mirror of
https://git.yoctoproject.org/meta-arm
synced 2026-05-08 05:09:56 +00:00
meta-arm-bsp/security: corstone1000: add trusted services support
These changes are to add support to build TrustedServices. corstone1000 platfrom uses optee-sp option which will include secure partitions into optee Image Following changes are made to trusted-services code * TS_PLATFORM should be set at the external build system level. * fix EARLY_TA_PATHS environment variable * se-proxy string and make it as child node Change-Id: I58d76b5e25e7f285794c93dc92c1b93fdd77cfb9 Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
This commit is contained in:
Abdellatif El Khlifi
@@ -41,6 +41,9 @@ EXTRA_IMAGEDEPENDS += "optee-os"
|
||||
OPTEE_ARCH = "arm64"
|
||||
OPTEE_BINARY = "tee-pager_v2.bin"
|
||||
|
||||
# Trusted Services(TS)
|
||||
EXTRA_IMAGEDEPENDS += "secure-partitions"
|
||||
|
||||
# Linux kernel
|
||||
PREFERRED_PROVIDER_virtual/kernel:forcevariable = "linux-yocto"
|
||||
PREFERRED_VERSION_linux-yocto = "5.10%"
|
||||
|
||||
@@ -4,8 +4,8 @@ COMPATIBLE_MACHINE = "(corstone1000)"
|
||||
|
||||
TFM_DEBUG = "1"
|
||||
|
||||
# Default is the FVP
|
||||
TFM_PLATFORM_IS_FVP ?= "TRUE"
|
||||
## Default is the MPS3 board
|
||||
TFM_PLATFORM_IS_FVP ?= "FALSE"
|
||||
EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}"
|
||||
|
||||
SRCBRANCH_tfm = "master"
|
||||
|
||||
@@ -1,27 +1,13 @@
|
||||
SRC_URI = "git://git.trustedfirmware.org/OP-TEE/optee_os.git;protocol=https;branch=psa-development"
|
||||
SRCREV = "f9de2c9520ed97b89760cc4c99424aae440b63f4"
|
||||
PV .= "+git${SRCREV}"
|
||||
require optee-os_corstone1000_common.inc
|
||||
|
||||
DEPENDS += "python3-pycryptodomex-native"
|
||||
DEPENDS += " secure-partitions"
|
||||
EXTRA_OEMAKE +="'SP_PACKAGING_METHOD=embedded'"
|
||||
|
||||
FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:"
|
||||
TS_INSTALL_PREFIX_PATH="${RECIPE_SYSROOT}/firmware/sp/opteesp"
|
||||
EXTRA_OEMAKE += "'TS_INSTALL_PREFIX=${TS_INSTALL_PREFIX_PATH}'"
|
||||
|
||||
SRC_URI:append = " \
|
||||
file://0001-plat-corstone1000-add-corstone1000-platform.patch \
|
||||
file://0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch"
|
||||
# se-proxy secure partition
|
||||
SP_MKFILE_PATH="${TS_INSTALL_PREFIX}/lib/make/se-proxy.mk"
|
||||
|
||||
COMPATIBLE_MACHINE = "corstone1000"
|
||||
|
||||
OPTEEMACHINE = "corstone1000"
|
||||
# Enable optee memory layout and boot logs
|
||||
EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
|
||||
|
||||
# default disable latency benchmarks (over all OP-TEE layers)
|
||||
EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n"
|
||||
|
||||
EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y"
|
||||
|
||||
EXTRA_OEMAKE += " CFG_WITH_SP=y"
|
||||
|
||||
EXTRA_OEMAKE += " HOST_PREFIX=${HOST_PREFIX}"
|
||||
EXTRA_OEMAKE += " CROSS_COMPILE64=${HOST_PREFIX}"
|
||||
EXTRA_OEMAKE += "'CFG_SP_MKFILE_PATH=${SP_MKFILE_PATH}'"
|
||||
EXTRA_OEMAKE += "'CFG_EMBED_DTB_SOURCE_FILE=${TS_INSTALL_PREFIX_PATH}/manifest/46bb39d1-b4d9-45b5-88ff-040027dab249.dts'"
|
||||
|
||||
@@ -0,0 +1,27 @@
|
||||
SRC_URI = "git://git.trustedfirmware.org/OP-TEE/optee_os.git;protocol=https;branch=psa-development"
|
||||
SRCREV = "f9de2c9520ed97b89760cc4c99424aae440b63f4"
|
||||
PV .= "+git${SRCREV}"
|
||||
|
||||
DEPENDS += "python3-pycryptodomex-native dtc-native"
|
||||
|
||||
FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:"
|
||||
|
||||
SRC_URI:append = " \
|
||||
file://0001-plat-corstone1000-add-corstone1000-platform.patch \
|
||||
file://0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch"
|
||||
|
||||
COMPATIBLE_MACHINE = "corstone1000"
|
||||
|
||||
OPTEEMACHINE = "corstone1000"
|
||||
# Enable optee memory layout and boot logs
|
||||
EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
|
||||
|
||||
# default disable latency benchmarks (over all OP-TEE layers)
|
||||
EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n"
|
||||
|
||||
EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y"
|
||||
|
||||
EXTRA_OEMAKE += " CFG_WITH_SP=y"
|
||||
|
||||
EXTRA_OEMAKE += " HOST_PREFIX=${HOST_PREFIX}"
|
||||
EXTRA_OEMAKE += " CROSS_COMPILE64=${HOST_PREFIX}"
|
||||
@@ -0,0 +1 @@
|
||||
require optee-os_corstone1000_common.inc
|
||||
@@ -0,0 +1,6 @@
|
||||
# Machine specific configurations
|
||||
|
||||
MACHINE_OPTEE_SPDEVKIT_REQUIRE ?= ""
|
||||
MACHINE_OPTEE_SPDEVKIT_REQUIRE:corstone1000 = "optee-spdevkit_corstone1000.inc"
|
||||
|
||||
require ${MACHINE_OPTEE_SPDEVKIT_REQUIRE}
|
||||
+33
@@ -0,0 +1,33 @@
|
||||
Upstream-Status: Pending [Not submitted to upstream yet]
|
||||
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
|
||||
|
||||
From 0bdafbd98ffd25a09822a560435ee9719e9bc0e4 Mon Sep 17 00:00:00 2001
|
||||
From: Vishnu Banavath <vishnu.banavath@arm.com>
|
||||
Date: Sat, 13 Nov 2021 07:47:44 +0000
|
||||
Subject: [PATCH] tools/cmake/common: applying lowercase project convention
|
||||
|
||||
Lowercase convention should only apply on the paths inside TS
|
||||
source-code.
|
||||
Host build paths should not be lowercased. Otherwise, builds
|
||||
with uppercase paths will break.
|
||||
|
||||
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
|
||||
|
||||
diff --git a/tools/cmake/common/AddPlatform.cmake b/tools/cmake/common/AddPlatform.cmake
|
||||
index ae34c6e..31bcd8c 100644
|
||||
--- a/tools/cmake/common/AddPlatform.cmake
|
||||
+++ b/tools/cmake/common/AddPlatform.cmake
|
||||
@@ -37,8 +37,8 @@ function(add_platform)
|
||||
set(TGT ${MY_PARAMS_TARGET} CACHE STRING "")
|
||||
|
||||
# Ensure file path conforms to lowercase project convention
|
||||
- string(TOLOWER "${TS_PLATFORM_ROOT}/${TS_PLATFORM}/platform.cmake" _platdef)
|
||||
- include(${_platdef})
|
||||
+ string(TOLOWER "${TS_PLATFORM}/platform.cmake" _platdef)
|
||||
+ include(${TS_PLATFORM_ROOT}/${_platdef})
|
||||
set(CMAKE_CONFIGURE_DEPENDS ${_platdef})
|
||||
|
||||
unset(TGT CACHE)
|
||||
--
|
||||
2.17.1
|
||||
|
||||
+31
@@ -0,0 +1,31 @@
|
||||
Upstream-Status: Pending [Not submitted to upstream yet]
|
||||
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
|
||||
|
||||
From 28f3e8d68996ad2e3ccca45d2435b3b524daef48 Mon Sep 17 00:00:00 2001
|
||||
From: Vishnu Banavath <vishnu.banavath@arm.com>
|
||||
Date: Sat, 13 Nov 2021 07:51:53 +0000
|
||||
Subject: [PATCH] fix EARLY_TA_PATHS env variable
|
||||
|
||||
Yocto cleans up environment varaibles at build time.
|
||||
EARLY_TA_PATHS should be set a separate rule for securepartitions
|
||||
to be included into optee-os image
|
||||
|
||||
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
|
||||
|
||||
diff --git a/environments/opteesp/sp.mk.in b/environments/opteesp/sp.mk.in
|
||||
index c44ad59..d67e2dc 100644
|
||||
--- a/environments/opteesp/sp.mk.in
|
||||
+++ b/environments/opteesp/sp.mk.in
|
||||
@@ -14,7 +14,8 @@ ifeq (,${@EXPORT_SP_UUID@-included})
|
||||
endif
|
||||
|
||||
ifeq (embedded,${SP_PACKAGING_METHOD})
|
||||
-OPTEE_OS_COMMON_EXTRA_FLAGS+=EARLY_TA_PATHS+=${TS_INSTALL_PREFIX}/opteesp/bin/@EXPORT_SP_UUID@.stripped.elf
|
||||
+EARLY_TA_PATHS+=${TS_INSTALL_PREFIX}/bin/@EXPORT_SP_UUID@.stripped.elf
|
||||
+OPTEE_OS_COMMON_EXTRA_FLAGS+=${EARLY_TA_PATHS}
|
||||
TS_SP_DTSI_LIST+="\\n\#include \"${TS_INSTALL_PREFIX}/opteesp/manifest/@EXPORT_SP_UUID@.dtsi\""
|
||||
else ifeq (fip,${SP_PACKAGING_METHOD})
|
||||
TS_SP_JSON_LIST+=${TS_INSTALL_PREFIX}/opteesp/json/@EXPORT_SP_NAME@.json
|
||||
--
|
||||
2.17.1
|
||||
|
||||
+45
@@ -0,0 +1,45 @@
|
||||
Upstream-Status: Pending [Not submitted to upstream yet]
|
||||
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
|
||||
|
||||
From 446155031c5a37c3a9771f0215d9fb23d59648d6 Mon Sep 17 00:00:00 2001
|
||||
From: Vishnu Banavath <vishnu.banavath@arm.com>
|
||||
Date: Sat, 13 Nov 2021 08:34:42 +0000
|
||||
Subject: [PATCH] se-proxy:dts: add se-proxy as child node
|
||||
|
||||
se-proxy sp string should be added for se-proxy node to be
|
||||
read properly.
|
||||
|
||||
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
|
||||
|
||||
diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
|
||||
index 961071a..9f5cf71 100644
|
||||
--- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in
|
||||
+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
|
||||
@@ -7,13 +7,15 @@
|
||||
@DTS_TAG@
|
||||
|
||||
@DTS_NODE@ {
|
||||
- compatible = "arm,ffa-manifest-1.0";
|
||||
- ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */
|
||||
- uuid = <@EXPORT_SP_UUID_DT@>;
|
||||
- description = "SE Proxy";
|
||||
- execution-ctx-count = <1>;
|
||||
- exception-level = <1>; /* S-EL0 */
|
||||
- execution-state = <0>; /* AArch64 */
|
||||
- xlat-granule = <0>; /* 4KiB */
|
||||
- messaging-method = <0>; /* Direct messaging only */
|
||||
+ se-proxy {
|
||||
+ compatible = "arm,ffa-manifest-1.0";
|
||||
+ ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */
|
||||
+ uuid = <@EXPORT_SP_UUID_DT@>;
|
||||
+ description = "SE Proxy";
|
||||
+ execution-ctx-count = <1>;
|
||||
+ exception-level = <1>; /* S-EL0 */
|
||||
+ execution-state = <0>; /* AArch64 */
|
||||
+ xlat-granule = <0>; /* 4KiB */
|
||||
+ messaging-method = <0>; /* Direct messaging only */
|
||||
+ };
|
||||
};
|
||||
--
|
||||
2.17.1
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
MACHINE_TS_REQUIRE ?= ""
|
||||
MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc"
|
||||
|
||||
require ${MACHINE_TS_REQUIRE}
|
||||
@@ -0,0 +1,17 @@
|
||||
FILESEXTRAPATHS:prepend := "${THISDIR}/secure-partitions:"
|
||||
|
||||
COMPATIBLE_MACHINE = "corstone1000"
|
||||
|
||||
SRC_URI:append = " file://0001-tools-cmake-common-applying-lowercase-project-convention.patch \
|
||||
file://0002-fix-EARLY_TA_PATHS-env-variable.patch \
|
||||
file://0003-se-proxy-dts-add-se-proxy-as-child-node.patch \
|
||||
"
|
||||
|
||||
TS_PLATFORM = "arm/fvp/fvp_base_revc-2xaemv8a"
|
||||
TS_ENVIRONMENT = "opteesp"
|
||||
SP_PACKAGING_METHOD = "embedded"
|
||||
|
||||
EXTRA_OEMAKE += "TS_PLATFORM=${TS_PLATFORM}"
|
||||
|
||||
# Secure Enclave proxy secure partition
|
||||
TS_DEPLOYMENTS += "'deployments/se-proxy/${TS_ENVIRONMENT}'"
|
||||
Reference in New Issue
Block a user