diff --git a/documentation/trusted-services.md b/documentation/trusted-services.md index f672dc2e..0359b648 100644 --- a/documentation/trusted-services.md +++ b/documentation/trusted-services.md @@ -44,6 +44,9 @@ Other steps depend on your machine/platform definition: and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc` and `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for N1SDP and Corstone1000 platforms. +4. Trusted Services supports an SPMC agonistic binary format. To build SPs to this format the `TS_ENV` variable is to be + set to `sp`. The resulting SP binaries should be able to boot under any FF-A v1.1 compliant SPMC implementation. + ## Normal World applications Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes diff --git a/meta-arm/recipes-security/optee/optee-os-ts.inc b/meta-arm/recipes-security/optee/optee-os-ts.inc index c6b806ff..a9071abd 100644 --- a/meta-arm/recipes-security/optee/optee-os-ts.inc +++ b/meta-arm/recipes-security/optee/optee-os-ts.inc @@ -6,61 +6,64 @@ # TS SPs UUIDs definitions require recipes-security/trusted-services/ts-uuid.inc -TS_ENV = "opteesp" +TS_ENV ?= "opteesp" TS_BIN = "${RECIPE_SYSROOT}/usr/${TS_ENV}/bin" +TS_BIN_SPM_TEST= "${RECIPE_SYSROOT}/usr/opteesp/bin" + +SP_EXT = "${@oe.utils.conditional('TS_ENV','opteesp','.stripped.elf','.bin',d)}" # ITS SP DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \ ' ts-sp-its', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \ - ' ${TS_BIN}/${ITS_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN}/${ITS_UUID}${SP_EXT}', '', d)}" # Storage SP DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \ ' ts-sp-storage', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \ - ' ${TS_BIN}/${STORAGE_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN}/${STORAGE_UUID}${SP_EXT}', '', d)}" # Crypto SP. DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \ ' ts-sp-crypto', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \ - ' ${TS_BIN}/${CRYPTO_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN}/${CRYPTO_UUID}${SP_EXT}', '', d)}" # Attestation SP DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \ ' ts-sp-attestation', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \ - ' ${TS_BIN}/${ATTESTATION_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN}/${ATTESTATION_UUID}${SP_EXT}', '', d)}" # Env-test SP DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \ ' ts-sp-env-test', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \ - ' ${TS_BIN}/${ENV_TEST_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN}/${ENV_TEST_UUID}${SP_EXT}', '', d)}" # SE-Proxy SP DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \ ' ts-sp-se-proxy', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \ - ' ${TS_BIN}/${SE_PROXY_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN}/${SE_PROXY_UUID}${SP_EXT}', '', d)}" # SMM Gateway DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ ' ts-sp-smm-gateway', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ - ' ${TS_BIN}/${SMM_GATEWAY_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN}/${SMM_GATEWAY_UUID}${SP_EXT}', '', d)}" # SPM test SPs DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ ' ts-sp-spm-test1 ts-sp-spm-test2 \ ts-sp-spm-test3 ts-sp-spm-test4', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ - ' ${TS_BIN}/${SPM_TEST1_UUID}.stripped.elf \ - ${TS_BIN}/${SPM_TEST2_UUID}.stripped.elf \ - ${TS_BIN}/${SPM_TEST3_UUID}.stripped.elf \ - ${TS_BIN}/${SPM_TEST4_UUID}.stripped.elf', \ - '', d)}" + ' ${TS_BIN_SPM_TEST}/${SPM_TEST1_UUID}.stripped.elf \ + ${TS_BIN_SPM_TEST}/${SPM_TEST2_UUID}.stripped.elf \ + ${TS_BIN_SPM_TEST}/${SPM_TEST3_UUID}.stripped.elf \ + ${TS_BIN_SPM_TEST}/${SPM_TEST4_UUID}.stripped.elf', \ + '', d)}" EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ ' CFG_SPMC_TESTS=y', '' , d)}" @@ -69,7 +72,7 @@ DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', ' ts-sp-block-storage', '' , d)}" SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ - ' ${TS_BIN}/${BLOCK_STORAGE_UUID}.stripped.elf', '', d)}" + ' ${TS_BIN}/${BLOCK_STORAGE_UUID}${SP_EXT}', '', d)}" EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', \ ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y \ diff --git a/meta-arm/recipes-security/trusted-services/trusted-services.inc b/meta-arm/recipes-security/trusted-services/trusted-services.inc index c4a6f78c..272e9106 100644 --- a/meta-arm/recipes-security/trusted-services/trusted-services.inc +++ b/meta-arm/recipes-security/trusted-services/trusted-services.inc @@ -23,7 +23,7 @@ TS_PLATFORM ?= "ts/mock" # FIP packaging is not supported yet SP_PACKAGING_METHOD ?= "embedded" -SYSROOT_DIRS += "/usr/opteesp /usr/arm-linux" +SYSROOT_DIRS += "/usr/${TS_ENV} /usr/opteesp /usr/arm-linux" # TS cmake files use find_file() to search through source code and build dirs. # Yocto cmake class limits CMAKE_FIND_ROOT_PATH and find_file() fails. @@ -54,5 +54,5 @@ EXTRA_OECMAKE += "${@get_ts_toolchain_option(d)}" # Paths to pre-built dependencies required by some TS SPs/tools EXTRA_OECMAKE += "-Dlibts_ROOT=${STAGING_DIR_HOST}${TS_INSTALL}/lib/cmake/libts/ \ - -DNEWLIB_INSTALL_DIR=${STAGING_DIR_HOST}${TS_INSTALL}/newlib \ + -DNEWLIB_INSTALL_DIR=${STAGING_DIR_HOST}/usr/opteesp/newlib \ " diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-common.inc b/meta-arm/recipes-security/trusted-services/ts-sp-common.inc index 5e4cd720..c8b1409c 100644 --- a/meta-arm/recipes-security/trusted-services/ts-sp-common.inc +++ b/meta-arm/recipes-security/trusted-services/ts-sp-common.inc @@ -6,6 +6,7 @@ require trusted-services.inc require ts-uuid.inc DEPENDS += "dtc-native ts-newlib" +DEPENDS += "${@oe.utils.conditional('TS_ENV','sp','python3-pyelftools-native','', d)}" FILES:${PN}-dev = "${TS_INSTALL}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc index e357629b..5c0d6865 100644 --- a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc +++ b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc @@ -1,5 +1,8 @@ DESCRIPTION = "Trusted Services SPMC test SPs" +# spm test SP only supports opteesp. +TS_ENV = 'opteesp' + require ts-sp-common.inc SP_UUID = "${SPM_TEST${SP_INDEX}_UUID}"