -o $@ $< $(LDADD)
> > > > -+        $(CC) $(LDFLAGS) -o $@ $< $(LDADD)
> > > > -
> > > > - .PHONY: clean
> > > > - clean:
> > > > -diff --git a/plugins/syslog/Makefile b/plugins/syslog/Makefile
> > > > -index 62d916a..71f5f92 100644
> > > > ---- a/plugins/syslog/Makefile
> > > > -+++ b/plugins/syslog/Makefile
> > > > -@@ -1,3 +1,11 @@
> > > > -+CC      ?= $(CROSS_COMPILE)gcc
> > > > -+LD      ?= $(CROSS_COMPILE)ld
> > > > -+AR      ?= $(CROSS_COMPILE)ar
> > > > -+NM      ?= $(CROSS_COMPILE)nm
> > > > -+OBJCOPY ?= $(CROSS_COMPILE)objcopy
> > > > -+OBJDUMP ?= $(CROSS_COMPILE)objdump
> > > > -+READELF ?= $(CROSS_COMPILE)readelf
> > > > -+
> > > > - PLUGIN_UUID = 96bcf744-4f72-4866-bf1d-8634fd9c65e5
> > > > -
> > > > - PLUGIN                  = $(PLUGIN_UUID).plugin
> > > > -@@ -6,17 +14,17 @@ PLUGIN_OBJ            = $(patsubst %.c, %.o, $(PLUGIN_SRS))
> > > > - PLUGIN_INCLUDES_DIR     = $(CURDIR) $(TEEC_EXPORT)/include
> > > > -
> > > > - PLUGIN_INCLUDES         = $(addprefix -I, $(PLUGIN_INCLUDES_DIR))
> > > > --PLUGIN_CCFLAGS          = -Wall -fPIC
> > > > --PLUGIN_LDFLAGS          = -shared
> > > > -+PLUGIN_CCFLAGS          = $(CFLAGS) -Wall -fPIC
> > > > -+PLUGIN_LDFLAGS          = $(LDFLAGS) -shared
> > > > -
> > > > - .PHONY: all
> > > > - all: $(PLUGIN)
> > > > -
> > > > - $(PLUGIN): $(PLUGIN_OBJ)
> > > > --        $(CROSS_COMPILE)gcc $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@
> > > > -+        $(CC) $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@
> > > > -
> > > > - %.o: %.c
> > > > --        $(CROSS_COMPILE)gcc $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o
> > > > -+        $(CC) $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o
> > > > -
> > > > - .PHONY: clean
> > > > - clean:
> > > > ---
> > > > -2.25.1
> > > > -
> > > > diff --git a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch b/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
> > > > deleted file mode 100644
> > > > index 80e6b5f..0000000
> > > > --- a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
> > > > +++ /dev/null
> > > > @@ -1,37 +0,0 @@
> > > > -From f4e5e74548d92258855434b550c58fe44993c148 Mon Sep 17 00:00:00 2001
> > > > -From: Sumit Garg<sumit.garg@linaro.org>
> > > > -Date: Tue, 20 Jul 2021 14:20:10 +0530
> > > > -Subject: [PATCH] Makefile: Enable plugins installation in rootfs
> > > > -
> > > > -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87]
> > > > -
> > > > -Signed-off-by: Sumit Garg<sumit.garg@linaro.org>
> > > > -
> > > > ----
> > > > - Makefile | 5 +++++
> > > > - 1 file changed, 5 insertions(+)
> > > > -
> > > > -diff --git a/Makefile b/Makefile
> > > > -index a275842..9359d95 100644
> > > > ---- a/Makefile
> > > > -+++ b/Makefile
> > > > -@@ -25,14 +25,19 @@ prepare-for-rootfs: examples
> > > > -         @mkdir -p $(OUTPUT_DIR)
> > > > -         @mkdir -p $(OUTPUT_DIR)/ta
> > > > -         @mkdir -p $(OUTPUT_DIR)/ca
> > > > -+        @mkdir -p $(OUTPUT_DIR)/plugins
> > > > -         @for example in $(EXAMPLE_LIST); do \
> > > > -                 if [ -e $$example/host/optee_example_$$example ]; then \
> > > > -                         cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
> > > > -                 fi; \
> > > > -                 cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
> > > > -+                if [ $$example = plugins ]; then \
> > > > -+                        cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \
> > > > -+                fi; \
> > > > -         done
> > > > -
> > > > - prepare-for-rootfs-clean:
> > > > -         @rm -rf $(OUTPUT_DIR)/ta
> > > > -         @rm -rf $(OUTPUT_DIR)/ca
> > > > -+        @rm -rf $(OUTPUT_DIR)/plugins
> > > > -         @rmdir --ignore-fail-on-non-empty $(OUTPUT_DIR) || test ! -e $(OUTPUT_DIR)
> > > > diff --git a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
> > > > deleted file mode 100644
> > > > index f2b5f7d..0000000
> > > > --- a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
> > > > +++ /dev/null
> > > > @@ -1,4 +0,0 @@
> > > > -require optee-examples.inc
> > > > -
> > > > -SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec"
> > > > -
> > > > diff --git a/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
> > > > new file mode 100644
> > > > index 0000000..b5f6269
> > > > --- /dev/null
> > > > +++ b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
> > > > @@ -0,0 +1,3 @@
> > > > +require optee-examples.inc
> > > > +
> > > > +SRCREV = "65fc74309e12189ad5b6ce3ffec37c8011088a5a"
> > > > diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
> > > > similarity index 94%
> > > > rename from meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> > > > rename to meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
> > > > index 0d37a52..c710e27 100644
> > > > --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> > > > +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
> > > > @@ -1,10 +1,11 @@
> > > >   FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:"
> > > > -require optee-os_3.14.0.bb
> > > > +require optee-os_3.16.0.bb
> > > >   SUMMARY = "OP-TEE Trusted OS TA devkit"
> > > >   DESCRIPTION = "OP-TEE TA devkit for build TAs"
> > > >   HOMEPAGE ="https://www.op-tee.org/"
> > > > +
> > > >   do_install() {
> > > >       #install TA devkit
> > > >       install -d ${D}${includedir}/optee/export-user_ta/
> > > > diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc
> > > > index 1506a58..57c64fd 100644
> > > > --- a/meta-arm/recipes-security/optee/optee-os.inc
> > > > +++ b/meta-arm/recipes-security/optee/optee-os.inc
> > > > @@ -10,7 +10,7 @@ require optee.inc
> > > >   CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os"
> > > > -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native"
> > > > +DEPENDS = "python3-pycryptodome-native python3-pyelftools-native python3-cryptography-native"
> > > >   DEPENDS:append:toolchain-clang = " compiler-rt"
> > > > diff --git a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb
> > > > similarity index 76%
> > > > rename from meta-arm/recipes-security/optee/optee-os_3.14.0.bb
> > > > rename to meta-arm/recipes-security/optee/optee-os_3.16.0.bb
> > > > index 95d82bb..873e964 100644
> > > > --- a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb
> > > > +++ b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb
> > > > @@ -1,6 +1,6 @@
> > > >   require optee-os.inc
> > > > -SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f"
> > > > +SRCREV = "d0b742d1564834dac903f906168d7357063d5459"
> > > >   SRC_URI:append = " \
> > > >       file://0006-allow-setting-sysroot-for-libgcc-lookup.patch  \
> > > > diff --git a/meta-arm/recipes-security/optee/optee-test.inc b/meta-arm/recipes-security/optee/optee-test.inc
> > > > index aada243..33eda29 100644
> > > > --- a/meta-arm/recipes-security/optee/optee-test.inc
> > > > +++ b/meta-arm/recipes-security/optee/optee-test.inc
> > > > @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM ="file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa"
> > > >   inherit python3native ptest
> > > >   require optee.inc
> > > > -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
> > > > +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native"
> > > >   SRC_URI = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \
> > > >              file://run-ptest  \
> > > > diff --git a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb b/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
> > > > deleted file mode 100644
> > > > index 6367c27..0000000
> > > > --- a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
> > > > +++ /dev/null
> > > > @@ -1,3 +0,0 @@
> > > > -require optee-test.inc
> > > > -
> > > > -SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741"
> > > > diff --git a/meta-arm/recipes-security/optee/optee-test_3.16.0.bb b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb
> > > > new file mode 100644
> > > > index 0000000..03f9c34
> > > > --- /dev/null
> > > > +++ b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb
> > > > @@ -0,0 +1,3 @@
> > > > +require optee-test.inc
> > > > +
> > > > +SRCREV = "1cf0e6d2bdd1145370033d4e182634458528579d"
> > > > diff --git a/meta-arm/recipes-security/optee/optee.inc b/meta-arm/recipes-security/optee/optee.inc
> > > > index f02a022..beae366 100644
> > > > --- a/meta-arm/recipes-security/optee/optee.inc
> > > > +++ b/meta-arm/recipes-security/optee/optee.inc
> > > > @@ -26,3 +26,6 @@ EXTRA_OEMAKE += "V=1 \
> > > >                    OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \
> > > >                    TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \
> > > >                   "
> > > > +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
> > > > +# right path until this is relocated automatically.
> > > > +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
> > > > --
> > > > 2.25.1
> > > >
> > > >
> > > >
> > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > > Links: You receive all messages sent to this group.
> > > > View/Reply Online (#3088):https://lists.yoctoproject.org/g/meta-arm/message/3088
> > > > Mute This Topic:https://lists.yoctoproject.org/mt/89404067/4354175
> > > > Group Owner:meta-arm+owner@lists.yoctoproject.org
> > > > Unsubscribe:https://lists.yoctoproject.org/g/meta-arm/unsub  [alhe@linux.microsoft.com]
> > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > >


^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-03-03  5:31       ` Sumit Garg
@ 2022-03-03 10:55         ` Abdellatif El Khlifi
  2022-03-03 21:11           ` Alejandro Hernandez
  0 siblings, 1 reply; 21+ messages in thread
From: Abdellatif El Khlifi @ 2022-03-03 10:55 UTC (permalink / raw)
  To: Sumit Garg, Jon Mason, Alejandro Hernandez
  Cc: meta-arm, Vishnu Banavath, Maxim Uvarov, Peter Griffin,
	Denys Dmytriyenko, Drew Reed

[-- Attachment #1: Type: text/plain, Size: 26276 bytes --]

Hello,

I suggest the following:

In meta-arm-bsp/conf/layer.conf add :

LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " meta-python openembedded-layer"

In ci/qemuarm64-secureboot.yml add:

ci/meta-openembedded.yml

Kind regards
________________________________
From: Sumit Garg <sumit.garg@linaro.org>
Sent: 03 March 2022 05:31
To: Jon Mason <jdmason@kudzu.us>; Alejandro Hernandez <alhe@linux.microsoft.com>
Cc: meta-arm@lists.yoctoproject.org <meta-arm@lists.yoctoproject.org>; Vishnu Banavath <Vishnu.Banavath@arm.com>; Maxim Uvarov <maxim.uvarov@linaro.org>; Peter Griffin <peter.griffin@linaro.org>; Denys Dmytriyenko <denis@denix.org>; Drew Reed <Drew.Reed@arm.com>; Abdellatif El Khlifi <Abdellatif.ElKhlifi@arm.com>
Subject: Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16

On Wed, 2 Mar 2022 at 20:16, Jon Mason <jdmason@kudzu.us> wrote:
>
> On Tue, Mar 01, 2022 at 09:54:04PM +0000, Alejandro Hernandez wrote:
> > Hi John,
> >
> > On 3/1/22 16:27, Jon Mason wrote:
> > > On Fri, Feb 25, 2022 at 08:04:41PM -0700, Alejandro Enedino Hernandez Samaniego wrote:
> > > > - Removes upstreamed patches for optee-examples
> > > > - Fixes optee-examples installation
> > > > - Includes new python3-cryptography dependency
> > > > - Fixes python3-cryptography to work with openssl
> > > >
> > > > Tested on qemuarm64-secureboot via optee-examples xtest -l 15
> > > With the new changes in python3-crypto, this is no longer working.
> > > I'm seeing the following error in CI.
> > >
> > > --- Error summary ---
> > > ERROR: Nothing PROVIDES 'python3-cryptography-native' (but /builds/jonmason00/meta-arm/meta-arm/recipes-security/optee/optee-os_3.16.0.bb DEPENDS on or otherwise requires it). Close matches:
> > >    python3-cython-native
> > >    python3-pycryptodome-native
> > >    python3-typogrify-native
> > >
> > > I _think_ that adding meta-openembedded.yml being adding to the
> > > machines should fix it, but I'm not sure that is the right solution.
> > >
> > > Thanks,
> > > Jon
> >
> > My apologies, I was testing with meta-oe/meta-python enabled hence I didnt
> > see the error before.
> >
> >
> > I'm not sure its the right solution either, this dependency is coming from
> > the pem_to_pub_c.py script which is now using python3-cyrptography since
> > commit https://github.com/OP-TEE/optee_os/commit/169eac19852d98d8ade821f913bbdd76faf52823
> > (this also means we could remove python3-cryptodome from the dependencies as
> > well), as far as I can tell this creates a hard dependency, passing
> > EXTRA_OEMAKE += " CFG_WITH_USER_TA=n" would avoid executing the script
> > completely but I also dont think thats what we want.
> >
> > Should we include meta-openembedded.yml?,  or what other choice do we have?
> > create a python3-cyrptography recipe to meta-arm?, thoughts?

Yes, we should include meta-openembedded.yml as a dependency and
remove python3-cryptodome from the dependencies.

-Sumit

>
> OPTEE isn't an area I understand well (to know whether removing this
> is superior to adding the dependency in the files).  So, I'm directly
> cc'ing contributors that I think will have an opinion to this
> response.
>
> Thanks,
> Jon
>
> >
> > Cheers,
> >
> > Alejandro
> >
> > > > Signed-off-by: Alejandro Enedino Hernandez Samaniego<alhe@linux.microsoft.com>
> > > > ---
> > > >   ....bbappend => optee-client_3.16.0.bbappend} |  0
> > > >   ...pend => optee-os-tadevkit_3.16.0.bbappend} |  0
> > > >   ...14.0.bbappend => optee-os_3.16.0.bbappend} |  0
> > > >   ....0.bbappend => optee-test_3.16.0.bbappend} |  0
> > > >   .../optee-ftpm/optee-ftpm_git.bb              |  8 +-
> > > >   .../optee/optee-client_3.14.0.bb              |  3 -
> > > >   .../optee/optee-client_3.16.0.bb              |  3 +
> > > >   .../recipes-security/optee/optee-examples.inc |  7 +-
> > > >   ...ix-non-portable-sh-check-for-plugins.patch | 46 ++++++++++
> > > >   ...efault-cross-compiler-environment-se.patch | 84 -------------------
> > > >   ...nable-plugins-installation-in-rootfs.patch | 37 --------
> > > >   .../optee/optee-examples_3.14.0.bb            |  4 -
> > > >   .../optee/optee-examples_3.16.0.bb            |  3 +
> > > >   ..._3.14.0.bb => optee-os-tadevkit_3.16.0.bb} |  3 +-
> > > >   meta-arm/recipes-security/optee/optee-os.inc  |  2 +-
> > > >   ...{optee-os_3.14.0.bb => optee-os_3.16.0.bb} |  2 +-
> > > >   .../recipes-security/optee/optee-test.inc     |  2 +-
> > > >   .../optee/optee-test_3.14.0.bb                |  3 -
> > > >   .../optee/optee-test_3.16.0.bb                |  3 +
> > > >   meta-arm/recipes-security/optee/optee.inc     |  3 +
> > > >   20 files changed, 73 insertions(+), 140 deletions(-)
> > > >   rename meta-arm-bsp/recipes-security/optee/{optee-client_3.14.0.bbappend => optee-client_3.16.0.bbappend} (100%)
> > > >   rename meta-arm-bsp/recipes-security/optee/{optee-os-tadevkit_3.14.0.bbappend => optee-os-tadevkit_3.16.0.bbappend} (100%)
> > > >   rename meta-arm-bsp/recipes-security/optee/{optee-os_3.14.0.bbappend => optee-os_3.16.0.bbappend} (100%)
> > > >   rename meta-arm-bsp/recipes-security/optee/{optee-test_3.14.0.bbappend => optee-test_3.16.0.bbappend} (100%)
> > > >   delete mode 100644 meta-arm/recipes-security/optee/optee-client_3.14.0.bb
> > > >   create mode 100644 meta-arm/recipes-security/optee/optee-client_3.16.0.bb
> > > >   create mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
> > > >   delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
> > > >   delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
> > > >   delete mode 100644 meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
> > > >   create mode 100644 meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
> > > >   rename meta-arm/recipes-security/optee/{optee-os-tadevkit_3.14.0.bb => optee-os-tadevkit_3.16.0.bb} (94%)
> > > >   rename meta-arm/recipes-security/optee/{optee-os_3.14.0.bb => optee-os_3.16.0.bb} (76%)
> > > >   delete mode 100644 meta-arm/recipes-security/optee/optee-test_3.14.0.bb
> > > >   create mode 100644 meta-arm/recipes-security/optee/optee-test_3.16.0.bb
> > > >
> > > > diff --git a/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend
> > > > similarity index 100%
> > > > rename from meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend
> > > > rename to meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend
> > > > diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend
> > > > similarity index 100%
> > > > rename from meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend
> > > > rename to meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend
> > > > diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend
> > > > similarity index 100%
> > > > rename from meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend
> > > > rename to meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend
> > > > diff --git a/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend
> > > > similarity index 100%
> > > > rename from meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend
> > > > rename to meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend
> > > > diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> > > > index f2a74da..0eb64cd 100644
> > > > --- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> > > > +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> > > > @@ -15,7 +15,9 @@ inherit deploy python3native
> > > >   LICENSE = "MIT"
> > > >   LIC_FILES_CHKSUM ="file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5"
> > > > -DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit"
> > > > +DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit \
> > > > +    python3-cryptography-native \
> > > > +    "
> > > >   FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"
> > > > @@ -48,6 +50,10 @@ EXTRA_OEMAKE:append:aarch64:qemuall = "\
> > > >       CFG_ARM64_ta_arm64=y \
> > > >   "
> > > > +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
> > > > +# right path until this is relocated automatically.
> > > > +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
> > > > +
> > > >   PARALLEL_MAKE = ""
> > > >   do_compile() {
> > > > diff --git a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb b/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
> > > > deleted file mode 100644
> > > > index be78b88..0000000
> > > > --- a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
> > > > +++ /dev/null
> > > > @@ -1,3 +0,0 @@
> > > > -require optee-client.inc
> > > > -
> > > > -SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53"
> > > > diff --git a/meta-arm/recipes-security/optee/optee-client_3.16.0.bb b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb
> > > > new file mode 100644
> > > > index 0000000..4a36cbc
> > > > --- /dev/null
> > > > +++ b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb
> > > > @@ -0,0 +1,3 @@
> > > > +require optee-client.inc
> > > > +
> > > > +SRCREV = "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2"
> > > > diff --git a/meta-arm/recipes-security/optee/optee-examples.inc b/meta-arm/recipes-security/optee/optee-examples.inc
> > > > index 656722e..097f892 100644
> > > > --- a/meta-arm/recipes-security/optee/optee-examples.inc
> > > > +++ b/meta-arm/recipes-security/optee/optee-examples.inc
> > > > @@ -5,16 +5,14 @@ HOMEPAGE ="https://github.com/linaro-swg/optee_examples"
> > > >   LICENSE = "BSD-2-Clause"
> > > >   LIC_FILES_CHKSUM ="file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30"
> > > > -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
> > > > +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native"
> > > >   inherit python3native
> > > >   require optee.inc
> > > >   SRC_URI = "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https \
> > > > -file://0001-plugins-Honour-default-cross-compiler-environment-se.patch  \
> > > > -file://0002-Makefile-Enable-plugins-installation-in-rootfs.patch  \
> > > > -          "
> > > > +file://0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch"
> > > >   EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
> > > >                    HOST_CROSS_COMPILE=${HOST_PREFIX} \
> > > > @@ -25,6 +23,7 @@ EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
> > > >   S = "${WORKDIR}/git"
> > > >   B = "${WORKDIR}/build"
> > > > +
> > > >   do_compile() {
> > > >       oe_runmake -C ${S}
> > > >   }
> > > > diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
> > > > new file mode 100644
> > > > index 0000000..70add62
> > > > --- /dev/null
> > > > +++ b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
> > > > @@ -0,0 +1,46 @@
> > > > +From 11610debf750f15c7a104db7315dcd7d69e282a8 Mon Sep 17 00:00:00 2001
> > > > +From: Alejandro Enedino Hernandez Samaniego<alhe@linux.microsoft.com>
> > > > +Date: Sat, 26 Feb 2022 01:52:26 +0000
> > > > +Subject: [PATCH] Makefile: Fix non-portable sh check for plugins
> > > > +
> > > > +Upstream-Status: Pending
> > > > +
> > > > +We previously held a patch that used "=" for comparison, but when
> > > > +that patch got upstreamed it was changed to "==" which is non-portable,
> > > > +resulting in an error:
> > > > +
> > > > +/bin/sh: 6: [: acipher: unexpected operator
> > > > +/bin/sh: 6: [: plugins: unexpected operator
> > > > +/bin/sh: 6: [: hello_world: unexpected operator
> > > > +/bin/sh: 6: [: hotp: unexpected operator
> > > > +/bin/sh: 6: [: aes: unexpected operator
> > > > +/bin/sh: 6: [: random: unexpected operator
> > > > +/bin/sh: 6: [: secure_storage: unexpected operator
> > > > +
> > > > +if /bin/sh doesnt point to bash.
> > > > +
> > > > +Which in turn causes our do_install task to fail since plugins arent
> > > > +where we expect them to be.
> > > > +
> > > > +
> > > > +Signed-off-by: Alejandro Enedino Hernandez Samaniego<alhe@linux.microsoft.com>
> > > > +---
> > > > + Makefile | 2 +-
> > > > + 1 file changed, 1 insertion(+), 1 deletion(-)
> > > > +
> > > > +diff --git a/Makefile b/Makefile
> > > > +index b3f16aa..9359d95 100644
> > > > +--- a/Makefile
> > > > ++++ b/Makefile
> > > > +@@ -31,7 +31,7 @@ prepare-for-rootfs: examples
> > > > +                         cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
> > > > +                 fi; \
> > > > +                 cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
> > > > +-                if [ $$example == plugins ]; then \
> > > > ++                if [ $$example = plugins ]; then \
> > > > +                         cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \
> > > > +                 fi; \
> > > > +         done
> > > > +--
> > > > +2.25.1
> > > > +
> > > > diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch b/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
> > > > deleted file mode 100644
> > > > index 033e48c..0000000
> > > > --- a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
> > > > +++ /dev/null
> > > > @@ -1,84 +0,0 @@
> > > > -From 79c826c249001700007a6dffe80c3d61ff4428ef Mon Sep 17 00:00:00 2001
> > > > -From: Sumit Garg<sumit.garg@linaro.org>
> > > > -Date: Tue, 20 Jul 2021 13:54:30 +0530
> > > > -Subject: [PATCH 1/2] plugins: Honour default cross compiler environment setup
> > > > -
> > > > -Honour default $(CC), $(CFLAGS) and $(LDFLAGS) variables. Without this
> > > > -plugins example fails to build for OE/Yocto.
> > > > -
> > > > -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87]
> > > > -
> > > > -Signed-off-by: Sumit Garg<sumit.garg@linaro.org>
> > > > ----
> > > > - plugins/Makefile        |  2 +-
> > > > - plugins/host/Makefile   |  2 +-
> > > > - plugins/syslog/Makefile | 16 ++++++++++++----
> > > > - 3 files changed, 14 insertions(+), 6 deletions(-)
> > > > -
> > > > -diff --git a/plugins/Makefile b/plugins/Makefile
> > > > -index 2372b38..ea472b4 100644
> > > > ---- a/plugins/Makefile
> > > > -+++ b/plugins/Makefile
> > > > -@@ -8,7 +8,7 @@ TA_CROSS_COMPILE ?= $(CROSS_COMPILE)
> > > > - all:
> > > > -         $(MAKE) -C host CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
> > > > -         $(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)" LDFLAGS=""
> > > > --        $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)"
> > > > -+        $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
> > > > -
> > > > - .PHONY: clean
> > > > - clean:
> > > > -diff --git a/plugins/host/Makefile b/plugins/host/Makefile
> > > > -index 7285104..76244c7 100644
> > > > ---- a/plugins/host/Makefile
> > > > -+++ b/plugins/host/Makefile
> > > > -@@ -20,7 +20,7 @@ BINARY = optee_example_plugins
> > > > - all: $(BINARY)
> > > > -
> > > > - $(BINARY): $(OBJS)
> > > > --        $(CC) -o $@ $< $(LDADD)
> > > > -+        $(CC) $(LDFLAGS) -o $@ $< $(LDADD)
> > > > -
> > > > - .PHONY: clean
> > > > - clean:
> > > > -diff --git a/plugins/syslog/Makefile b/plugins/syslog/Makefile
> > > > -index 62d916a..71f5f92 100644
> > > > ---- a/plugins/syslog/Makefile
> > > > -+++ b/plugins/syslog/Makefile
> > > > -@@ -1,3 +1,11 @@
> > > > -+CC      ?= $(CROSS_COMPILE)gcc
> > > > -+LD      ?= $(CROSS_COMPILE)ld
> > > > -+AR      ?= $(CROSS_COMPILE)ar
> > > > -+NM      ?= $(CROSS_COMPILE)nm
> > > > -+OBJCOPY ?= $(CROSS_COMPILE)objcopy
> > > > -+OBJDUMP ?= $(CROSS_COMPILE)objdump
> > > > -+READELF ?= $(CROSS_COMPILE)readelf
> > > > -+
> > > > - PLUGIN_UUID = 96bcf744-4f72-4866-bf1d-8634fd9c65e5
> > > > -
> > > > - PLUGIN                  = $(PLUGIN_UUID).plugin
> > > > -@@ -6,17 +14,17 @@ PLUGIN_OBJ            = $(patsubst %.c, %.o, $(PLUGIN_SRS))
> > > > - PLUGIN_INCLUDES_DIR     = $(CURDIR) $(TEEC_EXPORT)/include
> > > > -
> > > > - PLUGIN_INCLUDES         = $(addprefix -I, $(PLUGIN_INCLUDES_DIR))
> > > > --PLUGIN_CCFLAGS          = -Wall -fPIC
> > > > --PLUGIN_LDFLAGS          = -shared
> > > > -+PLUGIN_CCFLAGS          = $(CFLAGS) -Wall -fPIC
> > > > -+PLUGIN_LDFLAGS          = $(LDFLAGS) -shared
> > > > -
> > > > - .PHONY: all
> > > > - all: $(PLUGIN)
> > > > -
> > > > - $(PLUGIN): $(PLUGIN_OBJ)
> > > > --        $(CROSS_COMPILE)gcc $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@
> > > > -+        $(CC) $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@
> > > > -
> > > > - %.o: %.c
> > > > --        $(CROSS_COMPILE)gcc $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o
> > > > -+        $(CC) $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o
> > > > -
> > > > - .PHONY: clean
> > > > - clean:
> > > > ---
> > > > -2.25.1
> > > > -
> > > > diff --git a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch b/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
> > > > deleted file mode 100644
> > > > index 80e6b5f..0000000
> > > > --- a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
> > > > +++ /dev/null
> > > > @@ -1,37 +0,0 @@
> > > > -From f4e5e74548d92258855434b550c58fe44993c148 Mon Sep 17 00:00:00 2001
> > > > -From: Sumit Garg<sumit.garg@linaro.org>
> > > > -Date: Tue, 20 Jul 2021 14:20:10 +0530
> > > > -Subject: [PATCH] Makefile: Enable plugins installation in rootfs
> > > > -
> > > > -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87]
> > > > -
> > > > -Signed-off-by: Sumit Garg<sumit.garg@linaro.org>
> > > > -
> > > > ----
> > > > - Makefile | 5 +++++
> > > > - 1 file changed, 5 insertions(+)
> > > > -
> > > > -diff --git a/Makefile b/Makefile
> > > > -index a275842..9359d95 100644
> > > > ---- a/Makefile
> > > > -+++ b/Makefile
> > > > -@@ -25,14 +25,19 @@ prepare-for-rootfs: examples
> > > > -         @mkdir -p $(OUTPUT_DIR)
> > > > -         @mkdir -p $(OUTPUT_DIR)/ta
> > > > -         @mkdir -p $(OUTPUT_DIR)/ca
> > > > -+        @mkdir -p $(OUTPUT_DIR)/plugins
> > > > -         @for example in $(EXAMPLE_LIST); do \
> > > > -                 if [ -e $$example/host/optee_example_$$example ]; then \
> > > > -                         cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
> > > > -                 fi; \
> > > > -                 cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
> > > > -+                if [ $$example = plugins ]; then \
> > > > -+                        cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \
> > > > -+                fi; \
> > > > -         done
> > > > -
> > > > - prepare-for-rootfs-clean:
> > > > -         @rm -rf $(OUTPUT_DIR)/ta
> > > > -         @rm -rf $(OUTPUT_DIR)/ca
> > > > -+        @rm -rf $(OUTPUT_DIR)/plugins
> > > > -         @rmdir --ignore-fail-on-non-empty $(OUTPUT_DIR) || test ! -e $(OUTPUT_DIR)
> > > > diff --git a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
> > > > deleted file mode 100644
> > > > index f2b5f7d..0000000
> > > > --- a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
> > > > +++ /dev/null
> > > > @@ -1,4 +0,0 @@
> > > > -require optee-examples.inc
> > > > -
> > > > -SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec"
> > > > -
> > > > diff --git a/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
> > > > new file mode 100644
> > > > index 0000000..b5f6269
> > > > --- /dev/null
> > > > +++ b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
> > > > @@ -0,0 +1,3 @@
> > > > +require optee-examples.inc
> > > > +
> > > > +SRCREV = "65fc74309e12189ad5b6ce3ffec37c8011088a5a"
> > > > diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
> > > > similarity index 94%
> > > > rename from meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> > > > rename to meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
> > > > index 0d37a52..c710e27 100644
> > > > --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> > > > +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
> > > > @@ -1,10 +1,11 @@
> > > >   FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:"
> > > > -require optee-os_3.14.0.bb
> > > > +require optee-os_3.16.0.bb
> > > >   SUMMARY = "OP-TEE Trusted OS TA devkit"
> > > >   DESCRIPTION = "OP-TEE TA devkit for build TAs"
> > > >   HOMEPAGE ="https://www.op-tee.org/"
> > > > +
> > > >   do_install() {
> > > >       #install TA devkit
> > > >       install -d ${D}${includedir}/optee/export-user_ta/
> > > > diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc
> > > > index 1506a58..57c64fd 100644
> > > > --- a/meta-arm/recipes-security/optee/optee-os.inc
> > > > +++ b/meta-arm/recipes-security/optee/optee-os.inc
> > > > @@ -10,7 +10,7 @@ require optee.inc
> > > >   CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os"
> > > > -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native"
> > > > +DEPENDS = "python3-pycryptodome-native python3-pyelftools-native python3-cryptography-native"
> > > >   DEPENDS:append:toolchain-clang = " compiler-rt"
> > > > diff --git a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb
> > > > similarity index 76%
> > > > rename from meta-arm/recipes-security/optee/optee-os_3.14.0.bb
> > > > rename to meta-arm/recipes-security/optee/optee-os_3.16.0.bb
> > > > index 95d82bb..873e964 100644
> > > > --- a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb
> > > > +++ b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb
> > > > @@ -1,6 +1,6 @@
> > > >   require optee-os.inc
> > > > -SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f"
> > > > +SRCREV = "d0b742d1564834dac903f906168d7357063d5459"
> > > >   SRC_URI:append = " \
> > > >       file://0006-allow-setting-sysroot-for-libgcc-lookup.patch  \
> > > > diff --git a/meta-arm/recipes-security/optee/optee-test.inc b/meta-arm/recipes-security/optee/optee-test.inc
> > > > index aada243..33eda29 100644
> > > > --- a/meta-arm/recipes-security/optee/optee-test.inc
> > > > +++ b/meta-arm/recipes-security/optee/optee-test.inc
> > > > @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM ="file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa"
> > > >   inherit python3native ptest
> > > >   require optee.inc
> > > > -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
> > > > +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native"
> > > >   SRC_URI = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \
> > > >              file://run-ptest  \
> > > > diff --git a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb b/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
> > > > deleted file mode 100644
> > > > index 6367c27..0000000
> > > > --- a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
> > > > +++ /dev/null
> > > > @@ -1,3 +0,0 @@
> > > > -require optee-test.inc
> > > > -
> > > > -SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741"
> > > > diff --git a/meta-arm/recipes-security/optee/optee-test_3.16.0.bb b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb
> > > > new file mode 100644
> > > > index 0000000..03f9c34
> > > > --- /dev/null
> > > > +++ b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb
> > > > @@ -0,0 +1,3 @@
> > > > +require optee-test.inc
> > > > +
> > > > +SRCREV = "1cf0e6d2bdd1145370033d4e182634458528579d"
> > > > diff --git a/meta-arm/recipes-security/optee/optee.inc b/meta-arm/recipes-security/optee/optee.inc
> > > > index f02a022..beae366 100644
> > > > --- a/meta-arm/recipes-security/optee/optee.inc
> > > > +++ b/meta-arm/recipes-security/optee/optee.inc
> > > > @@ -26,3 +26,6 @@ EXTRA_OEMAKE += "V=1 \
> > > >                    OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \
> > > >                    TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \
> > > >                   "
> > > > +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
> > > > +# right path until this is relocated automatically.
> > > > +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
> > > > --
> > > > 2.25.1
> > > >
> > > >
> > > >
> > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > > Links: You receive all messages sent to this group.
> > > > View/Reply Online (#3088):https://lists.yoctoproject.org/g/meta-arm/message/3088
> > > > Mute This Topic:https://lists.yoctoproject.org/mt/89404067/4354175
> > > > Group Owner:meta-arm+owner@lists.yoctoproject.org
> > > > Unsubscribe:https://lists.yoctoproject.org/g/meta-arm/unsub  [alhe@linux.microsoft.com]
> > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > >

[-- Attachment #2: Type: text/html, Size: 40259 bytes --]

^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-03-03 10:55         ` Abdellatif El Khlifi
@ 2022-03-03 21:11           ` Alejandro Hernandez
  2022-03-03 23:37             ` Denys Dmytriyenko
  0 siblings, 1 reply; 21+ messages in thread
From: Alejandro Hernandez @ 2022-03-03 21:11 UTC (permalink / raw)
  To: Abdellatif El Khlifi, Sumit Garg, Jon Mason
  Cc: meta-arm, Vishnu Banavath, Maxim Uvarov, Peter Griffin,
	Denys Dmytriyenko, Drew Reed

[-- Attachment #1: Type: text/plain, Size: 29240 bytes --]


On 3/3/22 10:55, Abdellatif El Khlifi wrote:
> Hello,
>
> I suggest the following:
>
> In meta-arm-bsp/conf/layer.conf add :
>
> LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " meta-python 
> openembedded-layer"


This statement is a little confusing (to me), please correct me if I'm 
wrong, but you're saying

we should set a dependency from meta-arm-bsp layer, only for 
qemuarm64-secureboot,

however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp,

AFAIC meta-arm-bsp has now knowledge of its existence, in fact there's 
no other mention of

qemuarm64-secureboot in meta-arm-bsp.


Cheers,


Alejandro

>
> In ci/qemuarm64-secureboot.yml add:
>
> ci/meta-openembedded.yml
>
> Kind regards
> ------------------------------------------------------------------------
> *From:* Sumit Garg <sumit.garg@linaro.org>
> *Sent:* 03 March 2022 05:31
> *To:* Jon Mason <jdmason@kudzu.us>; Alejandro Hernandez 
> <alhe@linux.microsoft.com>
> *Cc:* meta-arm@lists.yoctoproject.org 
> <meta-arm@lists.yoctoproject.org>; Vishnu Banavath 
> <Vishnu.Banavath@arm.com>; Maxim Uvarov <maxim.uvarov@linaro.org>; 
> Peter Griffin <peter.griffin@linaro.org>; Denys Dmytriyenko 
> <denis@denix.org>; Drew Reed <Drew.Reed@arm.com>; Abdellatif El Khlifi 
> <Abdellatif.ElKhlifi@arm.com>
> *Subject:* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
> On Wed, 2 Mar 2022 at 20:16, Jon Mason <jdmason@kudzu.us> wrote:
> >
> > On Tue, Mar 01, 2022 at 09:54:04PM +0000, Alejandro Hernandez wrote:
> > > Hi John,
> > >
> > > On 3/1/22 16:27, Jon Mason wrote:
> > > > On Fri, Feb 25, 2022 at 08:04:41PM -0700, Alejandro Enedino 
> Hernandez Samaniego wrote:
> > > > > - Removes upstreamed patches for optee-examples
> > > > > - Fixes optee-examples installation
> > > > > - Includes new python3-cryptography dependency
> > > > > - Fixes python3-cryptography to work with openssl
> > > > >
> > > > > Tested on qemuarm64-secureboot via optee-examples xtest -l 15
> > > > With the new changes in python3-crypto, this is no longer working.
> > > > I'm seeing the following error in CI.
> > > >
> > > > --- Error summary ---
> > > > ERROR: Nothing PROVIDES 'python3-cryptography-native' (but 
> /builds/jonmason00/meta-arm/meta-arm/recipes-security/optee/optee-os_3.16.0.bb 
> DEPENDS on or otherwise requires it). Close matches:
> > > >    python3-cython-native
> > > >    python3-pycryptodome-native
> > > >    python3-typogrify-native
> > > >
> > > > I _think_ that adding meta-openembedded.yml being adding to the
> > > > machines should fix it, but I'm not sure that is the right solution.
> > > >
> > > > Thanks,
> > > > Jon
> > >
> > > My apologies, I was testing with meta-oe/meta-python enabled hence 
> I didnt
> > > see the error before.
> > >
> > >
> > > I'm not sure its the right solution either, this dependency is 
> coming from
> > > the pem_to_pub_c.py script which is now using python3-cyrptography 
> since
> > > commit 
> https://github.com/OP-TEE/optee_os/commit/169eac19852d98d8ade821f913bbdd76faf52823
> > > (this also means we could remove python3-cryptodome from the 
> dependencies as
> > > well), as far as I can tell this creates a hard dependency, passing
> > > EXTRA_OEMAKE += " CFG_WITH_USER_TA=n" would avoid executing the script
> > > completely but I also dont think thats what we want.
> > >
> > > Should we include meta-openembedded.yml?,  or what other choice do 
> we have?
> > > create a python3-cyrptography recipe to meta-arm?, thoughts?
>
> Yes, we should include meta-openembedded.yml as a dependency and
> remove python3-cryptodome from the dependencies.
>
> -Sumit
>
> >
> > OPTEE isn't an area I understand well (to know whether removing this
> > is superior to adding the dependency in the files). So, I'm directly
> > cc'ing contributors that I think will have an opinion to this
> > response.
> >
> > Thanks,
> > Jon
> >
> > >
> > > Cheers,
> > >
> > > Alejandro
> > >
> > > > > Signed-off-by: Alejandro Enedino Hernandez 
> Samaniego<alhe@linux.microsoft.com>
> > > > > ---
> > > > >   ....bbappend => optee-client_3.16.0.bbappend} |  0
> > > > >   ...pend => optee-os-tadevkit_3.16.0.bbappend} |  0
> > > > >   ...14.0.bbappend => optee-os_3.16.0.bbappend} |  0
> > > > >   ....0.bbappend => optee-test_3.16.0.bbappend} |  0
> > > > > .../optee-ftpm/optee-ftpm_git.bb              |  8 +-
> > > > > .../optee/optee-client_3.14.0.bb              |  3 -
> > > > > .../optee/optee-client_3.16.0.bb              |  3 +
> > > > > .../recipes-security/optee/optee-examples.inc |  7 +-
> > > > > ...ix-non-portable-sh-check-for-plugins.patch | 46 ++++++++++
> > > > > ...efault-cross-compiler-environment-se.patch | 84 
> -------------------
> > > > > ...nable-plugins-installation-in-rootfs.patch | 37 --------
> > > > > .../optee/optee-examples_3.14.0.bb            |  4 -
> > > > > .../optee/optee-examples_3.16.0.bb            |  3 +
> > > > >   ..._3.14.0.bb => optee-os-tadevkit_3.16.0.bb} |  3 +-
> > > > > meta-arm/recipes-security/optee/optee-os.inc  |  2 +-
> > > > >   ...{optee-os_3.14.0.bb => optee-os_3.16.0.bb} |  2 +-
> > > > > .../recipes-security/optee/optee-test.inc     |  2 +-
> > > > > .../optee/optee-test_3.14.0.bb                |  3 -
> > > > > .../optee/optee-test_3.16.0.bb                |  3 +
> > > > > meta-arm/recipes-security/optee/optee.inc     |  3 +
> > > > >   20 files changed, 73 insertions(+), 140 deletions(-)
> > > > >   rename 
> meta-arm-bsp/recipes-security/optee/{optee-client_3.14.0.bbappend => 
> optee-client_3.16.0.bbappend} (100%)
> > > > >   rename 
> meta-arm-bsp/recipes-security/optee/{optee-os-tadevkit_3.14.0.bbappend 
> => optee-os-tadevkit_3.16.0.bbappend} (100%)
> > > > >   rename 
> meta-arm-bsp/recipes-security/optee/{optee-os_3.14.0.bbappend => 
> optee-os_3.16.0.bbappend} (100%)
> > > > >   rename 
> meta-arm-bsp/recipes-security/optee/{optee-test_3.14.0.bbappend => 
> optee-test_3.16.0.bbappend} (100%)
> > > > >   delete mode 100644 
> meta-arm/recipes-security/optee/optee-client_3.14.0.bb
> > > > >   create mode 100644 
> meta-arm/recipes-security/optee/optee-client_3.16.0.bb
> > > > >   create mode 100644 
> meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
> > > > >   delete mode 100644 
> meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
> > > > >   delete mode 100644 
> meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
> > > > >   delete mode 100644 
> meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
> > > > >   create mode 100644 
> meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
> > > > >   rename 
> meta-arm/recipes-security/optee/{optee-os-tadevkit_3.14.0.bb => 
> optee-os-tadevkit_3.16.0.bb} (94%)
> > > > >   rename meta-arm/recipes-security/optee/{optee-os_3.14.0.bb 
> => optee-os_3.16.0.bb} (76%)
> > > > >   delete mode 100644 
> meta-arm/recipes-security/optee/optee-test_3.14.0.bb
> > > > >   create mode 100644 
> meta-arm/recipes-security/optee/optee-test_3.16.0.bb
> > > > >
> > > > > diff --git 
> a/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend 
> b/meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend
> > > > > similarity index 100%
> > > > > rename from 
> meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend
> > > > > rename to 
> meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend
> > > > > diff --git 
> a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend 
> b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend
> > > > > similarity index 100%
> > > > > rename from 
> meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend
> > > > > rename to 
> meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend
> > > > > diff --git 
> a/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend 
> b/meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend
> > > > > similarity index 100%
> > > > > rename from 
> meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend
> > > > > rename to 
> meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend
> > > > > diff --git 
> a/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend 
> b/meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend
> > > > > similarity index 100%
> > > > > rename from 
> meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend
> > > > > rename to 
> meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend
> > > > > diff --git 
> a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb 
> b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> > > > > index f2a74da..0eb64cd 100644
> > > > > --- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> > > > > +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> > > > > @@ -15,7 +15,9 @@ inherit deploy python3native
> > > > >   LICENSE = "MIT"
> > > > >   LIC_FILES_CHKSUM 
> ="file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5 
> <file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5>"
> > > > > -DEPENDS = "python3-pycryptodome-native 
> python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit"
> > > > > +DEPENDS = "python3-pycryptodome-native 
> python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit \
> > > > > +    python3-cryptography-native \
> > > > > +    "
> > > > > FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"
> > > > > @@ -48,6 +50,10 @@ EXTRA_OEMAKE:append:aarch64:qemuall = "\
> > > > >       CFG_ARM64_ta_arm64=y \
> > > > >   "
> > > > > +# python3-cryptography needs the legacy provider, so set 
> OPENSSL_MODULES to the
> > > > > +# right path until this is relocated automatically.
> > > > > +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
> > > > > +
> > > > >   PARALLEL_MAKE = ""
> > > > >   do_compile() {
> > > > > diff --git 
> a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb 
> b/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
> > > > > deleted file mode 100644
> > > > > index be78b88..0000000
> > > > > --- a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
> > > > > +++ /dev/null
> > > > > @@ -1,3 +0,0 @@
> > > > > -require optee-client.inc
> > > > > -
> > > > > -SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53"
> > > > > diff --git 
> a/meta-arm/recipes-security/optee/optee-client_3.16.0.bb 
> b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb
> > > > > new file mode 100644
> > > > > index 0000000..4a36cbc
> > > > > --- /dev/null
> > > > > +++ b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb
> > > > > @@ -0,0 +1,3 @@
> > > > > +require optee-client.inc
> > > > > +
> > > > > +SRCREV = "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2"
> > > > > diff --git 
> a/meta-arm/recipes-security/optee/optee-examples.inc 
> b/meta-arm/recipes-security/optee/optee-examples.inc
> > > > > index 656722e..097f892 100644
> > > > > --- a/meta-arm/recipes-security/optee/optee-examples.inc
> > > > > +++ b/meta-arm/recipes-security/optee/optee-examples.inc
> > > > > @@ -5,16 +5,14 @@ HOMEPAGE 
> ="https://github.com/linaro-swg/optee_examples"
> > > > >   LICENSE = "BSD-2-Clause"
> > > > >   LIC_FILES_CHKSUM 
> ="file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30 
> <file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30>"
> > > > > -DEPENDS = "optee-client optee-os-tadevkit 
> python3-pycryptodome-native"
> > > > > +DEPENDS = "optee-client optee-os-tadevkit 
> python3-pycryptodome-native python3-cryptography-native"
> > > > >   inherit python3native
> > > > >   require optee.inc
> > > > >   SRC_URI = 
> "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https 
> \
> > > > > 
> -file://0001-plugins-Honour-default-cross-compiler-environment-se.patch \
> > > > > 
> -file://0002-Makefile-Enable-plugins-installation-in-rootfs.patch \
> > > > > -          "
> > > > > +file://0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch"
> > > > >   EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
> > > > > HOST_CROSS_COMPILE=${HOST_PREFIX} \
> > > > > @@ -25,6 +23,7 @@ EXTRA_OEMAKE += 
> "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
> > > > >   S = "${WORKDIR}/git"
> > > > >   B = "${WORKDIR}/build"
> > > > > +
> > > > >   do_compile() {
> > > > >       oe_runmake -C ${S}
> > > > >   }
> > > > > diff --git 
> a/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch 
> b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
> > > > > new file mode 100644
> > > > > index 0000000..70add62
> > > > > --- /dev/null
> > > > > +++ 
> b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
> > > > > @@ -0,0 +1,46 @@
> > > > > +From 11610debf750f15c7a104db7315dcd7d69e282a8 Mon Sep 17 
> 00:00:00 2001
> > > > > +From: Alejandro Enedino Hernandez 
> Samaniego<alhe@linux.microsoft.com>
> > > > > +Date: Sat, 26 Feb 2022 01:52:26 +0000
> > > > > +Subject: [PATCH] Makefile: Fix non-portable sh check for plugins
> > > > > +
> > > > > +Upstream-Status: Pending
> > > > > +
> > > > > +We previously held a patch that used "=" for comparison, but when
> > > > > +that patch got upstreamed it was changed to "==" which is 
> non-portable,
> > > > > +resulting in an error:
> > > > > +
> > > > > +/bin/sh: 6: [: acipher: unexpected operator
> > > > > +/bin/sh: 6: [: plugins: unexpected operator
> > > > > +/bin/sh: 6: [: hello_world: unexpected operator
> > > > > +/bin/sh: 6: [: hotp: unexpected operator
> > > > > +/bin/sh: 6: [: aes: unexpected operator
> > > > > +/bin/sh: 6: [: random: unexpected operator
> > > > > +/bin/sh: 6: [: secure_storage: unexpected operator
> > > > > +
> > > > > +if /bin/sh doesnt point to bash.
> > > > > +
> > > > > +Which in turn causes our do_install task to fail since 
> plugins arent
> > > > > +where we expect them to be.
> > > > > +
> > > > > +
> > > > > +Signed-off-by: Alejandro Enedino Hernandez 
> Samaniego<alhe@linux.microsoft.com>
> > > > > +---
> > > > > + Makefile | 2 +-
> > > > > + 1 file changed, 1 insertion(+), 1 deletion(-)
> > > > > +
> > > > > +diff --git a/Makefile b/Makefile
> > > > > +index b3f16aa..9359d95 100644
> > > > > +--- a/Makefile
> > > > > ++++ b/Makefile
> > > > > +@@ -31,7 +31,7 @@ prepare-for-rootfs: examples
> > > > > +                         cp -p 
> $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
> > > > > +                 fi; \
> > > > > +                 cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
> > > > > +-                if [ $$example == plugins ]; then \
> > > > > ++                if [ $$example = plugins ]; then \
> > > > > +                         cp -p plugins/syslog/*.plugin 
> $(OUTPUT_DIR)/plugins/; \
> > > > > +                 fi; \
> > > > > +         done
> > > > > +--
> > > > > +2.25.1
> > > > > +
> > > > > diff --git 
> a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch 
> b/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
> > > > > deleted file mode 100644
> > > > > index 033e48c..0000000
> > > > > --- 
> a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
> > > > > +++ /dev/null
> > > > > @@ -1,84 +0,0 @@
> > > > > -From 79c826c249001700007a6dffe80c3d61ff4428ef Mon Sep 17 
> 00:00:00 2001
> > > > > -From: Sumit Garg<sumit.garg@linaro.org>
> > > > > -Date: Tue, 20 Jul 2021 13:54:30 +0530
> > > > > -Subject: [PATCH 1/2] plugins: Honour default cross compiler 
> environment setup
> > > > > -
> > > > > -Honour default $(CC), $(CFLAGS) and $(LDFLAGS) variables. 
> Without this
> > > > > -plugins example fails to build for OE/Yocto.
> > > > > -
> > > > > -Upstream-Status: Submitted 
> [https://github.com/linaro-swg/optee_examples/pull/87]
> > > > > -
> > > > > -Signed-off-by: Sumit Garg<sumit.garg@linaro.org>
> > > > > ----
> > > > > - plugins/Makefile        |  2 +-
> > > > > - plugins/host/Makefile   |  2 +-
> > > > > - plugins/syslog/Makefile | 16 ++++++++++++----
> > > > > - 3 files changed, 14 insertions(+), 6 deletions(-)
> > > > > -
> > > > > -diff --git a/plugins/Makefile b/plugins/Makefile
> > > > > -index 2372b38..ea472b4 100644
> > > > > ---- a/plugins/Makefile
> > > > > -+++ b/plugins/Makefile
> > > > > -@@ -8,7 +8,7 @@ TA_CROSS_COMPILE ?= $(CROSS_COMPILE)
> > > > > - all:
> > > > > -         $(MAKE) -C host 
> CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
> > > > > -         $(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)" 
> LDFLAGS=""
> > > > > --        $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)"
> > > > > -+        $(MAKE) -C syslog 
> CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
> > > > > -
> > > > > - .PHONY: clean
> > > > > - clean:
> > > > > -diff --git a/plugins/host/Makefile b/plugins/host/Makefile
> > > > > -index 7285104..76244c7 100644
> > > > > ---- a/plugins/host/Makefile
> > > > > -+++ b/plugins/host/Makefile
> > > > > -@@ -20,7 +20,7 @@ BINARY = optee_example_plugins
> > > > > - all: $(BINARY)
> > > > > -
> > > > > - $(BINARY): $(OBJS)
> > > > > --        $(CC) -o $@ $< $(LDADD)
> > > > > -+        $(CC) $(LDFLAGS) -o $@ $< $(LDADD)
> > > > > -
> > > > > - .PHONY: clean
> > > > > - clean:
> > > > > -diff --git a/plugins/syslog/Makefile b/plugins/syslog/Makefile
> > > > > -index 62d916a..71f5f92 100644
> > > > > ---- a/plugins/syslog/Makefile
> > > > > -+++ b/plugins/syslog/Makefile
> > > > > -@@ -1,3 +1,11 @@
> > > > > -+CC      ?= $(CROSS_COMPILE)gcc
> > > > > -+LD      ?= $(CROSS_COMPILE)ld
> > > > > -+AR      ?= $(CROSS_COMPILE)ar
> > > > > -+NM      ?= $(CROSS_COMPILE)nm
> > > > > -+OBJCOPY ?= $(CROSS_COMPILE)objcopy
> > > > > -+OBJDUMP ?= $(CROSS_COMPILE)objdump
> > > > > -+READELF ?= $(CROSS_COMPILE)readelf
> > > > > -+
> > > > > - PLUGIN_UUID = 96bcf744-4f72-4866-bf1d-8634fd9c65e5
> > > > > -
> > > > > - PLUGIN                  = $(PLUGIN_UUID).plugin
> > > > > -@@ -6,17 +14,17 @@ PLUGIN_OBJ            = $(patsubst %.c, 
> %.o, $(PLUGIN_SRS))
> > > > > - PLUGIN_INCLUDES_DIR     = $(CURDIR) $(TEEC_EXPORT)/include
> > > > > -
> > > > > - PLUGIN_INCLUDES         = $(addprefix -I, 
> $(PLUGIN_INCLUDES_DIR))
> > > > > --PLUGIN_CCFLAGS          = -Wall -fPIC
> > > > > --PLUGIN_LDFLAGS          = -shared
> > > > > -+PLUGIN_CCFLAGS          = $(CFLAGS) -Wall -fPIC
> > > > > -+PLUGIN_LDFLAGS          = $(LDFLAGS) -shared
> > > > > -
> > > > > - .PHONY: all
> > > > > - all: $(PLUGIN)
> > > > > -
> > > > > - $(PLUGIN): $(PLUGIN_OBJ)
> > > > > --        $(CROSS_COMPILE)gcc $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) 
> -o $@
> > > > > -+        $(CC) $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@
> > > > > -
> > > > > - %.o: %.c
> > > > > --        $(CROSS_COMPILE)gcc $(PLUGIN_CCFLAGS) 
> $(PLUGIN_INCLUDES) -c $*.c -o $*.o
> > > > > -+        $(CC) $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c 
> -o $*.o
> > > > > -
> > > > > - .PHONY: clean
> > > > > - clean:
> > > > > ---
> > > > > -2.25.1
> > > > > -
> > > > > diff --git 
> a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch 
> b/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
> > > > > deleted file mode 100644
> > > > > index 80e6b5f..0000000
> > > > > --- 
> a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
> > > > > +++ /dev/null
> > > > > @@ -1,37 +0,0 @@
> > > > > -From f4e5e74548d92258855434b550c58fe44993c148 Mon Sep 17 
> 00:00:00 2001
> > > > > -From: Sumit Garg<sumit.garg@linaro.org>
> > > > > -Date: Tue, 20 Jul 2021 14:20:10 +0530
> > > > > -Subject: [PATCH] Makefile: Enable plugins installation in rootfs
> > > > > -
> > > > > -Upstream-Status: Submitted 
> [https://github.com/linaro-swg/optee_examples/pull/87]
> > > > > -
> > > > > -Signed-off-by: Sumit Garg<sumit.garg@linaro.org>
> > > > > -
> > > > > ----
> > > > > - Makefile | 5 +++++
> > > > > - 1 file changed, 5 insertions(+)
> > > > > -
> > > > > -diff --git a/Makefile b/Makefile
> > > > > -index a275842..9359d95 100644
> > > > > ---- a/Makefile
> > > > > -+++ b/Makefile
> > > > > -@@ -25,14 +25,19 @@ prepare-for-rootfs: examples
> > > > > -         @mkdir -p $(OUTPUT_DIR)
> > > > > -         @mkdir -p $(OUTPUT_DIR)/ta
> > > > > -         @mkdir -p $(OUTPUT_DIR)/ca
> > > > > -+        @mkdir -p $(OUTPUT_DIR)/plugins
> > > > > -         @for example in $(EXAMPLE_LIST); do \
> > > > > -                 if [ -e 
> $$example/host/optee_example_$$example ]; then \
> > > > > -                         cp -p 
> $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
> > > > > -                 fi; \
> > > > > -                 cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
> > > > > -+                if [ $$example = plugins ]; then \
> > > > > -+                        cp -p plugins/syslog/*.plugin 
> $(OUTPUT_DIR)/plugins/; \
> > > > > -+                fi; \
> > > > > -         done
> > > > > -
> > > > > - prepare-for-rootfs-clean:
> > > > > -         @rm -rf $(OUTPUT_DIR)/ta
> > > > > -         @rm -rf $(OUTPUT_DIR)/ca
> > > > > -+        @rm -rf $(OUTPUT_DIR)/plugins
> > > > > -         @rmdir --ignore-fail-on-non-empty $(OUTPUT_DIR) || 
> test ! -e $(OUTPUT_DIR)
> > > > > diff --git 
> a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb 
> b/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
> > > > > deleted file mode 100644
> > > > > index f2b5f7d..0000000
> > > > > --- a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
> > > > > +++ /dev/null
> > > > > @@ -1,4 +0,0 @@
> > > > > -require optee-examples.inc
> > > > > -
> > > > > -SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec"
> > > > > -
> > > > > diff --git 
> a/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb 
> b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
> > > > > new file mode 100644
> > > > > index 0000000..b5f6269
> > > > > --- /dev/null
> > > > > +++ b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
> > > > > @@ -0,0 +1,3 @@
> > > > > +require optee-examples.inc
> > > > > +
> > > > > +SRCREV = "65fc74309e12189ad5b6ce3ffec37c8011088a5a"
> > > > > diff --git 
> a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb 
> b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
> > > > > similarity index 94%
> > > > > rename from 
> meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> > > > > rename to 
> meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
> > > > > index 0d37a52..c710e27 100644
> > > > > --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> > > > > +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
> > > > > @@ -1,10 +1,11 @@
> > > > >   FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:"
> > > > > -require optee-os_3.14.0.bb
> > > > > +require optee-os_3.16.0.bb
> > > > >   SUMMARY = "OP-TEE Trusted OS TA devkit"
> > > > >   DESCRIPTION = "OP-TEE TA devkit for build TAs"
> > > > >   HOMEPAGE ="https://www.op-tee.org/"
> > > > > +
> > > > >   do_install() {
> > > > >       #install TA devkit
> > > > >       install -d ${D}${includedir}/optee/export-user_ta/
> > > > > diff --git a/meta-arm/recipes-security/optee/optee-os.inc 
> b/meta-arm/recipes-security/optee/optee-os.inc
> > > > > index 1506a58..57c64fd 100644
> > > > > --- a/meta-arm/recipes-security/optee/optee-os.inc
> > > > > +++ b/meta-arm/recipes-security/optee/optee-os.inc
> > > > > @@ -10,7 +10,7 @@ require optee.inc
> > > > >   CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os"
> > > > > -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native"
> > > > > +DEPENDS = "python3-pycryptodome-native 
> python3-pyelftools-native python3-cryptography-native"
> > > > >   DEPENDS:append:toolchain-clang = " compiler-rt"
> > > > > diff --git 
> a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb 
> b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb
> > > > > similarity index 76%
> > > > > rename from meta-arm/recipes-security/optee/optee-os_3.14.0.bb
> > > > > rename to meta-arm/recipes-security/optee/optee-os_3.16.0.bb
> > > > > index 95d82bb..873e964 100644
> > > > > --- a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb
> > > > > +++ b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb
> > > > > @@ -1,6 +1,6 @@
> > > > >   require optee-os.inc
> > > > > -SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f"
> > > > > +SRCREV = "d0b742d1564834dac903f906168d7357063d5459"
> > > > >   SRC_URI:append = " \
> > > > > file://0006-allow-setting-sysroot-for-libgcc-lookup.patch 
> <file://0006-allow-setting-sysroot-for-libgcc-lookup.patch>  \
> > > > > diff --git a/meta-arm/recipes-security/optee/optee-test.inc 
> b/meta-arm/recipes-security/optee/optee-test.inc
> > > > > index aada243..33eda29 100644
> > > > > --- a/meta-arm/recipes-security/optee/optee-test.inc
> > > > > +++ b/meta-arm/recipes-security/optee/optee-test.inc
> > > > > @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM 
> ="file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa 
> <file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa>"
> > > > >   inherit python3native ptest
> > > > >   require optee.inc
> > > > > -DEPENDS = "optee-client optee-os-tadevkit 
> python3-pycryptodome-native"
> > > > > +DEPENDS = "optee-client optee-os-tadevkit 
> python3-pycryptodome-native python3-cryptography-native"
> > > > >   SRC_URI = 
> "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \
> > > > > file://run-ptest <file://run-ptest> \
> > > > > diff --git 
> a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb 
> b/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
> > > > > deleted file mode 100644
> > > > > index 6367c27..0000000
> > > > > --- a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
> > > > > +++ /dev/null
> > > > > @@ -1,3 +0,0 @@
> > > > > -require optee-test.inc
> > > > > -
> > > > > -SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741"
> > > > > diff --git 
> a/meta-arm/recipes-security/optee/optee-test_3.16.0.bb 
> b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb
> > > > > new file mode 100644
> > > > > index 0000000..03f9c34
> > > > > --- /dev/null
> > > > > +++ b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb
> > > > > @@ -0,0 +1,3 @@
> > > > > +require optee-test.inc
> > > > > +
> > > > > +SRCREV = "1cf0e6d2bdd1145370033d4e182634458528579d"
> > > > > diff --git a/meta-arm/recipes-security/optee/optee.inc 
> b/meta-arm/recipes-security/optee/optee.inc
> > > > > index f02a022..beae366 100644
> > > > > --- a/meta-arm/recipes-security/optee/optee.inc
> > > > > +++ b/meta-arm/recipes-security/optee/optee.inc
> > > > > @@ -26,3 +26,6 @@ EXTRA_OEMAKE += "V=1 \
> > > > > OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \
> > > > > TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \
> > > > >                   "
> > > > > +# python3-cryptography needs the legacy provider, so set 
> OPENSSL_MODULES to the
> > > > > +# right path until this is relocated automatically.
> > > > > +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
> > > > > --
> > > > > 2.25.1
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#3096):https://lists.yoctoproject.org/g/meta-arm/message/3096
> Mute This Topic:https://lists.yoctoproject.org/mt/89404067/4354175
> Group Owner:meta-arm+owner@lists.yoctoproject.org
> Unsubscribe:https://lists.yoctoproject.org/g/meta-arm/unsub  [alhe@linux.microsoft.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

[-- Attachment #2: Type: text/html, Size: 50693 bytes --]

^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-03-03 21:11           ` Alejandro Hernandez
@ 2022-03-03 23:37             ` Denys Dmytriyenko
  2022-03-04  3:16               ` Alejandro Hernandez
  0 siblings, 1 reply; 21+ messages in thread
From: Denys Dmytriyenko @ 2022-03-03 23:37 UTC (permalink / raw)
  To: Alejandro Hernandez Samaniego
  Cc: Abdellatif El Khlifi, Sumit Garg, Jon Mason, meta-arm,
	Vishnu Banavath, Maxim Uvarov, Peter Griffin, Drew Reed

On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote:
> 
> On 3/3/22 10:55, Abdellatif El Khlifi wrote:
> >Hello,
> >
> >I suggest the following:
> >
> >In meta-arm-bsp/conf/layer.conf add :
> >
> >LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = "
> >meta-python openembedded-layer"
> 
> 
> This statement is a little confusing (to me), please correct me if
> I'm wrong, but you're saying
> 
> we should set a dependency from meta-arm-bsp layer, only for
> qemuarm64-secureboot,
> 
> however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp,
> 
> AFAIC meta-arm-bsp has now knowledge of its existence, in fact
> there's no other mention of
> 
> qemuarm64-secureboot in meta-arm-bsp.

Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on 
meta-arm, not meta-arm-bsp.

Depending on python3-cryptography which is only available in meta-python (part 
of meta-openembedded) should be avoided. Back in the day we pushed for moving 
other python3 dependencies like pycryptodome and pyelftools into OE-Core:

https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516ca
https://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571

We could try doing the same with this new python3-cryptography dependecy and 
propose moving it to OE-Core. Alternatively, consider adding it to meta-arm? 
Not ideal, but meta-arm-bsp briefly carried alternative/older version recently:

https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058

-- 
Denys


> Cheers,
> 
> 
> Alejandro
> 
> >
> >In ci/qemuarm64-secureboot.yml add:
> >
> >ci/meta-openembedded.yml
> >
> >Kind regards
> >------------------------------------------------------------------------
> >*From:* Sumit Garg <sumit.garg@linaro.org>
> >*Sent:* 03 March 2022 05:31
> >*To:* Jon Mason <jdmason@kudzu.us>; Alejandro Hernandez
> ><alhe@linux.microsoft.com>
> >*Cc:* meta-arm@lists.yoctoproject.org
> ><meta-arm@lists.yoctoproject.org>; Vishnu Banavath
> ><Vishnu.Banavath@arm.com>; Maxim Uvarov <maxim.uvarov@linaro.org>;
> >Peter Griffin <peter.griffin@linaro.org>; Denys Dmytriyenko
> ><denis@denix.org>; Drew Reed <Drew.Reed@arm.com>; Abdellatif El
> >Khlifi <Abdellatif.ElKhlifi@arm.com>
> >*Subject:* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
> >On Wed, 2 Mar 2022 at 20:16, Jon Mason <jdmason@kudzu.us> wrote:
> >>
> >> On Tue, Mar 01, 2022 at 09:54:04PM +0000, Alejandro Hernandez wrote:
> >> > Hi John,
> >> >
> >> > On 3/1/22 16:27, Jon Mason wrote:
> >> > > On Fri, Feb 25, 2022 at 08:04:41PM -0700, Alejandro Enedino
> >Hernandez Samaniego wrote:
> >> > > > - Removes upstreamed patches for optee-examples
> >> > > > - Fixes optee-examples installation
> >> > > > - Includes new python3-cryptography dependency
> >> > > > - Fixes python3-cryptography to work with openssl
> >> > > >
> >> > > > Tested on qemuarm64-secureboot via optee-examples xtest -l 15
> >> > > With the new changes in python3-crypto, this is no longer working.
> >> > > I'm seeing the following error in CI.
> >> > >
> >> > > --- Error summary ---
> >> > > ERROR: Nothing PROVIDES 'python3-cryptography-native' (but /builds/jonmason00/meta-arm/meta-arm/recipes-security/optee/optee-os_3.16.0.bb
> >DEPENDS on or otherwise requires it). Close matches:
> >> > >    python3-cython-native
> >> > >    python3-pycryptodome-native
> >> > >    python3-typogrify-native
> >> > >
> >> > > I _think_ that adding meta-openembedded.yml being adding to the
> >> > > machines should fix it, but I'm not sure that is the right solution.
> >> > >
> >> > > Thanks,
> >> > > Jon
> >> >
> >> > My apologies, I was testing with meta-oe/meta-python enabled
> >hence I didnt
> >> > see the error before.
> >> >
> >> >
> >> > I'm not sure its the right solution either, this dependency is
> >coming from
> >> > the pem_to_pub_c.py script which is now using
> >python3-cyrptography since
> >> > commit https://github.com/OP-TEE/optee_os/commit/169eac19852d98d8ade821f913bbdd76faf52823
> >> > (this also means we could remove python3-cryptodome from the
> >dependencies as
> >> > well), as far as I can tell this creates a hard dependency, passing
> >> > EXTRA_OEMAKE += " CFG_WITH_USER_TA=n" would avoid executing the script
> >> > completely but I also dont think thats what we want.
> >> >
> >> > Should we include meta-openembedded.yml?,  or what other
> >choice do we have?
> >> > create a python3-cyrptography recipe to meta-arm?, thoughts?
> >
> >Yes, we should include meta-openembedded.yml as a dependency and
> >remove python3-cryptodome from the dependencies.
> >
> >-Sumit
> >
> >>
> >> OPTEE isn't an area I understand well (to know whether removing this
> >> is superior to adding the dependency in the files). So, I'm directly
> >> cc'ing contributors that I think will have an opinion to this
> >> response.
> >>
> >> Thanks,
> >> Jon
> >>
> >> >
> >> > Cheers,
> >> >
> >> > Alejandro
> >> >
> >> > > > Signed-off-by: Alejandro Enedino Hernandez
> >Samaniego<alhe@linux.microsoft.com>
> >> > > > ---
> >> > > >   ....bbappend => optee-client_3.16.0.bbappend} |  0
> >> > > >   ...pend => optee-os-tadevkit_3.16.0.bbappend} |  0
> >> > > >   ...14.0.bbappend => optee-os_3.16.0.bbappend} |  0
> >> > > >   ....0.bbappend => optee-test_3.16.0.bbappend} |  0
> >> > > > .../optee-ftpm/optee-ftpm_git.bb              |  8 +-
> >> > > > .../optee/optee-client_3.14.0.bb              |  3 -
> >> > > > .../optee/optee-client_3.16.0.bb              |  3 +
> >> > > > .../recipes-security/optee/optee-examples.inc |  7 +-
> >> > > > ...ix-non-portable-sh-check-for-plugins.patch | 46 ++++++++++
> >> > > > ...efault-cross-compiler-environment-se.patch | 84
> >-------------------
> >> > > > ...nable-plugins-installation-in-rootfs.patch | 37 --------
> >> > > > .../optee/optee-examples_3.14.0.bb            |  4 -
> >> > > > .../optee/optee-examples_3.16.0.bb            |  3 +
> >> > > >   ..._3.14.0.bb => optee-os-tadevkit_3.16.0.bb} |  3 +-
> >> > > > meta-arm/recipes-security/optee/optee-os.inc  |  2 +-
> >> > > >   ...{optee-os_3.14.0.bb => optee-os_3.16.0.bb} |  2 +-
> >> > > > .../recipes-security/optee/optee-test.inc     |  2 +-
> >> > > > .../optee/optee-test_3.14.0.bb                |  3 -
> >> > > > .../optee/optee-test_3.16.0.bb                |  3 +
> >> > > > meta-arm/recipes-security/optee/optee.inc     |  3 +
> >> > > >   20 files changed, 73 insertions(+), 140 deletions(-)
> >> > > >   rename
> >meta-arm-bsp/recipes-security/optee/{optee-client_3.14.0.bbappend
> >=> optee-client_3.16.0.bbappend} (100%)
> >> > > >   rename meta-arm-bsp/recipes-security/optee/{optee-os-tadevkit_3.14.0.bbappend
> >=> optee-os-tadevkit_3.16.0.bbappend} (100%)
> >> > > >   rename
> >meta-arm-bsp/recipes-security/optee/{optee-os_3.14.0.bbappend =>
> >optee-os_3.16.0.bbappend} (100%)
> >> > > >   rename
> >meta-arm-bsp/recipes-security/optee/{optee-test_3.14.0.bbappend =>
> >optee-test_3.16.0.bbappend} (100%)
> >> > > >   delete mode 100644
> >meta-arm/recipes-security/optee/optee-client_3.14.0.bb
> >> > > >   create mode 100644
> >meta-arm/recipes-security/optee/optee-client_3.16.0.bb
> >> > > >   create mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
> >> > > >   delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
> >> > > >   delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
> >> > > >   delete mode 100644
> >meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
> >> > > >   create mode 100644
> >meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
> >> > > >   rename
> >meta-arm/recipes-security/optee/{optee-os-tadevkit_3.14.0.bb =>
> >optee-os-tadevkit_3.16.0.bb} (94%)
> >> > > >   rename
> >meta-arm/recipes-security/optee/{optee-os_3.14.0.bb =>
> >optee-os_3.16.0.bb} (76%)
> >> > > >   delete mode 100644
> >meta-arm/recipes-security/optee/optee-test_3.14.0.bb
> >> > > >   create mode 100644
> >meta-arm/recipes-security/optee/optee-test_3.16.0.bb
> >> > > >
> >> > > > diff --git
> >a/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend
> >b/meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend
> >> > > > similarity index 100%
> >> > > > rename from
> >meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend
> >> > > > rename to
> >meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend
> >> > > > diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend
> >> > > > similarity index 100%
> >> > > > rename from meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend
> >> > > > rename to meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend
> >> > > > diff --git
> >a/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend
> >b/meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend
> >> > > > similarity index 100%
> >> > > > rename from
> >meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend
> >> > > > rename to
> >meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend
> >> > > > diff --git
> >a/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend
> >b/meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend
> >> > > > similarity index 100%
> >> > > > rename from
> >meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend
> >> > > > rename to
> >meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend
> >> > > > diff --git
> >a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> >b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> >> > > > index f2a74da..0eb64cd 100644
> >> > > > --- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> >> > > > +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
> >> > > > @@ -15,7 +15,9 @@ inherit deploy python3native
> >> > > >   LICENSE = "MIT"
> >> > > >   LIC_FILES_CHKSUM
> >="file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5
> ><file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5>"
> >> > > > -DEPENDS = "python3-pycryptodome-native
> >python3-pycryptodomex-native python3-pyelftools-native
> >optee-os-tadevkit"
> >> > > > +DEPENDS = "python3-pycryptodome-native
> >python3-pycryptodomex-native python3-pyelftools-native
> >optee-os-tadevkit \
> >> > > > +    python3-cryptography-native \
> >> > > > +    "
> >> > > > FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"
> >> > > > @@ -48,6 +50,10 @@ EXTRA_OEMAKE:append:aarch64:qemuall = "\
> >> > > >       CFG_ARM64_ta_arm64=y \
> >> > > >   "
> >> > > > +# python3-cryptography needs the legacy provider, so set
> >OPENSSL_MODULES to the
> >> > > > +# right path until this is relocated automatically.
> >> > > > +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
> >> > > > +
> >> > > >   PARALLEL_MAKE = ""
> >> > > >   do_compile() {
> >> > > > diff --git
> >a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
> >b/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
> >> > > > deleted file mode 100644
> >> > > > index be78b88..0000000
> >> > > > --- a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
> >> > > > +++ /dev/null
> >> > > > @@ -1,3 +0,0 @@
> >> > > > -require optee-client.inc
> >> > > > -
> >> > > > -SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53"
> >> > > > diff --git
> >a/meta-arm/recipes-security/optee/optee-client_3.16.0.bb
> >b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb
> >> > > > new file mode 100644
> >> > > > index 0000000..4a36cbc
> >> > > > --- /dev/null
> >> > > > +++ b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb
> >> > > > @@ -0,0 +1,3 @@
> >> > > > +require optee-client.inc
> >> > > > +
> >> > > > +SRCREV = "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2"
> >> > > > diff --git
> >a/meta-arm/recipes-security/optee/optee-examples.inc
> >b/meta-arm/recipes-security/optee/optee-examples.inc
> >> > > > index 656722e..097f892 100644
> >> > > > --- a/meta-arm/recipes-security/optee/optee-examples.inc
> >> > > > +++ b/meta-arm/recipes-security/optee/optee-examples.inc
> >> > > > @@ -5,16 +5,14 @@ HOMEPAGE
> >="https://github.com/linaro-swg/optee_examples"
> >> > > >   LICENSE = "BSD-2-Clause"
> >> > > >   LIC_FILES_CHKSUM
> >="file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30
> ><file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30>"
> >> > > > -DEPENDS = "optee-client optee-os-tadevkit
> >python3-pycryptodome-native"
> >> > > > +DEPENDS = "optee-client optee-os-tadevkit
> >python3-pycryptodome-native python3-cryptography-native"
> >> > > >   inherit python3native
> >> > > >   require optee.inc
> >> > > >   SRC_URI = "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https
> >\
> >> > > > -file://0001-plugins-Honour-default-cross-compiler-environment-se.patch
> >\
> >> > > >
> >-file://0002-Makefile-Enable-plugins-installation-in-rootfs.patch
> >\
> >> > > > -          "
> >> > > > +file://0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch"
> >> > > >   EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
> >> > > > HOST_CROSS_COMPILE=${HOST_PREFIX} \
> >> > > > @@ -25,6 +23,7 @@ EXTRA_OEMAKE +=
> >"TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
> >> > > >   S = "${WORKDIR}/git"
> >> > > >   B = "${WORKDIR}/build"
> >> > > > +
> >> > > >   do_compile() {
> >> > > >       oe_runmake -C ${S}
> >> > > >   }
> >> > > > diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
> >> > > > new file mode 100644
> >> > > > index 0000000..70add62
> >> > > > --- /dev/null
> >> > > > +++ b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch
> >> > > > @@ -0,0 +1,46 @@
> >> > > > +From 11610debf750f15c7a104db7315dcd7d69e282a8 Mon Sep 17
> >00:00:00 2001
> >> > > > +From: Alejandro Enedino Hernandez
> >Samaniego<alhe@linux.microsoft.com>
> >> > > > +Date: Sat, 26 Feb 2022 01:52:26 +0000
> >> > > > +Subject: [PATCH] Makefile: Fix non-portable sh check for plugins
> >> > > > +
> >> > > > +Upstream-Status: Pending
> >> > > > +
> >> > > > +We previously held a patch that used "=" for comparison, but when
> >> > > > +that patch got upstreamed it was changed to "==" which is
> >non-portable,
> >> > > > +resulting in an error:
> >> > > > +
> >> > > > +/bin/sh: 6: [: acipher: unexpected operator
> >> > > > +/bin/sh: 6: [: plugins: unexpected operator
> >> > > > +/bin/sh: 6: [: hello_world: unexpected operator
> >> > > > +/bin/sh: 6: [: hotp: unexpected operator
> >> > > > +/bin/sh: 6: [: aes: unexpected operator
> >> > > > +/bin/sh: 6: [: random: unexpected operator
> >> > > > +/bin/sh: 6: [: secure_storage: unexpected operator
> >> > > > +
> >> > > > +if /bin/sh doesnt point to bash.
> >> > > > +
> >> > > > +Which in turn causes our do_install task to fail since
> >plugins arent
> >> > > > +where we expect them to be.
> >> > > > +
> >> > > > +
> >> > > > +Signed-off-by: Alejandro Enedino Hernandez
> >Samaniego<alhe@linux.microsoft.com>
> >> > > > +---
> >> > > > + Makefile | 2 +-
> >> > > > + 1 file changed, 1 insertion(+), 1 deletion(-)
> >> > > > +
> >> > > > +diff --git a/Makefile b/Makefile
> >> > > > +index b3f16aa..9359d95 100644
> >> > > > +--- a/Makefile
> >> > > > ++++ b/Makefile
> >> > > > +@@ -31,7 +31,7 @@ prepare-for-rootfs: examples
> >> > > > +                         cp -p
> >$$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
> >> > > > +                 fi; \
> >> > > > +                 cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
> >> > > > +-                if [ $$example == plugins ]; then \
> >> > > > ++                if [ $$example = plugins ]; then \
> >> > > > +                         cp -p plugins/syslog/*.plugin
> >$(OUTPUT_DIR)/plugins/; \
> >> > > > +                 fi; \
> >> > > > +         done
> >> > > > +--
> >> > > > +2.25.1
> >> > > > +
> >> > > > diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch b/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
> >> > > > deleted file mode 100644
> >> > > > index 033e48c..0000000
> >> > > > --- a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch
> >> > > > +++ /dev/null
> >> > > > @@ -1,84 +0,0 @@
> >> > > > -From 79c826c249001700007a6dffe80c3d61ff4428ef Mon Sep 17
> >00:00:00 2001
> >> > > > -From: Sumit Garg<sumit.garg@linaro.org>
> >> > > > -Date: Tue, 20 Jul 2021 13:54:30 +0530
> >> > > > -Subject: [PATCH 1/2] plugins: Honour default cross
> >compiler environment setup
> >> > > > -
> >> > > > -Honour default $(CC), $(CFLAGS) and $(LDFLAGS) variables.
> >Without this
> >> > > > -plugins example fails to build for OE/Yocto.
> >> > > > -
> >> > > > -Upstream-Status: Submitted
> >[https://github.com/linaro-swg/optee_examples/pull/87]
> >> > > > -
> >> > > > -Signed-off-by: Sumit Garg<sumit.garg@linaro.org>
> >> > > > ----
> >> > > > - plugins/Makefile        |  2 +-
> >> > > > - plugins/host/Makefile   |  2 +-
> >> > > > - plugins/syslog/Makefile | 16 ++++++++++++----
> >> > > > - 3 files changed, 14 insertions(+), 6 deletions(-)
> >> > > > -
> >> > > > -diff --git a/plugins/Makefile b/plugins/Makefile
> >> > > > -index 2372b38..ea472b4 100644
> >> > > > ---- a/plugins/Makefile
> >> > > > -+++ b/plugins/Makefile
> >> > > > -@@ -8,7 +8,7 @@ TA_CROSS_COMPILE ?= $(CROSS_COMPILE)
> >> > > > - all:
> >> > > > -         $(MAKE) -C host
> >CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
> >> > > > -         $(MAKE) -C ta
> >CROSS_COMPILE="$(TA_CROSS_COMPILE)" LDFLAGS=""
> >> > > > --        $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)"
> >> > > > -+        $(MAKE) -C syslog
> >CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
> >> > > > -
> >> > > > - .PHONY: clean
> >> > > > - clean:
> >> > > > -diff --git a/plugins/host/Makefile b/plugins/host/Makefile
> >> > > > -index 7285104..76244c7 100644
> >> > > > ---- a/plugins/host/Makefile
> >> > > > -+++ b/plugins/host/Makefile
> >> > > > -@@ -20,7 +20,7 @@ BINARY = optee_example_plugins
> >> > > > - all: $(BINARY)
> >> > > > -
> >> > > > - $(BINARY): $(OBJS)
> >> > > > --        $(CC) -o $@ $< $(LDADD)
> >> > > > -+        $(CC) $(LDFLAGS) -o $@ $< $(LDADD)
> >> > > > -
> >> > > > - .PHONY: clean
> >> > > > - clean:
> >> > > > -diff --git a/plugins/syslog/Makefile b/plugins/syslog/Makefile
> >> > > > -index 62d916a..71f5f92 100644
> >> > > > ---- a/plugins/syslog/Makefile
> >> > > > -+++ b/plugins/syslog/Makefile
> >> > > > -@@ -1,3 +1,11 @@
> >> > > > -+CC      ?= $(CROSS_COMPILE)gcc
> >> > > > -+LD      ?= $(CROSS_COMPILE)ld
> >> > > > -+AR      ?= $(CROSS_COMPILE)ar
> >> > > > -+NM      ?= $(CROSS_COMPILE)nm
> >> > > > -+OBJCOPY ?= $(CROSS_COMPILE)objcopy
> >> > > > -+OBJDUMP ?= $(CROSS_COMPILE)objdump
> >> > > > -+READELF ?= $(CROSS_COMPILE)readelf
> >> > > > -+
> >> > > > - PLUGIN_UUID = 96bcf744-4f72-4866-bf1d-8634fd9c65e5
> >> > > > -
> >> > > > - PLUGIN                  = $(PLUGIN_UUID).plugin
> >> > > > -@@ -6,17 +14,17 @@ PLUGIN_OBJ            = $(patsubst
> >%.c, %.o, $(PLUGIN_SRS))
> >> > > > - PLUGIN_INCLUDES_DIR     = $(CURDIR) $(TEEC_EXPORT)/include
> >> > > > -
> >> > > > - PLUGIN_INCLUDES         = $(addprefix -I,
> >$(PLUGIN_INCLUDES_DIR))
> >> > > > --PLUGIN_CCFLAGS          = -Wall -fPIC
> >> > > > --PLUGIN_LDFLAGS          = -shared
> >> > > > -+PLUGIN_CCFLAGS          = $(CFLAGS) -Wall -fPIC
> >> > > > -+PLUGIN_LDFLAGS          = $(LDFLAGS) -shared
> >> > > > -
> >> > > > - .PHONY: all
> >> > > > - all: $(PLUGIN)
> >> > > > -
> >> > > > - $(PLUGIN): $(PLUGIN_OBJ)
> >> > > > --        $(CROSS_COMPILE)gcc $(PLUGIN_LDFLAGS)
> >$(PLUGIN_OBJ) -o $@
> >> > > > -+        $(CC) $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@
> >> > > > -
> >> > > > - %.o: %.c
> >> > > > --        $(CROSS_COMPILE)gcc $(PLUGIN_CCFLAGS)
> >$(PLUGIN_INCLUDES) -c $*.c -o $*.o
> >> > > > -+        $(CC) $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c
> >$*.c -o $*.o
> >> > > > -
> >> > > > - .PHONY: clean
> >> > > > - clean:
> >> > > > ---
> >> > > > -2.25.1
> >> > > > -
> >> > > > diff --git a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch b/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
> >> > > > deleted file mode 100644
> >> > > > index 80e6b5f..0000000
> >> > > > --- a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch
> >> > > > +++ /dev/null
> >> > > > @@ -1,37 +0,0 @@
> >> > > > -From f4e5e74548d92258855434b550c58fe44993c148 Mon Sep 17
> >00:00:00 2001
> >> > > > -From: Sumit Garg<sumit.garg@linaro.org>
> >> > > > -Date: Tue, 20 Jul 2021 14:20:10 +0530
> >> > > > -Subject: [PATCH] Makefile: Enable plugins installation in rootfs
> >> > > > -
> >> > > > -Upstream-Status: Submitted
> >[https://github.com/linaro-swg/optee_examples/pull/87]
> >> > > > -
> >> > > > -Signed-off-by: Sumit Garg<sumit.garg@linaro.org>
> >> > > > -
> >> > > > ----
> >> > > > - Makefile | 5 +++++
> >> > > > - 1 file changed, 5 insertions(+)
> >> > > > -
> >> > > > -diff --git a/Makefile b/Makefile
> >> > > > -index a275842..9359d95 100644
> >> > > > ---- a/Makefile
> >> > > > -+++ b/Makefile
> >> > > > -@@ -25,14 +25,19 @@ prepare-for-rootfs: examples
> >> > > > -         @mkdir -p $(OUTPUT_DIR)
> >> > > > -         @mkdir -p $(OUTPUT_DIR)/ta
> >> > > > -         @mkdir -p $(OUTPUT_DIR)/ca
> >> > > > -+        @mkdir -p $(OUTPUT_DIR)/plugins
> >> > > > -         @for example in $(EXAMPLE_LIST); do \
> >> > > > -                 if [ -e
> >$$example/host/optee_example_$$example ]; then \
> >> > > > -                         cp -p
> >$$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
> >> > > > -                 fi; \
> >> > > > -                 cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
> >> > > > -+                if [ $$example = plugins ]; then \
> >> > > > -+                        cp -p plugins/syslog/*.plugin
> >$(OUTPUT_DIR)/plugins/; \
> >> > > > -+                fi; \
> >> > > > -         done
> >> > > > -
> >> > > > - prepare-for-rootfs-clean:
> >> > > > -         @rm -rf $(OUTPUT_DIR)/ta
> >> > > > -         @rm -rf $(OUTPUT_DIR)/ca
> >> > > > -+        @rm -rf $(OUTPUT_DIR)/plugins
> >> > > > -         @rmdir --ignore-fail-on-non-empty $(OUTPUT_DIR)
> >|| test ! -e $(OUTPUT_DIR)
> >> > > > diff --git
> >a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
> >b/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
> >> > > > deleted file mode 100644
> >> > > > index f2b5f7d..0000000
> >> > > > --- a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
> >> > > > +++ /dev/null
> >> > > > @@ -1,4 +0,0 @@
> >> > > > -require optee-examples.inc
> >> > > > -
> >> > > > -SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec"
> >> > > > -
> >> > > > diff --git
> >a/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
> >b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
> >> > > > new file mode 100644
> >> > > > index 0000000..b5f6269
> >> > > > --- /dev/null
> >> > > > +++ b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb
> >> > > > @@ -0,0 +1,3 @@
> >> > > > +require optee-examples.inc
> >> > > > +
> >> > > > +SRCREV = "65fc74309e12189ad5b6ce3ffec37c8011088a5a"
> >> > > > diff --git
> >a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> >b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
> >> > > > similarity index 94%
> >> > > > rename from
> >meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> >> > > > rename to
> >meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
> >> > > > index 0d37a52..c710e27 100644
> >> > > > --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
> >> > > > +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb
> >> > > > @@ -1,10 +1,11 @@
> >> > > >   FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:"
> >> > > > -require optee-os_3.14.0.bb
> >> > > > +require optee-os_3.16.0.bb
> >> > > >   SUMMARY = "OP-TEE Trusted OS TA devkit"
> >> > > >   DESCRIPTION = "OP-TEE TA devkit for build TAs"
> >> > > >   HOMEPAGE ="https://www.op-tee.org/"
> >> > > > +
> >> > > >   do_install() {
> >> > > >       #install TA devkit
> >> > > >       install -d ${D}${includedir}/optee/export-user_ta/
> >> > > > diff --git a/meta-arm/recipes-security/optee/optee-os.inc
> >b/meta-arm/recipes-security/optee/optee-os.inc
> >> > > > index 1506a58..57c64fd 100644
> >> > > > --- a/meta-arm/recipes-security/optee/optee-os.inc
> >> > > > +++ b/meta-arm/recipes-security/optee/optee-os.inc
> >> > > > @@ -10,7 +10,7 @@ require optee.inc
> >> > > >   CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os"
> >> > > > -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native"
> >> > > > +DEPENDS = "python3-pycryptodome-native
> >python3-pyelftools-native python3-cryptography-native"
> >> > > >   DEPENDS:append:toolchain-clang = " compiler-rt"
> >> > > > diff --git
> >a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb
> >b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb
> >> > > > similarity index 76%
> >> > > > rename from meta-arm/recipes-security/optee/optee-os_3.14.0.bb
> >> > > > rename to meta-arm/recipes-security/optee/optee-os_3.16.0.bb
> >> > > > index 95d82bb..873e964 100644
> >> > > > --- a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb
> >> > > > +++ b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb
> >> > > > @@ -1,6 +1,6 @@
> >> > > >   require optee-os.inc
> >> > > > -SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f"
> >> > > > +SRCREV = "d0b742d1564834dac903f906168d7357063d5459"
> >> > > >   SRC_URI:append = " \
> >> > > > file://0006-allow-setting-sysroot-for-libgcc-lookup.patch
> ><file://0006-allow-setting-sysroot-for-libgcc-lookup.patch>  \
> >> > > > diff --git
> >a/meta-arm/recipes-security/optee/optee-test.inc
> >b/meta-arm/recipes-security/optee/optee-test.inc
> >> > > > index aada243..33eda29 100644
> >> > > > --- a/meta-arm/recipes-security/optee/optee-test.inc
> >> > > > +++ b/meta-arm/recipes-security/optee/optee-test.inc
> >> > > > @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM
> >="file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa
> ><file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa>"
> >> > > >   inherit python3native ptest
> >> > > >   require optee.inc
> >> > > > -DEPENDS = "optee-client optee-os-tadevkit
> >python3-pycryptodome-native"
> >> > > > +DEPENDS = "optee-client optee-os-tadevkit
> >python3-pycryptodome-native python3-cryptography-native"
> >> > > >   SRC_URI =
> >"git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https
> >\
> >> > > > file://run-ptest <file://run-ptest> \
> >> > > > diff --git
> >a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
> >b/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
> >> > > > deleted file mode 100644
> >> > > > index 6367c27..0000000
> >> > > > --- a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
> >> > > > +++ /dev/null
> >> > > > @@ -1,3 +0,0 @@
> >> > > > -require optee-test.inc
> >> > > > -
> >> > > > -SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741"
> >> > > > diff --git
> >a/meta-arm/recipes-security/optee/optee-test_3.16.0.bb
> >b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb
> >> > > > new file mode 100644
> >> > > > index 0000000..03f9c34
> >> > > > --- /dev/null
> >> > > > +++ b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb
> >> > > > @@ -0,0 +1,3 @@
> >> > > > +require optee-test.inc
> >> > > > +
> >> > > > +SRCREV = "1cf0e6d2bdd1145370033d4e182634458528579d"
> >> > > > diff --git a/meta-arm/recipes-security/optee/optee.inc
> >b/meta-arm/recipes-security/optee/optee.inc
> >> > > > index f02a022..beae366 100644
> >> > > > --- a/meta-arm/recipes-security/optee/optee.inc
> >> > > > +++ b/meta-arm/recipes-security/optee/optee.inc
> >> > > > @@ -26,3 +26,6 @@ EXTRA_OEMAKE += "V=1 \
> >> > > > OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \
> >> > > > TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \
> >> > > >                   "
> >> > > > +# python3-cryptography needs the legacy provider, so set
> >OPENSSL_MODULES to the
> >> > > > +# right path until this is relocated automatically.
> >> > > > +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
> >> > > > --
> >> > > > 2.25.1
> >> > > >
> >> > > >
> >> > > >
> >> > > >
> >> > > >


^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-03-03 23:37             ` Denys Dmytriyenko
@ 2022-03-04  3:16               ` Alejandro Hernandez
  2022-03-04  3:58                 ` Tim Orling
  2022-03-09 20:01                 ` Jon Mason
  0 siblings, 2 replies; 21+ messages in thread
From: Alejandro Hernandez @ 2022-03-04  3:16 UTC (permalink / raw)
  To: Denys Dmytriyenko
  Cc: Abdellatif El Khlifi, Sumit Garg, Jon Mason, meta-arm,
	Vishnu Banavath, Maxim Uvarov, Peter Griffin, Drew Reed

[-- Attachment #1: Type: text/plain, Size: 2166 bytes --]


On 3/3/22 23:37, Denys Dmytriyenko wrote:
> On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote:
>> On 3/3/22 10:55, Abdellatif El Khlifi wrote:
>>> Hello,
>>>
>>> I suggest the following:
>>>
>>> In meta-arm-bsp/conf/layer.conf add :
>>>
>>> LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = "
>>> meta-python openembedded-layer"
>>
>> This statement is a little confusing (to me), please correct me if
>> I'm wrong, but you're saying
>>
>> we should set a dependency from meta-arm-bsp layer, only for
>> qemuarm64-secureboot,
>>
>> however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp,
>>
>> AFAIC meta-arm-bsp has now knowledge of its existence, in fact
>> there's no other mention of
>>
>> qemuarm64-secureboot in meta-arm-bsp.
> Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on
> meta-arm, not meta-arm-bsp.
>
> Depending on python3-cryptography which is only available in meta-python (part
> of meta-openembedded) should be avoided. Back in the day we pushed for moving
> other python3 dependencies like pycryptodome and pyelftools into OE-Core:
>
> https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516ca
> https://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571
>
> We could try doing the same with this new python3-cryptography dependecy and
> propose moving it to OE-Core. Alternatively, consider adding it to meta-arm?
> Not ideal, but meta-arm-bsp briefly carried alternative/older version recently:
>
> https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058

I agree with Denys's point here, I think its likely there's other cases just like
meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO
it would make sense to add a copy of python3-cryptography to meta-arm (especially since
there's been similar situations in the past) and in parallel try to make a case for
python3-cryptography to be moved from meta-python to OE-core.

Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm.

Alejandro

[-- Attachment #2: Type: text/html, Size: 3304 bytes --]

^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-03-04  3:16               ` Alejandro Hernandez
@ 2022-03-04  3:58                 ` Tim Orling
  2022-03-04 11:35                   ` Abdellatif El Khlifi
  2022-03-09 20:01                 ` Jon Mason
  1 sibling, 1 reply; 21+ messages in thread
From: Tim Orling @ 2022-03-04  3:58 UTC (permalink / raw)
  To: Alejandro Hernandez Samaniego
  Cc: Abdellatif El Khlifi, Denys Dmytriyenko, Drew Reed, Jon Mason,
	Maxim Uvarov, Peter Griffin, Sumit Garg, Vishnu Banavath,
	meta-arm

[-- Attachment #1: Type: text/plain, Size: 3056 bytes --]

On Thu, Mar 3, 2022 at 7:16 PM Alejandro Hernandez Samaniego <
alhe@linux.microsoft.com> wrote:

>
> On 3/3/22 23:37, Denys Dmytriyenko wrote:
>
> On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote:
>
> On 3/3/22 10:55, Abdellatif El Khlifi wrote:
>
> Hello,
>
> I suggest the following:
>
> In meta-arm-bsp/conf/layer.conf add :
>
> LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = "
> meta-python openembedded-layer"
>
>
> This statement is a little confusing (to me), please correct me if
> I'm wrong, but you're saying
>
> we should set a dependency from meta-arm-bsp layer, only for
> qemuarm64-secureboot,
>
> however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp,
>
> AFAIC meta-arm-bsp has now knowledge of its existence, in fact
> there's no other mention of
>
> qemuarm64-secureboot in meta-arm-bsp.
>
> Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on
> meta-arm, not meta-arm-bsp.
>
> Depending on python3-cryptography which is only available in meta-python (part
> of meta-openembedded) should be avoided. Back in the day we pushed for moving
> other python3 dependencies like pycryptodome and pyelftools into OE-Core:
> https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516cahttps://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571
>
> We could try doing the same with this new python3-cryptography dependecy and
> propose moving it to OE-Core. Alternatively, consider adding it to meta-arm?
> Not ideal, but meta-arm-bsp briefly carried alternative/older version recently:
> https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058
>
> I agree with Denys's point here, I think its likely there's other cases just like
> meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO
> it would make sense to add a copy of python3-cryptography to meta-arm (especially since
> there's been similar situations in the past) and in parallel try to make a case for
> python3-cryptography to be moved from meta-python to OE-core.
>
> Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm.
>
> I have suggested moving python3-cryptography (also
python3-cryptography-vectors) to oe-core previously. It is heavily used for
cryptography and needs to be kept up to date which is much more likely in
oe-core.

This also means python3-pyo3, pyo3.bbclass, python3-setuptools-rust-native
and the setuptools_rust.bbclass would also move to oe-core.

And then some tests. And documentation.


> Alejandro
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#3107):
> https://lists.yoctoproject.org/g/meta-arm/message/3107
> Mute This Topic: https://lists.yoctoproject.org/mt/89404067/924729
> Group Owner: meta-arm+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [
> ticotimo@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>

[-- Attachment #2: Type: text/html, Size: 5358 bytes --]

^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-03-04  3:58                 ` Tim Orling
@ 2022-03-04 11:35                   ` Abdellatif El Khlifi
  2022-03-04 11:43                     ` Abdellatif El Khlifi
  0 siblings, 1 reply; 21+ messages in thread
From: Abdellatif El Khlifi @ 2022-03-04 11:35 UTC (permalink / raw)
  To: Tim Orling, Alejandro Hernandez Samaniego
  Cc: Denys Dmytriyenko, Drew Reed, Jon Mason, Maxim Uvarov,
	Peter Griffin, Sumit Garg, Vishnu Banavath, meta-arm,
	Ross Burton

[-- Attachment #1: Type: text/plain, Size: 6071 bytes --]

Hi guys,

Thanks for the feedback.

Since the machine is in meta-arm (meta-arm/conf/machine/qemuarm64-secureboot.conf), it makes sense to add the meta-python layer dependency as detailed below.

It works, meta-python  and python3-cryptography are detected. Please have a look at the logs below.

So, technically it works. But let's see what Jon and Ross think.

Suggested changes:

In ci/qemuarm64-secureboot.yml add:

    - ci/meta-openembedded.yml

In meta-arm/conf/layer.conf add:

LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " meta-python openembedded-layer"

Before the changes:

bitbake-layers show-layers

NOTE: Starting bitbake server...
layer                 path                                      priority
==========================================================================
meta-arm              /home/abdelk01/Work/qemu/meta-arm/meta-arm  5
meta-arm-bsp          /home/abdelk01/Work/qemu/meta-arm/meta-arm-bsp  5
meta-arm-toolchain    /home/abdelk01/Work/qemu/meta-arm/meta-arm-toolchain  5
meta                  /home/abdelk01/Work/qemu/poky/meta        5
meta-poky             /home/abdelk01/Work/qemu/poky/meta-poky   5


After the changes:

bitbake-layers show-layers

NOTE: Starting bitbake server...
layer                 path                                      priority
==========================================================================
meta-arm              /home/abdelk01/Work/qemu/meta-arm/meta-arm  5
meta-arm-bsp          /home/abdelk01/Work/qemu/meta-arm/meta-arm-bsp  5
meta-arm-toolchain    /home/abdelk01/Work/qemu/meta-arm/meta-arm-toolchain  5
meta-filesystems      /home/abdelk01/Work/qemu/meta-openembedded/meta-filesystems  5
meta-networking       /home/abdelk01/Work/qemu/meta-openembedded/meta-networking  5
meta-oe               /home/abdelk01/Work/qemu/meta-openembedded/meta-oe  5
meta-python           /home/abdelk01/Work/qemu/meta-openembedded/meta-python  5
meta                  /home/abdelk01/Work/qemu/poky/meta        5
meta-poky             /home/abdelk01/Work/qemu/poky/meta-poky   5

bitbake-layers show-recipes | grep -A 1 python3-cryptography

python3-cryptography:
  meta-python          36.0.1
python3-cryptography-vectors:
  meta-python          36.0.1

Kind regards
________________________________
From: Tim Orling <ticotimo@gmail.com>
Sent: 04 March 2022 03:58
To: Alejandro Hernandez Samaniego <alhe@linux.microsoft.com>
Cc: Abdellatif El Khlifi <Abdellatif.ElKhlifi@arm.com>; Denys Dmytriyenko <denis@denix.org>; Drew Reed <Drew.Reed@arm.com>; Jon Mason <jdmason@kudzu.us>; Maxim Uvarov <maxim.uvarov@linaro.org>; Peter Griffin <peter.griffin@linaro.org>; Sumit Garg <sumit.garg@linaro.org>; Vishnu Banavath <Vishnu.Banavath@arm.com>; meta-arm@lists.yoctoproject.org <meta-arm@lists.yoctoproject.org>
Subject: Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16



On Thu, Mar 3, 2022 at 7:16 PM Alejandro Hernandez Samaniego <alhe@linux.microsoft.com<mailto:alhe@linux.microsoft.com>> wrote:


On 3/3/22 23:37, Denys Dmytriyenko wrote:

On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote:


On 3/3/22 10:55, Abdellatif El Khlifi wrote:


Hello,

I suggest the following:

In meta-arm-bsp/conf/layer.conf add :

LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = "
meta-python openembedded-layer"



This statement is a little confusing (to me), please correct me if
I'm wrong, but you're saying

we should set a dependency from meta-arm-bsp layer, only for
qemuarm64-secureboot,

however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp,

AFAIC meta-arm-bsp has now knowledge of its existence, in fact
there's no other mention of

qemuarm64-secureboot in meta-arm-bsp.


Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on
meta-arm, not meta-arm-bsp.

Depending on python3-cryptography which is only available in meta-python (part
of meta-openembedded) should be avoided. Back in the day we pushed for moving
other python3 dependencies like pycryptodome and pyelftools into OE-Core:

https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516ca
https://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571

We could try doing the same with this new python3-cryptography dependecy and
propose moving it to OE-Core. Alternatively, consider adding it to meta-arm?
Not ideal, but meta-arm-bsp briefly carried alternative/older version recently:

https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058

I agree with Denys's point here, I think its likely there's other cases just like
meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO
it would make sense to add a copy of python3-cryptography to meta-arm (especially since
there's been similar situations in the past) and in parallel try to make a case for
python3-cryptography to be moved from meta-python to OE-core.

Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm.


I have suggested moving python3-cryptography (also python3-cryptography-vectors) to oe-core previously. It is heavily used for cryptography and needs to be kept up to date which is much more likely in oe-core.

This also means python3-pyo3, pyo3.bbclass, python3-setuptools-rust-native and the setuptools_rust.bbclass would also move to oe-core.

And then some tests. And documentation.



Alejandro


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3107): https://lists.yoctoproject.org/g/meta-arm/message/3107
Mute This Topic: https://lists.yoctoproject.org/mt/89404067/924729
Group Owner: meta-arm+owner@lists.yoctoproject.org<mailto:meta-arm%2Bowner@lists.yoctoproject.org>
Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [ticotimo@gmail.com<mailto:ticotimo@gmail.com>]
-=-=-=-=-=-=-=-=-=-=-=-


[-- Attachment #2: Type: text/html, Size: 10655 bytes --]

^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-03-04 11:35                   ` Abdellatif El Khlifi
@ 2022-03-04 11:43                     ` Abdellatif El Khlifi
  2022-03-04 18:56                       ` Denys Dmytriyenko
  0 siblings, 1 reply; 21+ messages in thread
From: Abdellatif El Khlifi @ 2022-03-04 11:43 UTC (permalink / raw)
  To: Tim Orling, Alejandro Hernandez Samaniego
  Cc: Denys Dmytriyenko, Drew Reed, Jon Mason, Maxim Uvarov,
	Peter Griffin, Sumit Garg, Vishnu Banavath, meta-arm,
	Ross Burton

[-- Attachment #1: Type: text/plain, Size: 6959 bytes --]

I meant adding meta-python dependency to meta-arm layer like this:

In meta-arm/conf/layer.conf:

LAYERDEPENDS_meta-arm:append:qemuarm64-secureboot = " meta-python openembedded-layer"

It works as explained in the previous email.
________________________________
From: Abdellatif El Khlifi <Abdellatif.ElKhlifi@arm.com>
Sent: 04 March 2022 11:35
To: Tim Orling <ticotimo@gmail.com>; Alejandro Hernandez Samaniego <alhe@linux.microsoft.com>
Cc: Denys Dmytriyenko <denis@denix.org>; Drew Reed <Drew.Reed@arm.com>; Jon Mason <jdmason@kudzu.us>; Maxim Uvarov <maxim.uvarov@linaro.org>; Peter Griffin <peter.griffin@linaro.org>; Sumit Garg <sumit.garg@linaro.org>; Vishnu Banavath <Vishnu.Banavath@arm.com>; meta-arm@lists.yoctoproject.org <meta-arm@lists.yoctoproject.org>; Ross Burton <Ross.Burton@arm.com>
Subject: Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16

Hi guys,

Thanks for the feedback.

Since the machine is in meta-arm (meta-arm/conf/machine/qemuarm64-secureboot.conf), it makes sense to add the meta-python layer dependency as detailed below.

It works, meta-python  and python3-cryptography are detected. Please have a look at the logs below.

So, technically it works. But let's see what Jon and Ross think.

Suggested changes:

In ci/qemuarm64-secureboot.yml add:

    - ci/meta-openembedded.yml

In meta-arm/conf/layer.conf add:

LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " meta-python openembedded-layer"

Before the changes:

bitbake-layers show-layers

NOTE: Starting bitbake server...
layer                 path                                      priority
==========================================================================
meta-arm              /home/abdelk01/Work/qemu/meta-arm/meta-arm  5
meta-arm-bsp          /home/abdelk01/Work/qemu/meta-arm/meta-arm-bsp  5
meta-arm-toolchain    /home/abdelk01/Work/qemu/meta-arm/meta-arm-toolchain  5
meta                  /home/abdelk01/Work/qemu/poky/meta        5
meta-poky             /home/abdelk01/Work/qemu/poky/meta-poky   5


After the changes:

bitbake-layers show-layers

NOTE: Starting bitbake server...
layer                 path                                      priority
==========================================================================
meta-arm              /home/abdelk01/Work/qemu/meta-arm/meta-arm  5
meta-arm-bsp          /home/abdelk01/Work/qemu/meta-arm/meta-arm-bsp  5
meta-arm-toolchain    /home/abdelk01/Work/qemu/meta-arm/meta-arm-toolchain  5
meta-filesystems      /home/abdelk01/Work/qemu/meta-openembedded/meta-filesystems  5
meta-networking       /home/abdelk01/Work/qemu/meta-openembedded/meta-networking  5
meta-oe               /home/abdelk01/Work/qemu/meta-openembedded/meta-oe  5
meta-python           /home/abdelk01/Work/qemu/meta-openembedded/meta-python  5
meta                  /home/abdelk01/Work/qemu/poky/meta        5
meta-poky             /home/abdelk01/Work/qemu/poky/meta-poky   5

bitbake-layers show-recipes | grep -A 1 python3-cryptography

python3-cryptography:
  meta-python          36.0.1
python3-cryptography-vectors:
  meta-python          36.0.1

Kind regards
________________________________
From: Tim Orling <ticotimo@gmail.com>
Sent: 04 March 2022 03:58
To: Alejandro Hernandez Samaniego <alhe@linux.microsoft.com>
Cc: Abdellatif El Khlifi <Abdellatif.ElKhlifi@arm.com>; Denys Dmytriyenko <denis@denix.org>; Drew Reed <Drew.Reed@arm.com>; Jon Mason <jdmason@kudzu.us>; Maxim Uvarov <maxim.uvarov@linaro.org>; Peter Griffin <peter.griffin@linaro.org>; Sumit Garg <sumit.garg@linaro.org>; Vishnu Banavath <Vishnu.Banavath@arm.com>; meta-arm@lists.yoctoproject.org <meta-arm@lists.yoctoproject.org>
Subject: Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16



On Thu, Mar 3, 2022 at 7:16 PM Alejandro Hernandez Samaniego <alhe@linux.microsoft.com<mailto:alhe@linux.microsoft.com>> wrote:


On 3/3/22 23:37, Denys Dmytriyenko wrote:

On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote:


On 3/3/22 10:55, Abdellatif El Khlifi wrote:


Hello,

I suggest the following:

In meta-arm-bsp/conf/layer.conf add :

LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = "
meta-python openembedded-layer"



This statement is a little confusing (to me), please correct me if
I'm wrong, but you're saying

we should set a dependency from meta-arm-bsp layer, only for
qemuarm64-secureboot,

however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp,

AFAIC meta-arm-bsp has now knowledge of its existence, in fact
there's no other mention of

qemuarm64-secureboot in meta-arm-bsp.


Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on
meta-arm, not meta-arm-bsp.

Depending on python3-cryptography which is only available in meta-python (part
of meta-openembedded) should be avoided. Back in the day we pushed for moving
other python3 dependencies like pycryptodome and pyelftools into OE-Core:

https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516ca
https://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571

We could try doing the same with this new python3-cryptography dependecy and
propose moving it to OE-Core. Alternatively, consider adding it to meta-arm?
Not ideal, but meta-arm-bsp briefly carried alternative/older version recently:

https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058

I agree with Denys's point here, I think its likely there's other cases just like
meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO
it would make sense to add a copy of python3-cryptography to meta-arm (especially since
there's been similar situations in the past) and in parallel try to make a case for
python3-cryptography to be moved from meta-python to OE-core.

Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm.


I have suggested moving python3-cryptography (also python3-cryptography-vectors) to oe-core previously. It is heavily used for cryptography and needs to be kept up to date which is much more likely in oe-core.

This also means python3-pyo3, pyo3.bbclass, python3-setuptools-rust-native and the setuptools_rust.bbclass would also move to oe-core.

And then some tests. And documentation.



Alejandro


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3107): https://lists.yoctoproject.org/g/meta-arm/message/3107
Mute This Topic: https://lists.yoctoproject.org/mt/89404067/924729
Group Owner: meta-arm+owner@lists.yoctoproject.org<mailto:meta-arm%2Bowner@lists.yoctoproject.org>
Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [ticotimo@gmail.com<mailto:ticotimo@gmail.com>]
-=-=-=-=-=-=-=-=-=-=-=-


[-- Attachment #2: Type: text/html, Size: 12703 bytes --]

^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-03-04 11:43                     ` Abdellatif El Khlifi
@ 2022-03-04 18:56                       ` Denys Dmytriyenko
  0 siblings, 0 replies; 21+ messages in thread
From: Denys Dmytriyenko @ 2022-03-04 18:56 UTC (permalink / raw)
  To: Abdellatif El Khlifi
  Cc: Tim Orling, Alejandro Hernandez Samaniego, Drew Reed, Jon Mason,
	Maxim Uvarov, Peter Griffin, Sumit Garg, Vishnu Banavath,
	meta-arm, Ross Burton

On Fri, Mar 04, 2022 at 11:43:38AM +0000, Abdellatif El Khlifi wrote:
> I meant adding meta-python dependency to meta-arm layer like this:
> 
> In meta-arm/conf/layer.conf:
> 
> LAYERDEPENDS_meta-arm:append:qemuarm64-secureboot = " meta-python openembedded-layer"

optee-os dependency on python3-cryptography is NOT specific to qemuarm64-secureboot!


> It works as explained in the previous email.
> ________________________________
> From: Abdellatif El Khlifi <Abdellatif.ElKhlifi@arm.com>
> Sent: 04 March 2022 11:35
> To: Tim Orling <ticotimo@gmail.com>; Alejandro Hernandez Samaniego <alhe@linux.microsoft.com>
> Cc: Denys Dmytriyenko <denis@denix.org>; Drew Reed <Drew.Reed@arm.com>; Jon Mason <jdmason@kudzu.us>; Maxim Uvarov <maxim.uvarov@linaro.org>; Peter Griffin <peter.griffin@linaro.org>; Sumit Garg <sumit.garg@linaro.org>; Vishnu Banavath <Vishnu.Banavath@arm.com>; meta-arm@lists.yoctoproject.org <meta-arm@lists.yoctoproject.org>; Ross Burton <Ross.Burton@arm.com>
> Subject: Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
> 
> Hi guys,
> 
> Thanks for the feedback.
> 
> Since the machine is in meta-arm (meta-arm/conf/machine/qemuarm64-secureboot.conf), it makes sense to add the meta-python layer dependency as detailed below.
> 
> It works, meta-python  and python3-cryptography are detected. Please have a look at the logs below.
> 
> So, technically it works. But let's see what Jon and Ross think.
> 
> Suggested changes:
> 
> In ci/qemuarm64-secureboot.yml add:
> 
>     - ci/meta-openembedded.yml
> 
> In meta-arm/conf/layer.conf add:
> 
> LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " meta-python openembedded-layer"
> 
> Before the changes:
> 
> bitbake-layers show-layers
> 
> NOTE: Starting bitbake server...
> layer                 path                                      priority
> ==========================================================================
> meta-arm              /home/abdelk01/Work/qemu/meta-arm/meta-arm  5
> meta-arm-bsp          /home/abdelk01/Work/qemu/meta-arm/meta-arm-bsp  5
> meta-arm-toolchain    /home/abdelk01/Work/qemu/meta-arm/meta-arm-toolchain  5
> meta                  /home/abdelk01/Work/qemu/poky/meta        5
> meta-poky             /home/abdelk01/Work/qemu/poky/meta-poky   5
> 
> 
> After the changes:
> 
> bitbake-layers show-layers
> 
> NOTE: Starting bitbake server...
> layer                 path                                      priority
> ==========================================================================
> meta-arm              /home/abdelk01/Work/qemu/meta-arm/meta-arm  5
> meta-arm-bsp          /home/abdelk01/Work/qemu/meta-arm/meta-arm-bsp  5
> meta-arm-toolchain    /home/abdelk01/Work/qemu/meta-arm/meta-arm-toolchain  5
> meta-filesystems      /home/abdelk01/Work/qemu/meta-openembedded/meta-filesystems  5
> meta-networking       /home/abdelk01/Work/qemu/meta-openembedded/meta-networking  5
> meta-oe               /home/abdelk01/Work/qemu/meta-openembedded/meta-oe  5
> meta-python           /home/abdelk01/Work/qemu/meta-openembedded/meta-python  5
> meta                  /home/abdelk01/Work/qemu/poky/meta        5
> meta-poky             /home/abdelk01/Work/qemu/poky/meta-poky   5
> 
> bitbake-layers show-recipes | grep -A 1 python3-cryptography
> 
> python3-cryptography:
>   meta-python          36.0.1
> python3-cryptography-vectors:
>   meta-python          36.0.1
> 
> Kind regards
> ________________________________
> From: Tim Orling <ticotimo@gmail.com>
> Sent: 04 March 2022 03:58
> To: Alejandro Hernandez Samaniego <alhe@linux.microsoft.com>
> Cc: Abdellatif El Khlifi <Abdellatif.ElKhlifi@arm.com>; Denys Dmytriyenko <denis@denix.org>; Drew Reed <Drew.Reed@arm.com>; Jon Mason <jdmason@kudzu.us>; Maxim Uvarov <maxim.uvarov@linaro.org>; Peter Griffin <peter.griffin@linaro.org>; Sumit Garg <sumit.garg@linaro.org>; Vishnu Banavath <Vishnu.Banavath@arm.com>; meta-arm@lists.yoctoproject.org <meta-arm@lists.yoctoproject.org>
> Subject: Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
> 
> 
> 
> On Thu, Mar 3, 2022 at 7:16 PM Alejandro Hernandez Samaniego <alhe@linux.microsoft.com<mailto:alhe@linux.microsoft.com>> wrote:
> 
> 
> On 3/3/22 23:37, Denys Dmytriyenko wrote:
> 
> On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote:
> 
> 
> On 3/3/22 10:55, Abdellatif El Khlifi wrote:
> 
> 
> Hello,
> 
> I suggest the following:
> 
> In meta-arm-bsp/conf/layer.conf add :
> 
> LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = "
> meta-python openembedded-layer"
> 
> 
> 
> This statement is a little confusing (to me), please correct me if
> I'm wrong, but you're saying
> 
> we should set a dependency from meta-arm-bsp layer, only for
> qemuarm64-secureboot,
> 
> however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp,
> 
> AFAIC meta-arm-bsp has now knowledge of its existence, in fact
> there's no other mention of
> 
> qemuarm64-secureboot in meta-arm-bsp.
> 
> 
> Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on
> meta-arm, not meta-arm-bsp.
> 
> Depending on python3-cryptography which is only available in meta-python (part
> of meta-openembedded) should be avoided. Back in the day we pushed for moving
> other python3 dependencies like pycryptodome and pyelftools into OE-Core:
> 
> https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516ca
> https://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571
> 
> We could try doing the same with this new python3-cryptography dependecy and
> propose moving it to OE-Core. Alternatively, consider adding it to meta-arm?
> Not ideal, but meta-arm-bsp briefly carried alternative/older version recently:
> 
> https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058
> 
> I agree with Denys's point here, I think its likely there's other cases just like
> meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO
> it would make sense to add a copy of python3-cryptography to meta-arm (especially since
> there's been similar situations in the past) and in parallel try to make a case for
> python3-cryptography to be moved from meta-python to OE-core.
> 
> Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm.
> 
> 
> I have suggested moving python3-cryptography (also python3-cryptography-vectors) to oe-core previously. It is heavily used for cryptography and needs to be kept up to date which is much more likely in oe-core.
> 
> This also means python3-pyo3, pyo3.bbclass, python3-setuptools-rust-native and the setuptools_rust.bbclass would also move to oe-core.
> 
> And then some tests. And documentation.
> 
> 
> 
> Alejandro


^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-03-04  3:16               ` Alejandro Hernandez
  2022-03-04  3:58                 ` Tim Orling
@ 2022-03-09 20:01                 ` Jon Mason
  2022-03-10  1:05                   ` Alejandro Hernandez
  1 sibling, 1 reply; 21+ messages in thread
From: Jon Mason @ 2022-03-09 20:01 UTC (permalink / raw)
  To: Alejandro Hernandez
  Cc: Denys Dmytriyenko, Abdellatif El Khlifi, Sumit Garg, meta-arm,
	Vishnu Banavath, Maxim Uvarov, Peter Griffin, Drew Reed

On Fri, Mar 04, 2022 at 03:16:31AM +0000, Alejandro Hernandez wrote:
> 
> On 3/3/22 23:37, Denys Dmytriyenko wrote:
> > On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote:
> > > On 3/3/22 10:55, Abdellatif El Khlifi wrote:
> > > > Hello,
> > > > 
> > > > I suggest the following:
> > > > 
> > > > In meta-arm-bsp/conf/layer.conf add :
> > > > 
> > > > LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = "
> > > > meta-python openembedded-layer"
> > > 
> > > This statement is a little confusing (to me), please correct me if
> > > I'm wrong, but you're saying
> > > 
> > > we should set a dependency from meta-arm-bsp layer, only for
> > > qemuarm64-secureboot,
> > > 
> > > however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp,
> > > 
> > > AFAIC meta-arm-bsp has now knowledge of its existence, in fact
> > > there's no other mention of
> > > 
> > > qemuarm64-secureboot in meta-arm-bsp.
> > Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on
> > meta-arm, not meta-arm-bsp.
> > 
> > Depending on python3-cryptography which is only available in meta-python (part
> > of meta-openembedded) should be avoided. Back in the day we pushed for moving
> > other python3 dependencies like pycryptodome and pyelftools into OE-Core:
> > 
> > https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516ca
> > https://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571
> > 
> > We could try doing the same with this new python3-cryptography dependecy and
> > propose moving it to OE-Core. Alternatively, consider adding it to meta-arm?
> > Not ideal, but meta-arm-bsp briefly carried alternative/older version recently:
> > 
> > https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058
> 
> I agree with Denys's point here, I think its likely there's other cases just like
> meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO
> it would make sense to add a copy of python3-cryptography to meta-arm (especially since
> there's been similar situations in the past) and in parallel try to make a case for
> python3-cryptography to be moved from meta-python to OE-core.
> 
> Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm.

This seems reasonable.  Can you rework your series to add this?  Also,
we need to keep the older version of OPTEE for corstone1000 (for the
kirkstone release).  So, if you can keep that around in v2, it would
be appreciated.

Thanks,
Jon

> 
> Alejandro


^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-03-09 20:01                 ` Jon Mason
@ 2022-03-10  1:05                   ` Alejandro Hernandez
  2022-03-10 13:44                     ` Ross Burton
  2022-03-10 17:11                     ` Alejandro Hernandez
  0 siblings, 2 replies; 21+ messages in thread
From: Alejandro Hernandez @ 2022-03-10  1:05 UTC (permalink / raw)
  To: Jon Mason
  Cc: Denys Dmytriyenko, Abdellatif El Khlifi, Sumit Garg, meta-arm,
	Vishnu Banavath, Maxim Uvarov, Peter Griffin, Drew Reed

[-- Attachment #1: Type: text/plain, Size: 3082 bytes --]


On 3/9/22 13:01, Jon Mason wrote:
> On Fri, Mar 04, 2022 at 03:16:31AM +0000, Alejandro Hernandez wrote:
>> On 3/3/22 23:37, Denys Dmytriyenko wrote:
>>> On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote:
>>>> On 3/3/22 10:55, Abdellatif El Khlifi wrote:
>>>>> Hello,
>>>>>
>>>>> I suggest the following:
>>>>>
>>>>> In meta-arm-bsp/conf/layer.conf add :
>>>>>
>>>>> LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = "
>>>>> meta-python openembedded-layer"
>>>> This statement is a little confusing (to me), please correct me if
>>>> I'm wrong, but you're saying
>>>>
>>>> we should set a dependency from meta-arm-bsp layer, only for
>>>> qemuarm64-secureboot,
>>>>
>>>> however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp,
>>>>
>>>> AFAIC meta-arm-bsp has now knowledge of its existence, in fact
>>>> there's no other mention of
>>>>
>>>> qemuarm64-secureboot in meta-arm-bsp.
>>> Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on
>>> meta-arm, not meta-arm-bsp.
>>>
>>> Depending on python3-cryptography which is only available in meta-python (part
>>> of meta-openembedded) should be avoided. Back in the day we pushed for moving
>>> other python3 dependencies like pycryptodome and pyelftools into OE-Core:
>>>
>>> https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516ca
>>> https://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571
>>>
>>> We could try doing the same with this new python3-cryptography dependecy and
>>> propose moving it to OE-Core. Alternatively, consider adding it to meta-arm?
>>> Not ideal, but meta-arm-bsp briefly carried alternative/older version recently:
>>>
>>> https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058
>> I agree with Denys's point here, I think its likely there's other cases just like
>> meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO
>> it would make sense to add a copy of python3-cryptography to meta-arm (especially since
>> there's been similar situations in the past) and in parallel try to make a case for
>> python3-cryptography to be moved from meta-python to OE-core.
>>
>> Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm.
> This seems reasonable.  Can you rework your series to add this?  Also,
> we need to keep the older version of OPTEE for corstone1000 (for the
> kirkstone release).  So, if you can keep that around in v2, it would
> be appreciated.
>
> Thanks,
> Jon

Will do, I'll send a v2 soon.

Cheers,

Alejandro


>> Alejandro
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#3142):https://lists.yoctoproject.org/g/meta-arm/message/3142
>> Mute This Topic:https://lists.yoctoproject.org/mt/89404067/4354175
>> Group Owner:meta-arm+owner@lists.yoctoproject.org
>> Unsubscribe:https://lists.yoctoproject.org/g/meta-arm/unsub  [alhe@linux.microsoft.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>

[-- Attachment #2: Type: text/html, Size: 5137 bytes --]

^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-03-10  1:05                   ` Alejandro Hernandez
@ 2022-03-10 13:44                     ` Ross Burton
  2022-03-10 16:37                       ` Richard Purdie
  2022-03-10 17:11                     ` Alejandro Hernandez
  1 sibling, 1 reply; 21+ messages in thread
From: Ross Burton @ 2022-03-10 13:44 UTC (permalink / raw)
  To: meta-arm
  Cc: Jon Mason, Denys Dmytriyenko, Abdellatif El Khlifi, Sumit Garg,
	Vishnu Banavath, Maxim Uvarov, Peter Griffin, Drew Reed

On Thu, 10 Mar 2022 at 01:05, Alejandro Hernandez Samaniego
<alhe@linux.microsoft.com> wrote:
> I agree with Denys's point here, I think its likely there's other cases just like
> meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO
> it would make sense to add a copy of python3-cryptography to meta-arm (especially since
> there's been similar situations in the past) and in parallel try to make a case for
> python3-cryptography to be moved from meta-python to OE-core.
>
> Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm.
>
> This seems reasonable.  Can you rework your series to add this?  Also,
> we need to keep the older version of OPTEE for corstone1000 (for the
> kirkstone release).  So, if you can keep that around in v2, it would
> be appreciated.

Sorry for being late to this thread, I've been elbow-deep in Python
packaging changes.

As Tim said, moving python3-cryptography to meta-arm isn't one recipe:
it's two recipes and four or so classes.  This isn't a trivial
operation and I'm against that.

Can the use of python3-cryptography be a PACKAGECONFIG that is
disabled in optee out of the box, so machines which want to use it can
turn it on and add the dependency?

A less-worse option would be to DYNAMIC_LAYERS the optee recipes, so
they're only parsed if meta-python is around.

Long term we definitely need to move the crypto stack to oe-core.  I
wonder if RP would be open to moving it now...

Ross


^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-03-10 13:44                     ` Ross Burton
@ 2022-03-10 16:37                       ` Richard Purdie
  2022-03-10 16:53                         ` Ross Burton
  0 siblings, 1 reply; 21+ messages in thread
From: Richard Purdie @ 2022-03-10 16:37 UTC (permalink / raw)
  To: Ross Burton, meta-arm
  Cc: Jon Mason, Denys Dmytriyenko, Abdellatif El Khlifi, Sumit Garg,
	Vishnu Banavath, Maxim Uvarov, Peter Griffin, Drew Reed

On Thu, 2022-03-10 at 13:44 +0000, Ross Burton wrote:
> On Thu, 10 Mar 2022 at 01:05, Alejandro Hernandez Samaniego
> <alhe@linux.microsoft.com> wrote:
> > I agree with Denys's point here, I think its likely there's other cases just like
> > meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO
> > it would make sense to add a copy of python3-cryptography to meta-arm (especially since
> > there's been similar situations in the past) and in parallel try to make a case for
> > python3-cryptography to be moved from meta-python to OE-core.
> > 
> > Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm.
> > 
> > This seems reasonable.  Can you rework your series to add this?  Also,
> > we need to keep the older version of OPTEE for corstone1000 (for the
> > kirkstone release).  So, if you can keep that around in v2, it would
> > be appreciated.
> 
> Sorry for being late to this thread, I've been elbow-deep in Python
> packaging changes.
> 
> As Tim said, moving python3-cryptography to meta-arm isn't one recipe:
> it's two recipes and four or so classes.  This isn't a trivial
> operation and I'm against that.
> 
> Can the use of python3-cryptography be a PACKAGECONFIG that is
> disabled in optee out of the box, so machines which want to use it can
> turn it on and add the dependency?
> 
> A less-worse option would be to DYNAMIC_LAYERS the optee recipes, so
> they're only parsed if meta-python is around.
> 
> Long term we definitely need to move the crypto stack to oe-core.  I
> wonder if RP would be open to moving it now...

I'm wondering how many classes/recipes are involved but I'm open to the idea...

Cheers,

Richard



^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-03-10 16:37                       ` Richard Purdie
@ 2022-03-10 16:53                         ` Ross Burton
  0 siblings, 0 replies; 21+ messages in thread
From: Ross Burton @ 2022-03-10 16:53 UTC (permalink / raw)
  To: Richard Purdie
  Cc: meta-arm, Jon Mason, Denys Dmytriyenko, Abdellatif El Khlifi,
	Sumit Garg, Vishnu Banavath, Maxim Uvarov, Peter Griffin,
	Drew Reed

From Tim earlier in the thread:

> I have suggested moving python3-cryptography (also python3-cryptography-vectors) to oe-core previously. It is heavily used for cryptography and needs to be kept up to date which is much more likely in oe-core.
> This also means python3-pyo3, pyo3.bbclass, python3-setuptools-rust-native and the setuptools_rust.bbclass would also move to oe-core.

A few recipes and their ancillary classes.

Ross

On Thu, 10 Mar 2022 at 16:37, Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Thu, 2022-03-10 at 13:44 +0000, Ross Burton wrote:
> > On Thu, 10 Mar 2022 at 01:05, Alejandro Hernandez Samaniego
> > <alhe@linux.microsoft.com> wrote:
> > > I agree with Denys's point here, I think its likely there's other cases just like
> > > meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO
> > > it would make sense to add a copy of python3-cryptography to meta-arm (especially since
> > > there's been similar situations in the past) and in parallel try to make a case for
> > > python3-cryptography to be moved from meta-python to OE-core.
> > >
> > > Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm.
> > >
> > > This seems reasonable.  Can you rework your series to add this?  Also,
> > > we need to keep the older version of OPTEE for corstone1000 (for the
> > > kirkstone release).  So, if you can keep that around in v2, it would
> > > be appreciated.
> >
> > Sorry for being late to this thread, I've been elbow-deep in Python
> > packaging changes.
> >
> > As Tim said, moving python3-cryptography to meta-arm isn't one recipe:
> > it's two recipes and four or so classes.  This isn't a trivial
> > operation and I'm against that.
> >
> > Can the use of python3-cryptography be a PACKAGECONFIG that is
> > disabled in optee out of the box, so machines which want to use it can
> > turn it on and add the dependency?
> >
> > A less-worse option would be to DYNAMIC_LAYERS the optee recipes, so
> > they're only parsed if meta-python is around.
> >
> > Long term we definitely need to move the crypto stack to oe-core.  I
> > wonder if RP would be open to moving it now...
>
> I'm wondering how many classes/recipes are involved but I'm open to the idea...
>
> Cheers,
>
> Richard
>


^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-03-10  1:05                   ` Alejandro Hernandez
  2022-03-10 13:44                     ` Ross Burton
@ 2022-03-10 17:11                     ` Alejandro Hernandez
  2022-03-12 22:02                       ` Tim Orling
  1 sibling, 1 reply; 21+ messages in thread
From: Alejandro Hernandez @ 2022-03-10 17:11 UTC (permalink / raw)
  To: Jon Mason
  Cc: Denys Dmytriyenko, Abdellatif El Khlifi, Sumit Garg, meta-arm,
	Vishnu Banavath, Maxim Uvarov, Peter Griffin, Drew Reed

[-- Attachment #1: Type: text/plain, Size: 3668 bytes --]


On 3/10/22 01:05, Alejandro Hernandez wrote:
>
>
> On 3/9/22 13:01, Jon Mason wrote:
>> On Fri, Mar 04, 2022 at 03:16:31AM +0000, Alejandro Hernandez wrote:
>>> On 3/3/22 23:37, Denys Dmytriyenko wrote:
>>>> On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote:
>>>>> On 3/3/22 10:55, Abdellatif El Khlifi wrote:
>>>>>> Hello,
>>>>>>
>>>>>> I suggest the following:
>>>>>>
>>>>>> In meta-arm-bsp/conf/layer.conf add :
>>>>>>
>>>>>> LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = "
>>>>>> meta-python openembedded-layer"
>>>>> This statement is a little confusing (to me), please correct me if
>>>>> I'm wrong, but you're saying
>>>>>
>>>>> we should set a dependency from meta-arm-bsp layer, only for
>>>>> qemuarm64-secureboot,
>>>>>
>>>>> however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp,
>>>>>
>>>>> AFAIC meta-arm-bsp has now knowledge of its existence, in fact
>>>>> there's no other mention of
>>>>>
>>>>> qemuarm64-secureboot in meta-arm-bsp.
>>>> Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on
>>>> meta-arm, not meta-arm-bsp.
>>>>
>>>> Depending on python3-cryptography which is only available in meta-python (part
>>>> of meta-openembedded) should be avoided. Back in the day we pushed for moving
>>>> other python3 dependencies like pycryptodome and pyelftools into OE-Core:
>>>>
>>>> https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516ca
>>>> https://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571
>>>>
>>>> We could try doing the same with this new python3-cryptography dependecy and
>>>> propose moving it to OE-Core. Alternatively, consider adding it to meta-arm?
>>>> Not ideal, but meta-arm-bsp briefly carried alternative/older version recently:
>>>>
>>>> https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058
>>> I agree with Denys's point here, I think its likely there's other cases just like
>>> meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO
>>> it would make sense to add a copy of python3-cryptography to meta-arm (especially since
>>> there's been similar situations in the past) and in parallel try to make a case for
>>> python3-cryptography to be moved from meta-python to OE-core.
>>>
>>> Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm.
>> This seems reasonable.  Can you rework your series to add this?  Also,
>> we need to keep the older version of OPTEE for corstone1000 (for the
>> kirkstone release).  So, if you can keep that around in v2, it would
>> be appreciated.
>>
>> Thanks,
>> Jon
> Will do, I'll send a v2 soon.
> Cheers,
> Alejandro
>
>
Quick update before sending v2, the list of required dependencies to bring python3-cryptography is the following:

recipes:

python3-asn1crypto_1.4.0.bb
python3-cffi_1.15.0.bb
python3-cryptography
python3-cryptography_36.0.1.bb
python3-cryptography-vectors_36.0.1.bb
python3-pycparser_2.21.bb
python3-semantic-version_2.9.0.bb
python3-setuptools-rust-native_1.1.2.bb
python3-typing-extensions_3.10.0.0.bb

classes:

pyo3.bbclass
setuptools3_rust.bbclass

Alejandro


>>> Alejandro
>>>
>>> -=-=-=-=-=-=-=-=-=-=-=-
>>> Links: You receive all messages sent to this group.
>>> View/Reply Online (#3142):https://lists.yoctoproject.org/g/meta-arm/message/3142
>>> Mute This Topic:https://lists.yoctoproject.org/mt/89404067/4354175
>>> Group Owner:meta-arm+owner@lists.yoctoproject.org
>>> Unsubscribe:https://lists.yoctoproject.org/g/meta-arm/unsub  [alhe@linux.microsoft.com]
>>> -=-=-=-=-=-=-=-=-=-=-=-
>>>

[-- Attachment #2: Type: text/html, Size: 6375 bytes --]

^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-03-10 17:11                     ` Alejandro Hernandez
@ 2022-03-12 22:02                       ` Tim Orling
       [not found]                         ` <ae6d4ed4ab31810631fd311956d9675c48f5284e.camel@linuxfoundation.org>
  0 siblings, 1 reply; 21+ messages in thread
From: Tim Orling @ 2022-03-12 22:02 UTC (permalink / raw)
  To: Alejandro Hernandez Samaniego
  Cc: Abdellatif El Khlifi, Denys Dmytriyenko, Drew Reed, Jon Mason,
	Maxim Uvarov, Peter Griffin, Sumit Garg, Vishnu Banavath,
	meta-arm

[-- Attachment #1: Type: text/plain, Size: 3931 bytes --]

On Thu, Mar 10, 2022 at 9:12 AM Alejandro Hernandez Samaniego <
alhe@linux.microsoft.com> wrote:

>
> On 3/10/22 01:05, Alejandro Hernandez wrote:
>
>
> On 3/9/22 13:01, Jon Mason wrote:
>
> On Fri, Mar 04, 2022 at 03:16:31AM +0000, Alejandro Hernandez wrote:
>
> On 3/3/22 23:37, Denys Dmytriyenko wrote:
>
> On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote:
>
> On 3/3/22 10:55, Abdellatif El Khlifi wrote:
>
> Hello,
>
> I suggest the following:
>
> In meta-arm-bsp/conf/layer.conf add :
>
> LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = "
> meta-python openembedded-layer"
>
> This statement is a little confusing (to me), please correct me if
> I'm wrong, but you're saying
>
> we should set a dependency from meta-arm-bsp layer, only for
> qemuarm64-secureboot,
>
> however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp,
>
> AFAIC meta-arm-bsp has now knowledge of its existence, in fact
> there's no other mention of
>
> qemuarm64-secureboot in meta-arm-bsp.
>
> Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on
> meta-arm, not meta-arm-bsp.
>
> Depending on python3-cryptography which is only available in meta-python (part
> of meta-openembedded) should be avoided. Back in the day we pushed for moving
> other python3 dependencies like pycryptodome and pyelftools into OE-Core:
> https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516cahttps://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571
>
> We could try doing the same with this new python3-cryptography dependecy and
> propose moving it to OE-Core. Alternatively, consider adding it to meta-arm?
> Not ideal, but meta-arm-bsp briefly carried alternative/older version recently:
> https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058
>
> I agree with Denys's point here, I think its likely there's other cases just like
> meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO
> it would make sense to add a copy of python3-cryptography to meta-arm (especially since
> there's been similar situations in the past) and in parallel try to make a case for
> python3-cryptography to be moved from meta-python to OE-core.
>
> Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm.
>
> This seems reasonable.  Can you rework your series to add this?  Also,
> we need to keep the older version of OPTEE for corstone1000 (for the
> kirkstone release).  So, if you can keep that around in v2, it would
> be appreciated.
>
> Thanks,
> Jon
>
> Will do, I'll send a v2 soon.
>
> Cheers,
>
> Alejandro
>
>
> Quick update before sending v2, the list of required dependencies to bring python3-cryptography is the following:
>
> recipes:
>
> python3-asn1crypto_1.4.0.bbpython3-cffi_1.15.0.bb
> python3-cryptographypython3-cryptography_36.0.1.bbpython3-cryptography-vectors_36.0.1.bbpython3-pycparser_2.21.bbpython3-semantic-version_2.9.0.bbpython3-setuptools-rust-native_1.1.2.bbpython3-typing-extensions_3.10.0.0.bb
>
> classes:
>
> pyo3.bbclass
> setuptools3_rust.bbclass
>
>
The full story (only missing a couple recipes added to ptest because I
don’t know if they are slow or fast)
https://git.yoctoproject.org/poky-contrib/log/?h=timo/move-py-crypto

—Tim

>
> Alejandro
>
>
> Alejandro
>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#3150):
> https://lists.yoctoproject.org/g/meta-arm/message/3150
> Mute This Topic: https://lists.yoctoproject.org/mt/89404067/924729
> Group Owner: meta-arm+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [
> ticotimo@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>

[-- Attachment #2: Type: text/html, Size: 8009 bytes --]

^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16
       [not found]                         ` <ae6d4ed4ab31810631fd311956d9675c48f5284e.camel@linuxfoundation.org>
@ 2022-03-14  0:54                           ` Alejandro Enedino Hernandez Samaniego
  0 siblings, 0 replies; 21+ messages in thread
From: Alejandro Enedino Hernandez Samaniego @ 2022-03-14  0:54 UTC (permalink / raw)
  To: Richard Purdie, Tim Orling
  Cc: Abdellatif El Khlifi, Denys Dmytriyenko, Drew Reed, Jon Mason,
	Maxim Uvarov, Peter Griffin, Sumit Garg, Vishnu Banavath,
	meta-arm

[-- Attachment #1: Type: text/plain, Size: 1727 bytes --]

Thanks Tim and Richard!, I'll send a v2 soon based off on those changes.

Cheers,

Alejandro

On 3/13/22 11:17, Richard Purdie wrote:
> On Sat, 2022-03-12 at 14:02 -0800, Tim Orling wrote:
>> On Thu, Mar 10, 2022 at 9:12 AM Alejandro Hernandez Samaniego
>> <alhe@linux.microsoft.com>  wrote:
>>> Quick update before sending v2, the list of required dependencies to bring
>>> python3-cryptography is the following:
>>> recipes:
>>> python3-asn1crypto_1.4.0.bb
>>> python3-cffi_1.15.0.bb
>>> python3-cryptography
>>> python3-cryptography_36.0.1.bb
>>> python3-cryptography-vectors_36.0.1.bb
>>> python3-pycparser_2.21.bb
>>> python3-semantic-version_2.9.0.bb
>>> python3-setuptools-rust-native_1.1.2.bb
>>> python3-typing-extensions_3.10.0.0.bb
>>> classes:
>>> pyo3.bbclass
>>> setuptools3_rust.bbclass
>>>
>>
>> The full story (only missing a couple recipes added to ptest because I don’t
>> know if they are slow or fast)
>> https://git.yoctoproject.org/poky-contrib/log/?h=timo/move-py-crypto
> I've tweaked the series a bit and it is now in master-next.
>
> I've renamed the classes to add a python_ prefix which will mean we need to
> tweak recipes a little but I think it is the right thing to do and best done now
> rather than any later.
>
> Cheers,
>
> Richard
>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#3168):https://lists.yoctoproject.org/g/meta-arm/message/3168
> Mute This Topic:https://lists.yoctoproject.org/mt/89404067/4354175
> Group Owner:meta-arm+owner@lists.yoctoproject.org
> Unsubscribe:https://lists.yoctoproject.org/g/meta-arm/unsub  [alhe@linux.microsoft.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

[-- Attachment #2: Type: text/html, Size: 3232 bytes --]

^ permalink raw reply	[flat|nested] 21+ messages in thread
* Re: [PATCH] arm/optee: Upgrade from 3.14 to 3.16
  2022-02-26  3:04 [PATCH] arm/optee: Upgrade from 3.14 to 3.16 Alejandro Enedino Hernandez Samaniego
  2022-03-01 16:27 ` Jon Mason
@ 2022-03-23 13:31 ` Jon Mason
  1 sibling, 0 replies; 21+ messages in thread
From: Jon Mason @ 2022-03-23 13:31 UTC (permalink / raw)
  To: meta-arm, Alejandro Enedino Hernandez Samaniego

On Fri, 25 Feb 2022 20:04:41 -0700, Alejandro Enedino Hernandez Samaniego wrote:
> - Removes upstreamed patches for optee-examples
> - Fixes optee-examples installation
> - Includes new python3-cryptography dependency
> - Fixes python3-cryptography to work with openssl
> 
> Tested on qemuarm64-secureboot via optee-examples xtest -l 15

Applied, thanks!

[1/1] arm/optee: Upgrade from 3.14 to 3.16
      commit: 3d0e5368d17fac053227422e4f4fddbc1fa7c7de

Best regards,
-- 
Jon Mason <jon.mason@arm.com>


^ permalink raw reply	[flat|nested] 21+ messages in thread
end of thread, other threads:[~2022-03-23 13:31 UTC | newest]

Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-26  3:04 [PATCH] arm/optee: Upgrade from 3.14 to 3.16 Alejandro Enedino Hernandez Samaniego
2022-03-01 16:27 ` Jon Mason
2022-03-01 21:54   ` [meta-arm] " Alejandro Hernandez
     [not found]     ` <Yh+DX8uaoS1VPpQ8@kudzu.us>
2022-03-03  5:31       ` Sumit Garg
2022-03-03 10:55         ` Abdellatif El Khlifi
2022-03-03 21:11           ` Alejandro Hernandez
2022-03-03 23:37             ` Denys Dmytriyenko
2022-03-04  3:16               ` Alejandro Hernandez
2022-03-04  3:58                 ` Tim Orling
2022-03-04 11:35                   ` Abdellatif El Khlifi
2022-03-04 11:43                     ` Abdellatif El Khlifi
2022-03-04 18:56                       ` Denys Dmytriyenko
2022-03-09 20:01                 ` Jon Mason
2022-03-10  1:05                   ` Alejandro Hernandez
2022-03-10 13:44                     ` Ross Burton
2022-03-10 16:37                       ` Richard Purdie
2022-03-10 16:53                         ` Ross Burton
2022-03-10 17:11                     ` Alejandro Hernandez
2022-03-12 22:02                       ` Tim Orling
     [not found]                         ` <ae6d4ed4ab31810631fd311956d9675c48f5284e.camel@linuxfoundation.org>
2022-03-14  0:54                           ` Alejandro Enedino Hernandez Samaniego
2022-03-23 13:31 ` Jon Mason

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.