From: Etienne Carriere <etienne.carriere@linaro.org>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/5] boot/optee-os: OP-TEE secure world
Date: Fri, 23 Nov 2018 16:08:09 +0100 [thread overview]
Message-ID: <CAN5uoS_+TL01d4qRiAprgaWv+J9y5g1d52jEkN-KH6u9FW60Xg@mail.gmail.com> (raw)
In-Reply-To: <CAN5uoS_czEqeL4xK0femn8L6cXVfkGpHw0_vY+GuS9rk2YGzDw@mail.gmail.com>
On Fri, 23 Nov 2018 at 10:05, Etienne Carriere
<etienne.carriere@linaro.org> wrote:
>
> On Fri, 23 Nov 2018 at 09:35, Shyam Saini <shyam@amarulasolutions.com> wrote:
> >
> > Hi Etienne,
> >
> >
> > >
> > > OP-TEE OS is maintained by the OP-TEE project. It provides an
> > > open source solution for development and integration of secure
> > > services for Armv7-A and Armv8-A CPU based platforms supporting
> > > the TrustZone technology. This technology enables CPUs to
> > > concurrently host a secure world as the OP-TEE OS and a non-secure
> > > world as a Linux based OS.
> > >
> > > The OP-TEE project maintains other packages to leverage OP-TEE on
> > > Linux kernel based OSes. An OP-TEE interface driver is available
> > > in the Linux kernel since 4.12 upon CONFIG_OPTEE.
> > >
> > > https://www.op-tee.org/
> > > https://github.com/OP-TEE/optee_os
> > >
> > > Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
> > > ---
> > > boot/Config.in | 1 +
> > > .../3.3.0/0001-move-python-to-python3.patch | 26 ++++++
> > > boot/optee-os/Config.in | 102 ++++++++++++++++++++
> > > boot/optee-os/optee-os.hash | 4 +
> > > boot/optee-os/optee-os.mk | 103 +++++++++++++++++++++
> > > 5 files changed, 236 insertions(+)
> > > create mode 100644 boot/optee-os/3.3.0/0001-move-python-to-python3.patch
> > > create mode 100644 boot/optee-os/Config.in
> > > create mode 100644 boot/optee-os/optee-os.hash
> > > create mode 100644 boot/optee-os/optee-os.mk
> > >
> > > diff --git a/boot/Config.in b/boot/Config.in
> > > index 8e0c8e5..cd14731 100644
> > > --- a/boot/Config.in
> > > +++ b/boot/Config.in
> > > @@ -13,6 +13,7 @@ source "boot/gummiboot/Config.in"
> > > source "boot/lpc32xxcdl/Config.in"
> > > source "boot/mv-ddr-marvell/Config.in"
> > > source "boot/mxs-bootlets/Config.in"
> > > +source "boot/optee-os/Config.in"
> > > source "boot/riscv-pk/Config.in"
> > > source "boot/s500-bootloader/Config.in"
> > > source "boot/syslinux/Config.in"
> > > diff --git a/boot/optee-os/3.3.0/0001-move-python-to-python3.patch b/boot/optee-os/3.3.0/0001-move-python-to-python3.patch
> > > new file mode 100644
> > > index 0000000..b0ed5b5
> > > --- /dev/null
> > > +++ b/boot/optee-os/3.3.0/0001-move-python-to-python3.patch
> > > @@ -0,0 +1,26 @@
> > > +move python scripts to pyhton3
> > > +
> > > +Use python3 for scripts depending on module Crypto.
> > > +
> > > +Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
> > > +
> > > +diff --git a/scripts/pem_to_pub_c.py b/scripts/pem_to_pub_c.py
> > > +index 6b8fa36..0b03d62 100755
> > > +--- a/scripts/pem_to_pub_c.py
> > > ++++ b/scripts/pem_to_pub_c.py
> > > +@@ -1,4 +1,4 @@
> > > +-#!/usr/bin/env python
> > > ++#!/usr/bin/env python3
> > > + # SPDX-License-Identifier: BSD-2-Clause
> > > + #
> > > + # Copyright (c) 2015, Linaro Limited
> > > +diff --git a/scripts/sign.py b/scripts/sign.py
> > > +index ad47479..348b40a 100755
> > > +--- a/scripts/sign.py
> > > ++++ b/scripts/sign.py
> > > +@@ -1,4 +1,4 @@
> > > +-#!/usr/bin/env python
> > > ++#!/usr/bin/env python3
> > > + #
> > > + # Copyright (c) 2015, 2017, Linaro Limited
> > > + #
> > > diff --git a/boot/optee-os/Config.in b/boot/optee-os/Config.in
> > > new file mode 100644
> > > index 0000000..5968531
> > > --- /dev/null
> > > +++ b/boot/optee-os/Config.in
> > > @@ -0,0 +1,102 @@
> > > +config BR2_TARGET_OPTEE_OS
> > > + bool "optee_os"
> > > + depends on BR2_aarch64 || BR2_arm
> > > + select BR2_PACKAGE_OPENSSL # host tool
> > > + help
> > > + OP-TEE OS provides the secure world boot image and the trust
> > > + application development kit of the OP-TEE project. OP-TEE OS
> > > + also provides generic trusted application one can embedded
> > > + into its system.
> > > +
> > > + http://github.org/OP-TEE/optee_os
> > > +
> > > +if BR2_TARGET_OPTEE_OS
> > > +
> > > +choice
> > > + prompt "OP-TEE OS version"
> > > + default BR2_TARGET_OPTEE_OS_LATEST
> > > + help
> > > + Select the version of OP-TEE OS you want to use
> > > +
> > > +config BR2_TARGET_OPTEE_OS_LATEST
> > > + bool "sync with latest registered release tag"
> > > + help
> > > + This fetches the latest registered release tag from
> > > + the OP-TEE OS official Git repository.
> > > +
> > > +config BR2_TARGET_OPTEE_OS_CUSTOM_GIT
> > > + bool "sync on custom OP-TEE OS Git repository"
> > > + help
> > > + Sync with a specific OP-TEE Git repository.
> > > +
> > > +endchoice
> > > +
> > > +config BR2_TARGET_OPTEE_OS_VERSION
> > > + string
> > > + default "3.3.0" if BR2_TARGET_OPTEE_OS_LATEST
> > > + default BR2_TARGET_OPTEE_OS_CUSTOM_REPO_VERSION \
> > > + if BR2_TARGET_OPTEE_OS_CUSTOM_GIT
> > > +
> > > +if BR2_TARGET_OPTEE_OS_CUSTOM_GIT
> > > +
> > > +config BR2_TARGET_OPTEE_OS_CUSTOM_REPO_URL
> > > + string "sourcetree-site"
> > > + help
> > > + Specific location of the reference source tree Git
> > > + repository.
> > > +
> > > +config BR2_TARGET_OPTEE_OS_CUSTOM_REPO_VERSION
> > > + string "git reference to pull"
> > > + help
> > > + Reference in the target git repository to sync with.
> > > +
> > > +endif
> > > +
> > > +# Building core, TA libraries/devkit and/or generic TA services
> > > +
> > > +config BR2_TARGET_OPTEE_OS_CORE
> > > + bool "Build core"
> > > + default y
> > > + help
> > > + This option will build and install the OP-TEE core
> > > + boot images.
> > > +
> > > +config BR2_TARGET_OPTEE_OS_SDK
> > > + bool "Build TA devkit"
> > > + default y
> > > + help
> > > + This option will build and install the OP-TEE development
> > > + kit for building OP-TEE trusted application images. It is
> > > + installed in the staging filetree in /lib/optee directory.
> > > +
> > > +config BR2_TARGET_OPTEE_OS_SERVICES
> > > + bool "Build service TAs"
> > > + default y
> > > + help
> > > + This option will build and install the generic trusted
> > > + applications in the OP-TEE OS source tree and install
> > > + them in the target /lib/optee_armtz directory. At runtime
> > > + OP-TEE OS can load trusted applications from a non secure
> > > + filesystem into the secure world for execution.
> > > +
> > > +# Building TA libraries and/or core images require target platform info
> > > +
> > > +config BR2_TARGET_OPTEE_OS_PLATFORM
> > > + string "mandatory target PLATFORM"
> > > + help
> > > + Value for the mandated PLATFORM build directive provided to
> > > + OP-TEE OS.
> > > +
> > > +config BR2_TARGET_OPTEE_OS_PLATFORM_FLAVOR
> > > + string "optional target PLATFORM_FLAVOR"
> > > + help
> > > + Value for the optional PLATFORM_FLAVOR build directive
> > > + provided to OP-TEE OS.
> > > +
> > > +config BR2_TARGET_OPTEE_OS_ADDITIONAL_VARIABLES
> > > + string "Additional OP-TEE OS build variables"
> > > + help
> > > + Additional parameters for the OP-TEE OS build
> > > + E.g. 'CFG_TEE_CORE_LOG_LEVEL=3 CFG_UNWIND=y'
> > > +
> > > +endif # BR2_TARGET_OPTEE_OS
> > > diff --git a/boot/optee-os/optee-os.hash b/boot/optee-os/optee-os.hash
> > > new file mode 100644
> > > index 0000000..f68d72f
> > > --- /dev/null
> > > +++ b/boot/optee-os/optee-os.hash
> > > @@ -0,0 +1,4 @@
> > > +# From https://github.com/OP-TEE/optee_test/archive/3.3.0.tar.gz
> > > +sha256 f0c9572d3a341ea37bb8e89cfd511e96d6ca3b2b714b536564e8fedb93b0f44a optee-os-3.3.0.tar.gz
> > > +# Locally computed
> > > +sha256 fda8385993f112d7ca61b88b54ba5b4cbeec7e43a0f9b317d5186703c1985e8f LICENSE
> > > diff --git a/boot/optee-os/optee-os.mk b/boot/optee-os/optee-os.mk
> > > new file mode 100644
> > > index 0000000..2e04ce0
> > > --- /dev/null
> > > +++ b/boot/optee-os/optee-os.mk
> > > @@ -0,0 +1,103 @@
> > > +################################################################################
> > > +#
> > > +# optee-os
> > > +#
> > > +################################################################################
> > > +
> > > +OPTEE_OS_VERSION = $(call qstrip,$(BR2_TARGET_OPTEE_OS_VERSION))
> > > +OPTEE_OS_LICENSE = BSD-2-Clause
> > > +OPTEE_OS_LICENSE_FILES = LICENSE
> > > +
> > > +ifeq ($(BR2_TARGET_OPTEE_OS_CUSTOM_GIT),y)
> > > +OPTEE_OS_SITE = $(call qstrip,$(BR2_TARGET_OPTEE_OS_CUSTOM_REPO_URL))
> > > +OPTEE_OS_SITE_METHOD = git
> > > +BR_NO_CHECK_HASH_FOR += $(OPTEE_OS_SOURCE)
> > > +else
> > > +OPTEE_OS_SITE = $(call github,OP-TEE,optee_os,OPTEE_OS_VERSION)
> > > +endif
> > > +
> > > +# On 64bit targets, OP-TEE OS can be built in 32bit mode, or
> > > +# can be built in 64bit mode and support 32bit and 64bit
> > > +# trusted applications. Since buildroot currently references
> > > +# a single cross compiler, build exclusively in 32bit
> > > +# or 64bit mode.
> > > +OPTEE_OS_MAKE_OPTS = CROSS_COMPILE="$(TARGET_CROSS)"
> > > +OPTEE_OS_MAKE_OPTS += CROSS_COMPILE_core="$(TARGET_CROSS)"
> > > +ifeq ($(BR2_aarch64),y)
> > > +OPTEE_OS_MAKE_OPTS += CROSS_COMPILE_ta_arm64="$(TARGET_CROSS)"
> > > +endif
> > > +ifeq ($(BR2_arm),y)
> > > +OPTEE_OS_MAKE_OPTS += CROSS_COMPILE_ta_arm32="$(TARGET_CROSS)"
> > > +endif
> > > +
> > > +# Get mandatory PLAFORM and optional PLATFORM_FLAVOR
> > > +OPTEE_OS_MAKE_OPTS += PLATFORM=$(call qstrip,$(BR2_TARGET_OPTEE_OS_PLATFORM))
> > > +ifneq ($(BR2_TARGET_OPTEE_OS_PLATFORM_FLAVOR),)
> > > +OPTEE_OS_MAKE_OPTS += PLATFORM_FLAVOR=$(call qstrip,$(BR2_TARGET_OPTEE_OS_PLATFORM_FLAVOR))
> > > +endif
> > > +OPTEE_OS_MAKE_OPTS += $(call qstrip,$(BR2_TARGET_OPTEE_OS_ADDITIONAL_VARIABLES))
> >
> > minor nit, please see below
> > > +
> > > +# OP-TEE OS builds from subdirectory build/ of its synced sourcetree root path
> >
> > optee_os by default uses [1] "out" as build directory, Shouldn't we
> > use the same for consistency. We can provide option
> > and let the user decide?
>
> I though i would be better to have this makefile agnostic of the
> optee_os default output path.
> I guess a build option with a known default value is more flexible.
> However i did not find such in other BR packages. I wonder if it is a good idea.
>
I check and actually the default output build dir is not out/ but
out/$(ARCH)-plat-$(PLATFORM) knowing that $(PLATFORM) may not be the
value of PLATFORM set in this makefile script.
i.e Single PLATFORM=vexpress-qemu_virt external directive in
transformed by optee-os internal build as dual PLATFORM=vexpress +
PLATFORM_FLAVOR=qemu_virt.
Refer to https://github.com/OP-TEE/optee_os/blob/master/Makefile#L32
I will stick on forcing it to out/ as it simplifies the path resolution.
etienne
> >
> > [1] https://github.com/OP-TEE/optee_os/blob/master/Makefile#L44
> >
> > other than that,
> >
> > Tested-by: Shyam Saini <shyam.saini@amarulasolutions.com>
>
> Thanks a lot.
>
> etienne
next prev parent reply other threads:[~2018-11-23 15:08 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-22 15:22 [Buildroot] [PATCH 1/5] boot/optee-os: OP-TEE secure world Etienne Carriere
2018-11-22 15:22 ` [Buildroot] [PATCH 2/5] optee-client: new package Etienne Carriere
2018-11-23 11:48 ` Shyam Saini
2018-11-23 18:10 ` [Buildroot] [PATCH v2 " Etienne Carriere
2018-11-22 15:22 ` [Buildroot] [PATCH 3/5] optee-benchmark: " Etienne Carriere
2018-11-23 18:10 ` [Buildroot] [PATCH v2 " Etienne Carriere
2018-11-22 15:22 ` [Buildroot] [PATCH 4/5] optee-examples: " Etienne Carriere
2018-11-23 11:48 ` Shyam Saini
2018-11-23 18:11 ` [Buildroot] [PATCH v2 " Etienne Carriere
2018-11-22 15:22 ` [Buildroot] [PATCH 5/5] optee-test: " Etienne Carriere
2018-11-23 3:06 ` Carlos Santos
2018-11-23 10:10 ` Etienne Carriere
2018-11-23 11:49 ` Shyam Saini
2018-11-23 18:11 ` [Buildroot] [PATCH v2 " Etienne Carriere
2018-11-22 20:18 ` [Buildroot] [PATCH 1/5] boot/optee-os: OP-TEE secure world Baruch Siach
2018-11-23 8:21 ` Etienne Carriere
2018-11-23 10:05 ` Baruch Siach
2018-11-23 10:13 ` Etienne Carriere
2018-11-23 3:01 ` Carlos Santos
2018-11-23 7:33 ` Etienne Carriere
2018-11-23 8:35 ` Shyam Saini
2018-11-23 9:05 ` Etienne Carriere
2018-11-23 15:08 ` Etienne Carriere [this message]
2018-11-23 18:09 ` [Buildroot] [PATCH v2 1/5] boot/optee-os: new package Etienne Carriere
2019-01-07 10:24 ` [Buildroot] [PATCH v3 1/7] " Etienne Carriere
2019-01-07 10:24 ` [Buildroot] [PATCH v3 2/7] optee-client: " Etienne Carriere
2019-01-07 10:24 ` [Buildroot] [PATCH v3 3/7] optee-examples: " Etienne Carriere
2019-01-07 10:24 ` [Buildroot] [PATCH v3 4/7] optee-test: " Etienne Carriere
2019-01-07 10:24 ` [Buildroot] [PATCH v3 5/7] optee-benchmark: " Etienne Carriere
2019-01-07 10:24 ` [Buildroot] [PATCH v3 6/7] configs/qemu_armv7a_tz_virt: Armv7-A emulation with TrustZone services Etienne Carriere
2019-01-07 10:24 ` [Buildroot] [PATCH v3 7/7] configs/qemu_aarch64_tz_virt: AArch64 " Etienne Carriere
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAN5uoS_+TL01d4qRiAprgaWv+J9y5g1d52jEkN-KH6u9FW60Xg@mail.gmail.com \
--to=etienne.carriere@linaro.org \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.