OPTEE: 3.16.0-stm32mp1-r1

Signed-off-by: Christophe Priouzeau <christophe.priouzeau@foss.st.com> Change-Id: Idd8b84221d5f0621b31dbd8523e0b8e28368dc89
2022-06-06 15:14:36 +02:00 · 2022-06-06 15:14:36 +02:00 · b361e0b1a3
parent c2166edf50
commit b361e0b1a3
9 changed files with 127818 additions and 23630 deletions
--- a/recipes-security/optee/optee-os-stm32mp-archiver.inc
+++ b/recipes-security/optee/optee-os-stm32mp-archiver.inc
@ -21,31 +21,16 @@ DEPLOYDIR ?= \$(SRC_PATH)/../deploy
 # Set default optee-os config
 CFG_EMBED_DTB_SOURCE_FILE ?= ${OPTEE_CONF}

-# Configure default optee-os features
-ENABLE_FIP ?= ${@bb.utils.contains('MACHINE_FEATURES','fip','1','',d)}
-
 # Remove default variables
 LDFLAGS =
 CFLAGS =
 CPPFLAGS =
 # Define default make options
 EXTRA_OEMAKE = $(echo "${EXTRA_OEMAKE}" | sed "s|LIBGCC_LOCATE_CFLAGS=[^ ]* |LIBGCC_LOCATE_CFLAGS=\$(KCFLAGS) |")
-ifeq (\$(ENABLE_FIP), 0)
-EXTRA_OEMAKE += CFG_STM32MP15x_STM32IMAGE=y
-endif
-
-# Configure default optee-os features
-ifeq (\$(ENABLE_FIP), 1)
-OPTEE_SUFFIX ?= bin
-else
-OPTEE_SUFFIX ?= stm32
-endif

 # Set dependencies list for building all
 DEPS = optee
-ifeq (\$(ENABLE_FIP), 1)
 DEPS += fip
-endif

 help:
 	@echo
@ -58,10 +43,7 @@ help:
 	@echo "  DEPLOYDIR = \$(DEPLOYDIR)"
 	@echo
 	@echo "FIP configuration:"
-	@echo "  ENABLE_FIP = \$(ENABLE_FIP) ('1' to generate fip binary)"
-ifeq (\$(ENABLE_FIP),1)
 	@echo "  Do not forget to set FIP deploydir folders (such as FIP_DEPLOYDIR_ROOT) to provide path to needed binaries"
-endif
 	@echo
 	@echo "Available targets:"
 	@echo "  all   : build OPTEE-OS binaries for defined config(s)"
@ -77,22 +59,22 @@ optee:
 		for dt in \$(CFG_EMBED_DTB_SOURCE_FILE) ; do \\
 			\$(MAKE) \$(EXTRA_OEMAKE) -C \$(SRC_PATH) PREFIX=\$(SDKTARGETSYSROOT) O=\$(BLD_PATH)/\$\$dt CFG_EMBED_DTB_SOURCE_FILE=\$\$dt.dts ; \\
 			# Copy binary files with explicit name \\
-			cp \$(BLD_PATH)/\$\$dt/core/${OPTEE_HEADER}.\$(OPTEE_SUFFIX) \$(DEPLOYDIR)/${OPTEE_HEADER}-\$\$dt.\$(OPTEE_SUFFIX) ; \\
-			cp \$(BLD_PATH)/\$\$dt/core/${OPTEE_PAGER}.\$(OPTEE_SUFFIX) \$(DEPLOYDIR)/${OPTEE_PAGER}-\$\$dt.\$(OPTEE_SUFFIX) ; \\
-			cp \$(BLD_PATH)/\$\$dt/core/${OPTEE_PAGEABLE}.\$(OPTEE_SUFFIX) \$(DEPLOYDIR)/${OPTEE_PAGEABLE}-\$\$dt.\$(OPTEE_SUFFIX) ; \\
+			cp \$(BLD_PATH)/\$\$dt/core/${OPTEE_HEADER}.${OPTEE_SUFFIX} \$(DEPLOYDIR)/${OPTEE_HEADER}-\$\$dt.${OPTEE_SUFFIX} ; \\
+			cp \$(BLD_PATH)/\$\$dt/core/${OPTEE_PAGER}.${OPTEE_SUFFIX} \$(DEPLOYDIR)/${OPTEE_PAGER}-\$\$dt.${OPTEE_SUFFIX} ; \\
+			cp \$(BLD_PATH)/\$\$dt/core/${OPTEE_PAGEABLE}.${OPTEE_SUFFIX} \$(DEPLOYDIR)/${OPTEE_PAGEABLE}-\$\$dt.${OPTEE_SUFFIX} ; \\
 			cp \$(BLD_PATH)/\$\$dt/core/${OPTEE_ELF}.${OPTEE_ELF_SUFFIX} \$(DEPLOYDIR)/debug/${OPTEE_ELF}-\$\$dt.${OPTEE_ELF_SUFFIX} ; \\
 		done ; \\
 	else \\
 		\$(MAKE) \$(EXTRA_OEMAKE) -C \$(SRC_PATH) PREFIX=\$(SDKTARGETSYSROOT) O=\$(BLD_PATH)/ ; \\
 		# Copy binary files with explicit name \\
-		cp \$(BLD_PATH)/core/${OPTEE_HEADER}.\$(OPTEE_SUFFIX) \$(DEPLOYDIR)/ ; \\
-		cp \$(BLD_PATH)/core/${OPTEE_PAGER}.\$(OPTEE_SUFFIX) \$(DEPLOYDIR)/ ; \\
-		cp \$(BLD_PATH)/core/${OPTEE_PAGEABLE}.\$(OPTEE_SUFFIX) \$(DEPLOYDIR)/ ; \\
+		cp \$(BLD_PATH)/core/${OPTEE_HEADER}.${OPTEE_SUFFIX} \$(DEPLOYDIR)/ ; \\
+		cp \$(BLD_PATH)/core/${OPTEE_PAGER}.${OPTEE_SUFFIX} \$(DEPLOYDIR)/ ; \\
+		cp \$(BLD_PATH)/core/${OPTEE_PAGEABLE}.${OPTEE_SUFFIX} \$(DEPLOYDIR)/ ; \\
 		cp \$(BLD_PATH)/core/${OPTEE_ELF}.${OPTEE_ELF_SUFFIX} \$(DEPLOYDIR)/debug/ ; \\
 	fi

 fip: optee
-	FIP_DEPLOYDIR_OPTEE=\$(DEPLOYDIR) FIP_DEVICETREE="\$(CFG_EMBED_DTB_SOURCE_FILE)" fiptool-stm32mp
+	FIP_DEPLOYDIR_OPTEE=\$(DEPLOYDIR) FIP_DEVICETREE="\$(CFG_EMBED_DTB_SOURCE_FILE)" FIP_CONFIG="optee" FIP_BL32_CONF="optee" fiptool-stm32mp

 clean:
 	@echo "Removing \$(BLD_PATH) ..."
--- a/recipes-security/optee/optee-os-stm32mp-common.inc
+++ b/recipes-security/optee/optee-os-stm32mp-common.inc
@ -13,6 +13,7 @@ DEPENDS += "dtc-native"
 DEPENDS += "python3-pycryptodomex-native"
 DEPENDS += "python3-pyelftools-native"
 DEPENDS += "libgcc python3-cryptography-native"
+DEPENDS += "python3-pillow-native"

 inherit deploy python3native

@ -22,17 +23,18 @@ OPTEEOUTPUTMACHINE ?= "${MACHINE}"
 # Default log level
 ST_OPTEE_DEBUG_LOG_LEVEL ??= "2"

+# default core debug
+ST_OPTEE_CORE_DEBUG ??="y"
+
 EXTRA_OEMAKE = "PLATFORM=${OPTEEMACHINE}"
 EXTRA_OEMAKE += "CROSS_COMPILE_core=${HOST_PREFIX}"
 EXTRA_OEMAKE += "CROSS_COMPILE_ta_arm64=${HOST_PREFIX}"
 EXTRA_OEMAKE += "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', 'CFG_ARM64_core=y ta-targets=ta_arm64', 'CFG_ARM32_core=y CROSS_COMPILE_ta_arm32=${HOST_PREFIX}', d)}"
 EXTRA_OEMAKE += "NOWERROR=1"
 EXTRA_OEMAKE += "LDFLAGS="
-EXTRA_OEMAKE += "LIBGCC_LOCATE_CFLAGS=--sysroot=${STAGING_DIR_TARGET}"
-EXTRA_OEMAKE += "${@bb.utils.contains('MACHINE_FEATURES', 'fip', '', 'CFG_STM32MP15x_STM32IMAGE=y', d)}"

 # debug and trace
-EXTRA_OEMAKE += "${@bb.utils.contains('ST_OPTEE_DEBUG_TRACE', '1', 'CFG_TEE_CORE_LOG_LEVEL=${ST_OPTEE_DEBUG_LOG_LEVEL} CFG_TEE_CORE_DEBUG=n', '', d)}"
+EXTRA_OEMAKE += "${@bb.utils.contains('ST_OPTEE_DEBUG_TRACE', '1', 'CFG_TEE_CORE_LOG_LEVEL=${ST_OPTEE_DEBUG_LOG_LEVEL} CFG_TEE_CORE_DEBUG=${ST_OPTEE_CORE_DEBUG}', '', d)}"

 OPTEE_ARCH:armv7a = "arm32"
 OPTEE_ARCH:armv7ve = "arm32"
@ -77,7 +79,7 @@ do_install() {
 OPTEE_HEADER    = "tee-header_v2"
 OPTEE_PAGEABLE  = "tee-pageable_v2"
 OPTEE_PAGER     = "tee-pager_v2"
-OPTEE_SUFFIX    = "${@bb.utils.contains('MACHINE_FEATURES','fip','bin','stm32',d)}"
+OPTEE_SUFFIX    = "bin"
 # Output the ELF generated
 ELF_DEBUG_ENABLE ?= ""
 OPTEE_ELF = "tee"
--- a/recipes-security/optee/optee-os-stm32mp_3.16.0.bb
+++ b/recipes-security/optee/optee-os-stm32mp_3.16.0.bb
@ -2,18 +2,19 @@ SUMMARY = "OPTEE TA development kit for stm32mp"
 LICENSE = "BSD-2-Clause & BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c1f21c4f72f372ef38a5a4aee55ec173"

-SRC_URI = "git://github.com/OP-TEE/optee_os.git;protocol=https;name=os"
-SRCREV = "3d47a131bca1d9ed511bfd516aa5e70269e12c1d"
+SRC_URI = "git://github.com/OP-TEE/optee_os.git;protocol=https;branch=master;name=os"
+SRCREV = "d0b742d1564834dac903f906168d7357063d5459"

 SRC_URI += " \
-    file://0001-3.12.0-stm32mp-r1.patch \
-    file://0002-3.12.0-stm32mp-r1.1-rc1.patch \
-    file://0003-3.12.0-stm32mp-r2.patch \
+    file://fonts.tar.gz;subdir=git;name=fonts  \
+    file://0001-3.16.0-stm32mp-r1.patch        \
    "

-OPTEE_VERSION = "3.12.0"
-OPTEE_SUBVERSION = "stm32mp"
-OPTEE_RELEASE = "r2"
+SRC_URI[fonts.sha256sum] = "4941e8bb6d8ac377838e27b214bf43008c496a24a8f897e0b06433988cbd53b2"
+
+OPTEE_VERSION = "3.16.0"
+OPTEE_SUBVERSION = "stm32mp1"
+OPTEE_RELEASE = "r1"

 PV = "${OPTEE_VERSION}-${OPTEE_SUBVERSION}-${OPTEE_RELEASE}"

--- a/recipes-security/optee/optee-os/0001-3.12.0-stm32mp-r1.patch
+++ b/recipes-security/optee/optee-os/0001-3.12.0-stm32mp-r1.patch
--- a/recipes-security/optee/optee-os/0001-3.16.0-stm32mp-r1.patch
+++ b/recipes-security/optee/optee-os/0001-3.16.0-stm32mp-r1.patch
--- a/recipes-security/optee/optee-os/0002-3.12.0-stm32mp-r1.1-rc1.patch
+++ b/recipes-security/optee/optee-os/0002-3.12.0-stm32mp-r1.1-rc1.patch
@ -1,61 +0,0 @@
-From 4a99b2016fd0a2e207395da314a3c903c2e65c08 Mon Sep 17 00:00:00 2001
-From: Romuald JEANNE <romuald.jeanne@st.com>
-Date: Wed, 2 Jun 2021 16:53:20 +0200
-Subject: [PATCH 2/3] 3.12.0-stm32mp-r1.1-rc1
-
---
- core/arch/arm/plat-stm32mp1/remoteproc_pta.c | 9 +++------
- core/drivers/clk/clk-stm32mp15.c             | 2 +-
- core/drivers/stm32_bsec.c                    | 2 +-
- 3 files changed, 5 insertions(+), 8 deletions(-)
-
-diff --git a/core/arch/arm/plat-stm32mp1/remoteproc_pta.c b/core/arch/arm/plat-stm32mp1/remoteproc_pta.c
-index 27b0dfa07..8f3360122 100644
--- a/core/arch/arm/plat-stm32mp1/remoteproc_pta.c
-+++ b/core/arch/arm/plat-stm32mp1/remoteproc_pta.c
-@@ -492,13 +492,10 @@ static TEE_Result
- 			       TEE_Param params[TEE_NUM_PARAMS] __unused,
- 			       void **sess_ctx __unused)
- {
-	struct tee_ta_session *s = tee_ta_get_calling_session();
-+	struct ts_session *s = ts_get_calling_session();
- 
-	/* Check that we're called from a user TA */
-	if (!s)
-		return TEE_ERROR_ACCESS_DENIED;
-
-	if (!is_user_ta_ctx(s->ctx))
-+	/* TODO: check that we're called the remove proc TA (check UUID) */
-+	if (!s || !is_user_ta_ctx(s->ctx))
- 		return TEE_ERROR_ACCESS_DENIED;
- 
- 	return TEE_SUCCESS;
-diff --git a/core/drivers/clk/clk-stm32mp15.c b/core/drivers/clk/clk-stm32mp15.c
-index 794fd5e75..6bbab8902 100644
--- a/core/drivers/clk/clk-stm32mp15.c
-+++ b/core/drivers/clk/clk-stm32mp15.c
-@@ -962,7 +962,7 @@ static unsigned long __clk_get_parent_rate(enum stm32mp1_parent_id p)
- 	unsigned long clock = 0;
- 	vaddr_t rcc_base = stm32_rcc_base();
- 
-	switch (p) {
-+	switch ((unsigned int)p) {
- 	case _CK_MPU:
- 	/* MPU sub system */
- 		reg = io_read32(rcc_base + RCC_MPCKSELR);
-diff --git a/core/drivers/stm32_bsec.c b/core/drivers/stm32_bsec.c
-index 7d389a061..a8eba5f7d 100644
--- a/core/drivers/stm32_bsec.c
-+++ b/core/drivers/stm32_bsec.c
-@@ -646,7 +646,7 @@ static void bsec_dt_otp_nsec_access(void *fdt, int bsec_node)
- 
- 		size = length / sizeof(uint32_t);
- 
-		if (otp_id + size > STM32MP1_OTP_MAX_ID)
-+		if (otp_id + size > OTP_MAX_SIZE)
- 			panic("OTP range oversized");
- 
- 		for (i = otp_id; i < otp_id + size; i++)
-- 
-2.17.1
-
--- a/recipes-security/optee/optee-os/0003-3.12.0-stm32mp-r2.patch
+++ b/recipes-security/optee/optee-os/0003-3.12.0-stm32mp-r2.patch
--- a/recipes-security/optee/optee-os/README.HOW_TO.txt
+++ b/recipes-security/optee/optee-os/README.HOW_TO.txt
@ -1,20 +1,22 @@
 Compilation of Optee-os (Trusted Execution Environment):
 1. Pre-requisite
-2. Initialise cross-compilation via SDK
+2. Initialize cross-compilation via SDK
 3. Prepare optee-os source code
-4. Management of optee-os source code
+4. Manage optee-os source code
 5. Compile optee-os source code
 6. Update software on board

-1. Pre-requisite:
-----------------
+----------------
+1. Pre-requisite
+----------------
 OpenSTLinux SDK must be installed.

 If you have never configured you git configuration:
    $ git config --global user.name "your_name"
    $ git config --global user.email "your_email@example.com"

-2. Initialise cross-compilation via SDK:
+---------------------------------------
+2. Initialize cross-compilation via SDK
 ---------------------------------------
 Source SDK environment:
    $ source <path to SDK>/environment-setup-cortexa7t2hf-neon-vfpv4-ostl-linux-gnueabi
@ -26,25 +28,39 @@ If you have never configured you git configuration:
 Warning: the environment are valid only on the shell session where you have
 sourced the sdk environment.

-3. Prepare optee-os source:
------------------------
-If you have the tarball and the list of patch then you must extract the
-tarball and apply the patch.
-    $> tar xfz ##BP##-##PR##.tar.gz
-A new directory containing optee standard source code will be created, go into it:
-    $> cd ##BP##
+--------------------------
+3. Prepare optee-os source
+--------------------------
+If not already done, extract the sources from Developer Package tarball, for example:
+$ tar xfJ en.SOURCES-stm32mp1-*.tar.xz

-NB: if there is no git management on source code and you would like to have a git management
-on the code see section 4 [Management of optee-os source code]
-    if there is some patch, please apply it on source code
+In the optee-os source directory (sources/*/##BP##-##PR##),
+you have one optee-os source tarball, the patches and one Makefile:
+   - ##BP##-##PR##.tar.xz
+   - 00*.patch
+   - Makefile.sdk
+
+If you would like to have a git management for the source code move to
+to section 4 [Management of optee-os source code with GIT].
+
+Otherwise, to manage optee-os source code without git, you must extract the
+tarball now and apply the patch:
+
+    $> tar xf ##BP##-##PR##.tar.xz
+    $> cd ##BP##
+    $> tar xfz ../fonts.tar.gz
    $> for p in `ls -1 ../*.patch`; do patch -p1 < $p; done

-4. Management of optee-os source code:
-----------------------------------
+You can now move to section 5 [Compile optee-os source code].
+
+---------------------------------------
+4. Manage optee-os source code with GIT
+---------------------------------------
 If you like to have a better management of change made on optee-os source,
 you have 3 solutions to use git

 4.1 Get STMicroelectronics optee-os source from GitHub
+------------------------------------------------------
    URL: https://github.com/STMicroelectronics/optee_os.git
    Branch: ##ARCHIVER_ST_BRANCH##
    Revision: ##ARCHIVER_ST_REVISION##
@ -53,33 +69,39 @@ you have 3 solutions to use git
    $ git checkout -b WORKING ##ARCHIVER_ST_REVISION##

 4.2 Create Git from tarball
+---------------------------
    $ cd <optee-os source>
    $ test -d .git || git init . && git add . && git commit -m "optee-os source code" && git gc
    $ git checkout -b WORKING
-    $ for p in `ls -1 <path to patch>/*.patch`; do git am $p; done
+    $ tar xfz ../fonts.tar.gz
+    $ for p in `ls -1 ../*.patch`; do git am $p; done

 MANDATORY: You must update sources
    $ cd <directory to optee-os source code>
    $ chmod 755 scripts/bin_to_c.py

 4.3 Get Git from community and apply STMicroelectronics patches
+---------------------------------------------------------------
+* With the optee-os source code from the OP-TEE git repositories:
    URL: git://github.com/OP-TEE/optee_os.git
    Branch: ##ARCHIVER_COMMUNITY_BRANCH##
    Revision: ##ARCHIVER_COMMUNITY_REVISION##

    $ git clone git://github.com/OP-TEE/optee_os.git
-    $ cd <optee-os source>
+    $ cd optee_os
    $ git checkout -b WORKING ##ARCHIVER_COMMUNITY_REVISION##
+    $ tar xfz <path to patch>/fonts.tar.gz
    $ for p in `ls -1 <path to patch>/*.patch`; do git am $p; done

 MANDATORY: You must update sources
    $ cd <directory to optee-os source code>
    $ chmod 755 scripts/bin_to_c.py

-5. Build optee-os source code:
--------------------------------
-Since OpenSTLinux has activated FIP by default, so the FIP_artifacts should be specified before launching compilation
-  - In case of using SOURCES-xxxx.tar.gz of Developer package the FIP_DEPLOYDIR_ROOT should be set as below:
+-------------------------------
+5. Compile optee-os source code
+-------------------------------
+Since OpenSTLinux activates FIP by default, FIP_artifacts directory path must be specified before launching compilation
+  - In case of using SOURCES-xxxx.tar.gz of Developer package the FIP_DEPLOYDIR_ROOT must be set as below:
    $> export FIP_DEPLOYDIR_ROOT=$PWD/../../FIP_artifacts

 To compile optee-os source code
@ -87,10 +109,14 @@ To compile optee-os source code
 or for a specific config :
    $ make -f $PWD/../Makefile.sdk CFG_EMBED_DTB_SOURCE_FILE=stm32mp157c-ev1 all

+By default, the build results for this component are available in $PWD/../deploy directory.
+If needed, this deploy directory can be specified by added "DEPLOYDIR=<your_deploy_dir_path>" compilation option to the build command line above.
+In case DEPLOYDIR=$FIP_DEPLOYDIR_ROOT/optee it overwrites files directly in FIP artifacts directory.
+
 The generated FIP images are available in $FIP_DEPLOYDIR_ROOT/fip

-
-6. Update software on board:
----------------------------
+---------------------------
+6. Update software on board
+---------------------------
 Please use STM32CubeProgrammer and only tick the ssbl-boot and fip partitions (more informations on the wiki website http://wiki.st.com/stm32mpu)

--- a/recipes-security/optee/optee-os/fonts.tar.gz
+++ b/recipes-security/optee/optee-os/fonts.tar.gz