From e7ff17220cc448f0e421898fcae9286aa7c79723 Mon Sep 17 00:00:00 2001 From: Adam Johnston Date: Fri, 23 Dec 2022 12:26:57 +0000 Subject: [PATCH 1/4] cassini-[bsp,config]: Fix 'no such file' when building libts The libts recipe assumes generated cmake file will be suffixed with '-noconfig'. This is only true when building for the default config i.e. "". Check which cmake file has been generated before trying to patch it. This fixes 'no such file' error when building for other configs (in our case "Debug"). This patch should be dropped when fixed upstream (in meta-arm). Signed-off-by: Adam Johnston --- .../patches/0001-Fix-cmake-file-paths.patch | 43 +++++++++++++++++++ .../kas/include/arm-machines.yml | 4 ++ 2 files changed, 47 insertions(+) create mode 100644 meta-cassini-bsp/meta-arm/patches/0001-Fix-cmake-file-paths.patch diff --git a/meta-cassini-bsp/meta-arm/patches/0001-Fix-cmake-file-paths.patch b/meta-cassini-bsp/meta-arm/patches/0001-Fix-cmake-file-paths.patch new file mode 100644 index 0000000..546772d --- /dev/null +++ b/meta-cassini-bsp/meta-arm/patches/0001-Fix-cmake-file-paths.patch @@ -0,0 +1,43 @@ +From d193ec72f19ac49d48e2bb29abdd97654056b0a3 Mon Sep 17 00:00:00 2001 +From: Adam Johnston +Date: Wed, 14 Dec 2022 15:04:59 +0000 +Subject: [PATCH 1/1] arm/trusted-services: Fix 'no such file' when building libts + +The libts recipe assumes generated cmake file will be suffixed with +'-noconfig'. This is only true when building for the default config +i.e. "". + +Check which cmake file has been generated before trying to +patch it. This fixes 'no such file' error when building for other +configs. + +Signed-off-by: Adam Johnston + +--- + meta-arm/recipes-security/trusted-services/libts_git.bb | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/meta-arm/recipes-security/trusted-services/libts_git.bb b/meta-arm/recipes-security/trusted-services/libts_git.bb +index 598b281b..6151e752 100644 +--- a/meta-arm/recipes-security/trusted-services/libts_git.bb ++++ b/meta-arm/recipes-security/trusted-services/libts_git.bb +@@ -24,11 +24,14 @@ do_install:append () { + fi + + # Move the dynamic libraries into the standard place. +- # Update a cmake file to use correct paths. + install -d ${D}${libdir} + mv ${D}${TS_INSTALL}/lib/libts* ${D}${libdir} + +- sed -i -e "s#/${TS_ENV}##g" ${D}${TS_INSTALL}/lib/cmake/libts/libtsTargets-noconfig.cmake ++ # Update generated cmake file to use correct paths. ++ target_cmake=$(find ${D}${TS_INSTALL}/lib/cmake/libts -type f -iname "libtsTargets-*.cmake") ++ if [ ! -z "$target_cmake" ]; then ++ sed -i -e "s#/${TS_ENV}##g" $target_cmake ++ fi + } + + inherit ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', '', 'useradd', d)} +-- +2.38.1 + diff --git a/meta-cassini-config/kas/include/arm-machines.yml b/meta-cassini-config/kas/include/arm-machines.yml index 19d337e..9ca25e9 100644 --- a/meta-cassini-config/kas/include/arm-machines.yml +++ b/meta-cassini-config/kas/include/arm-machines.yml @@ -14,3 +14,7 @@ repos: meta-arm: included meta-arm-bsp: included meta-arm-toolchain: included + patches: + 0001-Fix-file-paths-when-building-for-non-default-configs: + repo: meta-cassini + path: meta-cassini-bsp/meta-arm/patches/0001-Fix-cmake-file-paths.patch -- GitLab From 45134ff9052fb4830606ad61372329c0cf7d939c Mon Sep 17 00:00:00 2001 From: Adam Johnston Date: Fri, 23 Dec 2022 13:53:03 +0000 Subject: [PATCH 2/4] cassini-bsp: Build Trusted Services from Block Storage branch for N1SDP For the N1SDP only, fetch Trusted Services source from here: - https://git.trustedfirmware.org/TS/trusted-services.git?h=topics%2Fblock_storage This branch contains the prototype for the Block Storage Service Signed-off-by: Adam Johnston --- .../recipes-security/trusted-services/libts_%.bbappend | 2 ++ .../trusted-services/trusted-services-src.inc | 7 +++++++ .../recipes-security/trusted-services/ts-newlib_%.bbappend | 2 ++ .../trusted-services/ts-sp-attestation_%.bbappend | 4 ++++ .../trusted-services/ts-sp-crypto_%.bbappend | 4 ++++ .../recipes-security/trusted-services/ts-sp-its_%.bbappend | 4 ++++ .../trusted-services/ts-sp-storage_%.bbappend | 4 ++++ 7 files changed, 27 insertions(+) create mode 100644 meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend create mode 100644 meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/trusted-services-src.inc create mode 100644 meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend create mode 100644 meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-attestation_%.bbappend create mode 100644 meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-crypto_%.bbappend create mode 100644 meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend create mode 100644 meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend new file mode 100644 index 0000000..e9ff628 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend @@ -0,0 +1,2 @@ +# Local overrides +require trusted-services-src.inc diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/trusted-services-src.inc b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/trusted-services-src.inc new file mode 100644 index 0000000..8dbff12 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/trusted-services-src.inc @@ -0,0 +1,7 @@ +# Define sources of Trusted Service and all external dependencies + +# Fetch Block Storage branch for N1SDP platform +SRC_URI:remove:n1sdp = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=integration;name=trusted-services;destsuffix=git/trusted-services " +SRC_URI:prepend:n1sdp = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=topics/block_storage;name=trusted-services;destsuffix=git/trusted-services " +SRCREV_trusted-services:n1sdp = "4d02a83e48924377777a0d7bf58a08a800882424" +LIC_FILES_CHKSUM:n1sdp = "file://${S}/license.rst;md5=ea160bac7f690a069c608516b17997f4" diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend new file mode 100644 index 0000000..e9ff628 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend @@ -0,0 +1,2 @@ +# Local overrides +require trusted-services-src.inc diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-attestation_%.bbappend b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-attestation_%.bbappend new file mode 100644 index 0000000..9946cdd --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-attestation_%.bbappend @@ -0,0 +1,4 @@ +# Local overrides +require trusted-services-src.inc + +OECMAKE_SOURCEPATH:n1sdp="${S}/deployments/attestation/config/default-${TS_ENV}" diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-crypto_%.bbappend b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-crypto_%.bbappend new file mode 100644 index 0000000..4a48437 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-crypto_%.bbappend @@ -0,0 +1,4 @@ +# Local overrides +require trusted-services-src.inc + +OECMAKE_SOURCEPATH:n1sdp="${S}/deployments/crypto/config/default-${TS_ENV}" diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend new file mode 100644 index 0000000..c0e2499 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-its_%.bbappend @@ -0,0 +1,4 @@ +# Local overrides +require trusted-services-src.inc + +OECMAKE_SOURCEPATH:n1sdp="${S}/deployments/internal-trusted-storage/config/default-${TS_ENV}" diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend new file mode 100644 index 0000000..2b8a664 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-storage_%.bbappend @@ -0,0 +1,4 @@ +# Local overrides +require trusted-services-src.inc + +OECMAKE_SOURCEPATH:n1sdp="${S}/deployments/protected-storage/config/default-${TS_ENV}" -- GitLab From 3f2b588d7bbaf0d0fd9e55c5bad654e715195c25 Mon Sep 17 00:00:00 2001 From: Adam Johnston Date: Wed, 7 Dec 2022 09:54:12 +0000 Subject: [PATCH 3/4] cassini-bsp: Add recipe for block storage service Add new recipe (ts-sp-block-storage) to build the Block Storage service from the prototype branch. Signed-off-by: Adam Johnston --- .../trusted-services/ts-sp-block-storage_git.bb | 7 +++++++ .../recipes-security/trusted-services/ts-sp-common.inc | 8 ++++++++ .../recipes-security/trusted-services/ts-uuid.inc | 3 +++ 3 files changed, 18 insertions(+) create mode 100644 meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_git.bb create mode 100644 meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-common.inc create mode 100644 meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-uuid.inc diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_git.bb b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_git.bb new file mode 100644 index 0000000..04f64a6 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_git.bb @@ -0,0 +1,7 @@ +DESCRIPTION = "Trusted Services block storage service provider" + +require ts-sp-common.inc + +SP_UUID = "${BLOCK_STORAGE_UUID}" + +OECMAKE_SOURCEPATH="${S}/deployments/block-storage/config/default-${TS_ENV}" diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-common.inc b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-common.inc new file mode 100644 index 0000000..b854bd8 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-common.inc @@ -0,0 +1,8 @@ +# Common part of all Trusted Services SPs recipes + +# From meta-arm +require recipes-security/trusted-services/ts-sp-common.inc + +# Local overrides +require trusted-services-src.inc +require ts-uuid.inc diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-uuid.inc b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-uuid.inc new file mode 100644 index 0000000..6fe7cb3 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-uuid.inc @@ -0,0 +1,3 @@ +# Trusted Services SPs canonical UUIDs + +BLOCK_STORAGE_UUID = "63646e80-eb52-462f-ac4f-8cdf3987519c" -- GitLab From cba26a2f14bad88ca8f2765b06f0545d97ad5253 Mon Sep 17 00:00:00 2001 From: Adam Johnston Date: Fri, 23 Dec 2022 16:21:37 +0000 Subject: [PATCH 4/4] cassini-bsp: Add new machine feature for Block Storage Service on N1SDP Add Block Storage Service to list of SPs which OP-TEE can load (enabled via the new machine feature 'ts-block-storage'). New feature is disabled by default for now. Changelog: feature Signed-off-by: Adam Johnston --- .../recipes-security/optee/optee-os-ts.inc | 10 ++++++++++ .../recipes-security/optee/optee-os_%.bbappend | 3 +++ 2 files changed, 13 insertions(+) create mode 100644 meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-ts.inc create mode 100644 meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_%.bbappend diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-ts.inc b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-ts.inc new file mode 100644 index 0000000..d78c997 --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-ts.inc @@ -0,0 +1,10 @@ +# Include Trusted Services SPs accordingly to defined machine features + +# From meta-cassini +require ../trusted-services/ts-uuid.inc + +# Block Storage SP +DEPENDS:append:n1sdp = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ + ' ts-sp-block-storage', '' , d)}" +SP_PATHS:append:n1sdp = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \ + ' ${TS_BIN}/${BLOCK_STORAGE_UUID}.stripped.elf', '', d)}" \ No newline at end of file diff --git a/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_%.bbappend b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_%.bbappend new file mode 100644 index 0000000..5e12bbf --- /dev/null +++ b/meta-cassini-bsp/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_%.bbappend @@ -0,0 +1,3 @@ +# Include Trusted Services Secure Partitions + +require optee-os-ts.inc -- GitLab