Next steps for OP-TEE upstream in buildroot#3
Closed
etienne-lms wants to merge 315 commits into
Closed
Conversation
etienne-lms
force-pushed
the
NEXT-upstream-qemu-optee
branch
4 times, most recently
from
41075fc to
12f7a92
Compare
Owner
Author
|
Qemu issue fixed. Issue was the Qemu version sic. |
etienne-lms
force-pushed
the
NEXT-upstream-qemu-optee
branch
from
12f7a92 to
a94aa29
Compare
etienne-lms
force-pushed
the
NEXT-upstream-qemu-optee
branch
from
a94aa29 to
ae7dd30
Compare
Owner
Author
|
updated with TF-A changes rebased on BR/OP-TEE PATCH v3 (#1). |
Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Pass TARGET_CONFIGURE_OPTS in the environment instead of on the make command line, so 'CFLAGS +=' does the right thing in the Makefile without patching. TARGET_CONFIGURE_OPTS includes TARGET_MAKE_ENV, so drop that. This does require us to pass CROSS_COMPILE to ensure the native tools are not used though. Add a GNU_EFI_MAKE_OPTS and use in both the build and install steps, instead of repeating the various arguments. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adds support for StrnCat, needed by shim. Also add a hash for the license file. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This will be used in packages that depend on gnu-efi, and we take this opportunity to propagate this dependency where it was missing in gummiboot and syslinux. In practice, it was not a problem because gummiboot and syslinux are only available on i386 and x86-64, which is a subset of the architectures supported by gnu-efi. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit adds a package for 'shim', an EFI bootloader for secure boot chain loading. While gnu-efi supports 32bit ARM, this is currently broken in shim. Patches to fix this have been submitted upstream but are not included here for now. rhboot/shim#162 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> [Thomas: use BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS, add separate depends on to exclude ARM32 build.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove patch (already in version) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Retrieve upstream patches to fix build with php 7.3.0 Fixes: - http://autobuild.buildroot.org/results/e3b2a72e1f7f776c30a52bb98bb47c04d0b4919b Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use library instead of shared_library to allow the user to build a static libatk library Fixes: - http://autobuild.buildroot.org/results/347a37dd2585974bdbf3bf99158e8ee9127d1202 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4.20.x is not a long term support kernel, but 4.19.x is (supported until end 2020): https://www.kernel.org/category/releases.html With the upcoming Buildroot 2019.02 release being a LTS release, default to 4.19.x instead. Notice: The userspace API breakage in net_stamp.h causing build failures has now been fixed in 4.19.14 by commit e4a2ffe9029fd (net: Use __kernel_clockid_t in uapi net_stamp.h) Signed-off-by: Peter Korsgaard <peter@korsgaard.com> [Thomas: add comment in linux/Config.in and package/linux-headers/Config.in.host so that we don't mistakenly bump to 4.20+.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For details see [1]. This bump also deleted the two patch files for the RAUC package. These were related to eMMC support being made optional, and workaround for olde kernel. Both of these patch sets have been merged into upsteam in the rauc git repos. Older kernel workaound: rauc/rauc@993b698#diff-b3a0044e6a3b6a8b16933e72f416c8f1 Make eMMC selectable: rauc/rauc@f85d1ca#diff-365367c8cde56aafd5cbad767e1c9738 [1] https://github.com/rauc/rauc/releases/tag/v1.0 Signed-off-by: David J Fogle <dave@exitstrategytech.com> [Thomas: drop AUTORECONF = YES, no longer needed.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes: - http://autobuild.buildroot.org/results/699c078aa078240c6741da4dbd0871450ceeca92 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes: - http://autobuild.buildroot.org/results/85d30a4f94efa868a9155f7dda593ba8079063b5 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
…org domain Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes: - http://autobuild.buildroot.org/results/d229602f2e477499c86567e0e8a3535513d322e8 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Asaf Kahlon <asafka7@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Asaf Kahlon <asafka7@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Asaf Kahlon <asafka7@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2017-18342: In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. Signed-off-by: Asaf Kahlon <asafka7@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When the kernel is built by Buildroot BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_X_YY must be used and not BR2_KERNEL_HEADERS_X_YY. Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
clamav needs C++ since bump to version 0.101.1 and Cisco-Talos/clamav@d39cb65 Fixes: - http://autobuild.buildroot.org/results/be14aa571309cda32a5963feed9fd7f220e87fe6 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update hash of license file (update in year): akheron/jansson@3e13f51 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update hash of COPYING (year has been updated): smuellerDD/libkcapi@3c56934 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build fails on sh4: src/dns.c:290:1: error: unable to find a register to spill in class 'R0_REGS' } This build failure seems related to a known gcc bug that has been fixed only in gcc 7: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60040 Fixes: - http://autobuild.buildroot.org/results/2e181cc874d5389f10ecddb0d11253c3aa5e7fc4 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
minizip enables zip.h and unzip.h compatibility headers since version 2.7.2 and zlib-ng/minizip-ng@1b2b32c This is an issue as php fails to build if minizip is built after libzip because minizip installs a zip.h header without zip_stat, ZIP_CREATE, ZIP_FL_NOCASE, zip_fopen, etc ... So until the compatibility headers are enhanced/fixed in minizip, disable them Fixes: - http://autobuild.buildroot.org/results/7b41f4e4a521b1e17aa885aac4419b26e0dd8700 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fixes CVE-2018-9251 and CVE-2018-14567: https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74 - Fixes CVE-2018-14404: https://gitlab.gnome.org/GNOME/libxml2/issues/5 - Remove patch: CVE-2017-8872 was fixed by https://gitlab.gnome.org/GNOME/libxml2/issues/26 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
tpm2-tools is commonly used with the resource manager, tpm2-abrmd - But it CAN be used without, E.G. by setting the TPM2TOOLS_TCTI_NAME environment variable to communicate directly with the kernel driver: export TPM2TOOLS_TCTI_NAME=device Either directly with the TPM device (/dev/tpmN) or through the in-kernel resource manager provided by Linux kernel since 4.12 (/dev/tpmrmN) For some use cases (E.G. initramfs) it makes sense to use tpm2-tools without abrmd, so remove the tpm2-abrmd select, and instead a note in the help text that it may be needed. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
jemalloc uses architecture #ifdefs to determine LG_QUANTUM and gives an error when an unsupported architecture is used. For this reason, Buildroot commit 3baf996 introduced BR2_PACKAGE_JEMALLOC_ARCH_SUPPORTS. In the jemalloc sources, 'mips' is checked via '__mips__' which is set both for 32-bit as 64-bit MIPS (including MIPS64 n32). However, the Buildroot arch selection only includes 32-bit MIPS via BR2_mips and BR2_mipsel. Update the arch selection to support MIPS64. Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
If BR2_TARGET_GENERIC_HOSTNAME contains a FQDN, strip the host part and
add it as an alias, e.g.
127.0.1.1 hostname.example.com hostname
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
If a package tries to static link with libavutil it fails due to the lack of libavutil private dependencies in libavutil.pc (-ldrm in this case). Add patch to: - Check if libdrm is present. - Add it to Libs.private: in libavutil.pc if present. Fixes: http://autobuild.buildroot.net/results/766/766de487f394490df8c712652ac364ebb4a3ab14/ http://autobuild.buildroot.net/results/041/041e29dfddb2da3309ac7d34a576c60c5a75fe4d/ http://autobuild.buildroot.net/results/780/78061b61cfe3f42554a475c048d54dacacfe11d5/ http://autobuild.buildroot.net/results/275/275e4e0030d26c029085b408cfb272d5633969c6/ http://autobuild.buildroot.net/results/515/5152dcca58944cf732d09fba6e6c9af8a9243c75/ http://autobuild.buildroot.net/results/395/395be1a9cab824b82ef34c2ebd84d54243029b33/ Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This commit updates package-make-target.txt with a few additional useful per-package targets that have been added in recent times. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
OP-TEE OS is maintained by the OP-TEE project. It provides an open source solution for development and integration of secure services for Armv7-A and Armv8-A CPU based platforms supporting the TrustZone technology. This technology enables CPUs to concurrently host a secure world as the OP-TEE OS and a non-secure world as a Linux based OS. The OP-TEE project maintains other packages to leverage OP-TEE on Linux kernel based OSes. An OP-TEE interface driver is available in the Linux kernel since 4.12 upon CONFIG_OPTEE. This change references in Buildroot the today's latest OP-TEE revision release tagged 3.4.0. https://www.op-tee.org/ https://github.com/OP-TEE/optee_os Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> --- Changes v3 -> v4 - Upgrade from OP-TEE 3.3.0 to 3.4.0. No local patch required. Changes v2 -> v3 - Add an entry in file DEVELOPERS. - Fix BR2_ARM_CPU_ARMV7 into BR2_ARM_CPU_ARMV7A and replace dependency on BR2_aarch64 with dep on BR2_ARM_CPU_ARMV8A which is more accurate. - Many cleaning in description sections of Config.in and layout reordering. - Reordering in optee-os.mk layout. - Correct dependency openssl into host-openssl. - Use OPTEE_OS_INSTALL_STAGING_CMDS for installs in the staging dir. - Clean in-tree TAs install command (s/@(foreach ...)/$(INSTALL) ...) - BR2_TARGET_OPTEE_OS_SERVICES selects BR2_TARGET_OPTEE_OS_CORE instead of depending on BR2_TARGET_OPTEE_OS_SDK. This because core build also builds the in-tree TAs. - Replace common optee-os.hash with per-version .hash files. Support the released 3.x tags from OP-TEE project. - Remove useless indirection in OPTEE_OS_INSTALL_STAGING_CMDS definition. - Fix issue of Aarch64 OS to attempt to build Aarch32 user mode support while the selected cross compilation toolchain cannot compile for Aarch32 targets. OP-TEE OS 3.3.0 is patched to backport support for CFG_USER_TA_TARGETS directive, allowing to restrict build to Aarch64. Changes v1 -> v2: - Replace dependency on BR2_arm with BR2_ARM_CPU_ARMV7 as BR2_arm is enabled for non Armv7 targets. - Correct build dependencies on OpenSSL and pycrypto. Remove patch on package python scripts since pycrypto dependency is now handled. - Correct location of in-tree services TAs (s/ta_services/ta/). Remvoe OPTEE_OS_BUILD_SERVICES as service TAs are already built built when OP-TEE OS core is built. Correct BR2_TARGET_OPTEE_OS_SERVICES options: it only installs the - Fix bad reference in Config.in package description. - Fix wrong hash for the optee-os v3.3.0 tarball. - Fix bad use of OPTEE_OS_VERSION where it is the value content that is expected: $(OPTEE_OS_VERSION). - Clarify output build directory name: use out/. - Minor replace use if/endif with use of depends on in Config.mk. - Add missing dependency of BR2_TARGET_OPTEE_OS_SERVICES on BR2_TARGET_OPTEE_OS_SDK. - Change commit header comment to "boot/optee-os: new package".
OP-TEE client API library and supplicant daemon from the
OP-TEE project are packaged in package/optee-client. An init script
launches the tee-supplicant deamon. Package is added to the
Security menu of BR configuration.
This change references in Buildroot the today's latest OP-TEE
revision release tagged 3.4.0.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
Changes v3 -> v4:
- Upgrade from OP-TEE release 3.3.0 to 3.4.0.
Changes v2 -> v3:
- Add an entry in file DEVELOPERS.
- Clean Config.in layout and description sections.
- Drop BR2_PACKAGE_OPTEE_CLIENT_SYNCED_VERSION.
- Clean optee-client.mk layout.
- Remove OPTEE_CLIENT_INSTALL_STAGING indirection.
- Replace optee-client.hash with per-version optee-client.hash files.
- Support the released 3.x tags from OP-TEE project.
- Correct license tag (client is BSD-2-Clause instead of BSD-3-Clause).
- Rewrite the init script to use start-stop-daemon
Changes v1 -> v2:
- Add option BR2_PACKAGE_OPTEE_CLIENT_SYNCED_VERSION to ensure
OP-TEE client version is synced with OP-TEE OS version when
the later if enabled.
- Remove useless OPTEE_CLIENT_INSTALL_IMAGE=YES.
This package generates embedded Linux based OS userland client
applications and OP-TEE OS trusted applications all embedded in
the file system. These applications shows how to use the APIs
OP-TEE OS is based on, both in the non secure and secure worlds.
Package is added next to the OP-TEE client package in the BR
package configuration.
This change references in Buildroot the today's latest OP-TEE
revision release tagged 3.4.0 with an added patch to fix an issue
reported by recent GCC toolchains.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
Changes v3 -> v4:
- Upgrade from OP-TEE release 3.3.0 to 3.4.0.
Changes v2 -> v3:
- Add an entry in file DEVELOPERS.
- Clean Config.in layout and description sections.
- Drop BR2_PACKAGE_OPTEE_EXAMPLES_SYNCED_VERSION.
- Clean optee-examples.mk layout.
- Replace common optee-examples.hash with per-version .hash files.
- Simplify install command in iotee-test.mk
- Patch optee_test 3.3.0 against an issue in the CMake files.
- Remove dependency of BR2_PACKAGE_OPTEE_EXAMPLES. As the package
depends on BR2_TARGET_OPTEE_OS, leave it to optee-os to define
the supported architectures.
Changes v1 -> v2:
- Replace BR2_arm with BR2_ARM_CPU_ARMV7 as OP-TEE supports only
BR2_ARM_CPU_ARMV7 architectures among the 32bit Arm machines.
- Select OP-TEE client and add dependency on OP-TEE OS.
- Add option BR2_PACKAGE_OPTEE_EXAMPLES_SYNCED_VERSION to ensure
OP-TEE examples version is synced with OP-TEE OS version.
- Do not force output build directory, rely on native path: out/.
- Replace if/endif with depends on in Config.in.
- Remove useless OPTEE_EXAMPLES_INSTALL_STAGING=YES.
- Add package official URL in Config.in package description.
OP-TEE test package provide test materials as part of the OP-TEE
project helping platforms to verify their OP-TEE components
against a set of regression and performance tests.
Package is added in the BR package configuration next to the
OP-TEE client package.
This change references in Buildroot the today's latest OP-TEE
revision release tagged 3.4.0 with an added patch to fix an issue
reported by recent GCC toolchains.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
Changes v3 -> v4:
- Upgrade from OP-TEE release 3.3.0 to 3.4.0. Local patches for 3.3.0
are not applicable. Add a local patch to fix a loop optimization
issue reported by recent GCC.
Changes v2 -> v3:
- Add an entry in file DEVELOPERS.
- Clean Config.in layout and description sections.
- Drop BR2_PACKAGE_OPTEE_TEST_SYNCED_VERSION.
- Clean optee-test.mk layout.
- Replace common optee-test.hash with per-version .hash files.
- Patch optee_benchmark 3.3.0 against an issue reported by GCC warns.
- Remove dependency of BR2_PACKAGE_OPTEE_EXAMPLES and Arm architecture.
As the package depends on BR2_TARGET_OPTEE_OS, leave it to optee-os
to define the supported architectures.
Changes v1 -> v2:
- Replace BR2_arm with BR2_ARM_CPU_ARMV7 as OP-TEE supports only
BR2_ARM_CPU_ARMV7 architectures among the 32bit Arm machines.
- Add missing dependency on BR2_TARGET_OPTEE_OS and select
BR2_PACKAGE_OPTEE_CLIENT when enabled.
- Add option BR2_PACKAGE_OPTEE_TEST_SYNCED_VERSION to ensure
OP-TEE test version is synced with OP-TEE OS version.
- Fix official repo URL in Config.in package description.
- Remove useless OPTEE_TEST_INSTALL_STAGING=YES.
- Do not force output build directory and rely on native one: out/.
OP-TEE performance benchmark tools for the OP-TEE project.
This packages generates embedded Linux based OS materials used
to retrieve execution timing information on invocation of the
OP-TEE secure services.
It is added next to the OP-TEE client package in BR configuration.
This change references in Buildroot the today's latest OP-TEE
revision release tagged 3.4.0.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
Changes v3 -> v4:
- Upgrade from OP-TEE release 3.3.0 to 3.4.0. No local patch required.
Changes v2 -> v3:
- Add an entry in file DEVELOPERS.
- Clean Config.in layout and description sections.
- Drop BR2_PACKAGE_OPTEE_BENCHMARK_SYNCED_VERSION.
- Clean optee-benchmark.mk layout.
- Replace common optee-benchmark.hash with per-version .hash files.
- Add a patch on 3.3.0 to fix an issue reported through GCC warns.
Changes v1 -> v2:
- Add dependency on OP-TEE client.
- Add option BR2_PACKAGE_OPTEE_BENCHMARK_SYNCED_VERSION to ensure
OP-TEE benchmark version is synced with OP-TEE client version.
- Remove useless OPTEE_BENCHMARK_INSTALL_STAGING and
OPTEE_BENCHMARK_INSTALL_IMAGES.
- Remove unused BR2_PACKAGE_OPTEE_BENCHMARK_GIT_REFERENCE.
- Remove useless _INSTALL_STAGING/_INSTALL_IMAGES=YES.
This change introduces a Qemu board for an Armv7-A target executing with OP-TEE secure world services. The target Linux based normal world embeds the standard minimal filesystem with OP-TEE non-secure components embedded files from OP-TEE test, examples and benchmark packages. The Linux custom configuration is dumped from the vexpress_defconfig with few added fragments: OP-TEE driver and 9p for virtual filesystem to ease file manipulation and exchanges through Qemu virtfs support. The standard way for booting OP-TEE with a non-secure world companion use the Arm Trusted Firmware-A as bootloader. OP-TEE OS provides the BL32 image and U-boot the BL33 image. The proposed board enables OP-TEE and U-boot build for this. However package boot/arm-trusted-firmware needs few change support building Armv7-A targets. Therefore the proposed board allows one to build the images but not yet to run the target with the built Qemu host tool. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> --- Changes v3 -> v4 - No change. Changes v2 -> v3 - New change to introduce a board that at least builds Armv7-A OP-TEE.
This change introduces a Qemu board for an AArch64 target executing with OP-TEE secure world services. The target Linux based normal world embeds the standard minimal filesystem with OP-TEE non-secure components embedded files from OP-TEE client, test, examples and benchmark packages. The Linux custom configuration is dumped from the qemu/aarch64-virt board with few added fragments: OP-TEE driver and 9p for virtual filesystem to ease file manipulation and exchanges through Qemu virtfs support. The standard way for booting OP-TEE with a non-secure world companion use the Arm Trusted Firmware-A as bootloader. OP-TEE OS provides the BL32 image and U-boot the BL33 image. The proposed board enables OP-TEE and U-boot build for this. However package boot/arm-trusted-firmware needs few changes to build OP-TEE compliant TF-A images. Therefore the proposed board allows one to build the images but not yet to run the target with the built Qemu host tool. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> --- Changes v3 -> v4 - No change. Changes v2 -> v3 - New change to introduce a board that at least builds Aarch64 OP-TEE.
-- http://patchwork.ozlabs.org/patch/1001845/ -- http://lists.busybox.net/pipermail/buildroot/2018-November/236429.html When the trusted firmware is built with debug support (DEBUG defined), the generated images are located at a specific path. The non debug images are located in generated directory build/<platform>/release/ while the debug images are located in generated directory build/<platform>/debug/. This change introduces boolean BR2_TARGET_ARM_TRUSTED_FIRMWARE_DEBUG to define whether the release or debug configuration is used to build trusted firmware. Note that enabling trusted firmware debug support, i.e BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES="... DEBUG=1 ..." without enabling BR2_TARGET_ARM_TRUSTED_FIRMWARE_DEBUG will fail since buildroot will get generated files from the wrong path. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
This change allows one to build the TF-A (Trusted Firmware A) for 32bit Armv7 and Armv8 platforms which arm-trusted-firmware supports since release v1.5. BR2_aarch64 is changed to BR2_ARM_CPU_ARMV8A as the later complemented by BR2_ARM_CPU_ARMV7A better represents to architectures that can support Arm Trusted Firmware A. When BR2_arm is enabled, TF-A is built in Armv7-A/Aarch32 mode. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
This change allows one to build trusted firmware (TF-A) with OP-TEE as BL32 secure payload. When BR2_TARGET_ARM_TRUSTED_FIRMWARE_INTREE_BL32 is enabled TF-A builds a BL32 stage according the TF-A configuration directive. If these specify no BL3 stage then TF-A will build without BL32 support. This is the default configuration and reflects TF-A legacy integration in BR. When BR2_TARGET_ARM_TRUSTED_FIRMWARE_OPTEE_AS_BL32 is enabled TF-A builds with support for the OP-TEE OS as BL32. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Add TF-A (boot/arm-trusted-firmware) as BIOS for the Qemu target. Boot sequence is: TF-A bootloader (BL1/BL2) => OP-TEE (BL32) => U-boot (BL33). Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Add TF-A (boot/arm-trusted-firmware) as BIOS for the Qemu target. Boot sequence is: TF-A bootloader (BL1/BL2/BL31) => OP-TEE (BL32) => U-boot (BL33). Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
etienne-lms
force-pushed
the
NEXT-upstream-qemu-optee
branch
from
ae7dd30 to
1b6db7f
Compare
etienne-lms
pushed a commit
that referenced
this pull request
May 16, 2019
Add patches fixing a number of build issues with uClibc. The issue fixed in patch #2 has been reported upstream. Patch #3 has been suggested by upstream but not applied yet. Drop the _SUBDIR assignment. The configure script moved to top level directory since upstream commit a947c49bec3 from 2014. This allows AUTORECONF to find configure.ac. Fixes: http://autobuild.buildroot.net/results/801/801e2b2909363b5dcd9735362bb921e017569edc/ http://autobuild.buildroot.net/results/398/3984c6cdd3398645c8ad98bbe23af9090cf4bfcf/ http://autobuild.buildroot.net/results/632/632f93046f9cceffd9b604911542426c10967e0f/ Cc: Alexander Dahl <post@lespocky.de> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
etienne-lms
added a commit
that referenced
this pull request
Apr 28, 2020
Board defconfigs for STM32MP157C DK2 and EV1. Linux defconfig: minimal for v5.7 plus OP-TEE (TODO cleanup) Overlay: add exlinux.conf in boot/ directories, per board. Genimage: mlti partition for SD card: - partition #1 and #2 are TF-A. Boot stage, possibly minimal runtime service image, - partition #3 is u-boot image, - partition #4, #5 and #6 are OP-TEE (header, pageable, pager) - partition #7 is u-boot boot partition: should only store boot/ - partition #8 is the rootfs (in includes unused boot/) TODO: stm32mp157c_*_defconfig to clean TODO: post image: in progress, currently useless. Hack: rootfs is replicated in bootfs and rootfs to allow u-boot to read images from bootfs/boot/ whereas Linux boots on rootfs (next partition) Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
etienne-lms
added a commit
that referenced
this pull request
Feb 25, 2021
Board defconfigs for STM32MP157C DK2 and EV1. Linux defconfig: minimal for v5.7 plus OP-TEE (TODO cleanup) Overlay: add exlinux.conf in boot/ directories, per board. Genimage: mlti partition for SD card: - partition #1 and #2 are TF-A. Boot stage, possibly minimal runtime service image, - partition #3 is u-boot image, - partition #4, #5 and #6 are OP-TEE (header, pageable, pager) - partition #7 boot filesystem access by u-boot (I.e. extlinux) - partition #8 is the rootfs (in includes an unused boot/) Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This P-R lists the next changes required in buildroot to support OP-TEE.
Current TODO list:
Currently Armv7-A using ATF (BL1/BL2), OP-TEE (BL32) and U-boot (BL33).
To consider a Qemu Armv8-A board with OP-TEE enabled.