From patchwork Thu Jun 15 14:19:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Szing X-Patchwork-Id: 25689 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 971C9C0015E for ; Thu, 15 Jun 2023 14:19:51 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.19734.1686838788961159764 for ; Thu, 15 Jun 2023 07:19:49 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: gyorgy.szing@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id CA6DF2F4; Thu, 15 Jun 2023 07:20:32 -0700 (PDT) Received: from R91284ZP.arm.com (unknown [10.57.33.138]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id CFCC03F663; Thu, 15 Jun 2023 07:19:47 -0700 (PDT) From: Gyorgy Szing To: meta-arm@lists.yoctoproject.org Cc: Gyorgy Szing , Anton Antonov Subject: [PATCH mickledore 07/17] optee-os: enable SPMC test Date: Thu, 15 Jun 2023 16:19:20 +0200 Message-Id: <20230615141930.2407-7-Gyorgy.Szing@arm.com> X-Mailer: git-send-email 2.39.1.windows.1 In-Reply-To: <20230615141930.2407-1-Gyorgy.Szing@arm.com> References: <20230615141930.2407-1-Gyorgy.Szing@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 Jun 2023 14:19:51 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/4790 Add ta-devkit and optee-test. Change configuration to enable building and deploying OP-TEE SPMC tests. Signed-off-by: Gyorgy Szing Signed-off-by: Anton Antonov --- .../arm-ffa-user/arm-ffa-user_5.0.1.bb | 14 +++-- .../optee/optee-os-tadevkit_3.2%.bbappend | 4 ++ .../optee/optee-os-ts-3.18.inc | 54 +++++++++++++++++++ .../recipes-security/optee/optee-os-ts.inc | 10 +++- .../optee/optee-os_3.1%.bbappend | 5 ++ ...e-os_%.bbappend => optee-os_3.2%.bbappend} | 0 .../optee/optee-test_3.2%.bbappend | 7 +++ .../trusted-services/ts-sp-common.inc | 4 +- .../ts-sp-spm-test-common.inc | 7 +++ .../trusted-services/ts-sp-spm-test1_git.bb | 5 ++ .../trusted-services/ts-sp-spm-test2_git.bb | 6 +++ .../trusted-services/ts-sp-spm-test3_git.bb | 6 +++ .../trusted-services/ts-uuid.inc | 3 ++ 13 files changed, 118 insertions(+), 7 deletions(-) create mode 100644 meta-arm/recipes-security/optee/optee-os-tadevkit_3.2%.bbappend create mode 100644 meta-arm/recipes-security/optee/optee-os-ts-3.18.inc create mode 100644 meta-arm/recipes-security/optee/optee-os_3.1%.bbappend rename meta-arm/recipes-security/optee/{optee-os_%.bbappend => optee-os_3.2%.bbappend} (100%) create mode 100644 meta-arm/recipes-security/optee/optee-test_3.2%.bbappend create mode 100644 meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc create mode 100644 meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb create mode 100644 meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb create mode 100644 meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb diff --git a/meta-arm/recipes-kernel/arm-ffa-user/arm-ffa-user_5.0.1.bb b/meta-arm/recipes-kernel/arm-ffa-user/arm-ffa-user_5.0.1.bb index 1261fa41..726a65bb 100644 --- a/meta-arm/recipes-kernel/arm-ffa-user/arm-ffa-user_5.0.1.bb +++ b/meta-arm/recipes-kernel/arm-ffa-user/arm-ffa-user_5.0.1.bb @@ -18,10 +18,16 @@ COMPATIBLE_HOST = "(arm|aarch64).*-linux" KERNEL_MODULE_AUTOLOAD += "arm-ffa-user" KERNEL_MODULE_PROBECONF += "arm-ffa-user" -# This debugfs driver is used only by uefi-test for testing SmmGW SP -# UUIDs = SMM Gateway SP -FFA-USER-UUID-LIST ?= "ed32d533-99e6-4209-9cc0-2d72cdd998a7" -module_conf_arm-ffa-user = "options arm-ffa-user uuid_str_list=${FFA-USER-UUID-LIST}" +# SMM Gateway SP +UUID_LIST = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ + 'ed32d533-99e6-4209-9cc0-2d72cdd998a7', '' , d)}" +# SPMC Tests SPs +UUID_LIST:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ',5c9edbc3-7b3a-4367-9f83-7c191ae86a37,7817164c-c40c-4d1a-867a-9bb2278cf41a,23eb0100-e32a-4497-9052-2f11e584afa6', '' , d)}" + +FFA_USER_UUID_LIST ?= "${@d.getVar('UUID_LIST').strip(',')}" + +module_conf_arm-ffa-user = "options arm-ffa-user uuid_str_list=${FFA_USER_UUID_LIST}" do_install:append() { install -d ${D}${includedir} diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.2%.bbappend b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.2%.bbappend new file mode 100644 index 00000000..a9732e4c --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.2%.bbappend @@ -0,0 +1,4 @@ +# Include extra headers needed by SPMC tests to TA DEVKIT. +# Supported after op-tee v3.20 +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' CFG_SPMC_TESTS=y', '' , d)}" diff --git a/meta-arm/recipes-security/optee/optee-os-ts-3.18.inc b/meta-arm/recipes-security/optee/optee-os-ts-3.18.inc new file mode 100644 index 00000000..4dffc46d --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os-ts-3.18.inc @@ -0,0 +1,54 @@ +# Include Trusted Services SPs accordingly to defined machine features + +# Please notice that OPTEE will load SPs in the order listed in this file. +# If an SP requires another SP to be already loaded it must be listed lower. + +# TS SPs UUIDs definitions +require recipes-security/trusted-services/ts-uuid.inc + +TS_ENV = "opteesp" +TS_BIN = "${RECIPE_SYSROOT}/usr/${TS_ENV}/bin" + +# ITS SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \ + ' ts-sp-its', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \ + ' ${TS_BIN}/${ITS_UUID}.stripped.elf', '', d)}" + +# Storage SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \ + ' ts-sp-storage', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \ + ' ${TS_BIN}/${STORAGE_UUID}.stripped.elf', '', d)}" + +# Crypto SP. +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \ + ' ts-sp-crypto', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \ + ' ${TS_BIN}/${CRYPTO_UUID}.stripped.elf', '', d)}" + +# Attestation SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \ + ' ts-sp-attestation', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \ + ' ${TS_BIN}/${ATTESTATION_UUID}.stripped.elf', '', d)}" + +# Env-test SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \ + ' ts-sp-env-test', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \ + ' ${TS_BIN}/${ENV_TEST_UUID}.stripped.elf', '', d)}" + +# SE-Proxy SP +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \ + ' ts-sp-se-proxy', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \ + ' ${TS_BIN}/${SE_PROXY_UUID}.stripped.elf', '', d)}" + +# SMM Gateway +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ + ' ts-sp-smm-gateway', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ + ' ${TS_BIN}/${SMM_GATEWAY_UUID}.stripped.elf', '', d)}" + +EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y SP_PATHS="${SP_PATHS}" ', d)}" diff --git a/meta-arm/recipes-security/optee/optee-os-ts.inc b/meta-arm/recipes-security/optee/optee-os-ts.inc index 73b8c14f..057dde25 100644 --- a/meta-arm/recipes-security/optee/optee-os-ts.inc +++ b/meta-arm/recipes-security/optee/optee-os-ts.inc @@ -51,4 +51,12 @@ DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \ ' ${TS_BIN}/${SMM_GATEWAY_UUID}.stripped.elf', '', d)}" -EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_SECURE_PARTITION=y SP_PATHS="${SP_PATHS}" ', d)}" +# SPM test SPs +DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' ts-sp-spm-test1 ts-sp-spm-test2 ts-sp-spm-test3', '' , d)}" +SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' ${TS_BIN}/${SPM_TEST1_UUID}.stripped.elf ${TS_BIN}/${SPM_TEST2_UUID}.stripped.elf ${TS_BIN}/${SPM_TEST3_UUID}.stripped.elf', '', d)}" +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' CFG_SPMC_TESTS=y', '' , d)}" + +EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y SP_PATHS="${SP_PATHS}" ', d)}" diff --git a/meta-arm/recipes-security/optee/optee-os_3.1%.bbappend b/meta-arm/recipes-security/optee/optee-os_3.1%.bbappend new file mode 100644 index 00000000..2ff1b834 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os_3.1%.bbappend @@ -0,0 +1,5 @@ +# Include Trusted Services Secure Partitions +require optee-os-ts-3.18.inc + +# Conditionally include platform specific Trusted Services related OPTEE build parameters +EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_CORE_HEAP_SIZE=131072 CFG_TEE_BENCHMARK=n CFG_TEE_CORE_LOG_LEVEL=4 CFG_CORE_SEL1_SPMC=y ', d)}" diff --git a/meta-arm/recipes-security/optee/optee-os_%.bbappend b/meta-arm/recipes-security/optee/optee-os_3.2%.bbappend similarity index 100% rename from meta-arm/recipes-security/optee/optee-os_%.bbappend rename to meta-arm/recipes-security/optee/optee-os_3.2%.bbappend diff --git a/meta-arm/recipes-security/optee/optee-test_3.2%.bbappend b/meta-arm/recipes-security/optee/optee-test_3.2%.bbappend new file mode 100644 index 00000000..c052774c --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-test_3.2%.bbappend @@ -0,0 +1,7 @@ +# Include ffa_spmc test group if the SPMC test is enabled. +# Supported after op-tee v3.20 +EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' CFG_SPMC_TESTS=y CFG_SECURE_PARTITION=y', '' , d)}" + +RDEPENDS:${PN} += "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \ + ' arm-ffa-user', '' , d)}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-common.inc b/meta-arm/recipes-security/trusted-services/ts-sp-common.inc index 75ddab37..3d756015 100644 --- a/meta-arm/recipes-security/trusted-services/ts-sp-common.inc +++ b/meta-arm/recipes-security/trusted-services/ts-sp-common.inc @@ -17,8 +17,8 @@ do_install:append() { dtc -I dts -O dtb -o ${D}${TS_INSTALL}/manifest/${SP_UUID}.dtb ${SP_DTS_FILE} # We do not need libs and headers - rm -r --one-file-system ${D}${TS_INSTALL}/lib - rm -r --one-file-system ${D}${TS_INSTALL}/include + rm -rf --one-file-system ${D}${TS_INSTALL}/lib + rm -rf --one-file-system ${D}${TS_INSTALL}/include } # Use Yocto debug prefix maps for compiling assembler. diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc new file mode 100644 index 00000000..e357629b --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc @@ -0,0 +1,7 @@ +DESCRIPTION = "Trusted Services SPMC test SPs" + +require ts-sp-common.inc + +SP_UUID = "${SPM_TEST${SP_INDEX}_UUID}" +SP_DTS_FILE ?= "${D}${TS_INSTALL}/manifest/${SP_UUID}.dts" +OECMAKE_SOURCEPATH="${S}/deployments/spm-test${SP_INDEX}/${TS_ENV}" diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb new file mode 100644 index 00000000..4cbb970b --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb @@ -0,0 +1,5 @@ +DESCRIPTION = "Trusted Services SPMC test SP1" + +SP_INDEX="1" + +require ts-sp-spm-test-common.inc diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb new file mode 100644 index 00000000..e6fb822b --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb @@ -0,0 +1,6 @@ +DESCRIPTION = "Trusted Services SPMC test SP2" + +SP_INDEX="2" + +require ts-sp-spm-test-common.inc + diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb new file mode 100644 index 00000000..ad3ee76e --- /dev/null +++ b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb @@ -0,0 +1,6 @@ +DESCRIPTION = "Trusted Services SPMC test SP3" + +SP_INDEX="3" + +require ts-sp-spm-test-common.inc + diff --git a/meta-arm/recipes-security/trusted-services/ts-uuid.inc b/meta-arm/recipes-security/trusted-services/ts-uuid.inc index 7a39f733..c18ec5d7 100644 --- a/meta-arm/recipes-security/trusted-services/ts-uuid.inc +++ b/meta-arm/recipes-security/trusted-services/ts-uuid.inc @@ -7,3 +7,6 @@ ITS_UUID = "dc1eef48-b17a-4ccf-ac8b-dfcff7711b14" SE_PROXY_UUID = "46bb39d1-b4d9-45b5-88ff-040027dab249" SMM_GATEWAY_UUID = "ed32d533-99e6-4209-9cc0-2d72cdd998a7" STORAGE_UUID = "751bf801-3dde-4768-a514-0f10aeed1790" +SPM_TEST1_UUID = "5c9edbc3-7b3a-4367-9f83-7c191ae86a37" +SPM_TEST2_UUID = "7817164c-c40c-4d1a-867a-9bb2278cf41a" +SPM_TEST3_UUID = "23eb0100-e32a-4497-9052-2f11e584afa6" \ No newline at end of file