From patchwork Tue Apr 23 16:32:00 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Szing <Gyorgy.Szing@arm.com>
X-Patchwork-Id: 42795
Return-Path: <gyorgy.szing@arm.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 71940C10F1A
	for <webhook@archiver.kernel.org>; Tue, 23 Apr 2024 16:33:33 +0000 (UTC)
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by mx.groups.io with SMTP id smtpd.web11.23267.1713890012164565309
 for <meta-arm@lists.yoctoproject.org>;
 Tue, 23 Apr 2024 09:33:32 -0700
Authentication-Results: mx.groups.io;
 dkim=none (message not signed);
 spf=pass (domain: arm.com, ip: 217.140.110.172,
 mailfrom: gyorgy.szing@arm.com)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id B66D4339;
	Tue, 23 Apr 2024 09:33:59 -0700 (PDT)
Received: from FWLNXWH7M5.arm.com (unknown [10.57.21.110])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id E7A8D3F7BD;
	Tue, 23 Apr 2024 09:33:30 -0700 (PDT)
From: Gyorgy Szing <gyorgy.szing@arm.com>
To: meta-arm@lists.yoctoproject.org
Cc: Gyorgy Szing <gyorgy.szing@arm.com>
Subject: [PATCH 4/9] arm/trusted-services: fix environment handling
Date: Tue, 23 Apr 2024 18:32:00 +0200
Message-ID: <20240423163205.5885-4-gyorgy.szing@arm.com>
X-Mailer: git-send-email 2.43.1
In-Reply-To: <20240423163205.5885-1-gyorgy.szing@arm.com>
References: <20240423163205.5885-1-gyorgy.szing@arm.com>
MIME-Version: 1.0
List-Id: <meta-arm.lists.yoctoproject.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <meta-arm@lists.yoctoproject.org>; Tue, 23 Apr 2024 16:33:33 -0000
X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/5589

The current version of the TS recipes fails to build if the TS
environment is not set to opteesp. Change the recipes to allow building
the sp environment.

This environment targets "generic" secure partitions and produces SPMC
agnostic SP binaries which should be able to boot under any FF-A v1.0
compliant SPMC implementation.

Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
---
 documentation/trusted-services.md             |  3 ++
 .../recipes-security/optee/optee-os-ts.inc    | 31 ++++++++++---------
 .../trusted-services/trusted-services.inc     |  4 +--
 .../trusted-services/ts-sp-common.inc         |  1 +
 .../ts-sp-spm-test-common.inc                 |  3 ++
 5 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/documentation/trusted-services.md b/documentation/trusted-services.md
index f672dc2e..0359b648 100644
--- a/documentation/trusted-services.md
+++ b/documentation/trusted-services.md
@@ -44,6 +44,9 @@ Other steps depend on your machine/platform definition:
    and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc` and
    `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for N1SDP and Corstone1000 platforms.
 
+4. Trusted Services supports an SPMC agonistic binary format. To build SPs to this format the `TS_ENV` variable is to be
+   set to `sp`. The resulting SP binaries should be able to boot under any FF-A v1.1 compliant SPMC implementation.
+
 ## Normal World applications
 
 Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes 
diff --git a/meta-arm/recipes-security/optee/optee-os-ts.inc b/meta-arm/recipes-security/optee/optee-os-ts.inc
index c6b806ff..a9071abd 100644
--- a/meta-arm/recipes-security/optee/optee-os-ts.inc
+++ b/meta-arm/recipes-security/optee/optee-os-ts.inc
@@ -6,61 +6,64 @@
 # TS SPs UUIDs definitions
 require recipes-security/trusted-services/ts-uuid.inc
 
-TS_ENV = "opteesp"
+TS_ENV ?= "opteesp"
 TS_BIN = "${RECIPE_SYSROOT}/usr/${TS_ENV}/bin"
+TS_BIN_SPM_TEST= "${RECIPE_SYSROOT}/usr/opteesp/bin"
+
+SP_EXT = "${@oe.utils.conditional('TS_ENV','opteesp','.stripped.elf','.bin',d)}"
 
 # ITS SP
 DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \
                                         ' ts-sp-its', '' , d)}"
 SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \
-                                        ' ${TS_BIN}/${ITS_UUID}.stripped.elf', '', d)}"
+                                        ' ${TS_BIN}/${ITS_UUID}${SP_EXT}', '', d)}"
 
 # Storage SP
 DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \
                                         ' ts-sp-storage', '' , d)}"
 SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \
-                                        ' ${TS_BIN}/${STORAGE_UUID}.stripped.elf', '', d)}"
+                                        ' ${TS_BIN}/${STORAGE_UUID}${SP_EXT}', '', d)}"
 
 # Crypto SP.
 DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \
                                         ' ts-sp-crypto', '' , d)}"
 SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \
-                                        ' ${TS_BIN}/${CRYPTO_UUID}.stripped.elf', '', d)}"
+                                        ' ${TS_BIN}/${CRYPTO_UUID}${SP_EXT}', '', d)}"
 
 # Attestation SP
 DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \
                                         ' ts-sp-attestation', '' , d)}"
 SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \
-                                        ' ${TS_BIN}/${ATTESTATION_UUID}.stripped.elf', '', d)}"
+                                        ' ${TS_BIN}/${ATTESTATION_UUID}${SP_EXT}', '', d)}"
 
 # Env-test SP
 DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \
                                         ' ts-sp-env-test', '' , d)}"
 SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \
-                                        ' ${TS_BIN}/${ENV_TEST_UUID}.stripped.elf', '', d)}"
+                                        ' ${TS_BIN}/${ENV_TEST_UUID}${SP_EXT}', '', d)}"
 
 # SE-Proxy SP
 DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \
                                         ' ts-sp-se-proxy', '' , d)}"
 SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \
-                                        ' ${TS_BIN}/${SE_PROXY_UUID}.stripped.elf', '', d)}"
+                                        ' ${TS_BIN}/${SE_PROXY_UUID}${SP_EXT}', '', d)}"
 
 # SMM Gateway
 DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
                                         ' ts-sp-smm-gateway', '' , d)}"
 SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
-                                        ' ${TS_BIN}/${SMM_GATEWAY_UUID}.stripped.elf', '', d)}"
+                                        ' ${TS_BIN}/${SMM_GATEWAY_UUID}${SP_EXT}', '', d)}"
 
 # SPM test SPs
 DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
                                         ' ts-sp-spm-test1 ts-sp-spm-test2 \
                                           ts-sp-spm-test3 ts-sp-spm-test4', '' , d)}"
 SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
-                            ' ${TS_BIN}/${SPM_TEST1_UUID}.stripped.elf \
-                              ${TS_BIN}/${SPM_TEST2_UUID}.stripped.elf \
-                              ${TS_BIN}/${SPM_TEST3_UUID}.stripped.elf \
-                              ${TS_BIN}/${SPM_TEST4_UUID}.stripped.elf', \
-                              '', d)}"
+                        ' ${TS_BIN_SPM_TEST}/${SPM_TEST1_UUID}.stripped.elf \
+                          ${TS_BIN_SPM_TEST}/${SPM_TEST2_UUID}.stripped.elf \
+                          ${TS_BIN_SPM_TEST}/${SPM_TEST3_UUID}.stripped.elf \
+                          ${TS_BIN_SPM_TEST}/${SPM_TEST4_UUID}.stripped.elf', \
+                          '', d)}"
 EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
                                         ' CFG_SPMC_TESTS=y', '' , d)}"
 
@@ -69,7 +72,7 @@ DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage',
                                         ' ts-sp-block-storage', '' , d)}"
 
 SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \
-                                        ' ${TS_BIN}/${BLOCK_STORAGE_UUID}.stripped.elf', '', d)}"
+                                        ' ${TS_BIN}/${BLOCK_STORAGE_UUID}${SP_EXT}', '', d)}"
 
 EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', \
                         ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y \
diff --git a/meta-arm/recipes-security/trusted-services/trusted-services.inc b/meta-arm/recipes-security/trusted-services/trusted-services.inc
index c4a6f78c..272e9106 100644
--- a/meta-arm/recipes-security/trusted-services/trusted-services.inc
+++ b/meta-arm/recipes-security/trusted-services/trusted-services.inc
@@ -23,7 +23,7 @@ TS_PLATFORM ?= "ts/mock"
 # FIP packaging is not supported yet
 SP_PACKAGING_METHOD ?= "embedded"
 
-SYSROOT_DIRS += "/usr/opteesp /usr/arm-linux"
+SYSROOT_DIRS += "/usr/${TS_ENV} /usr/opteesp /usr/arm-linux"
 
 # TS cmake files use find_file() to search through source code and build dirs.
 # Yocto cmake class limits CMAKE_FIND_ROOT_PATH and find_file() fails.
@@ -54,5 +54,5 @@ EXTRA_OECMAKE += "${@get_ts_toolchain_option(d)}"
 
 # Paths to pre-built dependencies required by some TS SPs/tools
 EXTRA_OECMAKE += "-Dlibts_ROOT=${STAGING_DIR_HOST}${TS_INSTALL}/lib/cmake/libts/ \
-                  -DNEWLIB_INSTALL_DIR=${STAGING_DIR_HOST}${TS_INSTALL}/newlib \
+                  -DNEWLIB_INSTALL_DIR=${STAGING_DIR_HOST}/usr/opteesp/newlib \
                  "
diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-common.inc b/meta-arm/recipes-security/trusted-services/ts-sp-common.inc
index 5e4cd720..c8b1409c 100644
--- a/meta-arm/recipes-security/trusted-services/ts-sp-common.inc
+++ b/meta-arm/recipes-security/trusted-services/ts-sp-common.inc
@@ -6,6 +6,7 @@ require trusted-services.inc
 require ts-uuid.inc
 
 DEPENDS += "dtc-native ts-newlib"
+DEPENDS += "${@oe.utils.conditional('TS_ENV','sp','python3-pyelftools-native','', d)}"
 
 FILES:${PN}-dev = "${TS_INSTALL}"
 
diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc
index e357629b..5c0d6865 100644
--- a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc
+++ b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc
@@ -1,5 +1,8 @@
 DESCRIPTION = "Trusted Services SPMC test SPs"
 
+# spm test SP only supports opteesp.
+TS_ENV = 'opteesp'
+
 require ts-sp-common.inc
 
 SP_UUID = "${SPM_TEST${SP_INDEX}_UUID}"