From patchwork Tue Sep 20 22:38:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jon Mason X-Patchwork-Id: 13094 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41E21C6FA8E for ; Wed, 21 Sep 2022 12:58:52 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web08.5911.1663765131028995822 for ; Wed, 21 Sep 2022 05:58:51 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: jon.mason@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 197BC143D for ; Wed, 21 Sep 2022 05:58:57 -0700 (PDT) Received: from localhost.localdomain (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 6F6463F73B for ; Wed, 21 Sep 2022 05:58:50 -0700 (PDT) From: Jon Mason To: meta-arm@lists.yoctoproject.org Subject: [PATCH 1/4] arm/optee-os: add ARMv7 changes to clang patch and update patches Date: Tue, 20 Sep 2022 18:38:43 -0400 Message-Id: <20220920223846.8000-1-jon.mason@arm.com> X-Mailer: git-send-email 2.17.1 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 21 Sep 2022 12:58:52 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3796 ARMv7 does not have fixes for the clang issues already fixed for ARMv8. Make the necessary changes in that patch for it to work. Also, update the patches (via devtool). Signed-off-by: Jon Mason --- ...-Define-section-attributes-for-clang.patch | 64 ++++++++++++++++--- ...ow-setting-sysroot-for-libgcc-lookup.patch | 3 +- ...0007-allow-setting-sysroot-for-clang.patch | 5 +- .../optee-os/0008-no-warn-rwx-segments.patch | 11 ++-- .../optee-os/3.18/0009-add-z-execstack.patch | 6 +- .../0010-add-note-GNU-stack-section.patch | 2 +- 6 files changed, 71 insertions(+), 20 deletions(-) diff --git a/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch b/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch index db88e7f0..d30fa5ae 100644 --- a/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch +++ b/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch @@ -1,4 +1,4 @@ -From f189457b79989543f65b8a4e8729eff2cdf9a758 Mon Sep 17 00:00:00 2001 +From 4ff172196d399217992110a47312c626954a844c Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Sat, 13 Aug 2022 19:24:55 -0700 Subject: [PATCH] core: Define section attributes for clang @@ -30,15 +30,17 @@ going and match the functionality with gcc. Upstream-Status: Pending Signed-off-by: Khem Raj + --- core/arch/arm/kernel/thread.c | 19 +++++++++++++++-- core/arch/arm/mm/core_mmu_lpae.c | 35 ++++++++++++++++++++++++++++---- + core/arch/arm/mm/core_mmu_v7.c | 27 +++++++++++++++++++++--- core/arch/arm/mm/pgt_cache.c | 12 ++++++++++- core/kernel/thread.c | 13 +++++++++++- - 4 files changed, 71 insertions(+), 8 deletions(-) + 5 files changed, 95 insertions(+), 11 deletions(-) diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c -index f083b159e..432983c86 100644 +index f083b159..432983c8 100644 --- a/core/arch/arm/kernel/thread.c +++ b/core/arch/arm/kernel/thread.c @@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss; @@ -75,10 +77,10 @@ index f083b159e..432983c86 100644 #ifdef ARM32 diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c -index 19cd7b61b..78f5910c5 100644 +index 3f08eec6..e6dc9261 100644 --- a/core/arch/arm/mm/core_mmu_lpae.c +++ b/core/arch/arm/mm/core_mmu_lpae.c -@@ -230,19 +230,46 @@ typedef uint16_t l1_idx_t; +@@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t; typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES]; typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES]; @@ -129,8 +131,53 @@ index 19cd7b61b..78f5910c5 100644 /* * TAs page table entry inside a level 1 page table. * +diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c +index cd85bd22..ee78e6ee 100644 +--- a/core/arch/arm/mm/core_mmu_v7.c ++++ b/core/arch/arm/mm/core_mmu_v7.c +@@ -204,16 +204,37 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_ENTRIES]; + typedef uint32_t l2_xlat_tbl_t[NUM_L2_ENTRIES]; + typedef uint32_t ul1_xlat_tbl_t[NUM_UL1_ENTRIES]; + ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.l1" ++#endif + static l1_xlat_tbl_t main_mmu_l1_ttb +- __aligned(L1_ALIGNMENT) __section(".nozi.mmu.l1"); ++ __aligned(L1_ALIGNMENT) ++#ifndef __clang__ ++ __section(".nozi.mmu.l1") ++#endif ++; + + /* L2 MMU tables */ ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.l2" ++#endif + static l2_xlat_tbl_t main_mmu_l2_ttb[MAX_XLAT_TABLES] +- __aligned(L2_ALIGNMENT) __section(".nozi.mmu.l2"); ++ __aligned(L2_ALIGNMENT) ++#ifndef __clang__ ++ __section(".nozi.mmu.l2") ++#endif ++; + + /* MMU L1 table for TAs, one for each thread */ ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.ul1" ++#endif + static ul1_xlat_tbl_t main_mmu_ul1_ttb[CFG_NUM_THREADS] +- __aligned(UL1_ALIGNMENT) __section(".nozi.mmu.ul1"); ++ __aligned(UL1_ALIGNMENT) ++#ifndef __clang__ ++ __section(".nozi.mmu.ul1") ++#endif ++; + + struct mmu_partition { + l1_xlat_tbl_t *l1_table; diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c -index d658b3e68..6c36706c0 100644 +index dee1d207..382cae1c 100644 --- a/core/arch/arm/mm/pgt_cache.c +++ b/core/arch/arm/mm/pgt_cache.c @@ -104,8 +104,18 @@ void pgt_init(void) @@ -154,7 +201,7 @@ index d658b3e68..6c36706c0 100644 for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) { diff --git a/core/kernel/thread.c b/core/kernel/thread.c -index 18d34e6ad..086129e28 100644 +index 18d34e6a..086129e2 100644 --- a/core/kernel/thread.c +++ b/core/kernel/thread.c @@ -37,13 +37,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss; @@ -183,6 +230,3 @@ index 18d34e6ad..086129e28 100644 #define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack)) DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, --- -2.37.2 - diff --git a/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch index 17005396..ab4a6dbc 100644 --- a/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch +++ b/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch @@ -1,4 +1,4 @@ -From 0bab935695ebcf0c533b49896ab18ff33d4a47d1 Mon Sep 17 00:00:00 2001 +From 528aeb42652a3159c1bfd51d6c1442c3ff27b84c Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Tue, 26 May 2020 14:38:02 -0500 Subject: [PATCH] allow setting sysroot for libgcc lookup @@ -9,6 +9,7 @@ otherwise. Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188] Signed-off-by: Ross Burton + --- mk/gcc.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch b/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch index 5c0d0a56..067ba6eb 100644 --- a/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch +++ b/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch @@ -1,4 +1,4 @@ -From 3167f2c0dba4db59d61b60a8fe66f969d20aafa9 Mon Sep 17 00:00:00 2001 +From db9e44af75c7cfd3316cab15aaa387383df3e57e Mon Sep 17 00:00:00 2001 From: Brett Warren Date: Wed, 23 Sep 2020 09:27:34 +0100 Subject: [PATCH] optee: enable clang support @@ -10,12 +10,13 @@ compiler-rt. This is mitigated by including the variable as ammended. Upstream-Status: Pending ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701 Signed-off-by: Brett Warren + --- mk/clang.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mk/clang.mk b/mk/clang.mk -index 0f48c836..47465523 100644 +index c141a3f2..7d067cc0 100644 --- a/mk/clang.mk +++ b/mk/clang.mk @@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ diff --git a/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch b/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch index 1dd70b31..6d48a760 100644 --- a/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch +++ b/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch @@ -1,11 +1,11 @@ -Signed-off-by: Anton Antonov -Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] - -From 0b8a917fa51a366806edc0f04b88cd23b24098c4 Mon Sep 17 00:00:00 2001 +From cf2a2451f4e9300532d677bb3a8315494a3b3a82 Mon Sep 17 00:00:00 2001 From: Jerome Forissier Date: Fri, 5 Aug 2022 09:48:03 +0200 Subject: [PATCH] core: link: add --no-warn-rwx-segments +Signed-off-by: Anton Antonov +Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] + binutils ld.bfd generates one RWX LOAD segment by merging several sections with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it also warns by default when that happens [1], which breaks the build due to @@ -18,12 +18,13 @@ Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 Reported-by: Dominique Martinet Signed-off-by: Jerome Forissier Acked-by: Jens Wiklander + --- core/arch/arm/kernel/link.mk | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index 7eed333a32..c39d43cbfc 100644 +index 7eed333a..c39d43cb 100644 --- a/core/arch/arm/kernel/link.mk +++ b/core/arch/arm/kernel/link.mk @@ -31,6 +31,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map diff --git a/meta-arm/recipes-security/optee/optee-os/3.18/0009-add-z-execstack.patch b/meta-arm/recipes-security/optee/optee-os/3.18/0009-add-z-execstack.patch index 5463a345..3ba6c4ef 100644 --- a/meta-arm/recipes-security/optee/optee-os/3.18/0009-add-z-execstack.patch +++ b/meta-arm/recipes-security/optee/optee-os/3.18/0009-add-z-execstack.patch @@ -1,4 +1,4 @@ -From a9d099d17ef0af6deac4c3b4d15ad0555d258ec8 Mon Sep 17 00:00:00 2001 +From ea932656461865ab9ac4036245c756c082aeb3e1 Mon Sep 17 00:00:00 2001 From: Jerome Forissier Date: Tue, 23 Aug 2022 11:41:00 +0000 Subject: [PATCH] core, ldelf: link: add -z execstack @@ -22,6 +22,10 @@ Signed-off-by: Anton Antonov Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] --- + core/arch/arm/kernel/link.mk | 13 +++++++++---- + ldelf/link.mk | 3 +++ + 2 files changed, 12 insertions(+), 4 deletions(-) + diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk index c39d43cb..0e96e606 100644 --- a/core/arch/arm/kernel/link.mk diff --git a/meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch b/meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch index 95d5e676..4ea65d88 100644 --- a/meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch +++ b/meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch @@ -1,4 +1,4 @@ -From 38bf606653ee08b10db6bb298e369cb3a9cdcda9 Mon Sep 17 00:00:00 2001 +From ec30e84671aac9a2e9549754eb7bc6201728db4c Mon Sep 17 00:00:00 2001 From: Jerome Forissier Date: Tue, 23 Aug 2022 12:31:46 +0000 Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to From patchwork Tue Sep 20 22:38:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jon Mason X-Patchwork-Id: 13095 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D093ECAAD8 for ; Wed, 21 Sep 2022 12:58:52 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.6025.1663765131235167838 for ; Wed, 21 Sep 2022 05:58:51 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: jon.mason@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 436AE1F02 for ; Wed, 21 Sep 2022 05:58:57 -0700 (PDT) Received: from localhost.localdomain (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 9E92A3F73B for ; Wed, 21 Sep 2022 05:58:50 -0700 (PDT) From: Jon Mason To: meta-arm@lists.yoctoproject.org Subject: [PATCH 2/4] arm/qemuarm-secureboot: remove optee-os version pin Date: Tue, 20 Sep 2022 18:38:44 -0400 Message-Id: <20220920223846.8000-2-jon.mason@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220920223846.8000-1-jon.mason@arm.com> References: <20220920223846.8000-1-jon.mason@arm.com> List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 21 Sep 2022 12:58:52 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3797 The CPU issue that pinned qemuarm-secureboot is no longer present. Remove the logic in the conf file that held it back to the older version. Signed-off-by: Jon Mason --- meta-arm/conf/machine/qemuarm-secureboot.conf | 3 --- 1 file changed, 3 deletions(-) diff --git a/meta-arm/conf/machine/qemuarm-secureboot.conf b/meta-arm/conf/machine/qemuarm-secureboot.conf index e48d9642..f08b84fe 100644 --- a/meta-arm/conf/machine/qemuarm-secureboot.conf +++ b/meta-arm/conf/machine/qemuarm-secureboot.conf @@ -21,6 +21,3 @@ WKS_FILE_DEPENDS = "trusted-firmware-a" IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}" MACHINE_FEATURES += "optee-ftpm" - -# FIXME - CPUs 2-4 don't start in the newer OPTEE -PREFERRED_VERSION_optee-os ?= "3.14%" From patchwork Tue Sep 20 22:38:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jon Mason X-Patchwork-Id: 13096 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45AA9C6FA90 for ; Wed, 21 Sep 2022 12:58:52 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web09.5944.1663765131260671092 for ; Wed, 21 Sep 2022 05:58:51 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: jon.mason@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7274A1F60 for ; Wed, 21 Sep 2022 05:58:57 -0700 (PDT) Received: from localhost.localdomain (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id C8FFA3F73B for ; Wed, 21 Sep 2022 05:58:50 -0700 (PDT) From: Jon Mason To: meta-arm@lists.yoctoproject.org Subject: [PATCH 3/4] arm/optee: remove old versions Date: Tue, 20 Sep 2022 18:38:45 -0400 Message-Id: <20220920223846.8000-3-jon.mason@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220920223846.8000-1-jon.mason@arm.com> References: <20220920223846.8000-1-jon.mason@arm.com> List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 21 Sep 2022 12:58:52 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3798 Remove versions not being used anymore and update patches as necessary Signed-off-by: Jon Mason --- .../optee/optee-os-tadevkit_3.14.0.bbappend | 6 - .../optee/optee-os_3.14.0.bbappend | 6 - .../optee/optee-test_3.14.0.bbappend | 6 - .../optee/optee-examples_3.14.0.bb | 4 - .../optee/optee-os-tadevkit_3.14.0.bb | 20 --- .../{3.18 => }/0009-add-z-execstack.patch | 0 .../0010-add-note-GNU-stack-section.patch | 0 .../optee-os/3.14/0009-add-z-execstack.patch | 95 ------------- .../0010-add-note-GNU-stack-section.patch | 128 ------------------ .../recipes-security/optee/optee-os_3.14.0.bb | 10 -- .../recipes-security/optee/optee-os_3.18.0.bb | 4 +- .../optee/optee-test_3.14.0.bb | 3 - 12 files changed, 2 insertions(+), 280 deletions(-) delete mode 100644 meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend delete mode 100644 meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend delete mode 100644 meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend delete mode 100644 meta-arm/recipes-security/optee/optee-examples_3.14.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb rename meta-arm/recipes-security/optee/optee-os/{3.18 => }/0009-add-z-execstack.patch (100%) rename meta-arm/recipes-security/optee/optee-os/{3.18 => }/0010-add-note-GNU-stack-section.patch (100%) delete mode 100644 meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch delete mode 100644 meta-arm/recipes-security/optee/optee-os/3.14/0010-add-note-GNU-stack-section.patch delete mode 100644 meta-arm/recipes-security/optee/optee-os_3.14.0.bb delete mode 100644 meta-arm/recipes-security/optee/optee-test_3.14.0.bb diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend deleted file mode 100644 index 6a22d47e..00000000 --- a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend +++ /dev/null @@ -1,6 +0,0 @@ -# Machine specific configurations - -MACHINE_OPTEE_OS_TADEVKIT_REQUIRE ?= "" -MACHINE_OPTEE_OS_TADEVKIT_REQUIRE:tc = "optee-os-generic-tc.inc" - -require ${MACHINE_OPTEE_OS_TADEVKIT_REQUIRE} diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend deleted file mode 100644 index e276fb86..00000000 --- a/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend +++ /dev/null @@ -1,6 +0,0 @@ -# Machine specific configurations - -MACHINE_OPTEE_OS_REQUIRE ?= "" -MACHINE_OPTEE_OS_REQUIRE:tc = "optee-os-tc.inc" - -require ${MACHINE_OPTEE_OS_REQUIRE} diff --git a/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend deleted file mode 100644 index 490b3500..00000000 --- a/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend +++ /dev/null @@ -1,6 +0,0 @@ -# Machine specific configurations - -MACHINE_OPTEE_TEST_REQUIRE ?= "" -MACHINE_OPTEE_TEST_REQUIRE:tc = "optee-test-tc.inc" - -require ${MACHINE_OPTEE_TEST_REQUIRE} diff --git a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb deleted file mode 100644 index f2b5f7dd..00000000 --- a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb +++ /dev/null @@ -1,4 +0,0 @@ -require optee-examples.inc - -SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec" - diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb deleted file mode 100644 index 0d37a528..00000000 --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb +++ /dev/null @@ -1,20 +0,0 @@ -FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:" -require optee-os_3.14.0.bb - -SUMMARY = "OP-TEE Trusted OS TA devkit" -DESCRIPTION = "OP-TEE TA devkit for build TAs" -HOMEPAGE = "https://www.op-tee.org/" - -do_install() { - #install TA devkit - install -d ${D}${includedir}/optee/export-user_ta/ - for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do - cp -aR $f ${D}${includedir}/optee/export-user_ta/ - done -} - -do_deploy() { - echo "Do not inherit do_deploy from optee-os." -} - -FILES:${PN} = "${includedir}/optee/" diff --git a/meta-arm/recipes-security/optee/optee-os/3.18/0009-add-z-execstack.patch b/meta-arm/recipes-security/optee/optee-os/0009-add-z-execstack.patch similarity index 100% rename from meta-arm/recipes-security/optee/optee-os/3.18/0009-add-z-execstack.patch rename to meta-arm/recipes-security/optee/optee-os/0009-add-z-execstack.patch diff --git a/meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch b/meta-arm/recipes-security/optee/optee-os/0010-add-note-GNU-stack-section.patch similarity index 100% rename from meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch rename to meta-arm/recipes-security/optee/optee-os/0010-add-note-GNU-stack-section.patch diff --git a/meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch b/meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch deleted file mode 100644 index 616a0fff..00000000 --- a/meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch +++ /dev/null @@ -1,95 +0,0 @@ -From cb4349edce6ce360436f10da8b6aa32e68fb778d Mon Sep 17 00:00:00 2001 -From: Jerome Forissier -Date: Tue, 23 Aug 2022 11:41:00 +0000 -Subject: [PATCH] core, ldelf: link: add -z execstack - -When building for arm32 with GNU binutils 2.39, the linker outputs -warnings when generating some TEE core binaries (all_obj.o, init.o, -unpaged.o and tee.elf) as well as ldelf.elf: - - arm-poky-linux-gnueabi-ld.bfd: warning: atomic_a32.o: missing .note.GNU-stack section implies executable stack - arm-poky-linux-gnueabi-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker - -The permissions used when mapping the TEE core stacks do not depend on -any metadata found in the ELF file. Similarly when the TEE core loads -ldelf it already creates a non-executable stack regardless of ELF -information. Therefore we can safely ignore the warnings. This is done -by adding the '-z execstack' option. - -Signed-off-by: Jerome Forissier - -Signed-off-by: Anton Antonov -Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] - ---- - core/arch/arm/kernel/link.mk | 13 +++++++++---- - ldelf/link.mk | 4 ++++ - 2 files changed, 13 insertions(+), 4 deletions(-) - -diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index 3dc459d6..85cde58e 100644 ---- a/core/arch/arm/kernel/link.mk -+++ b/core/arch/arm/kernel/link.mk -@@ -9,6 +9,11 @@ link-script-dep = $(link-out-dir)/.kern.ld.d - - AWK = awk - -+link-ldflags-common += $(call ld-option,--no-warn-rwx-segments) -+ifeq ($(CFG_ARM32_core),y) -+link-ldflags-common += $(call ld-option,--no-warn-execstack) -+endif -+ - link-ldflags = $(LDFLAGS) - ifeq ($(CFG_CORE_ASLR),y) - link-ldflags += -pie -Bsymbolic -z notext -z norelro $(ldflag-apply-dynamic-relocs) -@@ -17,7 +22,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map - link-ldflags += --sort-section=alignment - link-ldflags += --fatal-warnings - link-ldflags += --gc-sections --link-ldflags += $(call ld-option,--no-warn-rwx-segments) -+link-ldflags += $(link-ldflags-common) - - link-ldadd = $(LDADD) - link-ldadd += $(ldflags-external) -@@ -39,7 +44,7 @@ link-script-cppflags := \ - $(cppflagscore)) - - ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \ -- $(call ld-option,--no-warn-rwx-segments) \ -+ $(link-ldflags-common) \ - $(link-objs) $(link-ldadd) $(libgcccore) - cleanfiles += $(link-out-dir)/all_objs.o - $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST) -@@ -53,7 +58,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o - $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@ - - unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ -- $(call ld-option,--no-warn-rwx-segments) -+ $(link-ldflags-common) - unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore) - cleanfiles += $(link-out-dir)/unpaged.o - $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt -@@ -82,7 +87,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o - $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@ - - init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ -- $(call ld-option,--no-warn-rwx-segments) -+ $(link-ldflags-common) - init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \ - $(libgcccore) - cleanfiles += $(link-out-dir)/init.o -diff --git a/ldelf/link.mk b/ldelf/link.mk -index 8fafc879..d8a05ea6 100644 ---- a/ldelf/link.mk -+++ b/ldelf/link.mk -@@ -19,6 +19,10 @@ link-ldflags += --sort-section=alignment - link-ldflags += -z max-page-size=4096 # OP-TEE always uses 4K alignment - link-ldflags += $(link-ldflags$(sm)) - -+ifeq ($(CFG_ARM32_$(sm)), y) -+link-ldflags += $(call ld-option,--no-warn-execstack) -+endif -+ - link-ldadd = $(addprefix -L,$(libdirs)) - link-ldadd += --start-group $(addprefix -l,$(libnames)) --end-group - ldargs-ldelf.elf := $(link-ldflags) $(objs) $(link-ldadd) $(libgcc$(sm)) diff --git a/meta-arm/recipes-security/optee/optee-os/3.14/0010-add-note-GNU-stack-section.patch b/meta-arm/recipes-security/optee/optee-os/3.14/0010-add-note-GNU-stack-section.patch deleted file mode 100644 index c0330b9f..00000000 --- a/meta-arm/recipes-security/optee/optee-os/3.14/0010-add-note-GNU-stack-section.patch +++ /dev/null @@ -1,128 +0,0 @@ -From f99a0278ad5e26772b3dcf8c74b5bf986ecfbe1e Mon Sep 17 00:00:00 2001 -From: Jerome Forissier -Date: Tue, 23 Aug 2022 12:31:46 +0000 -Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to - - .S files - -When building for arm32 with GNU binutils 2.39, the linker outputs -warnings when linking Trusted Applications: - - arm-unknown-linux-uclibcgnueabihf-ld.bfd: warning: utee_syscalls_a32.o: missing .note.GNU-stack section implies executable stack - arm-unknown-linux-uclibcgnueabihf-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker - -We could silence the warning by adding the '-z execstack' option to the -TA link flags, like we did in the parent commit for the TEE core and -ldelf. Indeed, ldelf always allocates a non-executable piece of memory -for the TA to use as a stack. - -However it seems preferable to comply with the common ELF practices in -this case. A better fix is therefore to add the missing .note.GNU-stack -sections in the assembler files. - -Signed-off-by: Jerome Forissier - -Signed-off-by: Anton Antonov -Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] - ---- - lib/libutee/arch/arm/utee_syscalls_a32.S | 2 ++ - lib/libutils/ext/arch/arm/atomic_a32.S | 2 ++ - lib/libutils/ext/arch/arm/mcount_a32.S | 2 ++ - lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S | 2 ++ - lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S | 2 ++ - lib/libutils/isoc/arch/arm/setjmp_a32.S | 2 ++ - ta/arch/arm/ta_entry_a32.S | 2 ++ - 7 files changed, 14 insertions(+) - -diff --git a/lib/libutee/arch/arm/utee_syscalls_a32.S b/lib/libutee/arch/arm/utee_syscalls_a32.S -index 6e621ca6..af405f62 100644 ---- a/lib/libutee/arch/arm/utee_syscalls_a32.S -+++ b/lib/libutee/arch/arm/utee_syscalls_a32.S -@@ -7,6 +7,8 @@ - #include - #include - -+ .section .note.GNU-stack,"",%progbits -+ - .section .text - .balign 4 - .code 32 -diff --git a/lib/libutils/ext/arch/arm/atomic_a32.S b/lib/libutils/ext/arch/arm/atomic_a32.S -index eaef6914..2be73ffa 100644 ---- a/lib/libutils/ext/arch/arm/atomic_a32.S -+++ b/lib/libutils/ext/arch/arm/atomic_a32.S -@@ -5,6 +5,8 @@ - - #include - -+ .section .note.GNU-stack,"",%progbits -+ - /* uint32_t atomic_inc32(uint32_t *v); */ - FUNC atomic_inc32 , : - ldrex r1, [r0] -diff --git a/lib/libutils/ext/arch/arm/mcount_a32.S b/lib/libutils/ext/arch/arm/mcount_a32.S -index 51439a23..54dc3c02 100644 ---- a/lib/libutils/ext/arch/arm/mcount_a32.S -+++ b/lib/libutils/ext/arch/arm/mcount_a32.S -@@ -7,6 +7,8 @@ - - #if defined(CFG_TA_GPROF_SUPPORT) || defined(CFG_FTRACE_SUPPORT) - -+ .section .note.GNU-stack,"",%progbits -+ - /* - * Convert return address to call site address by subtracting the size of the - * mcount call instruction (blx __gnu_mcount_nc). -diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S -index a600c879..37ae9ec6 100644 ---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S -+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S -@@ -5,6 +5,8 @@ - - #include - -+ .section .note.GNU-stack,"",%progbits -+ - /* - * signed ret_idivmod_values(signed quot, signed rem); - * return quotient and remaining the EABI way (regs r0,r1) -diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S -index 2dc50bc9..5c3353e2 100644 ---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S -+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S -@@ -5,6 +5,8 @@ - - #include - -+ .section .note.GNU-stack,"",%progbits -+ - /* - * __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d) - */ -diff --git a/lib/libutils/isoc/arch/arm/setjmp_a32.S b/lib/libutils/isoc/arch/arm/setjmp_a32.S -index 43ea5937..f8a0b70d 100644 ---- a/lib/libutils/isoc/arch/arm/setjmp_a32.S -+++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S -@@ -51,6 +51,8 @@ - #define SIZE(x) - #endif - -+ .section .note.GNU-stack,"",%progbits -+ - /* Arm/Thumb interworking support: - - The interworking scheme expects functions to use a BX instruction -diff --git a/ta/arch/arm/ta_entry_a32.S b/ta/arch/arm/ta_entry_a32.S -index d2f8a69d..cd9a12f9 100644 ---- a/ta/arch/arm/ta_entry_a32.S -+++ b/ta/arch/arm/ta_entry_a32.S -@@ -5,6 +5,8 @@ - - #include - -+ .section .note.GNU-stack,"",%progbits -+ - /* - * This function is the bottom of the user call stack. Mark it as such so that - * the unwinding code won't try to go further down. diff --git a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os_3.14.0.bb deleted file mode 100644 index 6400ac2a..00000000 --- a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb +++ /dev/null @@ -1,10 +0,0 @@ -require optee-os.inc - -SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f" - -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native" - -SRC_URI:append = " \ - file://3.14/0009-add-z-execstack.patch \ - file://3.14/0010-add-note-GNU-stack-section.patch \ - " diff --git a/meta-arm/recipes-security/optee/optee-os_3.18.0.bb b/meta-arm/recipes-security/optee/optee-os_3.18.0.bb index f459efce..59e58ed3 100644 --- a/meta-arm/recipes-security/optee/optee-os_3.18.0.bb +++ b/meta-arm/recipes-security/optee/optee-os_3.18.0.bb @@ -5,6 +5,6 @@ DEPENDS += "dtc-native" SRCREV = "1ee647035939e073a2e8dddb727c0f019cc035f1" SRC_URI:append = " \ file://0001-core-Define-section-attributes-for-clang.patch \ - file://3.18/0009-add-z-execstack.patch \ - file://3.18/0010-add-note-GNU-stack-section.patch \ + file://0009-add-z-execstack.patch \ + file://0010-add-note-GNU-stack-section.patch \ " diff --git a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb b/meta-arm/recipes-security/optee/optee-test_3.14.0.bb deleted file mode 100644 index 6367c276..00000000 --- a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb +++ /dev/null @@ -1,3 +0,0 @@ -require optee-test.inc - -SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741" From patchwork Tue Sep 20 22:38:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jon Mason X-Patchwork-Id: 13093 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 416CCC32771 for ; Wed, 21 Sep 2022 12:58:52 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web08.5912.1663765131511756723 for ; Wed, 21 Sep 2022 05:58:51 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: jon.mason@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9E9481F91 for ; Wed, 21 Sep 2022 05:58:57 -0700 (PDT) Received: from localhost.localdomain (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 0385B3F73B for ; Wed, 21 Sep 2022 05:58:50 -0700 (PDT) From: Jon Mason To: meta-arm@lists.yoctoproject.org Subject: [PATCH 4/4] arm/optee-client: move the 3.14 recipe to meta-arm-bsp Date: Tue, 20 Sep 2022 18:38:46 -0400 Message-Id: <20220920223846.8000-4-jon.mason@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220920223846.8000-1-jon.mason@arm.com> References: <20220920223846.8000-1-jon.mason@arm.com> List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 21 Sep 2022 12:58:52 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3799 Only corstone1000 is using the legacy version of optee-client. Move it there to keep corstone1000 working, while removing it from meta-arm to discourage use of the non-latest version. Signed-off-by: Jon Mason --- .../optee/optee-client/tee-supplicant.service | 10 ++++ .../optee/optee-client/tee-supplicant.sh | 46 +++++++++++++++++++ .../optee/optee-client_3.14.0.bb | 2 +- 3 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service create mode 100644 meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh rename {meta-arm => meta-arm-bsp}/recipes-security/optee/optee-client_3.14.0.bb (52%) diff --git a/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service b/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service new file mode 100644 index 00000000..c273832d --- /dev/null +++ b/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service @@ -0,0 +1,10 @@ +[Unit] +Description=TEE Supplicant + +[Service] +User=root +EnvironmentFile=-@sysconfdir@/default/tee-supplicant +ExecStart=@sbindir@/tee-supplicant $OPTARGS + +[Install] +WantedBy=basic.target diff --git a/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh b/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh new file mode 100644 index 00000000..b4d21950 --- /dev/null +++ b/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +# Source function library +. /etc/init.d/functions + +NAME=tee-supplicant +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DESC="OP-TEE Supplicant" + +DAEMON=@sbindir@/$NAME + +test -f $DAEMON || exit 0 + +test -f @sysconfdir@/default/$NAME && . @sysconfdir@/default/$NAME +test -f @sysconfdir@/default/rcS && . @sysconfdir@/default/rcS + +SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- -d $OPTARGS" + +set -e + +case $1 in + start) + echo -n "Starting $DESC: " + start-stop-daemon --start $SSD_OPTIONS + echo "${DAEMON##*/}." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon --stop $SSD_OPTIONS + echo "${DAEMON##*/}." + ;; + restart|force-reload) + $0 stop + sleep 1 + $0 start + ;; + status) + status ${DAEMON} || exit $? + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb b/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bb similarity index 52% rename from meta-arm/recipes-security/optee/optee-client_3.14.0.bb rename to meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bb index be78b880..641fb0a0 100644 --- a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb +++ b/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bb @@ -1,3 +1,3 @@ -require optee-client.inc +require recipes-security/optee/optee-client.inc SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53"