From patchwork Wed Jan 30 10:47:23 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Etienne Carriere X-Patchwork-Id: 1033415 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="HvaqW+XI"; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43qKp00zLsz9s9G for ; Wed, 30 Jan 2019 21:47:50 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 9AA2C8710C; Wed, 30 Jan 2019 10:47:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pdYigTy7iDtN; Wed, 30 Jan 2019 10:47:44 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 2A106870B4; Wed, 30 Jan 2019 10:47:44 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id C231B1BF398 for ; Wed, 30 Jan 2019 10:47:42 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id BF369862D4 for ; Wed, 30 Jan 2019 10:47:42 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CSbPf3Riayfh for ; Wed, 30 Jan 2019 10:47:41 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 2B052862C9 for ; Wed, 30 Jan 2019 10:47:41 +0000 (UTC) Received: by mail-wr1-f45.google.com with SMTP id q18so25461742wrx.9 for ; Wed, 30 Jan 2019 02:47:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=7wXB4gJJgUdwI0Lx42gZNeCpSgMgNzpR7iQN2liLB+w=; b=HvaqW+XIuvEJgHMx8mvMkaX+jA0f6bgjNWuz93VCJxm+fcobGppnvaZSnkCuavIme8 y/cmME387EXp1Kpvfd9mUFnPFw2sBaHoeZtskYl4727K3VR/eyWmFqwoF0G7wZvG6dBZ U9s6J/ocG9N24tXvoR2tyBjuGA8/Xfm0KcIGE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=7wXB4gJJgUdwI0Lx42gZNeCpSgMgNzpR7iQN2liLB+w=; b=j1g9oAcPVf3k9Uh6D5PLQrYn51Rtx2ZpgJblBBHoiPuqCYljtBETsQIsvHKxbgYzPc 5cq6IL8QMVhYlsN1HugJOZWtZvpfK6s/Dbovn4FCln8c9z7OD4IoYkq75IA34EfEBV0d KdLWQb9x3X1Gr/DMzusF0IaUMQoldq5p9RxduEUuj5PvL7XUnOuQIdZX76KRj8Q2SoL6 H4Ogx18D1lab5cs6Ig09ZNF+bycTduoAWfE6NFrD1f5Fr7ufC52GKKJV2NHqTzZqTXK5 QUf6vFthLvOGsSUTKTqBZ59YZ1jok50W0RnkBM+yXfqNx3FUowr3TcPiUCb55zdyTD24 xtzg== X-Gm-Message-State: AJcUukfiaTRZXpxLSbaHTRvL/dyCpGXadCmBS7O8OWR2D/hQOLRGvSyo VgVri45TgKoeaDlWgL/6oCqtS1vVNFWUFQ== X-Google-Smtp-Source: ALg8bN55tNGcJSJLjnlns8anXXta+fa+5OThrOAzHJeUby3Cy0f84PWm0xo34ERB/ZQK0T7O/E7LWw== X-Received: by 2002:adf:e08c:: with SMTP id c12mr28212780wri.199.1548845259160; Wed, 30 Jan 2019 02:47:39 -0800 (PST) Received: from lmenx29q.lme.st.com. ([80.214.16.251]) by smtp.gmail.com with ESMTPSA id a62sm1145340wmf.47.2019.01.30.02.47.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 30 Jan 2019 02:47:38 -0800 (PST) From: Etienne Carriere To: buildroot@buildroot.org Date: Wed, 30 Jan 2019 11:47:23 +0100 Message-Id: <1548845249-28201-1-git-send-email-etienne.carriere@linaro.org> X-Mailer: git-send-email 1.9.1 Subject: [Buildroot] [PATCH v4 1/7] boot/optee-os: new package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Etienne Carriere MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" OP-TEE OS is maintained by the OP-TEE project. It provides an open source solution for development and integration of secure services for Armv7-A and Armv8-A CPU based platforms supporting the TrustZone technology. This technology enables CPUs to concurrently host a secure world as the OP-TEE OS and a non-secure world as a Linux based OS. The OP-TEE project maintains other packages to leverage OP-TEE on Linux kernel based OSes. An OP-TEE interface driver is available in the Linux kernel since 4.12 upon CONFIG_OPTEE. This change references in Buildroot the today's latest OP-TEE revision release tagged 3.4.0. https://www.op-tee.org/ https://github.com/OP-TEE/optee_os Signed-off-by: Etienne Carriere --- Changes v3 -> v4 - Upgrade from OP-TEE 3.3.0 to 3.4.0. No local patch required. Changes v2 -> v3 - Add an entry in file DEVELOPERS. - Fix BR2_ARM_CPU_ARMV7 into BR2_ARM_CPU_ARMV7A and replace dependency on BR2_aarch64 with dep on BR2_ARM_CPU_ARMV8A which is more accurate. - Many cleaning in description sections of Config.in and layout reordering. - Reordering in optee-os.mk layout. - Correct dependency openssl into host-openssl. - Use OPTEE_OS_INSTALL_STAGING_CMDS for installs in the staging dir. - Clean in-tree TAs install command (s/@(foreach ...)/$(INSTALL) ...) - BR2_TARGET_OPTEE_OS_SERVICES selects BR2_TARGET_OPTEE_OS_CORE instead of depending on BR2_TARGET_OPTEE_OS_SDK. This because core build also builds the in-tree TAs. - Replace common optee-os.hash with per-version .hash files. Support the released 3.x tags from OP-TEE project. - Remove useless indirection in OPTEE_OS_INSTALL_STAGING_CMDS definition. - Fix issue of Aarch64 OS to attempt to build Aarch32 user mode support while the selected cross compilation toolchain cannot compile for Aarch32 targets. OP-TEE OS 3.3.0 is patched to backport support for CFG_USER_TA_TARGETS directive, allowing to restrict build to Aarch64. Changes v1 -> v2: - Replace dependency on BR2_arm with BR2_ARM_CPU_ARMV7 as BR2_arm is enabled for non Armv7 targets. - Correct build dependencies on OpenSSL and pycrypto. Remove patch on package python scripts since pycrypto dependency is now handled. - Correct location of in-tree services TAs (s/ta_services/ta/). Remvoe OPTEE_OS_BUILD_SERVICES as service TAs are already built built when OP-TEE OS core is built. Correct BR2_TARGET_OPTEE_OS_SERVICES options: it only installs the - Fix bad reference in Config.in package description. - Fix wrong hash for the optee-os v3.3.0 tarball. - Fix bad use of OPTEE_OS_VERSION where it is the value content that is expected: $(OPTEE_OS_VERSION). - Clarify output build directory name: use out/. - Minor replace use if/endif with use of depends on in Config.mk. - Add missing dependency of BR2_TARGET_OPTEE_OS_SERVICES on BR2_TARGET_OPTEE_OS_SDK. - Change commit header comment to "boot/optee-os: new package". --- DEVELOPERS | 3 ++ boot/Config.in | 1 + boot/optee-os/3.4.0/optee-os.hash | 4 ++ boot/optee-os/Config.in | 101 ++++++++++++++++++++++++++++++++++++++ boot/optee-os/optee-os.mk | 97 ++++++++++++++++++++++++++++++++++++ 5 files changed, 206 insertions(+) create mode 100644 boot/optee-os/3.4.0/optee-os.hash create mode 100644 boot/optee-os/Config.in create mode 100644 boot/optee-os/optee-os.mk diff --git a/DEVELOPERS b/DEVELOPERS index c1950bb..ac608e5 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -681,6 +681,9 @@ F: package/mxsldr/ N: Ernesto L. Williams Jr F: package/szip/ +N: Etienne Carriere +F: boot/optee-os/ + N: Eugene Tarassov F: package/tcf-agent/ diff --git a/boot/Config.in b/boot/Config.in index 11856fd..74481e7 100644 --- a/boot/Config.in +++ b/boot/Config.in @@ -13,6 +13,7 @@ source "boot/gummiboot/Config.in" source "boot/lpc32xxcdl/Config.in" source "boot/mv-ddr-marvell/Config.in" source "boot/mxs-bootlets/Config.in" +source "boot/optee-os/Config.in" source "boot/riscv-pk/Config.in" source "boot/s500-bootloader/Config.in" source "boot/shim/Config.in" diff --git a/boot/optee-os/3.4.0/optee-os.hash b/boot/optee-os/3.4.0/optee-os.hash new file mode 100644 index 0000000..07afdfa --- /dev/null +++ b/boot/optee-os/3.4.0/optee-os.hash @@ -0,0 +1,4 @@ +# From https://github.com/OP-TEE/optee_os/archive/3.4.0.tar.gz +sha256 51d42ac7aa780ec8d8ee471eff689a29a7621aacace046722b1490b62ec2d481 optee-os-3.4.0.tar.gz +# Locally computed +sha256 fda8385993f112d7ca61b88b54ba5b4cbeec7e43a0f9b317d5186703c1985e8f LICENSE diff --git a/boot/optee-os/Config.in b/boot/optee-os/Config.in new file mode 100644 index 0000000..451feb2 --- /dev/null +++ b/boot/optee-os/Config.in @@ -0,0 +1,101 @@ +config BR2_TARGET_OPTEE_OS + bool "optee_os" + depends on BR2_ARM_CPU_ARMV8A || BR2_ARM_CPU_ARMV7A + help + OP-TEE OS provides the secure world boot image and the trust + application development kit of the OP-TEE project. OP-TEE OS + also provides generic trusted application one can embedded + into its system. + + http://github.com/OP-TEE/optee_os + +if BR2_TARGET_OPTEE_OS + +choice + prompt "OP-TEE OS version" + default BR2_TARGET_OPTEE_OS_LATEST + help + Select the version of OP-TEE OS you want to use + +config BR2_TARGET_OPTEE_OS_LATEST + bool "3.4.0" + help + This fetches the registered release tag from the + OP-TEE OS official Git repository. + +config BR2_TARGET_OPTEE_OS_CUSTOM_GIT + bool "Custom Git repository" + help + Sync with a specific OP-TEE Git repository. + +endchoice + +if BR2_TARGET_OPTEE_OS_CUSTOM_GIT + +config BR2_TARGET_OPTEE_OS_CUSTOM_REPO_URL + string "URL of custom repository" + depends on BR2_TARGET_OPTEE_OS_CUSTOM_GIT + help + Specific location of the reference source tree Git + repository. + +config BR2_TARGET_OPTEE_OS_CUSTOM_REPO_VERSION + string "Custom repository version" + depends on BR2_TARGET_OPTEE_OS_CUSTOM_GIT + help + Reference in the target git repository to sync with. + +endif + +config BR2_TARGET_OPTEE_OS_VERSION + string + default "3.4.0" if BR2_TARGET_OPTEE_OS_LATEST + default BR2_TARGET_OPTEE_OS_CUSTOM_REPO_VERSION \ + if BR2_TARGET_OPTEE_OS_CUSTOM_GIT + +config BR2_TARGET_OPTEE_OS_CORE + bool "Build core" + default y + help + This option will build and install the OP-TEE core + boot images. + +config BR2_TARGET_OPTEE_OS_SDK + bool "Build TA devkit" + default y + help + This option will build and install the OP-TEE development + kit for building OP-TEE trusted application images. It is + installed in the staging directory /lib/optee. + +config BR2_TARGET_OPTEE_OS_SERVICES + bool "Build service TAs" + select BR2_TARGET_OPTEE_OS_CORE + default y + help + This option installs the service trusted applications built + from OP-TEE OS source tree. These are installed in the target + /lib/optee_armtz directory as other trusted applications. + At runtime OP-TEE OS can load trusted applications from this + non-secure filesystem/directory into the secure world for + execution. + +config BR2_TARGET_OPTEE_OS_PLATFORM + string "Mandatory target PLATFORM" + help + Value for the mandated PLATFORM build directive provided to + OP-TEE OS. + +config BR2_TARGET_OPTEE_OS_PLATFORM_FLAVOR + string "Optional target PLATFORM_FLAVOR" + help + Value for the optional PLATFORM_FLAVOR build directive + provided to OP-TEE OS. + +config BR2_TARGET_OPTEE_OS_ADDITIONAL_VARIABLES + string "Additional OP-TEE OS build variables" + help + Additional parameters for the OP-TEE OS build + E.g. 'CFG_TEE_CORE_LOG_LEVEL=3 CFG_UNWIND=y' + +endif # BR2_TARGET_OPTEE_OS diff --git a/boot/optee-os/optee-os.mk b/boot/optee-os/optee-os.mk new file mode 100644 index 0000000..d10249e --- /dev/null +++ b/boot/optee-os/optee-os.mk @@ -0,0 +1,97 @@ +################################################################################ +# +# optee-os +# +################################################################################ + +OPTEE_OS_VERSION = $(call qstrip,$(BR2_TARGET_OPTEE_OS_VERSION)) +OPTEE_OS_LICENSE = BSD-2-Clause +OPTEE_OS_LICENSE_FILES = LICENSE + +OPTEE_OS_INSTALL_STAGING = YES +OPTEE_OS_INSTALL_IMAGES = YES + +ifeq ($(BR2_TARGET_OPTEE_OS_CUSTOM_GIT),y) +OPTEE_OS_SITE = $(call qstrip,$(BR2_TARGET_OPTEE_OS_CUSTOM_REPO_URL)) +OPTEE_OS_SITE_METHOD = git +BR_NO_CHECK_HASH_FOR += $(OPTEE_OS_SOURCE) +else +OPTEE_OS_SITE = $(call github,OP-TEE,optee_os,$(OPTEE_OS_VERSION)) +endif + +OPTEE_OS_DEPENDENCIES = host-openssl host-python-pycrypto + +# On 64bit targets, OP-TEE OS can be built in 32bit mode, or +# can be built in 64bit mode and support 32bit and 64bit +# trusted applications. Since buildroot currently references +# a single cross compiler, build exclusively in 32bit +# or 64bit mode. +OPTEE_OS_MAKE_OPTS = CROSS_COMPILE="$(TARGET_CROSS)" \ + CROSS_COMPILE_core="$(TARGET_CROSS)" \ + CROSS_COMPILE_ta_arm64="$(TARGET_CROSS)" \ + CROSS_COMPILE_ta_arm32="$(TARGET_CROSS)" + +ifeq ($(BR2_aarch64),y) +OPTEE_OS_MAKE_OPTS += CFG_ARM64_core=y \ + CFG_USER_TA_TARGETS=ta_arm64 +endif + +# Get mandatory PLAFORM and optional PLATFORM_FLAVOR and additional variables +OPTEE_OS_MAKE_OPTS += PLATFORM=$(call qstrip,$(BR2_TARGET_OPTEE_OS_PLATFORM)) +ifneq ($(call qstrip,$(BR2_TARGET_OPTEE_OS_PLATFORM_FLAVOR)),) +OPTEE_OS_MAKE_OPTS += PLATFORM_FLAVOR=$(call qstrip,$(BR2_TARGET_OPTEE_OS_PLATFORM_FLAVOR)) +endif +OPTEE_OS_MAKE_OPTS += $(call qstrip,$(BR2_TARGET_OPTEE_OS_ADDITIONAL_VARIABLES)) + +# Requests OP-TEE OS to build from subdirectory out/ of its sourcetree root path +# otherwise the output directory path depends on the target platform name. +OPTEE_OS_BUILDDIR_OUT = out +ifeq ($(BR2_aarch64),y) +OPTEE_OS_LOCAL_SDK = $(OPTEE_OS_BUILDDIR_OUT)/export-ta_arm64 +endif +ifeq ($(BR2_arm),y) +OPTEE_OS_LOCAL_SDK = $(OPTEE_OS_BUILDDIR_OUT)/export-ta_arm32 +endif + +ifeq ($(BR2_TARGET_OPTEE_OS_CORE),y) +define OPTEE_OS_BUILD_CORE + $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) O=$(OPTEE_OS_BUILDDIR_OUT) \ + $(TARGET_CONFIGURE_OPTS) $(OPTEE_OS_MAKE_OPTS) all +endef +define OPTEE_OS_INSTALL_IMAGES_CORE + mkdir -p $(BINARIES_DIR) + cp -dpf $(@D)/$(OPTEE_OS_BUILDDIR_OUT)/core/tee.bin $(BINARIES_DIR) + cp -dpf $(@D)/$(OPTEE_OS_BUILDDIR_OUT)/core/tee-*_v2.bin $(BINARIES_DIR) +endef +endif # BR2_TARGET_OPTEE_OS_CORE + +ifeq ($(BR2_TARGET_OPTEE_OS_SERVICES),y) +define OPTEE_OS_INSTALL_IMAGES_SERVICES + mkdir -p $(TARGET_DIR)/lib/optee_armtz + $(INSTALL) -D -m 444 -t $(TARGET_DIR)/lib/optee_armtz \ + $(@D)/$(OPTEE_OS_BUILDDIR_OUT)/ta/*/*.ta +endef +endif # BR2_TARGET_OPTEE_OS_SERVICES + +ifeq ($(BR2_TARGET_OPTEE_OS_SDK),y) +define OPTEE_OS_BUILD_SDK + $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) O=$(OPTEE_OS_BUILDDIR_OUT) \ + $(TARGET_CONFIGURE_OPTS) $(OPTEE_OS_MAKE_OPTS) ta_dev_kit +endef +define OPTEE_OS_INSTALL_STAGING_CMDS + mkdir -p $(STAGING_DIR)/lib/optee + cp -ardpf $(@D)/$(OPTEE_OS_LOCAL_SDK) $(STAGING_DIR)/lib/optee +endef +endif # BR2_TARGET_OPTEE_OS_SDK + +define OPTEE_OS_BUILD_CMDS + $(OPTEE_OS_BUILD_CORE) + $(OPTEE_OS_BUILD_SDK) +endef + +define OPTEE_OS_INSTALL_IMAGES_CMDS + $(OPTEE_OS_INSTALL_IMAGES_CORE) + $(OPTEE_OS_INSTALL_IMAGES_SERVICES) +endef + +$(eval $(generic-package)) From patchwork Wed Jan 30 10:47:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Etienne Carriere X-Patchwork-Id: 1033417 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="dzB6ogJM"; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43qKp76gj0z9s3q for ; Wed, 30 Jan 2019 21:47:59 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 34F5F870C7; Wed, 30 Jan 2019 10:47:58 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id USarTNj6OA07; Wed, 30 Jan 2019 10:47:48 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id BA255870A2; Wed, 30 Jan 2019 10:47:46 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 03A431BF398 for ; Wed, 30 Jan 2019 10:47:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 00A99279B5 for ; Wed, 30 Jan 2019 10:47:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id We6WygFYHp-e for ; Wed, 30 Jan 2019 10:47:43 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by silver.osuosl.org (Postfix) with ESMTPS id 828C52152A for ; Wed, 30 Jan 2019 10:47:43 +0000 (UTC) Received: by mail-wr1-f48.google.com with SMTP id f7so25585574wrp.1 for ; Wed, 30 Jan 2019 02:47:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ymftsE1iTA2C/sF2mWsUDIra5ncDkMz/+f2ppDarjAE=; b=dzB6ogJMq9nA+s2jfTr0GRiDmpOoix7io9osyz3aPJ9q6c8TgNwOcwqVRKIoAKVTK/ dEX2CcU2k7xZGXUDouS/rcwczMTSts5LPp9Awld7RYsM1uUdsTD6Ei/q+76nev/o9ZDu 2HhWBrtobgcCjMbRpS+azf3/bvAqmybJ858Gs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ymftsE1iTA2C/sF2mWsUDIra5ncDkMz/+f2ppDarjAE=; b=ddrRTepX35N7mveZroVqQ3WCy8JnP81tPVvs7zvj6i8RQnht1X2tZFdvjNOZ9s3V79 KKSc5g9GPRnITO32SU/DRst26NBtyhbuLblKLj3Ey/Hwu63/6EiEHhZNhUT8HzmDPxZ5 HBJRyGFAwuYvEA7EkrK80YuMJ/qlXYFi+ID7I7ThW8bPvYEfQ/5IKtYZK2Sh5F7/E/5k pQ3vh+YVWl7I2Y43XeKTnWigVTfm6sk6o36pvp2E1+aKvLPWjhc8lK+wrFeBkYKWrEu2 XkcUMQ/O4PsXbk7weKDmJgih1z/CZugnZSD82Yp85cDzFHcsgoXpRFNYGIG+kI3dOn0q +0IA== X-Gm-Message-State: AJcUukeOBzxczg3sCp7pW5kEMq+gVHBrkSOKs8gWOqtsfHZ4jm4orsBZ qFI5zy5QsGlVnHZlj4nTWo8kA49UXvB23A== X-Google-Smtp-Source: ALg8bN7CLBXeR64lkM/XsyHSuxsRh4ZDxOQ9vkEemhFOrF5OvLvtdxOigWcyOXjDywjqj1J7Ob9Sxw== X-Received: by 2002:a5d:494a:: with SMTP id r10mr30405732wrs.272.1548845261476; Wed, 30 Jan 2019 02:47:41 -0800 (PST) Received: from lmenx29q.lme.st.com. ([80.214.16.251]) by smtp.gmail.com with ESMTPSA id a62sm1145340wmf.47.2019.01.30.02.47.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 30 Jan 2019 02:47:40 -0800 (PST) From: Etienne Carriere To: buildroot@buildroot.org Date: Wed, 30 Jan 2019 11:47:25 +0100 Message-Id: <1548845249-28201-3-git-send-email-etienne.carriere@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1548845249-28201-1-git-send-email-etienne.carriere@linaro.org> References: <1548845249-28201-1-git-send-email-etienne.carriere@linaro.org> Subject: [Buildroot] [PATCH v4 3/7] optee-examples: new package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Etienne Carriere MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This package generates embedded Linux based OS userland client applications and OP-TEE OS trusted applications all embedded in the file system. These applications shows how to use the APIs OP-TEE OS is based on, both in the non secure and secure worlds. Package is added next to the OP-TEE client package in the BR package configuration. This change references in Buildroot the today's latest OP-TEE revision release tagged 3.4.0 with an added patch to fix an issue reported by recent GCC toolchains. Signed-off-by: Etienne Carriere --- Changes v3 -> v4: - Upgrade from OP-TEE release 3.3.0 to 3.4.0. Changes v2 -> v3: - Add an entry in file DEVELOPERS. - Clean Config.in layout and description sections. - Drop BR2_PACKAGE_OPTEE_EXAMPLES_SYNCED_VERSION. - Clean optee-examples.mk layout. - Replace common optee-examples.hash with per-version .hash files. - Simplify install command in iotee-test.mk - Patch optee_test 3.3.0 against an issue in the CMake files. - Remove dependency of BR2_PACKAGE_OPTEE_EXAMPLES. As the package depends on BR2_TARGET_OPTEE_OS, leave it to optee-os to define the supported architectures. Changes v1 -> v2: - Replace BR2_arm with BR2_ARM_CPU_ARMV7 as OP-TEE supports only BR2_ARM_CPU_ARMV7 architectures among the 32bit Arm machines. - Select OP-TEE client and add dependency on OP-TEE OS. - Add option BR2_PACKAGE_OPTEE_EXAMPLES_SYNCED_VERSION to ensure OP-TEE examples version is synced with OP-TEE OS version. - Do not force output build directory, rely on native path: out/. - Replace if/endif with depends on in Config.in. - Remove useless OPTEE_EXAMPLES_INSTALL_STAGING=YES. - Add package official URL in Config.in package description. --- DEVELOPERS | 1 + package/Config.in | 1 + .../0001-fix-deprecated-size_t-type-for-size.patch | 37 ++++++++++++++ package/optee-examples/3.4.0/optee-examples.hash | 4 ++ package/optee-examples/Config.in | 59 ++++++++++++++++++++++ package/optee-examples/optee-examples.mk | 44 ++++++++++++++++ 6 files changed, 146 insertions(+) create mode 100644 package/optee-examples/3.4.0/0001-fix-deprecated-size_t-type-for-size.patch create mode 100644 package/optee-examples/3.4.0/optee-examples.hash create mode 100644 package/optee-examples/Config.in create mode 100644 package/optee-examples/optee-examples.mk diff --git a/DEVELOPERS b/DEVELOPERS index f028179..5efb4ad 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -684,6 +684,7 @@ F: package/szip/ N: Etienne Carriere F: boot/optee-os/ F: package/optee-client/ +F: package/optee-examples/ N: Eugene Tarassov F: package/tcf-agent/ diff --git a/package/Config.in b/package/Config.in index ae9f557..1c3ceab 100644 --- a/package/Config.in +++ b/package/Config.in @@ -2078,6 +2078,7 @@ endmenu menu "Security" source "package/checkpolicy/Config.in" source "package/optee-client/Config.in" + source "package/optee-examples/Config.in" source "package/paxtest/Config.in" source "package/policycoreutils/Config.in" source "package/refpolicy/Config.in" diff --git a/package/optee-examples/3.4.0/0001-fix-deprecated-size_t-type-for-size.patch b/package/optee-examples/3.4.0/0001-fix-deprecated-size_t-type-for-size.patch new file mode 100644 index 0000000..ba1716a --- /dev/null +++ b/package/optee-examples/3.4.0/0001-fix-deprecated-size_t-type-for-size.patch @@ -0,0 +1,37 @@ +commit fca0caba591f31f66325826c74acd26aefd52dee +Author: Etienne Carriere +Date: Tue Dec 18 22:35:16 2018 +0100 + + secure_storage: fix deprecated size_t type for size + + size_t types is an deprecated type used in GPD API v1.0. + Update + + Error reported by GCC 7.3-2018.05: + secure_storage_ta.c:203:6: warning: passing argument 4 of 'TEE_ReadObjectData' from incompatible pointer type [-Wincompatible-pointer-types] + &read_bytes); + + Signed-off-by: Etienne Carriere + +diff --git a/secure_storage/ta/secure_storage_ta.c b/secure_storage/ta/secure_storage_ta.c +index d120e47..3ccc12d 100644 +--- a/secure_storage/ta/secure_storage_ta.c ++++ b/secure_storage/ta/secure_storage_ta.c +@@ -146,7 +146,7 @@ static TEE_Result read_raw_object(uint32_t param_types, TEE_Param params[4]) + TEE_ObjectHandle object; + TEE_ObjectInfo object_info; + TEE_Result res; +- size_t read_bytes; ++ uint32_t read_bytes; + char *obj_id; + size_t obj_id_sz; + char *data; +@@ -202,7 +202,7 @@ static TEE_Result read_raw_object(uint32_t param_types, TEE_Param params[4]) + res = TEE_ReadObjectData(object, data, object_info.dataSize, + &read_bytes); + if (res != TEE_SUCCESS || read_bytes != object_info.dataSize) { +- EMSG("TEE_ReadObjectData failed 0x%08x, read %u over %u", ++ EMSG("TEE_ReadObjectData failed 0x%08x, read %" PRIu32 " over %u", + res, read_bytes, object_info.dataSize); + goto exit; + } diff --git a/package/optee-examples/3.4.0/optee-examples.hash b/package/optee-examples/3.4.0/optee-examples.hash new file mode 100644 index 0000000..077fd97 --- /dev/null +++ b/package/optee-examples/3.4.0/optee-examples.hash @@ -0,0 +1,4 @@ +# From https://github.com/linaro-swg/optee_examples/archive/3.4.0.tar.gz +sha256 d833753980ac438c1675787857bb8352997352212334274de9419770097ce039 optee-examples-3.4.0.tar.gz +# Locally computed +sha256 6f1ef8449cb82ae79d2155605f7985bdf0f08e7ab5007de9b4362e8bf28733b9 LICENSE diff --git a/package/optee-examples/Config.in b/package/optee-examples/Config.in new file mode 100644 index 0000000..a240e54 --- /dev/null +++ b/package/optee-examples/Config.in @@ -0,0 +1,59 @@ +config BR2_PACKAGE_OPTEE_EXAMPLES + bool "optee-examples" + depends on BR2_TARGET_OPTEE_OS + select BR2_PACKAGE_OPTEE_CLIENT + help + Enable the OP-TEE examples package that brings examples of + implementation of OP-TEE non-secure client applications and + secure trusted applications. OP-TEE examples is a + component delivered by the OP-TEE project. + + Trusted application binary files are installed in the target + directory /lib/optee_armtz as other trusted applications. + At runtime OP-TEE OS can load trusted applications from this + non-secure filesystem/directory into the secure world for + execution. + + https://github.com/linaro-swg/optee_examples + +if BR2_PACKAGE_OPTEE_EXAMPLES + +choice + prompt "version" + default BR2_PACKAGE_OPTEE_EXAMPLES_LATEST + help + Select the version of OP-TEE exmaples you want to use + +config BR2_PACKAGE_OPTEE_EXAMPLES_LATEST + bool "3.4.0" + help + This fetches the registered release tag from the + OP-TEE official Git repository. + +config BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_GIT + bool "Custom Git repository" + help + Sync with a specific OP-TEE Git repository. + +endchoice + +if BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_GIT + +config BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_REPO_URL + string "URL of custom repository" + +config BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_REPO_VERSION + string "Custom repository version" + help + Revision to use in the typical format used by + Git E.G. a sha id, a tag, branch, .. + +endif + +config BR2_PACKAGE_OPTEE_EXAMPLES_VERSION + string + default "3.4.0" if BR2_PACKAGE_OPTEE_EXAMPLES_LATEST + default BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_REPO_VERSION \ + if BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_GIT + +endif #BR2_PACKAGE_OPTEE_EXAMPLES diff --git a/package/optee-examples/optee-examples.mk b/package/optee-examples/optee-examples.mk new file mode 100644 index 0000000..38701d4 --- /dev/null +++ b/package/optee-examples/optee-examples.mk @@ -0,0 +1,44 @@ +################################################################################ +# +# optee-examples +# +################################################################################ + +OPTEE_EXAMPLES_VERSION = $(call qstrip,$(BR2_PACKAGE_OPTEE_EXAMPLES_VERSION)) +OPTEE_EXAMPLES_LICENSE = BSD-2-Clause +OPTEE_EXAMPLES_LICENSE_FILES = LICENSE + +OPTEE_EXAMPLES_DEPENDENCIES = optee-client optee-os + +ifeq ($(BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_GIT),y) +OPTEE_EXAMPLES_SITE = $(call qstrip,$(BR2_PACKAGE_OPTEE_EXAMPLES_CUSTOM_REPO_URL)) +OPTEE_EXAMPLES_SITE_METHOD = git +BR_NO_CHECK_HASH_FOR += $(OPTEE_EXAMPLES_SOURCE) +else +OPTEE_EXAMPLES_SITE = $(call github,linaro-swg,optee_examples,$(OPTEE_EXAMPLES_VERSION)) +endif + +ifeq ($(BR2_aarch64),y) +OPTEE_EXAMPLES_SDK = $(STAGING_DIR)/lib/optee/export-ta_arm64 +endif +ifeq ($(BR2_arm),y) +OPTEE_EXAMPLES_SDK = $(STAGING_DIR)/lib/optee/export-ta_arm32 +endif + +# Trusted Application are not built from CMake due to ta_dev_kit dependencies. +# We must build and install them on target. +define OPTEE_EXAMPLES_BUILD_TAS + @$(foreach f,$(wildcard $(@D)/*/ta/Makefile), \ + $(TARGET_CONFIGURE_OPTS) \ + $(MAKE) CROSS_COMPILE=$(TARGET_CROSS) \ + TA_DEV_KIT_DIR=$(OPTEE_EXAMPLES_SDK) \ + O=out -C $(dir $f) all &&) true +endef +define OPTEE_EXAMPLES_INSTALL_TAS + @mkdir -p $(TARGET_DIR)/lib/optee_armtz + @$(INSTALL) -D -m 444 -t $(TARGET_DIR)/lib/optee_armtz $(@D)/*/ta/out/*.ta +endef +OPTEE_EXAMPLES_POST_BUILD_HOOKS += OPTEE_EXAMPLES_BUILD_TAS +OPTEE_EXAMPLES_POST_INSTALL_TARGET_HOOKS += OPTEE_EXAMPLES_INSTALL_TAS + +$(eval $(cmake-package)) From patchwork Wed Jan 30 10:47:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Etienne Carriere X-Patchwork-Id: 1033418 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="eqtjMiDp"; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43qKpC2Ndfz9s3q for ; Wed, 30 Jan 2019 21:48:03 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 3907286341; Wed, 30 Jan 2019 10:47:59 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vHd093ZwQ8yr; Wed, 30 Jan 2019 10:47:53 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id C1596862D4; Wed, 30 Jan 2019 10:47:52 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 33C111BF398 for ; Wed, 30 Jan 2019 10:47:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 3035487D40 for ; Wed, 30 Jan 2019 10:47:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XoulAEw3KW5v for ; Wed, 30 Jan 2019 10:47:44 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by hemlock.osuosl.org (Postfix) with ESMTPS id 7E30A87D17 for ; Wed, 30 Jan 2019 10:47:44 +0000 (UTC) Received: by mail-wm1-f41.google.com with SMTP id b11so21127080wmj.1 for ; Wed, 30 Jan 2019 02:47:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=0CCZE58MDj4GFwxUVqWBqCUsGi8oMOBrvvf+khJXP/Y=; b=eqtjMiDpHxrFthE3OpQyIRVefYb+epH9+MpAzdeYCChluhyX47hTeoWGueDi+DkEkQ 0pUlIHnNN/WbXx+WYBshwJO7OPstMjcCiespDRJ9MjZBivY57QKoJtAeS77FKwZ12GtO vJ6eobQaVXxBVTRtasMRmmSAznSW9od3HbqWs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=0CCZE58MDj4GFwxUVqWBqCUsGi8oMOBrvvf+khJXP/Y=; b=Cd7oYQ7MbIoob/MQJmZkVk7zA3jyZSO4s4s4pxWgGc6AJyAcXReLi4J4ItzlskpD4Y Enh+pXQ5MRwo0NAktEz2LWqFaZ8ZHwWJwdHHVzHAx0G3QyFs79QYU49I43byEU5Ol4j3 4fwIl9Y1JWrzQwcWOBrK94TFxe64p/qvGZefcBnkr3lbhL+yZjcFUCwsxgv8S4H0Zy15 +UwIxmk63/CEIWFGpZ6+foy6LfLWsqUS0HqDVAn2qEuu396SiI8oq+pdrMx0XlMza8VV Qd0dUzTASANwZMAJwKNLvt33Ht5SVAHHkfiudgbkGeb2Nv9tI/qvk79w9HLI5gYtLIJ/ wc1w== X-Gm-Message-State: AJcUukcMfd451IsEhBWZySnnORrBzEO2/6fDXQvl3emdf43eNe2bTb3N UUkjzd7oNpxvszTgJJzB4uxUQoJ14zKPkQ== X-Google-Smtp-Source: ALg8bN4pQCTGDS99R9+dq5lIlji5qW9xH+ghlVDzf6rjLHiAHBZggo66wDTDmVMJgHXA3I6ph/bVGQ== X-Received: by 2002:a7b:c399:: with SMTP id s25mr25617194wmj.90.1548845262619; Wed, 30 Jan 2019 02:47:42 -0800 (PST) Received: from lmenx29q.lme.st.com. ([80.214.16.251]) by smtp.gmail.com with ESMTPSA id a62sm1145340wmf.47.2019.01.30.02.47.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 30 Jan 2019 02:47:42 -0800 (PST) From: Etienne Carriere To: buildroot@buildroot.org Date: Wed, 30 Jan 2019 11:47:26 +0100 Message-Id: <1548845249-28201-4-git-send-email-etienne.carriere@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1548845249-28201-1-git-send-email-etienne.carriere@linaro.org> References: <1548845249-28201-1-git-send-email-etienne.carriere@linaro.org> Subject: [Buildroot] [PATCH v4 4/7] optee-test: new package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Etienne Carriere MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" OP-TEE test package provide test materials as part of the OP-TEE project helping platforms to verify their OP-TEE components against a set of regression and performance tests. Package is added in the BR package configuration next to the OP-TEE client package. This change references in Buildroot the today's latest OP-TEE revision release tagged 3.4.0 with an added patch to fix an issue reported by recent GCC toolchains. Signed-off-by: Etienne Carriere --- Changes v3 -> v4: - Upgrade from OP-TEE release 3.3.0 to 3.4.0. Local patches for 3.3.0 are not applicable. Add a local patch to fix a loop optimization issue reported by recent GCC. Changes v2 -> v3: - Add an entry in file DEVELOPERS. - Clean Config.in layout and description sections. - Drop BR2_PACKAGE_OPTEE_TEST_SYNCED_VERSION. - Clean optee-test.mk layout. - Replace common optee-test.hash with per-version .hash files. - Patch optee_benchmark 3.3.0 against an issue reported by GCC warns. - Remove dependency of BR2_PACKAGE_OPTEE_EXAMPLES and Arm architecture. As the package depends on BR2_TARGET_OPTEE_OS, leave it to optee-os to define the supported architectures. Changes v1 -> v2: - Replace BR2_arm with BR2_ARM_CPU_ARMV7 as OP-TEE supports only BR2_ARM_CPU_ARMV7 architectures among the 32bit Arm machines. - Add missing dependency on BR2_TARGET_OPTEE_OS and select BR2_PACKAGE_OPTEE_CLIENT when enabled. - Add option BR2_PACKAGE_OPTEE_TEST_SYNCED_VERSION to ensure OP-TEE test version is synced with OP-TEE OS version. - Fix official repo URL in Config.in package description. - Remove useless OPTEE_TEST_INSTALL_STAGING=YES. - Do not force output build directory and rely on native one: out/. --- DEVELOPERS | 1 + package/Config.in | 1 + ...-regression-4100-update-string-conversion.patch | 67 ++++++++++++++++++++++ package/optee-test/3.4.0/optee-test.hash | 4 ++ package/optee-test/Config.in | 63 ++++++++++++++++++++ package/optee-test/optee-test.mk | 45 +++++++++++++++ 6 files changed, 181 insertions(+) create mode 100644 package/optee-test/3.4.0/0001-regression-4100-update-string-conversion.patch create mode 100644 package/optee-test/3.4.0/optee-test.hash create mode 100644 package/optee-test/Config.in create mode 100644 package/optee-test/optee-test.mk diff --git a/DEVELOPERS b/DEVELOPERS index 5efb4ad..f572224 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -685,6 +685,7 @@ N: Etienne Carriere F: boot/optee-os/ F: package/optee-client/ F: package/optee-examples/ +F: package/optee-test/ N: Eugene Tarassov F: package/tcf-agent/ diff --git a/package/Config.in b/package/Config.in index 1c3ceab..fb71fe7 100644 --- a/package/Config.in +++ b/package/Config.in @@ -2079,6 +2079,7 @@ menu "Security" source "package/checkpolicy/Config.in" source "package/optee-client/Config.in" source "package/optee-examples/Config.in" + source "package/optee-test/Config.in" source "package/paxtest/Config.in" source "package/policycoreutils/Config.in" source "package/refpolicy/Config.in" diff --git a/package/optee-test/3.4.0/0001-regression-4100-update-string-conversion.patch b/package/optee-test/3.4.0/0001-regression-4100-update-string-conversion.patch new file mode 100644 index 0000000..094262d --- /dev/null +++ b/package/optee-test/3.4.0/0001-regression-4100-update-string-conversion.patch @@ -0,0 +1,67 @@ +commit 662c802aa6c154a26e1d218fd768e92e6ee9a6d9 +Author: Etienne Carriere +Date: Wed Jan 30 10:13:59 2019 +0100 + + regression 4100: update string conversion loop + + Change the loop used to convert string into numerical value. + The original loop was fine but its implementation hits toolchain + unsafe-loop-optimizations feature. The new implementation + proposed here simplifies a bit the loop and prevents toolchain + from complaining when directive -Werror=unsafe-loop-optimizations + is enabled. + + Issue reported by the Buildroot cross toolchain [1] with the + following error traces: + + build/armv7/build/optee-test-3.4.0/host/xtest/regression_4100.c:447:8: error: missed loop optimization, the loop counter may overflow [-Werror=unsafe-loop-optimizations] + while (spos) { + ^ + build/optee-test-3.4.0/host/xtest/regression_4100.c:454:6: error: missed loop optimization, the loop counter may overflow [-Werror=unsafe-loop-optimizations] + if (!spos) + ^ + + [1] arm-buildroot-linux-uclibcgnueabihf-gcc.br_real (Buildroot 2019.02-git-00933-gb75e93c) 7.4.0 + + Signed-off-by: Etienne Carriere + +diff --git a/host/xtest/regression_4100.c b/host/xtest/regression_4100.c +index b477f38..88346d4 100644 +--- a/host/xtest/regression_4100.c ++++ b/host/xtest/regression_4100.c +@@ -445,21 +445,24 @@ static TEEC_Result convert_from_string(ADBG_Case_t *c, TEEC_Session *s, + return TEEC_ERROR_OUT_OF_MEMORY; + + while (spos) { +- spos--; +- nibble = digit_value(str[spos]); +- if (nibble == -1) ++ nibble = digit_value(str[spos - 1]); ++ if (nibble == -1) { ++ spos--; + break; ++ } + os[ospos] = nibble; + +- if (!spos) +- break; ++ if (spos > 1) { ++ nibble = digit_value(str[spos - 2]); ++ if (nibble == -1) { ++ spos -= 2; ++ break; ++ } ++ os[ospos] |= nibble << 4; ++ ospos--; ++ spos--; ++ } + spos--; +- nibble = digit_value(str[spos]); +- if (nibble == -1) +- break; +- +- os[ospos] |= nibble << 4; +- ospos--; + } + + if (spos) diff --git a/package/optee-test/3.4.0/optee-test.hash b/package/optee-test/3.4.0/optee-test.hash new file mode 100644 index 0000000..c8ae51b --- /dev/null +++ b/package/optee-test/3.4.0/optee-test.hash @@ -0,0 +1,4 @@ +# From https://github.com/OP-TEE/optee_test/archive/3.4.0.tar.gz +sha256 755904c5b845763a2460c32c21100a57c713009b6b88cc3fc21f0e5be8645e2b optee-test-3.4.0.tar.gz +# Locally computed +sha256 6e6810981f0ddab9e0d44399d0700a15d9f760a3c2843cc866659c2074139ae7 LICENSE.md diff --git a/package/optee-test/Config.in b/package/optee-test/Config.in new file mode 100644 index 0000000..fc9a632 --- /dev/null +++ b/package/optee-test/Config.in @@ -0,0 +1,63 @@ +config BR2_PACKAGE_OPTEE_TEST + bool "optee-test" + depends on BR2_TARGET_OPTEE_OS + select BR2_PACKAGE_OPTEE_CLIENT + help + This build option enables OP-TEE test package from the + OP-TEE project. It helps platforms to verify the OP-TEE + installation against a set of regression and performance + tests. + + The package generates userspace test applications and + data files for the Linux userland. It also generates + OP-TEE trusted applications. + + Trusted application binary files are installed in the target + directory /lib/optee_armtz as other trusted applications. + At runtime OP-TEE OS can load trusted applications from this + non-secure filesystem/directory into the secure world for + execution. + + http://github.com/OP-TEE/optee_test + +if BR2_PACKAGE_OPTEE_TEST + +choice + prompt "version" + default BR2_PACKAGE_OPTEE_TEST_LATEST + help + Select the version of OP-TEE test you want to use + +config BR2_PACKAGE_OPTEE_TEST_LATEST + bool "3.4.0" + help + This fetches the registered release tag from the + OP-TEE official Git repository. + +config BR2_PACKAGE_OPTEE_TEST_CUSTOM_GIT + bool "Custom Git repository" + help + Sync with a specific OP-TEE Git repository. + +endchoice + +if BR2_PACKAGE_OPTEE_TEST_CUSTOM_GIT + +config BR2_PACKAGE_OPTEE_TEST_CUSTOM_REPO_URL + string "URL of custom repository" + +config BR2_PACKAGE_OPTEE_TEST_CUSTOM_REPO_VERSION + string "Custom repository version" + help + Revision to use in the typical format used by + Git E.G. a sha id, a tag, branch, .. + +endif + +config BR2_PACKAGE_OPTEE_TEST_VERSION + string + default "3.4.0" if BR2_PACKAGE_OPTEE_TEST_LATEST + default BR2_PACKAGE_OPTEE_TEST_CUSTOM_REPO_VERSION \ + if BR2_PACKAGE_OPTEE_TEST_CUSTOM_GIT + +endif #BR2_PACKAGE_OPTEE_TEST diff --git a/package/optee-test/optee-test.mk b/package/optee-test/optee-test.mk new file mode 100644 index 0000000..0ec7238 --- /dev/null +++ b/package/optee-test/optee-test.mk @@ -0,0 +1,45 @@ +################################################################################ +# +# optee-test +# +################################################################################ + +OPTEE_TEST_VERSION = $(call qstrip,$(BR2_PACKAGE_OPTEE_TEST_VERSION)) +OPTEE_TEST_LICENSE = GPL-2.0, BSD-2-Clause, +OPTEE_TEST_LICENSE_FILES = LICENSE.md + +OPTEE_TEST_DEPENDENCIES = optee-client optee-os + +ifeq ($(BR2_PACKAGE_OPTEE_TEST_CUSTOM_GIT),y) +OPTEE_TEST_SITE = $(call qstrip,$(BR2_PACKAGE_OPTEE_TEST_CUSTOM_REPO_URL)) +OPTEE_TEST_SITE_METHOD = git +BR_NO_CHECK_HASH_FOR += $(OPTEE_TEST_SOURCE) +else +OPTEE_TEST_SITE = $(call github,OP-TEE,optee_test,$(OPTEE_TEST_VERSION)) +endif + +ifeq ($(BR2_aarch64),y) +OPTEE_TEST_SDK = $(STAGING_DIR)/lib/optee/export-ta_arm64 +endif +ifeq ($(BR2_arm),y) +OPTEE_TEST_SDK = $(STAGING_DIR)/lib/optee/export-ta_arm32 +endif +OPTEE_TEST_CONF_OPTS = -DOPTEE_TEST_SDK=$(OPTEE_TEST_SDK) + +# Trusted Application are not built from CMake due to ta_dev_kit dependencies. +# We must build and install them on target. +define OPTEE_TEST_BUILD_TAS + @$(foreach f,$(wildcard $(@D)/ta/*/Makefile), \ + $(TARGET_CONFIGURE_OPTS) \ + $(MAKE) CROSS_COMPILE=$(TARGET_CROSS) \ + TA_DEV_KIT_DIR=$(OPTEE_TEST_SDK) \ + -C $(dir $f) all &&) true +endef +define OPTEE_TEST_INSTALL_TAS + @mkdir -p $(TARGET_DIR)/lib/optee_armtz + @$(INSTALL) -D -m 444 -t $(TARGET_DIR)/lib/optee_armtz $(@D)/ta/*/*.ta +endef +OPTEE_TEST_POST_BUILD_HOOKS += OPTEE_TEST_BUILD_TAS +OPTEE_TEST_POST_INSTALL_TARGET_HOOKS += OPTEE_TEST_INSTALL_TAS + +$(eval $(cmake-package)) From patchwork Wed Jan 30 10:47:27 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Etienne Carriere X-Patchwork-Id: 1033419 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ZTfuAYiZ"; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43qKpC4jSQz9s9G for ; Wed, 30 Jan 2019 21:48:03 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id B79378712E; Wed, 30 Jan 2019 10:48:01 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bx5nJVuZp9Uw; Wed, 30 Jan 2019 10:47:55 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id D1B3187139; Wed, 30 Jan 2019 10:47:55 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id BB87A1BF398 for ; Wed, 30 Jan 2019 10:47:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id B8F17862D4 for ; Wed, 30 Jan 2019 10:47:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u5r3KD5J6xf0 for ; Wed, 30 Jan 2019 10:47:45 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by fraxinus.osuosl.org (Postfix) with ESMTPS id A6BA9862C9 for ; Wed, 30 Jan 2019 10:47:45 +0000 (UTC) Received: by mail-wm1-f65.google.com with SMTP id p6so21009418wmc.1 for ; Wed, 30 Jan 2019 02:47:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=oK7UqfGRmHV3OcAnZOayzC/glBjq21dZrrYXoM2hhQ8=; b=ZTfuAYiZy3BuI4jBI5+ggS+QZQG/uVBC6tn1+HThMPPmsP1TxCQGb/gYlc4whh2vGH CIa8mQhmrAMQMXm+FFBgSeal5Qrp2DcdekZh/S/JCIvXUfkJ92m7QyPdDI+YK10BMqC3 EloIWA/9fKPtOW6mZ4iZivRIb8uZaeelx0GNA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=oK7UqfGRmHV3OcAnZOayzC/glBjq21dZrrYXoM2hhQ8=; b=jF+y/Dzhun0otq46Ylze+yckTxPCE3NGDj7sGf31I/Sz4w0cufgs0oKN9os7wmUU3j VoLmUDE3frHZc/I1pamHJ/n5f3mnh6NAKpvnkrJclahVK6dz72QuJ/Hq/KyBS56y3j2Q Br3hRFZgRE61GlRsdi6H5u6b7VqMENJ2IPYEuquAEcEyctQo0APsdufUA7r16dqAcyK3 ToWilOfVGipyN7KvSY+cZRwFwRFvxgsbU8TaHKkOhd/zpSW0sClMblgQjWTg28rFDDhe ZDi49EESsKJ8+vlYavLAUlE20THgYPQpUqboQA+a4K8HG2CwknL6RY8hC4axPeRQza6P Y1qQ== X-Gm-Message-State: AJcUukeIXG9NzDK7rjvmHhVvyDbIKc9Ue3fBIoPPGp6nGCCTVohotij3 PF7WsvUqd9AEFPYGUH0nsrKBwoqgYZOS8Q== X-Google-Smtp-Source: AHgI3IY2y7NeqfLaE1QvKsiUxzr69gQUKfEuOU1t0KCwd1x3pMsDqCyZL/LSNKZKE8nqCeY4uuKMew== X-Received: by 2002:a1c:c282:: with SMTP id s124mr14120981wmf.105.1548845263699; Wed, 30 Jan 2019 02:47:43 -0800 (PST) Received: from lmenx29q.lme.st.com. ([80.214.16.251]) by smtp.gmail.com with ESMTPSA id a62sm1145340wmf.47.2019.01.30.02.47.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 30 Jan 2019 02:47:43 -0800 (PST) From: Etienne Carriere To: buildroot@buildroot.org Date: Wed, 30 Jan 2019 11:47:27 +0100 Message-Id: <1548845249-28201-5-git-send-email-etienne.carriere@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1548845249-28201-1-git-send-email-etienne.carriere@linaro.org> References: <1548845249-28201-1-git-send-email-etienne.carriere@linaro.org> Subject: [Buildroot] [PATCH v4 5/7] optee-benchmark: new package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Etienne Carriere MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" OP-TEE performance benchmark tools for the OP-TEE project. This packages generates embedded Linux based OS materials used to retrieve execution timing information on invocation of the OP-TEE secure services. It is added next to the OP-TEE client package in BR configuration. This change references in Buildroot the today's latest OP-TEE revision release tagged 3.4.0. Signed-off-by: Etienne Carriere --- Changes v3 -> v4: - Upgrade from OP-TEE release 3.3.0 to 3.4.0. No local patch required. Changes v2 -> v3: - Add an entry in file DEVELOPERS. - Clean Config.in layout and description sections. - Drop BR2_PACKAGE_OPTEE_BENCHMARK_SYNCED_VERSION. - Clean optee-benchmark.mk layout. - Replace common optee-benchmark.hash with per-version .hash files. - Add a patch on 3.3.0 to fix an issue reported through GCC warns. Changes v1 -> v2: - Add dependency on OP-TEE client. - Add option BR2_PACKAGE_OPTEE_BENCHMARK_SYNCED_VERSION to ensure OP-TEE benchmark version is synced with OP-TEE client version. - Remove useless OPTEE_BENCHMARK_INSTALL_STAGING and OPTEE_BENCHMARK_INSTALL_IMAGES. - Remove unused BR2_PACKAGE_OPTEE_BENCHMARK_GIT_REFERENCE. - Remove useless _INSTALL_STAGING/_INSTALL_IMAGES=YES. --- DEVELOPERS | 1 + package/Config.in | 1 + package/optee-benchmark/3.4.0/optee-benchmark.hash | 2 + package/optee-benchmark/Config.in | 55 ++++++++++++++++++++++ package/optee-benchmark/optee-benchmark.mk | 22 +++++++++ 5 files changed, 81 insertions(+) create mode 100644 package/optee-benchmark/3.4.0/optee-benchmark.hash create mode 100644 package/optee-benchmark/Config.in create mode 100644 package/optee-benchmark/optee-benchmark.mk diff --git a/DEVELOPERS b/DEVELOPERS index f572224..ef359c9 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -683,6 +683,7 @@ F: package/szip/ N: Etienne Carriere F: boot/optee-os/ +F: package/optee-benchmark/ F: package/optee-client/ F: package/optee-examples/ F: package/optee-test/ diff --git a/package/Config.in b/package/Config.in index fb71fe7..c9b1178 100644 --- a/package/Config.in +++ b/package/Config.in @@ -2077,6 +2077,7 @@ endmenu menu "Security" source "package/checkpolicy/Config.in" + source "package/optee-benchmark/Config.in" source "package/optee-client/Config.in" source "package/optee-examples/Config.in" source "package/optee-test/Config.in" diff --git a/package/optee-benchmark/3.4.0/optee-benchmark.hash b/package/optee-benchmark/3.4.0/optee-benchmark.hash new file mode 100644 index 0000000..c3c41b6 --- /dev/null +++ b/package/optee-benchmark/3.4.0/optee-benchmark.hash @@ -0,0 +1,2 @@ +# From https://github.com/linaro-swg/optee_benchmark/archive/3.4.0.tar.gz +sha256 e5e868a06a9dcc8cc444b3e72c65f57670b0811091be62edbe0d03d13c75e716 optee-benchmark-3.4.0.tar.gz diff --git a/package/optee-benchmark/Config.in b/package/optee-benchmark/Config.in new file mode 100644 index 0000000..b3a598e --- /dev/null +++ b/package/optee-benchmark/Config.in @@ -0,0 +1,55 @@ +config BR2_PACKAGE_OPTEE_BENCHMARK + bool "optee-benchmark" + select BR2_PACKAGE_OPTEE_CLIENT + select BR2_PACKAGE_LIBYAML + help + Enable the OP-TEE benchmark package that brings facilities + for profiling traversal and execution timings when + invoking OP-TEE. OP-TEE benchmark is a component delivered + by the OP-TEE project. + + http://github.com/linaro-swg/optee_benchmark + +if BR2_PACKAGE_OPTEE_BENCHMARK + +choice + prompt "version" + default BR2_PACKAGE_OPTEE_BENCHMARK_LATEST + help + Select the version of OP-TEE benchmark you want to use + +config BR2_PACKAGE_OPTEE_BENCHMARK_LATEST + bool "3.4.0" + help + This fetches the registered release tag from the + OP-TEE official Git repository. + +config BR2_PACKAGE_OPTEE_BENCHMARK_CUSTOM_GIT + bool "Custom Git repository" + help + Sync with a specific OP-TEE Git repository. + +endchoice + +if BR2_PACKAGE_OPTEE_BENCHMARK_CUSTOM_GIT + +config BR2_PACKAGE_OPTEE_BENCHMARK_CUSTOM_REPO_URL + string "URL of custom repository" + help + Specific location of the reference source tree Git repository. + +config BR2_PACKAGE_OPTEE_BENCHMARK_CUSTOM_REPO_VERSION + string "Custom repository version" + help + Revision to use in the typical format used by + Git E.G. a sha id, a tag, branch, .. + +endif + +config BR2_PACKAGE_OPTEE_BENCHMARK_VERSION + string + default "3.4.0" if BR2_PACKAGE_OPTEE_BENCHMARK_LATEST + default BR2_PACKAGE_OPTEE_BENCHMARK_CUSTOM_REPO_VERSION \ + if BR2_PACKAGE_OPTEE_BENCHMARK_CUSTOM_GIT + +endif #BR2_PACKAGE_OPTEE_BENCHMARK diff --git a/package/optee-benchmark/optee-benchmark.mk b/package/optee-benchmark/optee-benchmark.mk new file mode 100644 index 0000000..8eef0f6 --- /dev/null +++ b/package/optee-benchmark/optee-benchmark.mk @@ -0,0 +1,22 @@ +################################################################################ +# +# optee-benchmarch +# +################################################################################ + +OPTEE_BENCHMARK_VERSION = $(call qstrip,$(BR2_PACKAGE_OPTEE_BENCHMARK_VERSION)) +OPTEE_BENCHMARK_LICENSE = BSD-2-Clause + +OPTEE_BENCHMARK_DEPENDENCIES = optee-client libyaml + +ifeq ($(BR2_PACKAGE_OPTEE_BENCHMARK_LATEST),y) +OPTEE_BENCHMARK_SITE = $(call github,linaro-swg,optee_benchmark,$(OPTEE_BENCHMARK_VERSION)) +endif + +ifeq ($(BR2_PACKAGE_OPTEE_BENCHMARK_CUSTOM_GIT),y) +OPTEE_BENCHMARK_SITE = $(call qstrip,$(BR2_PACKAGE_OPTEE_BENCHMARK_CUSTOM_REPO_URL)) +OPTEE_BENCHMARK_SITE_METHOD = git +BR_NO_CHECK_HASH_FOR += $(OPTEE_BENCHMARK_SOURCE) +endif + +$(eval $(cmake-package)) From patchwork Wed Jan 30 10:47:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Etienne Carriere X-Patchwork-Id: 1033421 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="XPmFyvXu"; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43qKpV1cM8z9s3q for ; Wed, 30 Jan 2019 21:48:18 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 33A3786388; Wed, 30 Jan 2019 10:48:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q-x3yTprBfaq; Wed, 30 Jan 2019 10:48:02 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 0444886329; Wed, 30 Jan 2019 10:47:59 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 1A00C1BF398 for ; Wed, 30 Jan 2019 10:47:48 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 11DF1279B5 for ; Wed, 30 Jan 2019 10:47:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id niIUEEPQovzv for ; Wed, 30 Jan 2019 10:47:47 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by silver.osuosl.org (Postfix) with ESMTPS id 256F52152A for ; Wed, 30 Jan 2019 10:47:47 +0000 (UTC) Received: by mail-wm1-f66.google.com with SMTP id t200so21219513wmt.0 for ; Wed, 30 Jan 2019 02:47:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=hinlB7j+cOmJmTovtdmJsdlggOt9+VoHMLZqKVeYb5M=; b=XPmFyvXu36DxV7CQF9b5QmYY9615Xpx5O4Iw3TjInvOxf/SOMEH3cwZwecHiZcK1zv /RtWu2efiXzr9jUwXMclXl5ukCAX2S4fV2S5j/on/mTyfYMHzNksmvxPk9HN1Yq9nJzi wB7Yoc7vyO1B8ZOHxk4tsbqhXpAmtPXRnrq4A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=hinlB7j+cOmJmTovtdmJsdlggOt9+VoHMLZqKVeYb5M=; b=jqIT9R3+rsybE104P2IMokBNgNAzi/ge5JXAzowMikTXBgjHSTUlhZtQVsxfu5YEn2 xEvoVVZitRc44EG6MyfknWTZbS5+NiGzqlhmPeqn/MFRisAWmZFlZgezT+56xZR1cudy GketMWAXaqmGdzsdAnSyf/PLPrwv+tlP2Vtec0XxMOuYuluqugOQFmRwEXMOK6w9aoTD qhVbCIUnlhKR/t2rRT7AborvBxiQb8jgDJMfCUbAl3bCx5g0wUutFWLm0uPHI3dvDU6W oBJxvpICHWT7hphXjKziArgiQ8G2ueIiUmWnyrt9V7yBb/EKieggmfNZmP+SXIOP9dBe RzTg== X-Gm-Message-State: AJcUuke+OnfvPRN2hkA9dlUG0j2QlOmUFX7LSAekLp9aKr40AWGIoZeL XZhFNukEXA7DcPliUpRrByE3QcHkNtS1cg== X-Google-Smtp-Source: ALg8bN6GSKXhufHOXavHiUQBvKzAhX6UgBDMim33qB0RaOW8mXWj2ClJ4ZGWOtrtPFSi2+LPWfkVNQ== X-Received: by 2002:a1c:2d42:: with SMTP id t63mr26032540wmt.9.1548845265147; Wed, 30 Jan 2019 02:47:45 -0800 (PST) Received: from lmenx29q.lme.st.com. ([80.214.16.251]) by smtp.gmail.com with ESMTPSA id a62sm1145340wmf.47.2019.01.30.02.47.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 30 Jan 2019 02:47:44 -0800 (PST) From: Etienne Carriere To: buildroot@buildroot.org Date: Wed, 30 Jan 2019 11:47:28 +0100 Message-Id: <1548845249-28201-6-git-send-email-etienne.carriere@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1548845249-28201-1-git-send-email-etienne.carriere@linaro.org> References: <1548845249-28201-1-git-send-email-etienne.carriere@linaro.org> Subject: [Buildroot] [PATCH v4 6/7] configs/qemu_armv7a_tz_virt: Armv7-A emulation with TrustZone services X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Etienne Carriere MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This change introduces a Qemu board for an Armv7-A target executing with OP-TEE secure world services. The target Linux based normal world embeds the standard minimal filesystem with OP-TEE non-secure components embedded files from OP-TEE test, examples and benchmark packages. The Linux custom configuration is dumped from the vexpress_defconfig with few added fragments: OP-TEE driver and 9p for virtual filesystem to ease file manipulation and exchanges through Qemu virtfs support. The standard way for booting OP-TEE with a non-secure world companion use the Arm Trusted Firmware-A as bootloader. OP-TEE OS provides the BL32 image and U-boot the BL33 image. The proposed board enables OP-TEE and U-boot build for this. However package boot/arm-trusted-firmware needs few change support building Armv7-A targets. Therefore the proposed board allows one to build the images but not yet to run the target with the built Qemu host tool. Signed-off-by: Etienne Carriere --- Changes v3 -> v4 - No change. Changes v2 -> v3 - New change to introduce a board that at least builds Armv7-A OP-TEE. --- board/qemu/armv7a-tz-virt/linux.config | 167 ++++++++++++++++++++++++++++++++ board/qemu/armv7a-tz-virt/readme.txt | 11 +++ board/qemu/armv7a-tz-virt/u-boot.config | 3 + configs/qemu_armv7a_tz_virt_defconfig | 41 ++++++++ 4 files changed, 222 insertions(+) create mode 100644 board/qemu/armv7a-tz-virt/linux.config create mode 100644 board/qemu/armv7a-tz-virt/readme.txt create mode 100644 board/qemu/armv7a-tz-virt/u-boot.config create mode 100644 configs/qemu_armv7a_tz_virt_defconfig diff --git a/board/qemu/armv7a-tz-virt/linux.config b/board/qemu/armv7a-tz-virt/linux.config new file mode 100644 index 0000000..62ece0c --- /dev/null +++ b/board/qemu/armv7a-tz-virt/linux.config @@ -0,0 +1,167 @@ +# CONFIG_LOCALVERSION_AUTO is not set +CONFIG_SYSVIPC=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_LOG_BUF_SHIFT=14 +CONFIG_CGROUPS=y +CONFIG_CPUSETS=y +# CONFIG_UTS_NS is not set +# CONFIG_IPC_NS is not set +# CONFIG_PID_NS is not set +# CONFIG_NET_NS is not set +CONFIG_BLK_DEV_INITRD=y +CONFIG_PROFILING=y +CONFIG_OPROFILE=y +CONFIG_MODULES=y +CONFIG_MODULE_UNLOAD=y +# CONFIG_LBDAF is not set +# CONFIG_BLK_DEV_BSG is not set +# CONFIG_IOSCHED_DEADLINE is not set +# CONFIG_IOSCHED_CFQ is not set +CONFIG_ARCH_VEXPRESS=y +CONFIG_ARCH_VEXPRESS_DCSCB=y +CONFIG_ARCH_VEXPRESS_TC2_PM=y +# CONFIG_SWP_EMULATE is not set +CONFIG_SMP=y +CONFIG_HAVE_ARM_ARCH_TIMER=y +CONFIG_MCPM=y +CONFIG_VMSPLIT_2G=y +CONFIG_NR_CPUS=8 +CONFIG_ARM_PSCI=y +CONFIG_AEABI=y +CONFIG_CMA=y +CONFIG_ZBOOT_ROM_TEXT=0x0 +CONFIG_ZBOOT_ROM_BSS=0x0 +CONFIG_CMDLINE="console=ttyAMA0" +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_MULTIPLE_DRIVERS=y +CONFIG_VFP=y +CONFIG_NEON=y +# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set +CONFIG_NET=y +CONFIG_PACKET=y +CONFIG_UNIX=y +CONFIG_INET=y +CONFIG_IP_PNP=y +CONFIG_IP_PNP_DHCP=y +CONFIG_IP_PNP_BOOTP=y +# CONFIG_IPV6 is not set +# CONFIG_WIRELESS is not set +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_MTD=y +CONFIG_MTD_CMDLINE_PARTS=y +CONFIG_MTD_BLOCK=y +CONFIG_MTD_CFI=y +CONFIG_MTD_CFI_INTELEXT=y +CONFIG_MTD_CFI_AMDSTD=y +CONFIG_MTD_PHYSMAP=y +CONFIG_MTD_PHYSMAP_OF=y +CONFIG_MTD_PLATRAM=y +CONFIG_MTD_UBI=y +CONFIG_PROC_DEVICETREE=y +CONFIG_VIRTIO_BLK=y +# CONFIG_SCSI_PROC_FS is not set +CONFIG_BLK_DEV_SD=y +CONFIG_SCSI_VIRTIO=y +CONFIG_ATA=y +# CONFIG_SATA_PMP is not set +CONFIG_NETDEVICES=y +CONFIG_VIRTIO_NET=y +CONFIG_SMC91X=y +CONFIG_SMSC911X=y +# CONFIG_WLAN is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_SERIO_SERPORT is not set +CONFIG_SERIO_AMBAKMI=y +CONFIG_LEGACY_PTY_COUNT=16 +CONFIG_SERIAL_AMBA_PL011=y +CONFIG_SERIAL_AMBA_PL011_CONSOLE=y +CONFIG_VIRTIO_CONSOLE=y +CONFIG_HW_RANDOM=y +CONFIG_HW_RANDOM_VIRTIO=y +CONFIG_I2C=y +CONFIG_I2C_VERSATILE=y +CONFIG_SENSORS_VEXPRESS=y +CONFIG_REGULATOR=y +CONFIG_REGULATOR_VEXPRESS=y +CONFIG_FB=y +CONFIG_FB_ARMCLCD=y +CONFIG_FRAMEBUFFER_CONSOLE=y +CONFIG_LOGO=y +# CONFIG_LOGO_LINUX_MONO is not set +# CONFIG_LOGO_LINUX_VGA16 is not set +CONFIG_SOUND=y +CONFIG_SND=y +CONFIG_SND_MIXER_OSS=y +CONFIG_SND_PCM_OSS=y +# CONFIG_SND_DRIVERS is not set +CONFIG_SND_ARMAACI=y +CONFIG_HID_DRAGONRISE=y +CONFIG_HID_GYRATION=y +CONFIG_HID_TWINHAN=y +CONFIG_HID_NTRIG=y +CONFIG_HID_PANTHERLORD=y +CONFIG_HID_PETALYNX=y +CONFIG_HID_SAMSUNG=y +CONFIG_HID_SONY=y +CONFIG_HID_SUNPLUS=y +CONFIG_HID_GREENASIA=y +CONFIG_HID_SMARTJOYPLUS=y +CONFIG_HID_TOPSEED=y +CONFIG_HID_THRUSTMASTER=y +CONFIG_HID_ZEROPLUS=y +CONFIG_USB=y +CONFIG_USB_ANNOUNCE_NEW_DEVICES=y +CONFIG_USB_MON=y +CONFIG_USB_STORAGE=y +CONFIG_USB_ISP1760=y +CONFIG_MMC=y +CONFIG_MMC_ARMMMCI=y +CONFIG_NEW_LEDS=y +CONFIG_LEDS_CLASS=y +CONFIG_LEDS_GPIO=y +CONFIG_LEDS_TRIGGERS=y +CONFIG_LEDS_TRIGGER_HEARTBEAT=y +CONFIG_LEDS_TRIGGER_CPU=y +CONFIG_RTC_CLASS=y +CONFIG_RTC_DRV_PL031=y +CONFIG_VIRTIO_BALLOON=y +CONFIG_VIRTIO_MMIO=y +CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y +CONFIG_EXT2_FS=y +CONFIG_EXT3_FS=y +# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set +# CONFIG_EXT3_FS_XATTR is not set +CONFIG_EXT4_FS=y +CONFIG_VFAT_FS=y +CONFIG_TMPFS=y +#CONFIG_JFFS2_FS is not set +CONFIG_UBIFS_FS=y +CONFIG_CRAMFS=y +CONFIG_SQUASHFS=y +CONFIG_SQUASHFS_LZO=y +CONFIG_NFS_FS=y +CONFIG_ROOT_NFS=y +CONFIG_9P_FS=y +CONFIG_NLS_CODEPAGE_437=y +CONFIG_NLS_ISO8859_1=y +CONFIG_DEBUG_INFO=y +CONFIG_DEBUG_FS=y +CONFIG_MAGIC_SYSRQ=y +CONFIG_DEBUG_KERNEL=y +CONFIG_DETECT_HUNG_TASK=y +# CONFIG_SCHED_DEBUG is not set +CONFIG_DEBUG_USER=y +# CONFIG_CRYPTO_ANSI_CPRNG is not set +# CONFIG_CRYPTO_HW is not set +### Enable OP-TEE +CONFIG_TEE=y +CONFIG_OPTEE=y +### Enable 9P VFS +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +CONFIG_9P_FS=y +CONFIG_9P_FS_POSIX_ACL=y diff --git a/board/qemu/armv7a-tz-virt/readme.txt b/board/qemu/armv7a-tz-virt/readme.txt new file mode 100644 index 0000000..06b728f --- /dev/null +++ b/board/qemu/armv7a-tz-virt/readme.txt @@ -0,0 +1,11 @@ +Board qemu_armv7a_tz_virt builds a Qemu Armv7-A target with +OP-TEE running in the TrustZone secure world setup and a Linux based +OS running in the non-secure world. + +This setup is usually booted with the Arm Trsuted Firmware-A (TF-A from +package boot/arm-trusted-firmware). However the current Buildroot package +needs few changes to build TF-A for OP-TEE support. + +Until BR arm-trusted-firmware is updated this board allows one to only +build the secure and non-secure boot images if not the BIOS for the Qemu +host. diff --git a/board/qemu/armv7a-tz-virt/u-boot.config b/board/qemu/armv7a-tz-virt/u-boot.config new file mode 100644 index 0000000..5588008 --- /dev/null +++ b/board/qemu/armv7a-tz-virt/u-boot.config @@ -0,0 +1,3 @@ +CONFIG_SYS_TEXT_BASE=0x60000000 +CONFIG_BOOTCOMMAND="fdt addr ${fdt_addr} && fdt resize 1000 && smhload zImage ${kernel_addr_r} && smhload rootfs.cpio.gz ${ramdisk_addr_r} ramdisk_addr_end && setenv bootargs console=ttyAMA0,115200 earlyprintk=serial,ttyAMA0,115200 && fdt chosen ${ramdisk_addr_r} ${ramdisk_addr_end} && bootz ${kernel_addr_r} - ${fdt_addr}" +CONFIG_SEMIHOSTING=y diff --git a/configs/qemu_armv7a_tz_virt_defconfig b/configs/qemu_armv7a_tz_virt_defconfig new file mode 100644 index 0000000..ab52480 --- /dev/null +++ b/configs/qemu_armv7a_tz_virt_defconfig @@ -0,0 +1,41 @@ +# Architecture +BR2_arm=y +BR2_cortex_a15=y +BR2_ARM_ENABLE_NEON=y +BR2_ARM_ENABLE_VFP=y +BR2_ARM_FPU_VFPV3D16=y +# System +BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0" +# Filesystem +BR2_TARGET_ROOTFS_CPIO=y +BR2_TARGET_ROOTFS_CPIO_GZIP=y +BR2_TARGET_ROOTFS_EXT2=y +# Linux 4.16 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +BR2_LINUX_KERNEL=y +BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y +BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/armv7a-tz-virt/linux.config" +BR2_LINUX_KERNEL_CUSTOM_VERSION=y +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_DEFCONFIG="vexpress" +BR2_LINUX_KERNEL_DTS_SUPPORT=y +BR2_LINUX_KERNEL_INTREE_DTS_NAME="vexpress-v2p-ca15_a7" +# TF-A for booting OP-TEE secure and uboot/linux non secure +# POSTPONED: depends on boot/arm-trusted-firmware support for Armv7-A +# OP-TEE components +BR2_TARGET_OPTEE_OS=y +BR2_TARGET_OPTEE_OS_PLATFORM="vexpress-qemu_virt" +BR2_TARGET_OPTEE_OS_ADDITIONAL_VARIABLES="CFG_TEE_CORE_DEBUG=n CFG_UNWIND=n CFG_TEE_CORE_LOG_LEVEL=2" +BR2_PACKAGE_OPTEE_CLIENT=y +BR2_PACKAGE_OPTEE_TEST=y +BR2_PACKAGE_OPTEE_EXAMPLES=y +BR2_PACKAGE_OPTEE_BENCHMARK=y +# U-boot for booting the dear Linux kernel +BR2_TARGET_UBOOT=y +BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG=y +BR2_TARGET_UBOOT_BOARD_DEFCONFIG="qemu_arm" +BR2_TARGET_UBOOT_CONFIG_FRAGMENT_FILES="board/qemu/armv7a-tz-virt/u-boot.config" +# Qemu emulator for the Arm target +BR2_PACKAGE_HOST_QEMU=y +BR2_PACKAGE_HOST_QEMU_SYSTEM_MODE=y +BR2_PACKAGE_HOST_QEMU_VIRTFS=y From patchwork Wed Jan 30 10:47:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Etienne Carriere X-Patchwork-Id: 1033420 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ZgCR6NEw"; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43qKpL5K2Zz9s3q for ; Wed, 30 Jan 2019 21:48:10 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 15F0687142; Wed, 30 Jan 2019 10:48:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ms6Vgx4eTF06; Wed, 30 Jan 2019 10:48:05 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 62E3887123; Wed, 30 Jan 2019 10:48:05 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 6FFDE1BF398 for ; Wed, 30 Jan 2019 10:47:58 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 31D5D87D36 for ; Wed, 30 Jan 2019 10:47:57 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ioPiOJ8OsnlD for ; Wed, 30 Jan 2019 10:47:48 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by hemlock.osuosl.org (Postfix) with ESMTPS id 3145587D3D for ; Wed, 30 Jan 2019 10:47:48 +0000 (UTC) Received: by mail-wm1-f65.google.com with SMTP id d15so21112440wmb.3 for ; Wed, 30 Jan 2019 02:47:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=DJepx+KYON43j0UUX5KSI9Naf2OByzYukkA2Aa5t+Pg=; b=ZgCR6NEw8nvdWOuCZlbYQASF1cZb9QPlW6J2RONnh4FRUIrc3XDKz/pnkyRiOOfaeJ mfH/4q7Sqs5SM+2zb/kjYFxI3Cvo/dIRE3NxBIf0D4BFihdXLAhxyaDNoLP2NbnZXnST 9wZYITk427Kdf1JpLt2kqNndK96eNkqjnU3rI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=DJepx+KYON43j0UUX5KSI9Naf2OByzYukkA2Aa5t+Pg=; b=i/YWKZU7iaGeycdms7U7xtPtcRe1XoDpEHNQUIk93huwboqbaUrKH6ITw2v+6mYEYQ n1Akbhg27K3QYk4HkvtGmzqHLl/qr1VDVQci0xvZxJmYW7fDGs8GPxcuumneQUVlMa0V qJP4ekxAYROuHUjBpfoHhOxmIBLPHW/RZmma7awknh70yplFX4eZR9+5d6ipf7cD/BSW PgzlqVb5YYtU6P8uOcsqFEo42LFGkmjvBpXVHA3zQ9Eud8qZ3cDxNaY4A+hwQaTa2U5/ YevAzz8jCe3yrNtON3LsC5lbUUz2+H5KV8u+uxsJTSaiIqxhfWxmJerpYCXs1MDhqY84 0WQA== X-Gm-Message-State: AJcUukdFFVKXdiYdzXpv1kjkc3J27pG3bNk/pVhnBMkSziK/9CGVU/K+ Bukvqhp6+yQ5KQaCqHpqdvSOx97pY9xa9g== X-Google-Smtp-Source: ALg8bN4YUbxg9tzNdqro8Qoaapjcyb70j6f0acgUkNX6FoFTdnxKd/ny2BZYGexfNxl4XT2ptwiyYw== X-Received: by 2002:a1c:2547:: with SMTP id l68mr24952427wml.11.1548845266332; Wed, 30 Jan 2019 02:47:46 -0800 (PST) Received: from lmenx29q.lme.st.com. ([80.214.16.251]) by smtp.gmail.com with ESMTPSA id a62sm1145340wmf.47.2019.01.30.02.47.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 30 Jan 2019 02:47:45 -0800 (PST) From: Etienne Carriere To: buildroot@buildroot.org Date: Wed, 30 Jan 2019 11:47:29 +0100 Message-Id: <1548845249-28201-7-git-send-email-etienne.carriere@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1548845249-28201-1-git-send-email-etienne.carriere@linaro.org> References: <1548845249-28201-1-git-send-email-etienne.carriere@linaro.org> Subject: [Buildroot] [PATCH v4 7/7] configs/qemu_aarch64_tz_virt: AArch64 emulation with TrustZone services X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Etienne Carriere MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This change introduces a Qemu board for an AArch64 target executing with OP-TEE secure world services. The target Linux based normal world embeds the standard minimal filesystem with OP-TEE non-secure components embedded files from OP-TEE client, test, examples and benchmark packages. The Linux custom configuration is dumped from the qemu/aarch64-virt board with few added fragments: OP-TEE driver and 9p for virtual filesystem to ease file manipulation and exchanges through Qemu virtfs support. The standard way for booting OP-TEE with a non-secure world companion use the Arm Trusted Firmware-A as bootloader. OP-TEE OS provides the BL32 image and U-boot the BL33 image. The proposed board enables OP-TEE and U-boot build for this. However package boot/arm-trusted-firmware needs few changes to build OP-TEE compliant TF-A images. Therefore the proposed board allows one to build the images but not yet to run the target with the built Qemu host tool. Signed-off-by: Etienne Carriere --- Changes v3 -> v4 - No change. Changes v2 -> v3 - New change to introduce a board that at least builds Aarch64 OP-TEE. --- board/qemu/aarch64-tz-virt/linux.config | 63 ++++++++++++++++++++++++++++++++ board/qemu/aarch64-tz-virt/readme.txt | 11 ++++++ board/qemu/aarch64-tz-virt/u-boot.config | 3 ++ configs/qemu_aarch64_tz_virt_defconfig | 47 ++++++++++++++++++++++++ 4 files changed, 124 insertions(+) create mode 100644 board/qemu/aarch64-tz-virt/linux.config create mode 100644 board/qemu/aarch64-tz-virt/readme.txt create mode 100644 board/qemu/aarch64-tz-virt/u-boot.config create mode 100644 configs/qemu_aarch64_tz_virt_defconfig diff --git a/board/qemu/aarch64-tz-virt/linux.config b/board/qemu/aarch64-tz-virt/linux.config new file mode 100644 index 0000000..49b7ac6 --- /dev/null +++ b/board/qemu/aarch64-tz-virt/linux.config @@ -0,0 +1,63 @@ +CONFIG_SYSVIPC=y +CONFIG_POSIX_MQUEUE=y +CONFIG_NO_HZ_IDLE=y +CONFIG_HIGH_RES_TIMERS=y +CONFIG_TASKSTATS=y +CONFIG_SCHED_AUTOGROUP=y +CONFIG_PROFILING=y +CONFIG_MODULES=y +CONFIG_MODULE_UNLOAD=y +CONFIG_BLK_DEV_BSGLIB=y +CONFIG_ARCH_VEXPRESS=y +CONFIG_TRANSPARENT_HUGEPAGE=y +CONFIG_BINFMT_MISC=y +CONFIG_COMPAT=y +CONFIG_NET=y +CONFIG_PACKET=y +CONFIG_PACKET_DIAG=y +CONFIG_UNIX=y +CONFIG_NET_KEY=y +CONFIG_INET=y +CONFIG_IP_MULTICAST=y +CONFIG_IP_ADVANCED_ROUTER=y +CONFIG_BRIDGE=m +CONFIG_NET_SCHED=y +CONFIG_VSOCKETS=y +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_VIRTIO_BLK=y +CONFIG_BLK_DEV_SD=y +CONFIG_CHR_DEV_SG=y +CONFIG_SCSI_CONSTANTS=y +CONFIG_SCSI_LOGGING=y +CONFIG_SCSI_SCAN_ASYNC=y +CONFIG_SCSI_VIRTIO=y +CONFIG_ATA=y +CONFIG_NETDEVICES=y +CONFIG_DUMMY=y +CONFIG_MACVLAN=y +CONFIG_VIRTIO_NET=y +CONFIG_NLMON=y +CONFIG_VT_HW_CONSOLE_BINDING=y +CONFIG_SERIAL_AMBA_PL011=y +CONFIG_SERIAL_AMBA_PL011_CONSOLE=y +CONFIG_VIRTIO_CONSOLE=y +CONFIG_HW_RANDOM=y +CONFIG_HW_RANDOM_VIRTIO=y +CONFIG_RTC_CLASS=y +CONFIG_VIRTIO_MMIO=y +CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y +CONFIG_MAILBOX=y +CONFIG_PL320_MBOX=y +CONFIG_EXT4_FS=y +CONFIG_TMPFS=y +CONFIG_TMPFS_POSIX_ACL=y +### Enable OP-TEE +CONFIG_TEE=y +CONFIG_OPTEE=y +### Enable 9P VFS +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +CONFIG_9P_FS=y +CONFIG_9P_FS_POSIX_ACL=y + diff --git a/board/qemu/aarch64-tz-virt/readme.txt b/board/qemu/aarch64-tz-virt/readme.txt new file mode 100644 index 0000000..ec91d2e --- /dev/null +++ b/board/qemu/aarch64-tz-virt/readme.txt @@ -0,0 +1,11 @@ +Board qemu_aarch64_tz_virt builds a Qemu Armv8-A target with +OP-TEE running in the TrustZone secure wolrd setup and a Linux based +OS running in the non-secure wolrd. + +This setup is usually booted with the Arm Trsuted Firmware-A (TF-A from +package boot/arm-trusted-firmware). However the current Buildroot package +needs few changes to build TF-A for OP-TEE support. + +Until BR arm-trusted-firmware is updated this board allows one to only +build the secure and non-secure boot images if not the BIOS for the Qemu +host. diff --git a/board/qemu/aarch64-tz-virt/u-boot.config b/board/qemu/aarch64-tz-virt/u-boot.config new file mode 100644 index 0000000..5588008 --- /dev/null +++ b/board/qemu/aarch64-tz-virt/u-boot.config @@ -0,0 +1,3 @@ +CONFIG_SYS_TEXT_BASE=0x60000000 +CONFIG_BOOTCOMMAND="fdt addr ${fdt_addr} && fdt resize 1000 && smhload zImage ${kernel_addr_r} && smhload rootfs.cpio.gz ${ramdisk_addr_r} ramdisk_addr_end && setenv bootargs console=ttyAMA0,115200 earlyprintk=serial,ttyAMA0,115200 && fdt chosen ${ramdisk_addr_r} ${ramdisk_addr_end} && bootz ${kernel_addr_r} - ${fdt_addr}" +CONFIG_SEMIHOSTING=y diff --git a/configs/qemu_aarch64_tz_virt_defconfig b/configs/qemu_aarch64_tz_virt_defconfig new file mode 100644 index 0000000..9286d15 --- /dev/null +++ b/configs/qemu_aarch64_tz_virt_defconfig @@ -0,0 +1,47 @@ +# Architecture +BR2_aarch64=y + +# System +BR2_SYSTEM_DHCP="eth0" +BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0" + +# Filesystem +BR2_TARGET_ROOTFS_CPIO=y +BR2_TARGET_ROOTFS_CPIO_GZIP=y +BR2_TARGET_ROOTFS_EXT2=y +BR2_TARGET_ROOTFS_EXT2_4=y +# BR2_TARGET_ROOTFS_TAR is not set + +# Linux headers same as kernel, a 4.16 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y + +# Kernel +BR2_LINUX_KERNEL=y +BR2_LINUX_KERNEL_CUSTOM_VERSION=y +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y +BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/aarch64-tz-virt/linux.config" +BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y + +# TF-A for booting OP-TEE secure and uboot/linux non secure +# POSTPONED: depends on boot/arm-trusted-firmware support for Armv7-A + +# OP-TEE components +BR2_TARGET_OPTEE_OS=y +BR2_TARGET_OPTEE_OS_PLATFORM="vexpress-qemu_armv8a" +BR2_TARGET_OPTEE_OS_ADDITIONAL_VARIABLES="CFG_TEE_CORE_DEBUG=n CFG_UNWIND=n CFG_TEE_CORE_LOG_LEVEL=2" +BR2_PACKAGE_OPTEE_CLIENT=y +BR2_PACKAGE_OPTEE_TEST=y +BR2_PACKAGE_OPTEE_EXAMPLES=y +BR2_PACKAGE_OPTEE_BENCHMARK=y + +# Need a non-secure bootloader for the dear Linux kernel: U-boot? UEFI? +BR2_TARGET_UBOOT=y +BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG=y +BR2_TARGET_UBOOT_BOARD_DEFCONFIG="qemu_arm64" +BR2_TARGET_UBOOT_CONFIG_FRAGMENT_FILES="board/qemu/aarch64-tz-virt/u-boot.config" + +# Qemu emulator for the Arm target +BR2_PACKAGE_HOST_QEMU=y +BR2_PACKAGE_HOST_QEMU_SYSTEM_MODE=y +BR2_PACKAGE_HOST_QEMU_VIRTFS=y