diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-ts.inc b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-ts.inc new file mode 100644 index 0000000000000000000000000000000000000000..d78c9976b92a973704c3aba821666499a65dbfe8 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-ts.inc @@ -0,0 +1,10 @@ +# Include Trusted Services SPs accordingly to defined machine features + +# From meta-cassini +require ../trusted-services/ts-uuid.inc + +# Block Storage SP +DEPENDS:append:n1sdp = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ + ' ts-sp-block-storage', '' , d)}" +SP_PATHS:append:n1sdp = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ + ' ${TS_BIN}/${BLOCK_STORAGE_UUID}.stripped.elf', '', d)}" \ No newline at end of file diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_%.bbappend b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_%.bbappend new file mode 100644 index 0000000000000000000000000000000000000000..5e12bbf254c76408515b280651754ebc91a09140 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_%.bbappend @@ -0,0 +1,3 @@ +# Include Trusted Services Secure Partitions + +require optee-os-ts.inc diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend new file mode 100644 index 0000000000000000000000000000000000000000..e9ff62821c135014753f29d4355fdd63243c58f8 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend @@ -0,0 +1,2 @@ +# Local overrides +require trusted-services-src.inc diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/trusted-services-src.inc b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/trusted-services-src.inc new file mode 100644 index 0000000000000000000000000000000000000000..8dbff125887438e07f24d27a083c7166c25f5dcd --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/trusted-services-src.inc @@ -0,0 +1,7 @@ +# Define sources of Trusted Service and all external dependencies + +# Fetch Block Storage branch for N1SDP platform +SRC_URI:remove:n1sdp = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=integration;name=trusted-services;destsuffix=git/trusted-services " +SRC_URI:prepend:n1sdp = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=topics/block_storage;name=trusted-services;destsuffix=git/trusted-services " +SRCREV_trusted-services:n1sdp = "4d02a83e48924377777a0d7bf58a08a800882424" +LIC_FILES_CHKSUM:n1sdp = "file://${S}/license.rst;md5=ea160bac7f690a069c608516b17997f4" diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend new file mode 100644 index 0000000000000000000000000000000000000000..e9ff62821c135014753f29d4355fdd63243c58f8 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend @@ -0,0 +1,2 @@ +# Local overrides +require trusted-services-src.inc diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-attestation_%.bbappend b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-attestation_%.bbappend new file mode 100644 index 0000000000000000000000000000000000000000..9946cdd39f0a5a68dd72aaf20653822ecb3406d4 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-attestation_%.bbappend @@ -0,0 +1,4 @@ +# Local overrides +require trusted-services-src.inc + +OECMAKE_SOURCEPATH:n1sdp="${S}/deployments/attestation/config/default-${TS_ENV}" diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_git.bb b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_git.bb new file mode 100644 index 0000000000000000000000000000000000000000..04f64a699d86794255b10f6f123c2eae2e92467b --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_git.bb @@ -0,0 +1,7 @@ +DESCRIPTION = "Trusted Services block storage service provider" + +require ts-sp-common.inc + +SP_UUID = "${BLOCK_STORAGE_UUID}" + +OECMAKE_SOURCEPATH="${S}/deployments/block-storage/config/default-${TS_ENV}" diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-common.inc b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-common.inc new file mode 100644 index 0000000000000000000000000000000000000000..b854bd8c2899851848c47eb48fe54c16ff919b9f --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-common.inc @@ -0,0 +1,8 @@ +# Common part of all Trusted Services SPs recipes + +# From meta-arm +require recipes-security/trusted-services/ts-sp-common.inc + +# Local overrides +require trusted-services-src.inc +require ts-uuid.inc diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-crypto_%.bbappend b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-crypto_%.bbappend new file mode 100644 index 0000000000000000000000000000000000000000..4a4843708021a127305e0567c9a530e53891841d --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-crypto_%.bbappend @@ -0,0 +1,4 @@ +# Local overrides +require trusted-services-src.inc + +OECMAKE_SOURCEPATH:n1sdp="${S}/deployments/crypto/config/default-${TS_ENV}" diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend new file mode 100644 index 0000000000000000000000000000000000000000..c0e2499a4b275c7220b9f79bfcbc185990c60b06 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend @@ -0,0 +1,4 @@ +# Local overrides +require trusted-services-src.inc + +OECMAKE_SOURCEPATH:n1sdp="${S}/deployments/internal-trusted-storage/config/default-${TS_ENV}" diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend new file mode 100644 index 0000000000000000000000000000000000000000..2b8a66484e2addf0a31358cec5886221cd53debe --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend @@ -0,0 +1,4 @@ +# Local overrides +require trusted-services-src.inc + +OECMAKE_SOURCEPATH:n1sdp="${S}/deployments/protected-storage/config/default-${TS_ENV}" diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-uuid.inc b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-uuid.inc new file mode 100644 index 0000000000000000000000000000000000000000..6fe7cb3ac9966efd41af88fb6531412e71179382 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-uuid.inc @@ -0,0 +1,3 @@ +# Trusted Services SPs canonical UUIDs + +BLOCK_STORAGE_UUID = "63646e80-eb52-462f-ac4f-8cdf3987519c" diff --git a/meta-cassini-bsp/meta-arm/patches/0001-Fix-cmake-file-paths.patch b/meta-cassini-bsp/meta-arm/patches/0001-Fix-cmake-file-paths.patch new file mode 100644 index 0000000000000000000000000000000000000000..546772d2b48360015d79a7d6438a444082218538 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/patches/0001-Fix-cmake-file-paths.patch @@ -0,0 +1,43 @@ +From d193ec72f19ac49d48e2bb29abdd97654056b0a3 Mon Sep 17 00:00:00 2001 +From: Adam Johnston +Date: Wed, 14 Dec 2022 15:04:59 +0000 +Subject: [PATCH 1/1] arm/trusted-services: Fix 'no such file' when building libts + +The libts recipe assumes generated cmake file will be suffixed with +'-noconfig'. This is only true when building for the default config +i.e. "". + +Check which cmake file has been generated before trying to +patch it. This fixes 'no such file' error when building for other +configs. + +Signed-off-by: Adam Johnston + +--- + meta-arm/recipes-security/trusted-services/libts_git.bb | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/meta-arm/recipes-security/trusted-services/libts_git.bb b/meta-arm/recipes-security/trusted-services/libts_git.bb +index 598b281b..6151e752 100644 +--- a/meta-arm/recipes-security/trusted-services/libts_git.bb ++++ b/meta-arm/recipes-security/trusted-services/libts_git.bb +@@ -24,11 +24,14 @@ do_install:append () { + fi + + # Move the dynamic libraries into the standard place. +- # Update a cmake file to use correct paths. + install -d ${D}${libdir} + mv ${D}${TS_INSTALL}/lib/libts* ${D}${libdir} + +- sed -i -e "s#/${TS_ENV}##g" ${D}${TS_INSTALL}/lib/cmake/libts/libtsTargets-noconfig.cmake ++ # Update generated cmake file to use correct paths. ++ target_cmake=$(find ${D}${TS_INSTALL}/lib/cmake/libts -type f -iname "libtsTargets-*.cmake") ++ if [ ! -z "$target_cmake" ]; then ++ sed -i -e "s#/${TS_ENV}##g" $target_cmake ++ fi + } + + inherit ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', '', 'useradd', d)} +-- +2.38.1 + diff --git a/meta-cassini-config/kas/include/arm-machines.yml b/meta-cassini-config/kas/include/arm-machines.yml index 19d337eb5fe736f973fc8887635c25611138bab7..9ca25e948cd539097d51820c2642deae366bdc0f 100644 --- a/meta-cassini-config/kas/include/arm-machines.yml +++ b/meta-cassini-config/kas/include/arm-machines.yml @@ -14,3 +14,7 @@ repos: meta-arm: included meta-arm-bsp: included meta-arm-toolchain: included + patches: + 0001-Fix-file-paths-when-building-for-non-default-configs: + repo: meta-cassini + path: meta-cassini-bsp/meta-arm/patches/0001-Fix-cmake-file-paths.patch