arm/optee-ftpm: Switch to new fTPM TA fork

Use Linaro's optee-ftpm fork instead of historical sample in Microsoft's TPM reference. Signed-off-by: Mariam Elshakfy <mariam.elshakfy@linaro.org> Signed-off-by: Jon Mason <jon.mason@arm.com>
2026-01-11 15:00:39 +00:00 · 2025-07-14 12:07:13 +00:00
parent ad117a2733
commit 2987114521
2 changed files with 28 additions and 45 deletions
--- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0001-add-enum-to-ta-flags.patch
+++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm/0001-add-enum-to-ta-flags.patch
@@ -1,27 +0,0 @@
-From 2bb67529a8b6096fadd3dd0cf740beded9a01432 Mon Sep 17 00:00:00 2001
-From: Maxim Uvarov <maxim.uvarov@linaro.org>
-Date: Fri, 17 Apr 2020 12:05:53 +0100
-Subject: [PATCH] add enum to ta flags
-
-If we compile this TA into OPTEE-OS we need to define a flag
-that this TA can be discovered on the optee bus.
-Upstream-Status: Submitted [https://github.com/microsoft/MSRSec/pull/34]
-
-Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
---
- .../ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h    | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h b/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h
-index 92c33c169320..e83619d55d3c 100644
--- a/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h
-+++ b/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h
-@@ -44,7 +44,7 @@
- 
- #define TA_UUID                     TA_FTPM_UUID
- 
-#define TA_FLAGS                    (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE)
-+#define TA_FLAGS                    (TA_FLAG_SINGLE_INSTANCE | TA_FLAG_INSTANCE_KEEP_ALIVE | TA_FLAG_DEVICE_ENUM_SUPP)
- #define TA_STACK_SIZE               (64 * 1024)
- #define TA_DATA_SIZE                (32 * 1024)
- 
--- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_4.6.0.bb
+++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_4.6.0.bb
@@ -15,37 +15,50 @@ inherit deploy python3native

 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=5a3925ece0806073ae9ebbb08ff6f11e"
+LIC_FILES_CHKSUM += "file://optee-ta/LICENSE;md5=5a3925ece0806073ae9ebbb08ff6f11e"

 DEPENDS = "python3-pyelftools-native optee-os-tadevkit python3-cryptography-native "

 FTPM_UUID = "bc50d971-d4c9-42c4-82cb-343fb7f37896"

-SRC_URI = "gitsm://github.com/Microsoft/ms-tpm-20-ref;branch=main;protocol=https \
-           file://0001-add-enum-to-ta-flags.patch"
-SRCREV = "e9fc7b89d865536c46deb63f9c7d0121a3ded49c"
+SRC_URI_ms-tpm   ?= "gitsm://github.com/Microsoft/ms-tpm-20-ref;protocol=https"
+SRC_URI_optee-ta ?= "gitsm://github.com/OP-TEE/optee_ftpm.git;protocol=https"
+
+SRCBRANCH_ms-tpm    = "main"
+SRCBRANCH_optee-ta  = "master"
+
+SRC_URI = "\
+    ${SRC_URI_ms-tpm};branch=${SRCBRANCH_ms-tpm};name=ms-tpm;destsuffix=ms-tpm \
+    ${SRC_URI_optee-ta};branch=${SRCBRANCH_optee-ta};name=optee-ta;destsuffix=ms-tpm/optee-ta \
+"
+
+# As per optee-ftpm TA documentation, we have to use this SHA of MS TPM reference
+SRCREV_ms-tpm   ?= "98b60a44aba79b15fcce1c0d1e46cf5918400f6a"
+
+# v4.6.0
+SRCREV_optee-ta ?= "6f99e783eb9bb57c314a881433d4ec970de87959"
+
+SRCREV_FORMAT    = "ms-tpm_optee-ta"

 UPSTREAM_CHECK_COMMITS = "1"

+S = "${UNPACKDIR}/ms-tpm"
+
 OPTEE_CLIENT_EXPORT = "${STAGING_DIR_HOST}${prefix}"
 TEEC_EXPORT = "${STAGING_DIR_HOST}${prefix}"
 TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta"

 EXTRA_OEMAKE += '\
-    CFG_FTPM_USE_WOLF=y \
    TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
-    TA_CROSS_COMPILE=${TARGET_PREFIX} \
-    CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST} -I${WORKDIR}/optee-os" \
+    CROSS_COMPILE=${TARGET_PREFIX} \
+    CFG_MS_TPM_20_REF="${S}" \
+    CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST}" \
 '

 EXTRA_OEMAKE:append:aarch64:qemuall = "\
    CFG_ARM64_ta_arm64=y \
 "

-# TODO: GCC 14.1 is finding genuine issues with the code but as upstream appear to be removing
-# the code we're building (https://github.com/microsoft/ms-tpm-20-ref/pull/108) lets just
-# ignore them for now.
-CFLAGS += "-Wno-implicit-function-declaration -Wno-incompatible-pointer-types"
-
 # python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
 # right path until this is relocated automatically.
 export OPENSSL_MODULES = "${STAGING_LIBDIR_NATIVE}/ossl-modules"
@@ -53,22 +66,19 @@ export OPENSSL_MODULES = "${STAGING_LIBDIR_NATIVE}/ossl-modules"
 PARALLEL_MAKE = ""

 do_compile() {
-    # The internal ${CC} includes the correct -mcpu option
-    sed -i 's/-mcpu=$(TA_CPU)//' Samples/ARM32-FirmwareTPM/optee_ta/fTPM/sub.mk
-    # there's also a secure variable storage TA called authvars
-    cd ${S}/Samples/ARM32-FirmwareTPM/optee_ta
+    cd ${S}/optee-ta
    oe_runmake
 }

 do_install () {
    mkdir -p ${D}/${nonarch_base_libdir}/optee_armtz
-    install -D -p -m 0644 ${S}/Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/${FTPM_UUID}.ta ${D}/${nonarch_base_libdir}/optee_armtz/
-    install -D -p -m 0644 ${S}/Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/${FTPM_UUID}.stripped.elf ${D}/${nonarch_base_libdir}/optee_armtz/
+    install -D -p -m 0644 ${S}/optee-ta/${FTPM_UUID}.ta ${D}/${nonarch_base_libdir}/optee_armtz/
+    install -D -p -m 0644 ${S}/optee-ta/${FTPM_UUID}.stripped.elf ${D}/${nonarch_base_libdir}/optee_armtz/
 }

 do_deploy () {
    install -d ${DEPLOYDIR}/optee
-    install -D -p -m 0644 ${S}/Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/${FTPM_UUID}.stripped.elf ${DEPLOYDIR}/optee/
+    install -D -p -m 0644 ${S}/optee-ta/${FTPM_UUID}.stripped.elf ${DEPLOYDIR}/optee/
 }

 addtask deploy before do_build after do_install