mirrors/meta-ti
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-ti synced 2026-06-06 10:50:37 +00:00
Code Issues Projects Releases Wiki Activity

optee-os: only activate customizations for TI platforms

Browse Source 
Avoid inheriting ti-secdev class and adding unconditional dependency
on TI_SECURE_DEV_PKG and other variables, when meta-ti-bsp is in the
bblayers.conf stack, but not building for TI platforms. This solves
yocto-check-layer signature test for Yocto Project compliance.

Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
This commit is contained in:
Denys Dmytriyenko
2023-05-11 18:43:00 +00:00
committed by Ryan Eatmon
parent 94635de402
commit b5913c6344
2 changed files with 119 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-ti-bsp/recipes-security/optee/optee-os-ti.inc
+114
View File
@@ -0,0 +1,114 @@
# Use TI SECDEV for signing
inherit ti-secdev
EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}"
EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1"
EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1"
do_compile:append:k3() {
cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
cp ${B}/core/tee.elf ${B}/bl32.elf
}
# Signing procedure for legacy HS devices
optee_sign_legacyhs() {
( cd ${B}/core/; \
${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"`
mv tee.bin.signed ${B}/$normfl.optee; \
)
if [ "${OPTEEPAGER}" = "y" ]; then
oe_runmake -C ${S} clean
oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y
( cd ${B}/core/; \
${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"`
mv tee.bin.signed ${B}/$normfl-pager.optee; \
)
fi
}
do_compile:append:ti43x() {
optee_sign_legacyhs
}
do_compile:append:dra7xx() {
optee_sign_legacyhs
}
# Signing procedure for K3 devices
optee_sign_k3hs() {
${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
cp ${B}/core/tee.elf ${B}/bl32.elf
}
do_compile:append:am65xx-hs-evm() {
optee_sign_k3hs
}
do_compile:append:am64xx-evm() {
optee_sign_k3hs
}
do_compile:append:am62xx-evm() {
optee_sign_k3hs
}
do_compile:append:am62xx-lp-evm() {
optee_sign_k3hs
}
do_compile:append:am62axx-evm() {
optee_sign_k3hs
}
do_compile:append:j721e-hs-evm() {
optee_sign_k3hs
}
do_compile:append:j7200-hs-evm() {
optee_sign_k3hs
}
do_compile:append:j721s2-hs-evm() {
optee_sign_k3hs
}
do_compile:append:j784s4-hs-evm() {
optee_sign_k3hs
}
do_install:append:ti-soc() {
install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true
install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true
install -m 644 ${B}/bl32.bin.unsigned ${D}${nonarch_base_libdir}/firmware/ || true
install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ || true
}
optee_deploy_legacyhs() {
cd ${DEPLOYDIR}/
for f in optee/*.optee; do
ln -sf $f ${DEPLOYDIR}/
done
}
do_deploy:append:ti43x() {
optee_deploy_legacyhs
}
do_deploy:append:dra7xx() {
optee_deploy_legacyhs
}
do_deploy:append:k3() {
ln -sf optee/bl32.bin ${DEPLOYDIR}/
ln -sf optee/bl32.bin.unsigned ${DEPLOYDIR}/
ln -sf optee/bl32.elf ${DEPLOYDIR}/
}
# This is needed for bl32.elf
INSANE_SKIP:${PN}:append:k3 = " textrel"
meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend
+5 -115
View File
@@ -1,117 +1,7 @@
OPTEE_TI = ""
OPTEE_TI:ti-soc = "optee-os-ti.inc"
require ${OPTEE_TI}
PV:ti-soc = "3.20.0+git${SRCPV}"
SRCREV:ti-soc = "8e74d47616a20eaa23ca692f4bbbf917a236ed94"
# Use TI SECDEV for signing
inherit ti-secdev
EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}"
EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y CFG_TEE_CORE_LOG_LEVEL=1"
EXTRA_OEMAKE:append:am62axx = " CFG_TEE_CORE_LOG_LEVEL=1"
do_compile:append:k3() {
cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
cp ${B}/core/tee.elf ${B}/bl32.elf
}
# Signing procedure for legacy HS devices
optee_sign_legacyhs() {
( cd ${B}/core/; \
${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"`
mv tee.bin.signed ${B}/$normfl.optee; \
)
if [ "${OPTEEPAGER}" = "y" ]; then
oe_runmake -C ${S} clean
oe_runmake -C ${S} all CFG_TEE_TA_LOG_LEVEL=0 CFG_WITH_PAGER=y
( cd ${B}/core/; \
${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh tee.bin tee.bin.signed; \
normfl=`echo ${OPTEEFLAVOR} | tr "_" "-"`
mv tee.bin.signed ${B}/$normfl-pager.optee; \
)
fi
}
do_compile:append:ti43x() {
optee_sign_legacyhs
}
do_compile:append:dra7xx() {
optee_sign_legacyhs
}
# Signing procedure for K3 devices
optee_sign_k3hs() {
${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
cp ${B}/core/tee-pager_v2.bin ${B}/bl32.bin.unsigned
cp ${B}/core/tee.elf ${B}/bl32.elf
}
do_compile:append:am65xx-hs-evm() {
optee_sign_k3hs
}
do_compile:append:am64xx-evm() {
optee_sign_k3hs
}
do_compile:append:am62xx-evm() {
optee_sign_k3hs
}
do_compile:append:am62xx-lp-evm() {
optee_sign_k3hs
}
do_compile:append:am62axx-evm() {
optee_sign_k3hs
}
do_compile:append:j721e-hs-evm() {
optee_sign_k3hs
}
do_compile:append:j7200-hs-evm() {
optee_sign_k3hs
}
do_compile:append:j721s2-hs-evm() {
optee_sign_k3hs
}
do_compile:append:j784s4-hs-evm() {
optee_sign_k3hs
}
do_install:append:ti-soc() {
install -m 644 ${B}/*.optee ${D}${nonarch_base_libdir}/firmware/ || true
install -m 644 ${B}/bl32.bin ${D}${nonarch_base_libdir}/firmware/ || true
install -m 644 ${B}/bl32.bin.unsigned ${D}${nonarch_base_libdir}/firmware/ || true
install -m 644 ${B}/bl32.elf ${D}${nonarch_base_libdir}/firmware/ || true
}
optee_deploy_legacyhs() {
cd ${DEPLOYDIR}/
for f in optee/*.optee; do
ln -sf $f ${DEPLOYDIR}/
done
}
do_deploy:append:ti43x() {
optee_deploy_legacyhs
}
do_deploy:append:dra7xx() {
optee_deploy_legacyhs
}
do_deploy:append:k3() {
ln -sf optee/bl32.bin ${DEPLOYDIR}/
ln -sf optee/bl32.bin.unsigned ${DEPLOYDIR}/
ln -sf optee/bl32.elf ${DEPLOYDIR}/
}
# This is needed for bl32.elf
INSANE_SKIP:${PN}:append:k3 = " textrel"