mirrors/meta-arm
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-05-07 04:58:57 +00:00
Code Issues Projects Releases Wiki Activity

arm/trusted-services: fix environment handling

Browse Source 
The current version of the TS recipes fails to build if the TS
environment is not set to opteesp. Change the recipes to allow building
the sp environment.

This environment targets "generic" secure partitions and produces SPMC
agnostic SP binaries which should be able to boot under any FF-A v1.0
compliant SPMC implementation.

Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Gyorgy Szing
2024-04-23 18:32:00 +02:00
committed by Jon Mason
parent 7f30d19df1
commit 34f1c74092
5 changed files with 26 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/trusted-services.md
+3
View File
@@ -44,6 +44,9 @@ Other steps depend on your machine/platform definition:
and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc` and and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc` and
`meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for N1SDP and Corstone1000 platforms. `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for N1SDP and Corstone1000 platforms.
4. Trusted Services supports an SPMC agonistic binary format. To build SPs to this format the `TS_ENV` variable is to be
set to `sp`. The resulting SP binaries should be able to boot under any FF-A v1.1 compliant SPMC implementation.
## Normal World applications ## Normal World applications
Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes
meta-arm/recipes-security/optee/optee-os-ts.inc
+17 -14
View File
@@ -6,61 +6,64 @@
# TS SPs UUIDs definitions # TS SPs UUIDs definitions
require recipes-security/trusted-services/ts-uuid.inc require recipes-security/trusted-services/ts-uuid.inc
TS_ENV = "opteesp" TS_ENV ?= "opteesp"
TS_BIN = "${RECIPE_SYSROOT}/usr/${TS_ENV}/bin" TS_BIN = "${RECIPE_SYSROOT}/usr/${TS_ENV}/bin"
TS_BIN_SPM_TEST= "${RECIPE_SYSROOT}/usr/opteesp/bin"
SP_EXT = "${@oe.utils.conditional('TS_ENV','opteesp','.stripped.elf','.bin',d)}"
# ITS SP # ITS SP
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \ DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \
' ts-sp-its', '' , d)}" ' ts-sp-its', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \ SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \
' ${TS_BIN}/${ITS_UUID}.stripped.elf', '', d)}" ' ${TS_BIN}/${ITS_UUID}${SP_EXT}', '', d)}"
# Storage SP # Storage SP
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \ DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \
' ts-sp-storage', '' , d)}" ' ts-sp-storage', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \ SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \
' ${TS_BIN}/${STORAGE_UUID}.stripped.elf', '', d)}" ' ${TS_BIN}/${STORAGE_UUID}${SP_EXT}', '', d)}"
# Crypto SP. # Crypto SP.
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \ DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \
' ts-sp-crypto', '' , d)}" ' ts-sp-crypto', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \ SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \
' ${TS_BIN}/${CRYPTO_UUID}.stripped.elf', '', d)}" ' ${TS_BIN}/${CRYPTO_UUID}${SP_EXT}', '', d)}"
# Attestation SP # Attestation SP
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \ DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \
' ts-sp-attestation', '' , d)}" ' ts-sp-attestation', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \ SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \
' ${TS_BIN}/${ATTESTATION_UUID}.stripped.elf', '', d)}" ' ${TS_BIN}/${ATTESTATION_UUID}${SP_EXT}', '', d)}"
# Env-test SP # Env-test SP
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \ DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \
' ts-sp-env-test', '' , d)}" ' ts-sp-env-test', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \ SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \
' ${TS_BIN}/${ENV_TEST_UUID}.stripped.elf', '', d)}" ' ${TS_BIN}/${ENV_TEST_UUID}${SP_EXT}', '', d)}"
# SE-Proxy SP # SE-Proxy SP
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \ DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \
' ts-sp-se-proxy', '' , d)}" ' ts-sp-se-proxy', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \ SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \
' ${TS_BIN}/${SE_PROXY_UUID}.stripped.elf', '', d)}" ' ${TS_BIN}/${SE_PROXY_UUID}${SP_EXT}', '', d)}"
# SMM Gateway # SMM Gateway
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
' ts-sp-smm-gateway', '' , d)}" ' ts-sp-smm-gateway', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
' ${TS_BIN}/${SMM_GATEWAY_UUID}.stripped.elf', '', d)}" ' ${TS_BIN}/${SMM_GATEWAY_UUID}${SP_EXT}', '', d)}"
# SPM test SPs # SPM test SPs
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
' ts-sp-spm-test1 ts-sp-spm-test2 \ ' ts-sp-spm-test1 ts-sp-spm-test2 \
ts-sp-spm-test3 ts-sp-spm-test4', '' , d)}" ts-sp-spm-test3 ts-sp-spm-test4', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
' ${TS_BIN}/${SPM_TEST1_UUID}.stripped.elf \ ' ${TS_BIN_SPM_TEST}/${SPM_TEST1_UUID}.stripped.elf \
${TS_BIN}/${SPM_TEST2_UUID}.stripped.elf \ ${TS_BIN_SPM_TEST}/${SPM_TEST2_UUID}.stripped.elf \
${TS_BIN}/${SPM_TEST3_UUID}.stripped.elf \ ${TS_BIN_SPM_TEST}/${SPM_TEST3_UUID}.stripped.elf \
${TS_BIN}/${SPM_TEST4_UUID}.stripped.elf', \ ${TS_BIN_SPM_TEST}/${SPM_TEST4_UUID}.stripped.elf', \
'', d)}" '', d)}"
EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
' CFG_SPMC_TESTS=y', '' , d)}" ' CFG_SPMC_TESTS=y', '' , d)}"
@@ -69,7 +72,7 @@ DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage',
' ts-sp-block-storage', '' , d)}" ' ts-sp-block-storage', '' , d)}"
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \
' ${TS_BIN}/${BLOCK_STORAGE_UUID}.stripped.elf', '', d)}" ' ${TS_BIN}/${BLOCK_STORAGE_UUID}${SP_EXT}', '', d)}"
EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', \ EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', \
' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y \ ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y \
meta-arm/recipes-security/trusted-services/trusted-services.inc
+2 -2
View File
@@ -23,7 +23,7 @@ TS_PLATFORM ?= "ts/mock"
# FIP packaging is not supported yet # FIP packaging is not supported yet
SP_PACKAGING_METHOD ?= "embedded" SP_PACKAGING_METHOD ?= "embedded"
SYSROOT_DIRS += "/usr/opteesp /usr/arm-linux" SYSROOT_DIRS += "/usr/${TS_ENV} /usr/opteesp /usr/arm-linux"
# TS cmake files use find_file() to search through source code and build dirs. # TS cmake files use find_file() to search through source code and build dirs.
# Yocto cmake class limits CMAKE_FIND_ROOT_PATH and find_file() fails. # Yocto cmake class limits CMAKE_FIND_ROOT_PATH and find_file() fails.
@@ -54,5 +54,5 @@ EXTRA_OECMAKE += "${@get_ts_toolchain_option(d)}"
# Paths to pre-built dependencies required by some TS SPs/tools # Paths to pre-built dependencies required by some TS SPs/tools
EXTRA_OECMAKE += "-Dlibts_ROOT=${STAGING_DIR_HOST}${TS_INSTALL}/lib/cmake/libts/ \ EXTRA_OECMAKE += "-Dlibts_ROOT=${STAGING_DIR_HOST}${TS_INSTALL}/lib/cmake/libts/ \
-DNEWLIB_INSTALL_DIR=${STAGING_DIR_HOST}${TS_INSTALL}/newlib \ -DNEWLIB_INSTALL_DIR=${STAGING_DIR_HOST}/usr/opteesp/newlib \
" "
meta-arm/recipes-security/trusted-services/ts-sp-common.inc
+1
View File
@@ -6,6 +6,7 @@ require trusted-services.inc
require ts-uuid.inc require ts-uuid.inc
DEPENDS += "dtc-native ts-newlib" DEPENDS += "dtc-native ts-newlib"
DEPENDS += "${@oe.utils.conditional('TS_ENV','sp','python3-pyelftools-native','', d)}"
FILES:${PN}-dev = "${TS_INSTALL}" FILES:${PN}-dev = "${TS_INSTALL}"
meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc
+3
View File
@@ -1,5 +1,8 @@
DESCRIPTION = "Trusted Services SPMC test SPs" DESCRIPTION = "Trusted Services SPMC test SPs"
# spm test SP only supports opteesp.
TS_ENV = 'opteesp'
require ts-sp-common.inc require ts-sp-common.inc
SP_UUID = "${SPM_TEST${SP_INDEX}_UUID}" SP_UUID = "${SPM_TEST${SP_INDEX}_UUID}"