arm/optee: Upgrade from 3.14 to 3.16

- Removes upstreamed patches for optee-examples - Fixes optee-examples installation - Includes new python3-cryptography dependency - Removes older cryptography backend dependencies - Fixes python3-cryptography to work with openssl - Keeps optee-client and optee-os v3.1.4 for corstone1000 compatibility Tested on qemuarm64-secureboot via optee-examples and xtest -l 15 Signed-off-by: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com> Signed-off-by: Jon Mason <jon.mason@arm.com>
2026-06-05 02:20:30 +00:00 · 2022-03-16 11:33:47 -06:00
parent 1b205211ea
commit 3d0e5368d1
22 changed files with 95 additions and 137 deletions
@@ -36,6 +36,8 @@ UBOOT_ARCH = "arm"
 UBOOT_EXTLINUX = "0"

 # optee
+PREFERRED_VERSION_optee-os ?= "3.14%"
+PREFERRED_VERSION_optee-client ?= "3.14%"
 EXTRA_IMAGEDEPENDS += "optee-os"
 OPTEE_ARCH = "arm64"
 OPTEE_BINARY = "tee-pager_v2.bin"
@@ -0,0 +1,6 @@
+# Machine specific configurations
+
+MACHINE_OPTEE_CLIENT_REQUIRE ?= ""
+MACHINE_OPTEE_CLIENT_REQUIRE:tc = "optee-client-tc.inc"
+
+require ${MACHINE_OPTEE_CLIENT_REQUIRE}
@@ -0,0 +1,7 @@
+# Machine specific configurations
+
+MACHINE_OPTEE_OS_REQUIRE ?= ""
+MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os_corstone1000.inc"
+MACHINE_OPTEE_OS_REQUIRE:tc = "optee-os-tc.inc"
+
+require ${MACHINE_OPTEE_OS_REQUIRE}
@@ -15,7 +15,7 @@ inherit deploy python3native
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5"

-DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit"
+DEPENDS = "python3-pyelftools-native optee-os-tadevkit python3-cryptography-native "

 FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"

@@ -48,6 +48,10 @@ EXTRA_OEMAKE:append:aarch64:qemuall = "\
    CFG_ARM64_ta_arm64=y \
 "

+# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
+# right path until this is relocated automatically.
+export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
+
 PARALLEL_MAKE = ""

 do_compile() {
@@ -0,0 +1,3 @@
+require optee-client.inc
+
+SRCREV = "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2"
@@ -5,16 +5,14 @@ HOMEPAGE = "https://github.com/linaro-swg/optee_examples"
 LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30"

-DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
+DEPENDS = "optee-client optee-os-tadevkit python3-cryptography-native"

 inherit python3native

 require optee.inc

 SRC_URI = "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https \
-           file://0001-plugins-Honour-default-cross-compiler-environment-se.patch \
-           file://0002-Makefile-Enable-plugins-installation-in-rootfs.patch \
-          "
+           file://0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch"

 EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
                 HOST_CROSS_COMPILE=${HOST_PREFIX} \
@@ -25,6 +23,7 @@ EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build"

+
 do_compile() {
    oe_runmake -C ${S}
 }
@@ -0,0 +1,46 @@
+From 11610debf750f15c7a104db7315dcd7d69e282a8 Mon Sep 17 00:00:00 2001
+From: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com>
+Date: Sat, 26 Feb 2022 01:52:26 +0000
+Subject: [PATCH] Makefile: Fix non-portable sh check for plugins
+
+Upstream-Status: Pending
+
+We previously held a patch that used "=" for comparison, but when
+that patch got upstreamed it was changed to "==" which is non-portable,
+resulting in an error:
+
+/bin/sh: 6: [: acipher: unexpected operator
+/bin/sh: 6: [: plugins: unexpected operator
+/bin/sh: 6: [: hello_world: unexpected operator
+/bin/sh: 6: [: hotp: unexpected operator
+/bin/sh: 6: [: aes: unexpected operator
+/bin/sh: 6: [: random: unexpected operator
+/bin/sh: 6: [: secure_storage: unexpected operator
+
+if /bin/sh doesnt point to bash.
+
+Which in turn causes our do_install task to fail since plugins arent
+where we expect them to be.
+
+
+Signed-off-by: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index b3f16aa..9359d95 100644
+--- a/Makefile
+++ b/Makefile
+@@ -31,7 +31,7 @@ prepare-for-rootfs: examples
+ 			cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
+ 		fi; \
+ 		cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
+-		if [ $$example == plugins ]; then \
+		if [ $$example = plugins ]; then \
+ 			cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \
+ 		fi; \
+ 	done
+-- 
+2.25.1
+
@@ -1,84 +0,0 @@
-From 79c826c249001700007a6dffe80c3d61ff4428ef Mon Sep 17 00:00:00 2001
-From: Sumit Garg <sumit.garg@linaro.org>
-Date: Tue, 20 Jul 2021 13:54:30 +0530
-Subject: [PATCH 1/2] plugins: Honour default cross compiler environment setup
-
-Honour default $(CC), $(CFLAGS) and $(LDFLAGS) variables. Without this
-plugins example fails to build for OE/Yocto.
-
-Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87]
-
-Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
---
- plugins/Makefile        |  2 +-
- plugins/host/Makefile   |  2 +-
- plugins/syslog/Makefile | 16 ++++++++++++----
- 3 files changed, 14 insertions(+), 6 deletions(-)
-
-diff --git a/plugins/Makefile b/plugins/Makefile
-index 2372b38..ea472b4 100644
--- a/plugins/Makefile
-+++ b/plugins/Makefile
-@@ -8,7 +8,7 @@ TA_CROSS_COMPILE ?= $(CROSS_COMPILE)
- all:
- 	$(MAKE) -C host CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
- 	$(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)" LDFLAGS=""
-	$(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)"
-+	$(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables
- 
- .PHONY: clean
- clean:
-diff --git a/plugins/host/Makefile b/plugins/host/Makefile
-index 7285104..76244c7 100644
--- a/plugins/host/Makefile
-+++ b/plugins/host/Makefile
-@@ -20,7 +20,7 @@ BINARY = optee_example_plugins
- all: $(BINARY)
- 
- $(BINARY): $(OBJS)
-	$(CC) -o $@ $< $(LDADD)
-+	$(CC) $(LDFLAGS) -o $@ $< $(LDADD)
- 
- .PHONY: clean
- clean:
-diff --git a/plugins/syslog/Makefile b/plugins/syslog/Makefile
-index 62d916a..71f5f92 100644
--- a/plugins/syslog/Makefile
-+++ b/plugins/syslog/Makefile
-@@ -1,3 +1,11 @@
-+CC      ?= $(CROSS_COMPILE)gcc
-+LD      ?= $(CROSS_COMPILE)ld
-+AR      ?= $(CROSS_COMPILE)ar
-+NM      ?= $(CROSS_COMPILE)nm
-+OBJCOPY ?= $(CROSS_COMPILE)objcopy
-+OBJDUMP ?= $(CROSS_COMPILE)objdump
-+READELF ?= $(CROSS_COMPILE)readelf
-+
- PLUGIN_UUID = 96bcf744-4f72-4866-bf1d-8634fd9c65e5
- 
- PLUGIN			= $(PLUGIN_UUID).plugin
-@@ -6,17 +14,17 @@ PLUGIN_OBJ		= $(patsubst %.c, %.o, $(PLUGIN_SRS))
- PLUGIN_INCLUDES_DIR	= $(CURDIR) $(TEEC_EXPORT)/include
- 
- PLUGIN_INCLUDES		= $(addprefix -I, $(PLUGIN_INCLUDES_DIR))
-PLUGIN_CCFLAGS		= -Wall -fPIC
-PLUGIN_LDFLAGS		= -shared
-+PLUGIN_CCFLAGS		= $(CFLAGS) -Wall -fPIC
-+PLUGIN_LDFLAGS		= $(LDFLAGS) -shared
- 
- .PHONY: all
- all: $(PLUGIN)
- 
- $(PLUGIN): $(PLUGIN_OBJ)
-	$(CROSS_COMPILE)gcc $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@
-+	$(CC) $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@
- 
- %.o: %.c
-	$(CROSS_COMPILE)gcc $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o
-+	$(CC) $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o
- 
- .PHONY: clean
- clean:
-- 
-2.25.1
-
@@ -1,37 +0,0 @@
-From f4e5e74548d92258855434b550c58fe44993c148 Mon Sep 17 00:00:00 2001
-From: Sumit Garg <sumit.garg@linaro.org>
-Date: Tue, 20 Jul 2021 14:20:10 +0530
-Subject: [PATCH] Makefile: Enable plugins installation in rootfs
-
-Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87]
-
-Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
-
---
- Makefile | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/Makefile b/Makefile
-index a275842..9359d95 100644
--- a/Makefile
-+++ b/Makefile
-@@ -25,14 +25,19 @@ prepare-for-rootfs: examples
- 	@mkdir -p $(OUTPUT_DIR)
- 	@mkdir -p $(OUTPUT_DIR)/ta
- 	@mkdir -p $(OUTPUT_DIR)/ca
-+	@mkdir -p $(OUTPUT_DIR)/plugins
- 	@for example in $(EXAMPLE_LIST); do \
- 		if [ -e $$example/host/optee_example_$$example ]; then \
- 			cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \
- 		fi; \
- 		cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \
-+		if [ $$example = plugins ]; then \
-+			cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \
-+		fi; \
- 	done
- 
- prepare-for-rootfs-clean:
- 	@rm -rf $(OUTPUT_DIR)/ta
- 	@rm -rf $(OUTPUT_DIR)/ca
-+	@rm -rf $(OUTPUT_DIR)/plugins
- 	@rmdir --ignore-fail-on-non-empty $(OUTPUT_DIR) || test ! -e $(OUTPUT_DIR)
@@ -1,4 +0,0 @@
-require optee-examples.inc
-
-SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec"
-
@@ -0,0 +1,3 @@
+require optee-examples.inc
+
+SRCREV = "65fc74309e12189ad5b6ce3ffec37c8011088a5a"
@@ -1,10 +1,11 @@
 FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:"
-require optee-os_3.14.0.bb
+require optee-os_3.16.0.bb

 SUMMARY = "OP-TEE Trusted OS TA devkit"
 DESCRIPTION = "OP-TEE TA devkit for build TAs"
 HOMEPAGE = "https://www.op-tee.org/"

+
 do_install() {
    #install TA devkit
    install -d ${D}${includedir}/optee/export-user_ta/
@@ -10,7 +10,7 @@ require optee.inc

 CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os"

-DEPENDS = "python3-pycryptodome-native python3-pyelftools-native"
+DEPENDS = "python3-pyelftools-native python3-cryptography-native"

 DEPENDS:append:toolchain-clang = " compiler-rt"

@@ -6,3 +6,4 @@ SRC_URI:append = " \
    file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \
    file://0007-allow-setting-sysroot-for-clang.patch \
 "
+DEPENDS = "python3-pycryptodome-native python3-pyelftools-native"
@@ -0,0 +1,8 @@
+require optee-os.inc
+
+SRCREV = "d0b742d1564834dac903f906168d7357063d5459"
+
+SRC_URI:append = " \
+    file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \
+    file://0007-allow-setting-sysroot-for-clang.patch \
+"
@@ -10,7 +10,7 @@ require optee.inc

 CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os"

-DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native"
+DEPENDS = "python3-pyelftools-native"

 DEPENDS:append:toolchain-clang = " compiler-rt"

@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa"
 inherit python3native ptest
 require optee.inc

-DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native"
+DEPENDS = "optee-client optee-os-tadevkit python3-cryptography-native"

 SRC_URI = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \
           file://run-ptest \
@@ -1,3 +0,0 @@
-require optee-test.inc
-
-SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741"
@@ -0,0 +1,3 @@
+require optee-test.inc
+
+SRCREV = "1cf0e6d2bdd1145370033d4e182634458528579d"
@@ -26,3 +26,6 @@ EXTRA_OEMAKE += "V=1 \
                 OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \
                 TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \
                "
+# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
+# right path until this is relocated automatically.
+export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"