Message ID | 1548845249-28201-3-git-send-email-etienne.carriere@linaro.org |
---|---|
State | Accepted |
Headers | show |
Series | [v4,1/7] boot/optee-os: new package | expand |
Hello Étienne, On Wed, 30 Jan 2019 11:47:25 +0100 Etienne Carriere <etienne.carriere@linaro.org> wrote: > This package generates embedded Linux based OS userland client > applications and OP-TEE OS trusted applications all embedded in > the file system. These applications shows how to use the APIs > OP-TEE OS is based on, both in the non secure and secure worlds. > > Package is added next to the OP-TEE client package in the BR > package configuration. > > This change references in Buildroot the today's latest OP-TEE > revision release tagged 3.4.0 with an added patch to fix an issue > reported by recent GCC toolchains. > > Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> I have applied to next, but with a number of changes, see below. > diff --git a/package/optee-examples/3.4.0/0001-fix-deprecated-size_t-type-for-size.patch b/package/optee-examples/3.4.0/0001-fix-deprecated-size_t-type-for-size.patch > new file mode 100644 > index 0000000..ba1716a > --- /dev/null > +++ b/package/optee-examples/3.4.0/0001-fix-deprecated-size_t-type-for-size.patch > @@ -0,0 +1,37 @@ > +commit fca0caba591f31f66325826c74acd26aefd52dee > +Author: Etienne Carriere <etienne.carriere@linaro.org> > +Date: Tue Dec 18 22:35:16 2018 +0100 > + > + secure_storage: fix deprecated size_t type for size > + > + size_t types is an deprecated type used in GPD API v1.0. > + Update > + > + Error reported by GCC 7.3-2018.05: > + secure_storage_ta.c:203:6: warning: passing argument 4 of 'TEE_ReadObjectData' from incompatible pointer type [-Wincompatible-pointer-types] > + &read_bytes); > + > + Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Patches should be generated with "git format-patch" and not "git show". Indeed, patches generated by "git format-patch" can conveniently be applied by "git am". I've re-generated the patch to use the proper format. > diff --git a/package/optee-examples/3.4.0/optee-examples.hash b/package/optee-examples/3.4.0/optee-examples.hash > new file mode 100644 > index 0000000..077fd97 > --- /dev/null > +++ b/package/optee-examples/3.4.0/optee-examples.hash > @@ -0,0 +1,4 @@ > +# From https://github.com/linaro-swg/optee_examples/archive/3.4.0.tar.gz > +sha256 d833753980ac438c1675787857bb8352997352212334274de9419770097ce039 optee-examples-3.4.0.tar.gz > +# Locally computed > +sha256 6f1ef8449cb82ae79d2155605f7985bdf0f08e7ab5007de9b4362e8bf28733b9 LICENSE > diff --git a/package/optee-examples/Config.in b/package/optee-examples/Config.in > new file mode 100644 > index 0000000..a240e54 > --- /dev/null > +++ b/package/optee-examples/Config.in > @@ -0,0 +1,59 @@ > +config BR2_PACKAGE_OPTEE_EXAMPLES > + bool "optee-examples" > + depends on BR2_TARGET_OPTEE_OS In fact, building OP-TEE itself is not sufficient, because this does not guarantee the SDK has been built, so I have added a: select BR2_TARGET_OPTEE_OS_SDK here. > + select BR2_PACKAGE_OPTEE_CLIENT This now depends on !BR2_STATIC_LIBS, so I've propagated this dependency. > + help > + Enable the OP-TEE examples package that brings examples of > + implementation of OP-TEE non-secure client applications and > + secure trusted applications. OP-TEE examples is a > + component delivered by the OP-TEE project. > + > + Trusted application binary files are installed in the target > + directory /lib/optee_armtz as other trusted applications. > + At runtime OP-TEE OS can load trusted applications from this > + non-secure filesystem/directory into the secure world for > + execution. > + > + https://github.com/linaro-swg/optee_examples > + > +if BR2_PACKAGE_OPTEE_EXAMPLES > + > +choice > + prompt "version" > + default BR2_PACKAGE_OPTEE_EXAMPLES_LATEST > + help > + Select the version of OP-TEE exmaples you want to use > + > +config BR2_PACKAGE_OPTEE_EXAMPLES_LATEST > + bool "3.4.0" > + help > + This fetches the registered release tag from the > + OP-TEE official Git repository. > + > +config BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_GIT > + bool "Custom Git repository" > + help > + Sync with a specific OP-TEE Git repository. > + > +endchoice Here as well, I don't think the version selection makes a lot of sense, so I dropped it. > +ifeq ($(BR2_aarch64),y) > +OPTEE_EXAMPLES_SDK = $(STAGING_DIR)/lib/optee/export-ta_arm64 > +endif > +ifeq ($(BR2_arm),y) Changed: endif ifeq ($(BR2_arm),y) to just: else ifeq ($(BR2_arm),y) > +OPTEE_EXAMPLES_SDK = $(STAGING_DIR)/lib/optee/export-ta_arm32 > +endif > + > +# Trusted Application are not built from CMake due to ta_dev_kit dependencies. > +# We must build and install them on target. > +define OPTEE_EXAMPLES_BUILD_TAS > + @$(foreach f,$(wildcard $(@D)/*/ta/Makefile), \ > + $(TARGET_CONFIGURE_OPTS) \ > + $(MAKE) CROSS_COMPILE=$(TARGET_CROSS) \ > + TA_DEV_KIT_DIR=$(OPTEE_EXAMPLES_SDK) \ > + O=out -C $(dir $f) all &&) true Convoluted syntax here. Changed to: $(foreach f,$(wildcard $(@D)/*/ta/Makefile), \ $(TARGET_CONFIGURE_OPTS) \ $(MAKE) CROSS_COMPILE=$(TARGET_CROSS) \ TA_DEV_KIT_DIR=$(OPTEE_EXAMPLES_SDK) \ O=out -C $(dir $f) all ) Also: could this be fixed upstream, so that the CMake build system builds/installs everything ? Thanks! Thomas
Hello Thomas, On Sun, 17 Feb 2019 at 22:28, Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote: > > Hello Étienne, > > On Wed, 30 Jan 2019 11:47:25 +0100 > Etienne Carriere <etienne.carriere@linaro.org> wrote: > > > This package generates embedded Linux based OS userland client > > applications and OP-TEE OS trusted applications all embedded in > > the file system. These applications shows how to use the APIs > > OP-TEE OS is based on, both in the non secure and secure worlds. > > > > Package is added next to the OP-TEE client package in the BR > > package configuration. > > > > This change references in Buildroot the today's latest OP-TEE > > revision release tagged 3.4.0 with an added patch to fix an issue > > reported by recent GCC toolchains. > > > > Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> > > I have applied to next, but with a number of changes, see below. > > > > diff --git a/package/optee-examples/3.4.0/0001-fix-deprecated-size_t-type-for-size.patch b/package/optee-examples/3.4.0/0001-fix-deprecated-size_t-type-for-size.patch > > new file mode 100644 > > index 0000000..ba1716a > > --- /dev/null > > +++ b/package/optee-examples/3.4.0/0001-fix-deprecated-size_t-type-for-size.patch > > @@ -0,0 +1,37 @@ > > +commit fca0caba591f31f66325826c74acd26aefd52dee > > +Author: Etienne Carriere <etienne.carriere@linaro.org> > > +Date: Tue Dec 18 22:35:16 2018 +0100 > > + > > + secure_storage: fix deprecated size_t type for size > > + > > + size_t types is an deprecated type used in GPD API v1.0. > > + Update > > + > > + Error reported by GCC 7.3-2018.05: > > + secure_storage_ta.c:203:6: warning: passing argument 4 of 'TEE_ReadObjectData' from incompatible pointer type [-Wincompatible-pointer-types] > > + &read_bytes); > > + > > + Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> > > Patches should be generated with "git format-patch" and not "git show". > Indeed, patches generated by "git format-patch" can conveniently be > applied by "git am". > > I've re-generated the patch to use the proper format. Ok, sorry, I'll be careful for the next ones. > > > diff --git a/package/optee-examples/3.4.0/optee-examples.hash b/package/optee-examples/3.4.0/optee-examples.hash > > new file mode 100644 > > index 0000000..077fd97 > > --- /dev/null > > +++ b/package/optee-examples/3.4.0/optee-examples.hash > > @@ -0,0 +1,4 @@ > > +# From https://github.com/linaro-swg/optee_examples/archive/3.4.0.tar.gz > > +sha256 d833753980ac438c1675787857bb8352997352212334274de9419770097ce039 optee-examples-3.4.0.tar.gz > > +# Locally computed > > +sha256 6f1ef8449cb82ae79d2155605f7985bdf0f08e7ab5007de9b4362e8bf28733b9 LICENSE > > diff --git a/package/optee-examples/Config.in b/package/optee-examples/Config.in > > new file mode 100644 > > index 0000000..a240e54 > > --- /dev/null > > +++ b/package/optee-examples/Config.in > > @@ -0,0 +1,59 @@ > > +config BR2_PACKAGE_OPTEE_EXAMPLES > > + bool "optee-examples" > > + depends on BR2_TARGET_OPTEE_OS > > In fact, building OP-TEE itself is not sufficient, because this does > not guarantee the SDK has been built, so I have added a: > > select BR2_TARGET_OPTEE_OS_SDK > > here. > > > + select BR2_PACKAGE_OPTEE_CLIENT > > This now depends on !BR2_STATIC_LIBS, so I've propagated this > dependency. > > > + help > > + Enable the OP-TEE examples package that brings examples of > > + implementation of OP-TEE non-secure client applications and > > + secure trusted applications. OP-TEE examples is a > > + component delivered by the OP-TEE project. > > + > > + Trusted application binary files are installed in the target > > + directory /lib/optee_armtz as other trusted applications. > > + At runtime OP-TEE OS can load trusted applications from this > > + non-secure filesystem/directory into the secure world for > > + execution. > > + > > + https://github.com/linaro-swg/optee_examples > > + > > +if BR2_PACKAGE_OPTEE_EXAMPLES > > + > > +choice > > + prompt "version" > > + default BR2_PACKAGE_OPTEE_EXAMPLES_LATEST > > + help > > + Select the version of OP-TEE exmaples you want to use > > + > > +config BR2_PACKAGE_OPTEE_EXAMPLES_LATEST > > + bool "3.4.0" > > + help > > + This fetches the registered release tag from the > > + OP-TEE official Git repository. > > + > > +config BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_GIT > > + bool "Custom Git repository" > > + help > > + Sync with a specific OP-TEE Git repository. > > + > > +endchoice > > Here as well, I don't think the version selection makes a lot of sense, > so I dropped it. Fair. > > > > +ifeq ($(BR2_aarch64),y) > > +OPTEE_EXAMPLES_SDK = $(STAGING_DIR)/lib/optee/export-ta_arm64 > > +endif > > +ifeq ($(BR2_arm),y) > > Changed: > > endif > ifeq ($(BR2_arm),y) > > to just: > > else ifeq ($(BR2_arm),y) > > > +OPTEE_EXAMPLES_SDK = $(STAGING_DIR)/lib/optee/export-ta_arm32 > > +endif > > + > > +# Trusted Application are not built from CMake due to ta_dev_kit dependencies. > > +# We must build and install them on target. > > +define OPTEE_EXAMPLES_BUILD_TAS > > + @$(foreach f,$(wildcard $(@D)/*/ta/Makefile), \ > > + $(TARGET_CONFIGURE_OPTS) \ > > + $(MAKE) CROSS_COMPILE=$(TARGET_CROSS) \ > > + TA_DEV_KIT_DIR=$(OPTEE_EXAMPLES_SDK) \ > > + O=out -C $(dir $f) all &&) true > > Convoluted syntax here. Changed to: > > $(foreach f,$(wildcard $(@D)/*/ta/Makefile), \ > $(TARGET_CONFIGURE_OPTS) \ > $(MAKE) CROSS_COMPILE=$(TARGET_CROSS) \ > TA_DEV_KIT_DIR=$(OPTEE_EXAMPLES_SDK) \ > O=out -C $(dir $f) all > ) > > Also: could this be fixed upstream, so that the CMake build system > builds/installs everything ? That a tricky part. The binaries that executes in the secure world, that is Trusted Application, i.e those built from the optee-test package as well as the OP-TEE OS core (optee-os) uses build sequence written with GNU Makefile that we (I mean people contributing to op-tee) did not manage yet to port to CMake. This is an open task and it would greatly help integration of OP-TEE in many build env, but it is not available yet. Sorry Best regards, etienne > > Thanks! > > Thomas > -- > Thomas Petazzoni, CTO, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com
diff --git a/DEVELOPERS b/DEVELOPERS index f028179..5efb4ad 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -684,6 +684,7 @@ F: package/szip/ N: Etienne Carriere <etienne.carriere@linaro.org> F: boot/optee-os/ F: package/optee-client/ +F: package/optee-examples/ N: Eugene Tarassov <eugene@largest.net> F: package/tcf-agent/ diff --git a/package/Config.in b/package/Config.in index ae9f557..1c3ceab 100644 --- a/package/Config.in +++ b/package/Config.in @@ -2078,6 +2078,7 @@ endmenu menu "Security" source "package/checkpolicy/Config.in" source "package/optee-client/Config.in" + source "package/optee-examples/Config.in" source "package/paxtest/Config.in" source "package/policycoreutils/Config.in" source "package/refpolicy/Config.in" diff --git a/package/optee-examples/3.4.0/0001-fix-deprecated-size_t-type-for-size.patch b/package/optee-examples/3.4.0/0001-fix-deprecated-size_t-type-for-size.patch new file mode 100644 index 0000000..ba1716a --- /dev/null +++ b/package/optee-examples/3.4.0/0001-fix-deprecated-size_t-type-for-size.patch @@ -0,0 +1,37 @@ +commit fca0caba591f31f66325826c74acd26aefd52dee +Author: Etienne Carriere <etienne.carriere@linaro.org> +Date: Tue Dec 18 22:35:16 2018 +0100 + + secure_storage: fix deprecated size_t type for size + + size_t types is an deprecated type used in GPD API v1.0. + Update + + Error reported by GCC 7.3-2018.05: + secure_storage_ta.c:203:6: warning: passing argument 4 of 'TEE_ReadObjectData' from incompatible pointer type [-Wincompatible-pointer-types] + &read_bytes); + + Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> + +diff --git a/secure_storage/ta/secure_storage_ta.c b/secure_storage/ta/secure_storage_ta.c +index d120e47..3ccc12d 100644 +--- a/secure_storage/ta/secure_storage_ta.c ++++ b/secure_storage/ta/secure_storage_ta.c +@@ -146,7 +146,7 @@ static TEE_Result read_raw_object(uint32_t param_types, TEE_Param params[4]) + TEE_ObjectHandle object; + TEE_ObjectInfo object_info; + TEE_Result res; +- size_t read_bytes; ++ uint32_t read_bytes; + char *obj_id; + size_t obj_id_sz; + char *data; +@@ -202,7 +202,7 @@ static TEE_Result read_raw_object(uint32_t param_types, TEE_Param params[4]) + res = TEE_ReadObjectData(object, data, object_info.dataSize, + &read_bytes); + if (res != TEE_SUCCESS || read_bytes != object_info.dataSize) { +- EMSG("TEE_ReadObjectData failed 0x%08x, read %u over %u", ++ EMSG("TEE_ReadObjectData failed 0x%08x, read %" PRIu32 " over %u", + res, read_bytes, object_info.dataSize); + goto exit; + } diff --git a/package/optee-examples/3.4.0/optee-examples.hash b/package/optee-examples/3.4.0/optee-examples.hash new file mode 100644 index 0000000..077fd97 --- /dev/null +++ b/package/optee-examples/3.4.0/optee-examples.hash @@ -0,0 +1,4 @@ +# From https://github.com/linaro-swg/optee_examples/archive/3.4.0.tar.gz +sha256 d833753980ac438c1675787857bb8352997352212334274de9419770097ce039 optee-examples-3.4.0.tar.gz +# Locally computed +sha256 6f1ef8449cb82ae79d2155605f7985bdf0f08e7ab5007de9b4362e8bf28733b9 LICENSE diff --git a/package/optee-examples/Config.in b/package/optee-examples/Config.in new file mode 100644 index 0000000..a240e54 --- /dev/null +++ b/package/optee-examples/Config.in @@ -0,0 +1,59 @@ +config BR2_PACKAGE_OPTEE_EXAMPLES + bool "optee-examples" + depends on BR2_TARGET_OPTEE_OS + select BR2_PACKAGE_OPTEE_CLIENT + help + Enable the OP-TEE examples package that brings examples of + implementation of OP-TEE non-secure client applications and + secure trusted applications. OP-TEE examples is a + component delivered by the OP-TEE project. + + Trusted application binary files are installed in the target + directory /lib/optee_armtz as other trusted applications. + At runtime OP-TEE OS can load trusted applications from this + non-secure filesystem/directory into the secure world for + execution. + + https://github.com/linaro-swg/optee_examples + +if BR2_PACKAGE_OPTEE_EXAMPLES + +choice + prompt "version" + default BR2_PACKAGE_OPTEE_EXAMPLES_LATEST + help + Select the version of OP-TEE exmaples you want to use + +config BR2_PACKAGE_OPTEE_EXAMPLES_LATEST + bool "3.4.0" + help + This fetches the registered release tag from the + OP-TEE official Git repository. + +config BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_GIT + bool "Custom Git repository" + help + Sync with a specific OP-TEE Git repository. + +endchoice + +if BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_GIT + +config BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_REPO_URL + string "URL of custom repository" + +config BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_REPO_VERSION + string "Custom repository version" + help + Revision to use in the typical format used by + Git E.G. a sha id, a tag, branch, .. + +endif + +config BR2_PACKAGE_OPTEE_EXAMPLES_VERSION + string + default "3.4.0" if BR2_PACKAGE_OPTEE_EXAMPLES_LATEST + default BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_REPO_VERSION \ + if BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_GIT + +endif #BR2_PACKAGE_OPTEE_EXAMPLES diff --git a/package/optee-examples/optee-examples.mk b/package/optee-examples/optee-examples.mk new file mode 100644 index 0000000..38701d4 --- /dev/null +++ b/package/optee-examples/optee-examples.mk @@ -0,0 +1,44 @@ +################################################################################ +# +# optee-examples +# +################################################################################ + +OPTEE_EXAMPLES_VERSION = $(call qstrip,$(BR2_PACKAGE_OPTEE_EXAMPLES_VERSION)) +OPTEE_EXAMPLES_LICENSE = BSD-2-Clause +OPTEE_EXAMPLES_LICENSE_FILES = LICENSE + +OPTEE_EXAMPLES_DEPENDENCIES = optee-client optee-os + +ifeq ($(BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_GIT),y) +OPTEE_EXAMPLES_SITE = $(call qstrip,$(BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_REPO_URL)) +OPTEE_EXAMPLES_SITE_METHOD = git +BR_NO_CHECK_HASH_FOR += $(OPTEE_EXAMPLES_SOURCE) +else +OPTEE_EXAMPLES_SITE = $(call github,linaro-swg,optee_examples,$(OPTEE_EXAMPLES_VERSION)) +endif + +ifeq ($(BR2_aarch64),y) +OPTEE_EXAMPLES_SDK = $(STAGING_DIR)/lib/optee/export-ta_arm64 +endif +ifeq ($(BR2_arm),y) +OPTEE_EXAMPLES_SDK = $(STAGING_DIR)/lib/optee/export-ta_arm32 +endif + +# Trusted Application are not built from CMake due to ta_dev_kit dependencies. +# We must build and install them on target. +define OPTEE_EXAMPLES_BUILD_TAS + @$(foreach f,$(wildcard $(@D)/*/ta/Makefile), \ + $(TARGET_CONFIGURE_OPTS) \ + $(MAKE) CROSS_COMPILE=$(TARGET_CROSS) \ + TA_DEV_KIT_DIR=$(OPTEE_EXAMPLES_SDK) \ + O=out -C $(dir $f) all &&) true +endef +define OPTEE_EXAMPLES_INSTALL_TAS + @mkdir -p $(TARGET_DIR)/lib/optee_armtz + @$(INSTALL) -D -m 444 -t $(TARGET_DIR)/lib/optee_armtz $(@D)/*/ta/out/*.ta +endef +OPTEE_EXAMPLES_POST_BUILD_HOOKS += OPTEE_EXAMPLES_BUILD_TAS +OPTEE_EXAMPLES_POST_INSTALL_TARGET_HOOKS += OPTEE_EXAMPLES_INSTALL_TAS + +$(eval $(cmake-package))
This package generates embedded Linux based OS userland client applications and OP-TEE OS trusted applications all embedded in the file system. These applications shows how to use the APIs OP-TEE OS is based on, both in the non secure and secure worlds. Package is added next to the OP-TEE client package in the BR package configuration. This change references in Buildroot the today's latest OP-TEE revision release tagged 3.4.0 with an added patch to fix an issue reported by recent GCC toolchains. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> --- Changes v3 -> v4: - Upgrade from OP-TEE release 3.3.0 to 3.4.0. Changes v2 -> v3: - Add an entry in file DEVELOPERS. - Clean Config.in layout and description sections. - Drop BR2_PACKAGE_OPTEE_EXAMPLES_SYNCED_VERSION. - Clean optee-examples.mk layout. - Replace common optee-examples.hash with per-version .hash files. - Simplify install command in iotee-test.mk - Patch optee_test 3.3.0 against an issue in the CMake files. - Remove dependency of BR2_PACKAGE_OPTEE_EXAMPLES. As the package depends on BR2_TARGET_OPTEE_OS, leave it to optee-os to define the supported architectures. Changes v1 -> v2: - Replace BR2_arm with BR2_ARM_CPU_ARMV7 as OP-TEE supports only BR2_ARM_CPU_ARMV7 architectures among the 32bit Arm machines. - Select OP-TEE client and add dependency on OP-TEE OS. - Add option BR2_PACKAGE_OPTEE_EXAMPLES_SYNCED_VERSION to ensure OP-TEE examples version is synced with OP-TEE OS version. - Do not force output build directory, rely on native path: out/. - Replace if/endif with depends on in Config.in. - Remove useless OPTEE_EXAMPLES_INSTALL_STAGING=YES. - Add package official URL in Config.in package description. --- DEVELOPERS | 1 + package/Config.in | 1 + .../0001-fix-deprecated-size_t-type-for-size.patch | 37 ++++++++++++++ package/optee-examples/3.4.0/optee-examples.hash | 4 ++ package/optee-examples/Config.in | 59 ++++++++++++++++++++++ package/optee-examples/optee-examples.mk | 44 ++++++++++++++++ 6 files changed, 146 insertions(+) create mode 100644 package/optee-examples/3.4.0/0001-fix-deprecated-size_t-type-for-size.patch create mode 100644 package/optee-examples/3.4.0/optee-examples.hash create mode 100644 package/optee-examples/Config.in create mode 100644 package/optee-examples/optee-examples.mk