| Message ID | 20220226030441.2301940-1-alhe@linux.microsoft.com |
|---|---|
| State | New |
| Headers | show |
| Series | arm/optee: Upgrade from 3.14 to 3.16 | expand |
On Fri, Feb 25, 2022 at 08:04:41PM -0700, Alejandro Enedino Hernandez Samaniego wrote: > - Removes upstreamed patches for optee-examples > - Fixes optee-examples installation > - Includes new python3-cryptography dependency > - Fixes python3-cryptography to work with openssl > > Tested on qemuarm64-secureboot via optee-examples xtest -l 15 With the new changes in python3-crypto, this is no longer working. I'm seeing the following error in CI. --- Error summary --- ERROR: Nothing PROVIDES 'python3-cryptography-native' (but /builds/jonmason00/meta-arm/meta-arm/recipes-security/optee/optee-os_3.16.0.bb DEPENDS on or otherwise requires it). Close matches: python3-cython-native python3-pycryptodome-native python3-typogrify-native I _think_ that adding meta-openembedded.yml being adding to the machines should fix it, but I'm not sure that is the right solution. Thanks, Jon > > Signed-off-by: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com> > --- > ....bbappend => optee-client_3.16.0.bbappend} | 0 > ...pend => optee-os-tadevkit_3.16.0.bbappend} | 0 > ...14.0.bbappend => optee-os_3.16.0.bbappend} | 0 > ....0.bbappend => optee-test_3.16.0.bbappend} | 0 > .../optee-ftpm/optee-ftpm_git.bb | 8 +- > .../optee/optee-client_3.14.0.bb | 3 - > .../optee/optee-client_3.16.0.bb | 3 + > .../recipes-security/optee/optee-examples.inc | 7 +- > ...ix-non-portable-sh-check-for-plugins.patch | 46 ++++++++++ > ...efault-cross-compiler-environment-se.patch | 84 ------------------- > ...nable-plugins-installation-in-rootfs.patch | 37 -------- > .../optee/optee-examples_3.14.0.bb | 4 - > .../optee/optee-examples_3.16.0.bb | 3 + > ..._3.14.0.bb => optee-os-tadevkit_3.16.0.bb} | 3 +- > meta-arm/recipes-security/optee/optee-os.inc | 2 +- > ...{optee-os_3.14.0.bb => optee-os_3.16.0.bb} | 2 +- > .../recipes-security/optee/optee-test.inc | 2 +- > .../optee/optee-test_3.14.0.bb | 3 - > .../optee/optee-test_3.16.0.bb | 3 + > meta-arm/recipes-security/optee/optee.inc | 3 + > 20 files changed, 73 insertions(+), 140 deletions(-) > rename meta-arm-bsp/recipes-security/optee/{optee-client_3.14.0.bbappend => optee-client_3.16.0.bbappend} (100%) > rename meta-arm-bsp/recipes-security/optee/{optee-os-tadevkit_3.14.0.bbappend => optee-os-tadevkit_3.16.0.bbappend} (100%) > rename meta-arm-bsp/recipes-security/optee/{optee-os_3.14.0.bbappend => optee-os_3.16.0.bbappend} (100%) > rename meta-arm-bsp/recipes-security/optee/{optee-test_3.14.0.bbappend => optee-test_3.16.0.bbappend} (100%) > delete mode 100644 meta-arm/recipes-security/optee/optee-client_3.14.0.bb > create mode 100644 meta-arm/recipes-security/optee/optee-client_3.16.0.bb > create mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch > delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch > delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch > delete mode 100644 meta-arm/recipes-security/optee/optee-examples_3.14.0.bb > create mode 100644 meta-arm/recipes-security/optee/optee-examples_3.16.0.bb > rename meta-arm/recipes-security/optee/{optee-os-tadevkit_3.14.0.bb => optee-os-tadevkit_3.16.0.bb} (94%) > rename meta-arm/recipes-security/optee/{optee-os_3.14.0.bb => optee-os_3.16.0.bb} (76%) > delete mode 100644 meta-arm/recipes-security/optee/optee-test_3.14.0.bb > create mode 100644 meta-arm/recipes-security/optee/optee-test_3.16.0.bb > > diff --git a/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend > similarity index 100% > rename from meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend > rename to meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend > diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend > similarity index 100% > rename from meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend > rename to meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend > diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend > similarity index 100% > rename from meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend > rename to meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend > diff --git a/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend > similarity index 100% > rename from meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend > rename to meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend > diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb > index f2a74da..0eb64cd 100644 > --- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb > +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb > @@ -15,7 +15,9 @@ inherit deploy python3native > LICENSE = "MIT" > LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5" > > -DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit" > +DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit \ > + python3-cryptography-native \ > + " > > FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896" > > @@ -48,6 +50,10 @@ EXTRA_OEMAKE:append:aarch64:qemuall = "\ > CFG_ARM64_ta_arm64=y \ > " > > +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the > +# right path until this is relocated automatically. > +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" > + > PARALLEL_MAKE = "" > > do_compile() { > diff --git a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb b/meta-arm/recipes-security/optee/optee-client_3.14.0.bb > deleted file mode 100644 > index be78b88..0000000 > --- a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb > +++ /dev/null > @@ -1,3 +0,0 @@ > -require optee-client.inc > - > -SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53" > diff --git a/meta-arm/recipes-security/optee/optee-client_3.16.0.bb b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb > new file mode 100644 > index 0000000..4a36cbc > --- /dev/null > +++ b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb > @@ -0,0 +1,3 @@ > +require optee-client.inc > + > +SRCREV = "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2" > diff --git a/meta-arm/recipes-security/optee/optee-examples.inc b/meta-arm/recipes-security/optee/optee-examples.inc > index 656722e..097f892 100644 > --- a/meta-arm/recipes-security/optee/optee-examples.inc > +++ b/meta-arm/recipes-security/optee/optee-examples.inc > @@ -5,16 +5,14 @@ HOMEPAGE = "https://github.com/linaro-swg/optee_examples" > LICENSE = "BSD-2-Clause" > LIC_FILES_CHKSUM = "file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30" > > -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native" > +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native" > > inherit python3native > > require optee.inc > > SRC_URI = "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https \ > - file://0001-plugins-Honour-default-cross-compiler-environment-se.patch \ > - file://0002-Makefile-Enable-plugins-installation-in-rootfs.patch \ > - " > + file://0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch" > > EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ > HOST_CROSS_COMPILE=${HOST_PREFIX} \ > @@ -25,6 +23,7 @@ EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ > S = "${WORKDIR}/git" > B = "${WORKDIR}/build" > > + > do_compile() { > oe_runmake -C ${S} > } > diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch > new file mode 100644 > index 0000000..70add62 > --- /dev/null > +++ b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch > @@ -0,0 +1,46 @@ > +From 11610debf750f15c7a104db7315dcd7d69e282a8 Mon Sep 17 00:00:00 2001 > +From: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com> > +Date: Sat, 26 Feb 2022 01:52:26 +0000 > +Subject: [PATCH] Makefile: Fix non-portable sh check for plugins > + > +Upstream-Status: Pending > + > +We previously held a patch that used "=" for comparison, but when > +that patch got upstreamed it was changed to "==" which is non-portable, > +resulting in an error: > + > +/bin/sh: 6: [: acipher: unexpected operator > +/bin/sh: 6: [: plugins: unexpected operator > +/bin/sh: 6: [: hello_world: unexpected operator > +/bin/sh: 6: [: hotp: unexpected operator > +/bin/sh: 6: [: aes: unexpected operator > +/bin/sh: 6: [: random: unexpected operator > +/bin/sh: 6: [: secure_storage: unexpected operator > + > +if /bin/sh doesnt point to bash. > + > +Which in turn causes our do_install task to fail since plugins arent > +where we expect them to be. > + > + > +Signed-off-by: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com> > +--- > + Makefile | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/Makefile b/Makefile > +index b3f16aa..9359d95 100644 > +--- a/Makefile > ++++ b/Makefile > +@@ -31,7 +31,7 @@ prepare-for-rootfs: examples > + cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \ > + fi; \ > + cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \ > +- if [ $$example == plugins ]; then \ > ++ if [ $$example = plugins ]; then \ > + cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \ > + fi; \ > + done > +-- > +2.25.1 > + > diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch b/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch > deleted file mode 100644 > index 033e48c..0000000 > --- a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch > +++ /dev/null > @@ -1,84 +0,0 @@ > -From 79c826c249001700007a6dffe80c3d61ff4428ef Mon Sep 17 00:00:00 2001 > -From: Sumit Garg <sumit.garg@linaro.org> > -Date: Tue, 20 Jul 2021 13:54:30 +0530 > -Subject: [PATCH 1/2] plugins: Honour default cross compiler environment setup > - > -Honour default $(CC), $(CFLAGS) and $(LDFLAGS) variables. Without this > -plugins example fails to build for OE/Yocto. > - > -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87] > - > -Signed-off-by: Sumit Garg <sumit.garg@linaro.org> > ---- > - plugins/Makefile | 2 +- > - plugins/host/Makefile | 2 +- > - plugins/syslog/Makefile | 16 ++++++++++++---- > - 3 files changed, 14 insertions(+), 6 deletions(-) > - > -diff --git a/plugins/Makefile b/plugins/Makefile > -index 2372b38..ea472b4 100644 > ---- a/plugins/Makefile > -+++ b/plugins/Makefile > -@@ -8,7 +8,7 @@ TA_CROSS_COMPILE ?= $(CROSS_COMPILE) > - all: > - $(MAKE) -C host CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables > - $(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)" LDFLAGS="" > -- $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" > -+ $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables > - > - .PHONY: clean > - clean: > -diff --git a/plugins/host/Makefile b/plugins/host/Makefile > -index 7285104..76244c7 100644 > ---- a/plugins/host/Makefile > -+++ b/plugins/host/Makefile > -@@ -20,7 +20,7 @@ BINARY = optee_example_plugins > - all: $(BINARY) > - > - $(BINARY): $(OBJS) > -- $(CC) -o $@ $< $(LDADD) > -+ $(CC) $(LDFLAGS) -o $@ $< $(LDADD) > - > - .PHONY: clean > - clean: > -diff --git a/plugins/syslog/Makefile b/plugins/syslog/Makefile > -index 62d916a..71f5f92 100644 > ---- a/plugins/syslog/Makefile > -+++ b/plugins/syslog/Makefile > -@@ -1,3 +1,11 @@ > -+CC ?= $(CROSS_COMPILE)gcc > -+LD ?= $(CROSS_COMPILE)ld > -+AR ?= $(CROSS_COMPILE)ar > -+NM ?= $(CROSS_COMPILE)nm > -+OBJCOPY ?= $(CROSS_COMPILE)objcopy > -+OBJDUMP ?= $(CROSS_COMPILE)objdump > -+READELF ?= $(CROSS_COMPILE)readelf > -+ > - PLUGIN_UUID = 96bcf744-4f72-4866-bf1d-8634fd9c65e5 > - > - PLUGIN = $(PLUGIN_UUID).plugin > -@@ -6,17 +14,17 @@ PLUGIN_OBJ = $(patsubst %.c, %.o, $(PLUGIN_SRS)) > - PLUGIN_INCLUDES_DIR = $(CURDIR) $(TEEC_EXPORT)/include > - > - PLUGIN_INCLUDES = $(addprefix -I, $(PLUGIN_INCLUDES_DIR)) > --PLUGIN_CCFLAGS = -Wall -fPIC > --PLUGIN_LDFLAGS = -shared > -+PLUGIN_CCFLAGS = $(CFLAGS) -Wall -fPIC > -+PLUGIN_LDFLAGS = $(LDFLAGS) -shared > - > - .PHONY: all > - all: $(PLUGIN) > - > - $(PLUGIN): $(PLUGIN_OBJ) > -- $(CROSS_COMPILE)gcc $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@ > -+ $(CC) $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@ > - > - %.o: %.c > -- $(CROSS_COMPILE)gcc $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o > -+ $(CC) $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o > - > - .PHONY: clean > - clean: > --- > -2.25.1 > - > diff --git a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch b/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch > deleted file mode 100644 > index 80e6b5f..0000000 > --- a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch > +++ /dev/null > @@ -1,37 +0,0 @@ > -From f4e5e74548d92258855434b550c58fe44993c148 Mon Sep 17 00:00:00 2001 > -From: Sumit Garg <sumit.garg@linaro.org> > -Date: Tue, 20 Jul 2021 14:20:10 +0530 > -Subject: [PATCH] Makefile: Enable plugins installation in rootfs > - > -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87] > - > -Signed-off-by: Sumit Garg <sumit.garg@linaro.org> > - > ---- > - Makefile | 5 +++++ > - 1 file changed, 5 insertions(+) > - > -diff --git a/Makefile b/Makefile > -index a275842..9359d95 100644 > ---- a/Makefile > -+++ b/Makefile > -@@ -25,14 +25,19 @@ prepare-for-rootfs: examples > - @mkdir -p $(OUTPUT_DIR) > - @mkdir -p $(OUTPUT_DIR)/ta > - @mkdir -p $(OUTPUT_DIR)/ca > -+ @mkdir -p $(OUTPUT_DIR)/plugins > - @for example in $(EXAMPLE_LIST); do \ > - if [ -e $$example/host/optee_example_$$example ]; then \ > - cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \ > - fi; \ > - cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \ > -+ if [ $$example = plugins ]; then \ > -+ cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \ > -+ fi; \ > - done > - > - prepare-for-rootfs-clean: > - @rm -rf $(OUTPUT_DIR)/ta > - @rm -rf $(OUTPUT_DIR)/ca > -+ @rm -rf $(OUTPUT_DIR)/plugins > - @rmdir --ignore-fail-on-non-empty $(OUTPUT_DIR) || test ! -e $(OUTPUT_DIR) > diff --git a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb > deleted file mode 100644 > index f2b5f7d..0000000 > --- a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb > +++ /dev/null > @@ -1,4 +0,0 @@ > -require optee-examples.inc > - > -SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec" > - > diff --git a/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb > new file mode 100644 > index 0000000..b5f6269 > --- /dev/null > +++ b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb > @@ -0,0 +1,3 @@ > +require optee-examples.inc > + > +SRCREV = "65fc74309e12189ad5b6ce3ffec37c8011088a5a" > diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb > similarity index 94% > rename from meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb > rename to meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb > index 0d37a52..c710e27 100644 > --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb > +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb > @@ -1,10 +1,11 @@ > FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:" > -require optee-os_3.14.0.bb > +require optee-os_3.16.0.bb > > SUMMARY = "OP-TEE Trusted OS TA devkit" > DESCRIPTION = "OP-TEE TA devkit for build TAs" > HOMEPAGE = "https://www.op-tee.org/" > > + > do_install() { > #install TA devkit > install -d ${D}${includedir}/optee/export-user_ta/ > diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc > index 1506a58..57c64fd 100644 > --- a/meta-arm/recipes-security/optee/optee-os.inc > +++ b/meta-arm/recipes-security/optee/optee-os.inc > @@ -10,7 +10,7 @@ require optee.inc > > CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os" > > -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native" > +DEPENDS = "python3-pycryptodome-native python3-pyelftools-native python3-cryptography-native" > > DEPENDS:append:toolchain-clang = " compiler-rt" > > diff --git a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb > similarity index 76% > rename from meta-arm/recipes-security/optee/optee-os_3.14.0.bb > rename to meta-arm/recipes-security/optee/optee-os_3.16.0.bb > index 95d82bb..873e964 100644 > --- a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb > +++ b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb > @@ -1,6 +1,6 @@ > require optee-os.inc > > -SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f" > +SRCREV = "d0b742d1564834dac903f906168d7357063d5459" > > SRC_URI:append = " \ > file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \ > diff --git a/meta-arm/recipes-security/optee/optee-test.inc b/meta-arm/recipes-security/optee/optee-test.inc > index aada243..33eda29 100644 > --- a/meta-arm/recipes-security/optee/optee-test.inc > +++ b/meta-arm/recipes-security/optee/optee-test.inc > @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" > inherit python3native ptest > require optee.inc > > -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native" > +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native" > > SRC_URI = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \ > file://run-ptest \ > diff --git a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb b/meta-arm/recipes-security/optee/optee-test_3.14.0.bb > deleted file mode 100644 > index 6367c27..0000000 > --- a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb > +++ /dev/null > @@ -1,3 +0,0 @@ > -require optee-test.inc > - > -SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741" > diff --git a/meta-arm/recipes-security/optee/optee-test_3.16.0.bb b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb > new file mode 100644 > index 0000000..03f9c34 > --- /dev/null > +++ b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb > @@ -0,0 +1,3 @@ > +require optee-test.inc > + > +SRCREV = "1cf0e6d2bdd1145370033d4e182634458528579d" > diff --git a/meta-arm/recipes-security/optee/optee.inc b/meta-arm/recipes-security/optee/optee.inc > index f02a022..beae366 100644 > --- a/meta-arm/recipes-security/optee/optee.inc > +++ b/meta-arm/recipes-security/optee/optee.inc > @@ -26,3 +26,6 @@ EXTRA_OEMAKE += "V=1 \ > OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \ > TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \ > " > +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the > +# right path until this is relocated automatically. > +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" > -- > 2.25.1 > >
Hi John, On 3/1/22 16:27, Jon Mason wrote: > On Fri, Feb 25, 2022 at 08:04:41PM -0700, Alejandro Enedino Hernandez Samaniego wrote: >> - Removes upstreamed patches for optee-examples >> - Fixes optee-examples installation >> - Includes new python3-cryptography dependency >> - Fixes python3-cryptography to work with openssl >> >> Tested on qemuarm64-secureboot via optee-examples xtest -l 15 > With the new changes in python3-crypto, this is no longer working. > I'm seeing the following error in CI. > > --- Error summary --- > ERROR: Nothing PROVIDES 'python3-cryptography-native' (but /builds/jonmason00/meta-arm/meta-arm/recipes-security/optee/optee-os_3.16.0.bb DEPENDS on or otherwise requires it). Close matches: > python3-cython-native > python3-pycryptodome-native > python3-typogrify-native > > I _think_ that adding meta-openembedded.yml being adding to the > machines should fix it, but I'm not sure that is the right solution. > > Thanks, > Jon My apologies, I was testing with meta-oe/meta-python enabled hence I didnt see the error before. I'm not sure its the right solution either, this dependency is coming from the pem_to_pub_c.py script which is now using python3-cyrptography since commit https://github.com/OP-TEE/optee_os/commit/169eac19852d98d8ade821f913bbdd76faf52823 (this also means we could remove python3-cryptodome from the dependencies as well), as far as I can tell this creates a hard dependency, passing EXTRA_OEMAKE += " CFG_WITH_USER_TA=n" would avoid executing the script completely but I also dont think thats what we want. Should we include meta-openembedded.yml?, or what other choice do we have? create a python3-cyrptography recipe to meta-arm?, thoughts? Cheers, Alejandro >> Signed-off-by: Alejandro Enedino Hernandez Samaniego<alhe@linux.microsoft.com> >> --- >> ....bbappend => optee-client_3.16.0.bbappend} | 0 >> ...pend => optee-os-tadevkit_3.16.0.bbappend} | 0 >> ...14.0.bbappend => optee-os_3.16.0.bbappend} | 0 >> ....0.bbappend => optee-test_3.16.0.bbappend} | 0 >> .../optee-ftpm/optee-ftpm_git.bb | 8 +- >> .../optee/optee-client_3.14.0.bb | 3 - >> .../optee/optee-client_3.16.0.bb | 3 + >> .../recipes-security/optee/optee-examples.inc | 7 +- >> ...ix-non-portable-sh-check-for-plugins.patch | 46 ++++++++++ >> ...efault-cross-compiler-environment-se.patch | 84 ------------------- >> ...nable-plugins-installation-in-rootfs.patch | 37 -------- >> .../optee/optee-examples_3.14.0.bb | 4 - >> .../optee/optee-examples_3.16.0.bb | 3 + >> ..._3.14.0.bb => optee-os-tadevkit_3.16.0.bb} | 3 +- >> meta-arm/recipes-security/optee/optee-os.inc | 2 +- >> ...{optee-os_3.14.0.bb => optee-os_3.16.0.bb} | 2 +- >> .../recipes-security/optee/optee-test.inc | 2 +- >> .../optee/optee-test_3.14.0.bb | 3 - >> .../optee/optee-test_3.16.0.bb | 3 + >> meta-arm/recipes-security/optee/optee.inc | 3 + >> 20 files changed, 73 insertions(+), 140 deletions(-) >> rename meta-arm-bsp/recipes-security/optee/{optee-client_3.14.0.bbappend => optee-client_3.16.0.bbappend} (100%) >> rename meta-arm-bsp/recipes-security/optee/{optee-os-tadevkit_3.14.0.bbappend => optee-os-tadevkit_3.16.0.bbappend} (100%) >> rename meta-arm-bsp/recipes-security/optee/{optee-os_3.14.0.bbappend => optee-os_3.16.0.bbappend} (100%) >> rename meta-arm-bsp/recipes-security/optee/{optee-test_3.14.0.bbappend => optee-test_3.16.0.bbappend} (100%) >> delete mode 100644 meta-arm/recipes-security/optee/optee-client_3.14.0.bb >> create mode 100644 meta-arm/recipes-security/optee/optee-client_3.16.0.bb >> create mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch >> delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch >> delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch >> delete mode 100644 meta-arm/recipes-security/optee/optee-examples_3.14.0.bb >> create mode 100644 meta-arm/recipes-security/optee/optee-examples_3.16.0.bb >> rename meta-arm/recipes-security/optee/{optee-os-tadevkit_3.14.0.bb => optee-os-tadevkit_3.16.0.bb} (94%) >> rename meta-arm/recipes-security/optee/{optee-os_3.14.0.bb => optee-os_3.16.0.bb} (76%) >> delete mode 100644 meta-arm/recipes-security/optee/optee-test_3.14.0.bb >> create mode 100644 meta-arm/recipes-security/optee/optee-test_3.16.0.bb >> >> diff --git a/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend >> similarity index 100% >> rename from meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend >> rename to meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend >> diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend >> similarity index 100% >> rename from meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend >> rename to meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend >> diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend >> similarity index 100% >> rename from meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend >> rename to meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend >> diff --git a/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend >> similarity index 100% >> rename from meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend >> rename to meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend >> diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb >> index f2a74da..0eb64cd 100644 >> --- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb >> +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb >> @@ -15,7 +15,9 @@ inherit deploy python3native >> LICENSE = "MIT" >> LIC_FILES_CHKSUM ="file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5" >> >> -DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit" >> +DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit \ >> + python3-cryptography-native \ >> + " >> >> FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896" >> >> @@ -48,6 +50,10 @@ EXTRA_OEMAKE:append:aarch64:qemuall = "\ >> CFG_ARM64_ta_arm64=y \ >> " >> >> +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the >> +# right path until this is relocated automatically. >> +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" >> + >> PARALLEL_MAKE = "" >> >> do_compile() { >> diff --git a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb b/meta-arm/recipes-security/optee/optee-client_3.14.0.bb >> deleted file mode 100644 >> index be78b88..0000000 >> --- a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb >> +++ /dev/null >> @@ -1,3 +0,0 @@ >> -require optee-client.inc >> - >> -SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53" >> diff --git a/meta-arm/recipes-security/optee/optee-client_3.16.0.bb b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb >> new file mode 100644 >> index 0000000..4a36cbc >> --- /dev/null >> +++ b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb >> @@ -0,0 +1,3 @@ >> +require optee-client.inc >> + >> +SRCREV = "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2" >> diff --git a/meta-arm/recipes-security/optee/optee-examples.inc b/meta-arm/recipes-security/optee/optee-examples.inc >> index 656722e..097f892 100644 >> --- a/meta-arm/recipes-security/optee/optee-examples.inc >> +++ b/meta-arm/recipes-security/optee/optee-examples.inc >> @@ -5,16 +5,14 @@ HOMEPAGE ="https://github.com/linaro-swg/optee_examples" >> LICENSE = "BSD-2-Clause" >> LIC_FILES_CHKSUM ="file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30" >> >> -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native" >> +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native" >> >> inherit python3native >> >> require optee.inc >> >> SRC_URI = "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https \ >> -file://0001-plugins-Honour-default-cross-compiler-environment-se.patch \ >> -file://0002-Makefile-Enable-plugins-installation-in-rootfs.patch \ >> - " >> +file://0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch" >> >> EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ >> HOST_CROSS_COMPILE=${HOST_PREFIX} \ >> @@ -25,6 +23,7 @@ EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ >> S = "${WORKDIR}/git" >> B = "${WORKDIR}/build" >> >> + >> do_compile() { >> oe_runmake -C ${S} >> } >> diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch >> new file mode 100644 >> index 0000000..70add62 >> --- /dev/null >> +++ b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch >> @@ -0,0 +1,46 @@ >> +From 11610debf750f15c7a104db7315dcd7d69e282a8 Mon Sep 17 00:00:00 2001 >> +From: Alejandro Enedino Hernandez Samaniego<alhe@linux.microsoft.com> >> +Date: Sat, 26 Feb 2022 01:52:26 +0000 >> +Subject: [PATCH] Makefile: Fix non-portable sh check for plugins >> + >> +Upstream-Status: Pending >> + >> +We previously held a patch that used "=" for comparison, but when >> +that patch got upstreamed it was changed to "==" which is non-portable, >> +resulting in an error: >> + >> +/bin/sh: 6: [: acipher: unexpected operator >> +/bin/sh: 6: [: plugins: unexpected operator >> +/bin/sh: 6: [: hello_world: unexpected operator >> +/bin/sh: 6: [: hotp: unexpected operator >> +/bin/sh: 6: [: aes: unexpected operator >> +/bin/sh: 6: [: random: unexpected operator >> +/bin/sh: 6: [: secure_storage: unexpected operator >> + >> +if /bin/sh doesnt point to bash. >> + >> +Which in turn causes our do_install task to fail since plugins arent >> +where we expect them to be. >> + >> + >> +Signed-off-by: Alejandro Enedino Hernandez Samaniego<alhe@linux.microsoft.com> >> +--- >> + Makefile | 2 +- >> + 1 file changed, 1 insertion(+), 1 deletion(-) >> + >> +diff --git a/Makefile b/Makefile >> +index b3f16aa..9359d95 100644 >> +--- a/Makefile >> ++++ b/Makefile >> +@@ -31,7 +31,7 @@ prepare-for-rootfs: examples >> + cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \ >> + fi; \ >> + cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \ >> +- if [ $$example == plugins ]; then \ >> ++ if [ $$example = plugins ]; then \ >> + cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \ >> + fi; \ >> + done >> +-- >> +2.25.1 >> + >> diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch b/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch >> deleted file mode 100644 >> index 033e48c..0000000 >> --- a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch >> +++ /dev/null >> @@ -1,84 +0,0 @@ >> -From 79c826c249001700007a6dffe80c3d61ff4428ef Mon Sep 17 00:00:00 2001 >> -From: Sumit Garg<sumit.garg@linaro.org> >> -Date: Tue, 20 Jul 2021 13:54:30 +0530 >> -Subject: [PATCH 1/2] plugins: Honour default cross compiler environment setup >> - >> -Honour default $(CC), $(CFLAGS) and $(LDFLAGS) variables. Without this >> -plugins example fails to build for OE/Yocto. >> - >> -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87] >> - >> -Signed-off-by: Sumit Garg<sumit.garg@linaro.org> >> ---- >> - plugins/Makefile | 2 +- >> - plugins/host/Makefile | 2 +- >> - plugins/syslog/Makefile | 16 ++++++++++++---- >> - 3 files changed, 14 insertions(+), 6 deletions(-) >> - >> -diff --git a/plugins/Makefile b/plugins/Makefile >> -index 2372b38..ea472b4 100644 >> ---- a/plugins/Makefile >> -+++ b/plugins/Makefile >> -@@ -8,7 +8,7 @@ TA_CROSS_COMPILE ?= $(CROSS_COMPILE) >> - all: >> - $(MAKE) -C host CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables >> - $(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)" LDFLAGS="" >> -- $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" >> -+ $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables >> - >> - .PHONY: clean >> - clean: >> -diff --git a/plugins/host/Makefile b/plugins/host/Makefile >> -index 7285104..76244c7 100644 >> ---- a/plugins/host/Makefile >> -+++ b/plugins/host/Makefile >> -@@ -20,7 +20,7 @@ BINARY = optee_example_plugins >> - all: $(BINARY) >> - >> - $(BINARY): $(OBJS) >> -- $(CC) -o $@ $< $(LDADD) >> -+ $(CC) $(LDFLAGS) -o $@ $< $(LDADD) >> - >> - .PHONY: clean >> - clean: >> -diff --git a/plugins/syslog/Makefile b/plugins/syslog/Makefile >> -index 62d916a..71f5f92 100644 >> ---- a/plugins/syslog/Makefile >> -+++ b/plugins/syslog/Makefile >> -@@ -1,3 +1,11 @@ >> -+CC ?= $(CROSS_COMPILE)gcc >> -+LD ?= $(CROSS_COMPILE)ld >> -+AR ?= $(CROSS_COMPILE)ar >> -+NM ?= $(CROSS_COMPILE)nm >> -+OBJCOPY ?= $(CROSS_COMPILE)objcopy >> -+OBJDUMP ?= $(CROSS_COMPILE)objdump >> -+READELF ?= $(CROSS_COMPILE)readelf >> -+ >> - PLUGIN_UUID = 96bcf744-4f72-4866-bf1d-8634fd9c65e5 >> - >> - PLUGIN = $(PLUGIN_UUID).plugin >> -@@ -6,17 +14,17 @@ PLUGIN_OBJ = $(patsubst %.c, %.o, $(PLUGIN_SRS)) >> - PLUGIN_INCLUDES_DIR = $(CURDIR) $(TEEC_EXPORT)/include >> - >> - PLUGIN_INCLUDES = $(addprefix -I, $(PLUGIN_INCLUDES_DIR)) >> --PLUGIN_CCFLAGS = -Wall -fPIC >> --PLUGIN_LDFLAGS = -shared >> -+PLUGIN_CCFLAGS = $(CFLAGS) -Wall -fPIC >> -+PLUGIN_LDFLAGS = $(LDFLAGS) -shared >> - >> - .PHONY: all >> - all: $(PLUGIN) >> - >> - $(PLUGIN): $(PLUGIN_OBJ) >> -- $(CROSS_COMPILE)gcc $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@ >> -+ $(CC) $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@ >> - >> - %.o: %.c >> -- $(CROSS_COMPILE)gcc $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o >> -+ $(CC) $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o >> - >> - .PHONY: clean >> - clean: >> --- >> -2.25.1 >> - >> diff --git a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch b/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch >> deleted file mode 100644 >> index 80e6b5f..0000000 >> --- a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch >> +++ /dev/null >> @@ -1,37 +0,0 @@ >> -From f4e5e74548d92258855434b550c58fe44993c148 Mon Sep 17 00:00:00 2001 >> -From: Sumit Garg<sumit.garg@linaro.org> >> -Date: Tue, 20 Jul 2021 14:20:10 +0530 >> -Subject: [PATCH] Makefile: Enable plugins installation in rootfs >> - >> -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87] >> - >> -Signed-off-by: Sumit Garg<sumit.garg@linaro.org> >> - >> ---- >> - Makefile | 5 +++++ >> - 1 file changed, 5 insertions(+) >> - >> -diff --git a/Makefile b/Makefile >> -index a275842..9359d95 100644 >> ---- a/Makefile >> -+++ b/Makefile >> -@@ -25,14 +25,19 @@ prepare-for-rootfs: examples >> - @mkdir -p $(OUTPUT_DIR) >> - @mkdir -p $(OUTPUT_DIR)/ta >> - @mkdir -p $(OUTPUT_DIR)/ca >> -+ @mkdir -p $(OUTPUT_DIR)/plugins >> - @for example in $(EXAMPLE_LIST); do \ >> - if [ -e $$example/host/optee_example_$$example ]; then \ >> - cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \ >> - fi; \ >> - cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \ >> -+ if [ $$example = plugins ]; then \ >> -+ cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \ >> -+ fi; \ >> - done >> - >> - prepare-for-rootfs-clean: >> - @rm -rf $(OUTPUT_DIR)/ta >> - @rm -rf $(OUTPUT_DIR)/ca >> -+ @rm -rf $(OUTPUT_DIR)/plugins >> - @rmdir --ignore-fail-on-non-empty $(OUTPUT_DIR) || test ! -e $(OUTPUT_DIR) >> diff --git a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb >> deleted file mode 100644 >> index f2b5f7d..0000000 >> --- a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb >> +++ /dev/null >> @@ -1,4 +0,0 @@ >> -require optee-examples.inc >> - >> -SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec" >> - >> diff --git a/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb >> new file mode 100644 >> index 0000000..b5f6269 >> --- /dev/null >> +++ b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb >> @@ -0,0 +1,3 @@ >> +require optee-examples.inc >> + >> +SRCREV = "65fc74309e12189ad5b6ce3ffec37c8011088a5a" >> diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb >> similarity index 94% >> rename from meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb >> rename to meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb >> index 0d37a52..c710e27 100644 >> --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb >> +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb >> @@ -1,10 +1,11 @@ >> FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:" >> -require optee-os_3.14.0.bb >> +require optee-os_3.16.0.bb >> >> SUMMARY = "OP-TEE Trusted OS TA devkit" >> DESCRIPTION = "OP-TEE TA devkit for build TAs" >> HOMEPAGE ="https://www.op-tee.org/" >> >> + >> do_install() { >> #install TA devkit >> install -d ${D}${includedir}/optee/export-user_ta/ >> diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc >> index 1506a58..57c64fd 100644 >> --- a/meta-arm/recipes-security/optee/optee-os.inc >> +++ b/meta-arm/recipes-security/optee/optee-os.inc >> @@ -10,7 +10,7 @@ require optee.inc >> >> CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os" >> >> -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native" >> +DEPENDS = "python3-pycryptodome-native python3-pyelftools-native python3-cryptography-native" >> >> DEPENDS:append:toolchain-clang = " compiler-rt" >> >> diff --git a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb >> similarity index 76% >> rename from meta-arm/recipes-security/optee/optee-os_3.14.0.bb >> rename to meta-arm/recipes-security/optee/optee-os_3.16.0.bb >> index 95d82bb..873e964 100644 >> --- a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb >> +++ b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb >> @@ -1,6 +1,6 @@ >> require optee-os.inc >> >> -SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f" >> +SRCREV = "d0b742d1564834dac903f906168d7357063d5459" >> >> SRC_URI:append = " \ >> file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \ >> diff --git a/meta-arm/recipes-security/optee/optee-test.inc b/meta-arm/recipes-security/optee/optee-test.inc >> index aada243..33eda29 100644 >> --- a/meta-arm/recipes-security/optee/optee-test.inc >> +++ b/meta-arm/recipes-security/optee/optee-test.inc >> @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM ="file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" >> inherit python3native ptest >> require optee.inc >> >> -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native" >> +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native" >> >> SRC_URI = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \ >> file://run-ptest \ >> diff --git a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb b/meta-arm/recipes-security/optee/optee-test_3.14.0.bb >> deleted file mode 100644 >> index 6367c27..0000000 >> --- a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb >> +++ /dev/null >> @@ -1,3 +0,0 @@ >> -require optee-test.inc >> - >> -SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741" >> diff --git a/meta-arm/recipes-security/optee/optee-test_3.16.0.bb b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb >> new file mode 100644 >> index 0000000..03f9c34 >> --- /dev/null >> +++ b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb >> @@ -0,0 +1,3 @@ >> +require optee-test.inc >> + >> +SRCREV = "1cf0e6d2bdd1145370033d4e182634458528579d" >> diff --git a/meta-arm/recipes-security/optee/optee.inc b/meta-arm/recipes-security/optee/optee.inc >> index f02a022..beae366 100644 >> --- a/meta-arm/recipes-security/optee/optee.inc >> +++ b/meta-arm/recipes-security/optee/optee.inc >> @@ -26,3 +26,6 @@ EXTRA_OEMAKE += "V=1 \ >> OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \ >> TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \ >> " >> +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the >> +# right path until this is relocated automatically. >> +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" >> -- >> 2.25.1 >> >> >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#3088):https://lists.yoctoproject.org/g/meta-arm/message/3088 >> Mute This Topic:https://lists.yoctoproject.org/mt/89404067/4354175 >> Group Owner:meta-arm+owner@lists.yoctoproject.org >> Unsubscribe:https://lists.yoctoproject.org/g/meta-arm/unsub [alhe@linux.microsoft.com] >> -=-=-=-=-=-=-=-=-=-=-=- >>
On Wed, 2 Mar 2022 at 20:16, Jon Mason <jdmason@kudzu.us> wrote: > > On Tue, Mar 01, 2022 at 09:54:04PM +0000, Alejandro Hernandez wrote: > > Hi John, > > > > On 3/1/22 16:27, Jon Mason wrote: > > > On Fri, Feb 25, 2022 at 08:04:41PM -0700, Alejandro Enedino Hernandez Samaniego wrote: > > > > - Removes upstreamed patches for optee-examples > > > > - Fixes optee-examples installation > > > > - Includes new python3-cryptography dependency > > > > - Fixes python3-cryptography to work with openssl > > > > > > > > Tested on qemuarm64-secureboot via optee-examples xtest -l 15 > > > With the new changes in python3-crypto, this is no longer working. > > > I'm seeing the following error in CI. > > > > > > --- Error summary --- > > > ERROR: Nothing PROVIDES 'python3-cryptography-native' (but /builds/jonmason00/meta-arm/meta-arm/recipes-security/optee/optee-os_3.16.0.bb DEPENDS on or otherwise requires it). Close matches: > > > python3-cython-native > > > python3-pycryptodome-native > > > python3-typogrify-native > > > > > > I _think_ that adding meta-openembedded.yml being adding to the > > > machines should fix it, but I'm not sure that is the right solution. > > > > > > Thanks, > > > Jon > > > > My apologies, I was testing with meta-oe/meta-python enabled hence I didnt > > see the error before. > > > > > > I'm not sure its the right solution either, this dependency is coming from > > the pem_to_pub_c.py script which is now using python3-cyrptography since > > commit https://github.com/OP-TEE/optee_os/commit/169eac19852d98d8ade821f913bbdd76faf52823 > > (this also means we could remove python3-cryptodome from the dependencies as > > well), as far as I can tell this creates a hard dependency, passing > > EXTRA_OEMAKE += " CFG_WITH_USER_TA=n" would avoid executing the script > > completely but I also dont think thats what we want. > > > > Should we include meta-openembedded.yml?, or what other choice do we have? > > create a python3-cyrptography recipe to meta-arm?, thoughts? Yes, we should include meta-openembedded.yml as a dependency and remove python3-cryptodome from the dependencies. -Sumit > > OPTEE isn't an area I understand well (to know whether removing this > is superior to adding the dependency in the files). So, I'm directly > cc'ing contributors that I think will have an opinion to this > response. > > Thanks, > Jon > > > > > Cheers, > > > > Alejandro > > > > > > Signed-off-by: Alejandro Enedino Hernandez Samaniego<alhe@linux.microsoft.com> > > > > --- > > > > ....bbappend => optee-client_3.16.0.bbappend} | 0 > > > > ...pend => optee-os-tadevkit_3.16.0.bbappend} | 0 > > > > ...14.0.bbappend => optee-os_3.16.0.bbappend} | 0 > > > > ....0.bbappend => optee-test_3.16.0.bbappend} | 0 > > > > .../optee-ftpm/optee-ftpm_git.bb | 8 +- > > > > .../optee/optee-client_3.14.0.bb | 3 - > > > > .../optee/optee-client_3.16.0.bb | 3 + > > > > .../recipes-security/optee/optee-examples.inc | 7 +- > > > > ...ix-non-portable-sh-check-for-plugins.patch | 46 ++++++++++ > > > > ...efault-cross-compiler-environment-se.patch | 84 ------------------- > > > > ...nable-plugins-installation-in-rootfs.patch | 37 -------- > > > > .../optee/optee-examples_3.14.0.bb | 4 - > > > > .../optee/optee-examples_3.16.0.bb | 3 + > > > > ..._3.14.0.bb => optee-os-tadevkit_3.16.0.bb} | 3 +- > > > > meta-arm/recipes-security/optee/optee-os.inc | 2 +- > > > > ...{optee-os_3.14.0.bb => optee-os_3.16.0.bb} | 2 +- > > > > .../recipes-security/optee/optee-test.inc | 2 +- > > > > .../optee/optee-test_3.14.0.bb | 3 - > > > > .../optee/optee-test_3.16.0.bb | 3 + > > > > meta-arm/recipes-security/optee/optee.inc | 3 + > > > > 20 files changed, 73 insertions(+), 140 deletions(-) > > > > rename meta-arm-bsp/recipes-security/optee/{optee-client_3.14.0.bbappend => optee-client_3.16.0.bbappend} (100%) > > > > rename meta-arm-bsp/recipes-security/optee/{optee-os-tadevkit_3.14.0.bbappend => optee-os-tadevkit_3.16.0.bbappend} (100%) > > > > rename meta-arm-bsp/recipes-security/optee/{optee-os_3.14.0.bbappend => optee-os_3.16.0.bbappend} (100%) > > > > rename meta-arm-bsp/recipes-security/optee/{optee-test_3.14.0.bbappend => optee-test_3.16.0.bbappend} (100%) > > > > delete mode 100644 meta-arm/recipes-security/optee/optee-client_3.14.0.bb > > > > create mode 100644 meta-arm/recipes-security/optee/optee-client_3.16.0.bb > > > > create mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch > > > > delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch > > > > delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch > > > > delete mode 100644 meta-arm/recipes-security/optee/optee-examples_3.14.0.bb > > > > create mode 100644 meta-arm/recipes-security/optee/optee-examples_3.16.0.bb > > > > rename meta-arm/recipes-security/optee/{optee-os-tadevkit_3.14.0.bb => optee-os-tadevkit_3.16.0.bb} (94%) > > > > rename meta-arm/recipes-security/optee/{optee-os_3.14.0.bb => optee-os_3.16.0.bb} (76%) > > > > delete mode 100644 meta-arm/recipes-security/optee/optee-test_3.14.0.bb > > > > create mode 100644 meta-arm/recipes-security/optee/optee-test_3.16.0.bb > > > > > > > > diff --git a/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend > > > > similarity index 100% > > > > rename from meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend > > > > rename to meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend > > > > diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend > > > > similarity index 100% > > > > rename from meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend > > > > rename to meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend > > > > diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend > > > > similarity index 100% > > > > rename from meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend > > > > rename to meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend > > > > diff --git a/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend > > > > similarity index 100% > > > > rename from meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend > > > > rename to meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend > > > > diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb > > > > index f2a74da..0eb64cd 100644 > > > > --- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb > > > > +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb > > > > @@ -15,7 +15,9 @@ inherit deploy python3native > > > > LICENSE = "MIT" > > > > LIC_FILES_CHKSUM ="file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5" > > > > -DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit" > > > > +DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit \ > > > > + python3-cryptography-native \ > > > > + " > > > > FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896" > > > > @@ -48,6 +50,10 @@ EXTRA_OEMAKE:append:aarch64:qemuall = "\ > > > > CFG_ARM64_ta_arm64=y \ > > > > " > > > > +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the > > > > +# right path until this is relocated automatically. > > > > +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" > > > > + > > > > PARALLEL_MAKE = "" > > > > do_compile() { > > > > diff --git a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb b/meta-arm/recipes-security/optee/optee-client_3.14.0.bb > > > > deleted file mode 100644 > > > > index be78b88..0000000 > > > > --- a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb > > > > +++ /dev/null > > > > @@ -1,3 +0,0 @@ > > > > -require optee-client.inc > > > > - > > > > -SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53" > > > > diff --git a/meta-arm/recipes-security/optee/optee-client_3.16.0.bb b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb > > > > new file mode 100644 > > > > index 0000000..4a36cbc > > > > --- /dev/null > > > > +++ b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb > > > > @@ -0,0 +1,3 @@ > > > > +require optee-client.inc > > > > + > > > > +SRCREV = "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2" > > > > diff --git a/meta-arm/recipes-security/optee/optee-examples.inc b/meta-arm/recipes-security/optee/optee-examples.inc > > > > index 656722e..097f892 100644 > > > > --- a/meta-arm/recipes-security/optee/optee-examples.inc > > > > +++ b/meta-arm/recipes-security/optee/optee-examples.inc > > > > @@ -5,16 +5,14 @@ HOMEPAGE ="https://github.com/linaro-swg/optee_examples" > > > > LICENSE = "BSD-2-Clause" > > > > LIC_FILES_CHKSUM ="file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30" > > > > -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native" > > > > +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native" > > > > inherit python3native > > > > require optee.inc > > > > SRC_URI = "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https \ > > > > -file://0001-plugins-Honour-default-cross-compiler-environment-se.patch \ > > > > -file://0002-Makefile-Enable-plugins-installation-in-rootfs.patch \ > > > > - " > > > > +file://0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch" > > > > EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ > > > > HOST_CROSS_COMPILE=${HOST_PREFIX} \ > > > > @@ -25,6 +23,7 @@ EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ > > > > S = "${WORKDIR}/git" > > > > B = "${WORKDIR}/build" > > > > + > > > > do_compile() { > > > > oe_runmake -C ${S} > > > > } > > > > diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch > > > > new file mode 100644 > > > > index 0000000..70add62 > > > > --- /dev/null > > > > +++ b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch > > > > @@ -0,0 +1,46 @@ > > > > +From 11610debf750f15c7a104db7315dcd7d69e282a8 Mon Sep 17 00:00:00 2001 > > > > +From: Alejandro Enedino Hernandez Samaniego<alhe@linux.microsoft.com> > > > > +Date: Sat, 26 Feb 2022 01:52:26 +0000 > > > > +Subject: [PATCH] Makefile: Fix non-portable sh check for plugins > > > > + > > > > +Upstream-Status: Pending > > > > + > > > > +We previously held a patch that used "=" for comparison, but when > > > > +that patch got upstreamed it was changed to "==" which is non-portable, > > > > +resulting in an error: > > > > + > > > > +/bin/sh: 6: [: acipher: unexpected operator > > > > +/bin/sh: 6: [: plugins: unexpected operator > > > > +/bin/sh: 6: [: hello_world: unexpected operator > > > > +/bin/sh: 6: [: hotp: unexpected operator > > > > +/bin/sh: 6: [: aes: unexpected operator > > > > +/bin/sh: 6: [: random: unexpected operator > > > > +/bin/sh: 6: [: secure_storage: unexpected operator > > > > + > > > > +if /bin/sh doesnt point to bash. > > > > + > > > > +Which in turn causes our do_install task to fail since plugins arent > > > > +where we expect them to be. > > > > + > > > > + > > > > +Signed-off-by: Alejandro Enedino Hernandez Samaniego<alhe@linux.microsoft.com> > > > > +--- > > > > + Makefile | 2 +- > > > > + 1 file changed, 1 insertion(+), 1 deletion(-) > > > > + > > > > +diff --git a/Makefile b/Makefile > > > > +index b3f16aa..9359d95 100644 > > > > +--- a/Makefile > > > > ++++ b/Makefile > > > > +@@ -31,7 +31,7 @@ prepare-for-rootfs: examples > > > > + cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \ > > > > + fi; \ > > > > + cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \ > > > > +- if [ $$example == plugins ]; then \ > > > > ++ if [ $$example = plugins ]; then \ > > > > + cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \ > > > > + fi; \ > > > > + done > > > > +-- > > > > +2.25.1 > > > > + > > > > diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch b/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch > > > > deleted file mode 100644 > > > > index 033e48c..0000000 > > > > --- a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch > > > > +++ /dev/null > > > > @@ -1,84 +0,0 @@ > > > > -From 79c826c249001700007a6dffe80c3d61ff4428ef Mon Sep 17 00:00:00 2001 > > > > -From: Sumit Garg<sumit.garg@linaro.org> > > > > -Date: Tue, 20 Jul 2021 13:54:30 +0530 > > > > -Subject: [PATCH 1/2] plugins: Honour default cross compiler environment setup > > > > - > > > > -Honour default $(CC), $(CFLAGS) and $(LDFLAGS) variables. Without this > > > > -plugins example fails to build for OE/Yocto. > > > > - > > > > -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87] > > > > - > > > > -Signed-off-by: Sumit Garg<sumit.garg@linaro.org> > > > > ---- > > > > - plugins/Makefile | 2 +- > > > > - plugins/host/Makefile | 2 +- > > > > - plugins/syslog/Makefile | 16 ++++++++++++---- > > > > - 3 files changed, 14 insertions(+), 6 deletions(-) > > > > - > > > > -diff --git a/plugins/Makefile b/plugins/Makefile > > > > -index 2372b38..ea472b4 100644 > > > > ---- a/plugins/Makefile > > > > -+++ b/plugins/Makefile > > > > -@@ -8,7 +8,7 @@ TA_CROSS_COMPILE ?= $(CROSS_COMPILE) > > > > - all: > > > > - $(MAKE) -C host CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables > > > > - $(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)" LDFLAGS="" > > > > -- $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" > > > > -+ $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables > > > > - > > > > - .PHONY: clean > > > > - clean: > > > > -diff --git a/plugins/host/Makefile b/plugins/host/Makefile > > > > -index 7285104..76244c7 100644 > > > > ---- a/plugins/host/Makefile > > > > -+++ b/plugins/host/Makefile > > > > -@@ -20,7 +20,7 @@ BINARY = optee_example_plugins > > > > - all: $(BINARY) > > > > - > > > > - $(BINARY): $(OBJS) > > > > -- $(CC) -o $@ $< $(LDADD) > > > > -+ $(CC) $(LDFLAGS) -o $@ $< $(LDADD) > > > > - > > > > - .PHONY: clean > > > > - clean: > > > > -diff --git a/plugins/syslog/Makefile b/plugins/syslog/Makefile > > > > -index 62d916a..71f5f92 100644 > > > > ---- a/plugins/syslog/Makefile > > > > -+++ b/plugins/syslog/Makefile > > > > -@@ -1,3 +1,11 @@ > > > > -+CC ?= $(CROSS_COMPILE)gcc > > > > -+LD ?= $(CROSS_COMPILE)ld > > > > -+AR ?= $(CROSS_COMPILE)ar > > > > -+NM ?= $(CROSS_COMPILE)nm > > > > -+OBJCOPY ?= $(CROSS_COMPILE)objcopy > > > > -+OBJDUMP ?= $(CROSS_COMPILE)objdump > > > > -+READELF ?= $(CROSS_COMPILE)readelf > > > > -+ > > > > - PLUGIN_UUID = 96bcf744-4f72-4866-bf1d-8634fd9c65e5 > > > > - > > > > - PLUGIN = $(PLUGIN_UUID).plugin > > > > -@@ -6,17 +14,17 @@ PLUGIN_OBJ = $(patsubst %.c, %.o, $(PLUGIN_SRS)) > > > > - PLUGIN_INCLUDES_DIR = $(CURDIR) $(TEEC_EXPORT)/include > > > > - > > > > - PLUGIN_INCLUDES = $(addprefix -I, $(PLUGIN_INCLUDES_DIR)) > > > > --PLUGIN_CCFLAGS = -Wall -fPIC > > > > --PLUGIN_LDFLAGS = -shared > > > > -+PLUGIN_CCFLAGS = $(CFLAGS) -Wall -fPIC > > > > -+PLUGIN_LDFLAGS = $(LDFLAGS) -shared > > > > - > > > > - .PHONY: all > > > > - all: $(PLUGIN) > > > > - > > > > - $(PLUGIN): $(PLUGIN_OBJ) > > > > -- $(CROSS_COMPILE)gcc $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@ > > > > -+ $(CC) $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@ > > > > - > > > > - %.o: %.c > > > > -- $(CROSS_COMPILE)gcc $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o > > > > -+ $(CC) $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o > > > > - > > > > - .PHONY: clean > > > > - clean: > > > > --- > > > > -2.25.1 > > > > - > > > > diff --git a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch b/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch > > > > deleted file mode 100644 > > > > index 80e6b5f..0000000 > > > > --- a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch > > > > +++ /dev/null > > > > @@ -1,37 +0,0 @@ > > > > -From f4e5e74548d92258855434b550c58fe44993c148 Mon Sep 17 00:00:00 2001 > > > > -From: Sumit Garg<sumit.garg@linaro.org> > > > > -Date: Tue, 20 Jul 2021 14:20:10 +0530 > > > > -Subject: [PATCH] Makefile: Enable plugins installation in rootfs > > > > - > > > > -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87] > > > > - > > > > -Signed-off-by: Sumit Garg<sumit.garg@linaro.org> > > > > - > > > > ---- > > > > - Makefile | 5 +++++ > > > > - 1 file changed, 5 insertions(+) > > > > - > > > > -diff --git a/Makefile b/Makefile > > > > -index a275842..9359d95 100644 > > > > ---- a/Makefile > > > > -+++ b/Makefile > > > > -@@ -25,14 +25,19 @@ prepare-for-rootfs: examples > > > > - @mkdir -p $(OUTPUT_DIR) > > > > - @mkdir -p $(OUTPUT_DIR)/ta > > > > - @mkdir -p $(OUTPUT_DIR)/ca > > > > -+ @mkdir -p $(OUTPUT_DIR)/plugins > > > > - @for example in $(EXAMPLE_LIST); do \ > > > > - if [ -e $$example/host/optee_example_$$example ]; then \ > > > > - cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \ > > > > - fi; \ > > > > - cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \ > > > > -+ if [ $$example = plugins ]; then \ > > > > -+ cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \ > > > > -+ fi; \ > > > > - done > > > > - > > > > - prepare-for-rootfs-clean: > > > > - @rm -rf $(OUTPUT_DIR)/ta > > > > - @rm -rf $(OUTPUT_DIR)/ca > > > > -+ @rm -rf $(OUTPUT_DIR)/plugins > > > > - @rmdir --ignore-fail-on-non-empty $(OUTPUT_DIR) || test ! -e $(OUTPUT_DIR) > > > > diff --git a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb > > > > deleted file mode 100644 > > > > index f2b5f7d..0000000 > > > > --- a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb > > > > +++ /dev/null > > > > @@ -1,4 +0,0 @@ > > > > -require optee-examples.inc > > > > - > > > > -SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec" > > > > - > > > > diff --git a/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb > > > > new file mode 100644 > > > > index 0000000..b5f6269 > > > > --- /dev/null > > > > +++ b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb > > > > @@ -0,0 +1,3 @@ > > > > +require optee-examples.inc > > > > + > > > > +SRCREV = "65fc74309e12189ad5b6ce3ffec37c8011088a5a" > > > > diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb > > > > similarity index 94% > > > > rename from meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb > > > > rename to meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb > > > > index 0d37a52..c710e27 100644 > > > > --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb > > > > +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb > > > > @@ -1,10 +1,11 @@ > > > > FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:" > > > > -require optee-os_3.14.0.bb > > > > +require optee-os_3.16.0.bb > > > > SUMMARY = "OP-TEE Trusted OS TA devkit" > > > > DESCRIPTION = "OP-TEE TA devkit for build TAs" > > > > HOMEPAGE ="https://www.op-tee.org/" > > > > + > > > > do_install() { > > > > #install TA devkit > > > > install -d ${D}${includedir}/optee/export-user_ta/ > > > > diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc > > > > index 1506a58..57c64fd 100644 > > > > --- a/meta-arm/recipes-security/optee/optee-os.inc > > > > +++ b/meta-arm/recipes-security/optee/optee-os.inc > > > > @@ -10,7 +10,7 @@ require optee.inc > > > > CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os" > > > > -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native" > > > > +DEPENDS = "python3-pycryptodome-native python3-pyelftools-native python3-cryptography-native" > > > > DEPENDS:append:toolchain-clang = " compiler-rt" > > > > diff --git a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb > > > > similarity index 76% > > > > rename from meta-arm/recipes-security/optee/optee-os_3.14.0.bb > > > > rename to meta-arm/recipes-security/optee/optee-os_3.16.0.bb > > > > index 95d82bb..873e964 100644 > > > > --- a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb > > > > +++ b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb > > > > @@ -1,6 +1,6 @@ > > > > require optee-os.inc > > > > -SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f" > > > > +SRCREV = "d0b742d1564834dac903f906168d7357063d5459" > > > > SRC_URI:append = " \ > > > > file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \ > > > > diff --git a/meta-arm/recipes-security/optee/optee-test.inc b/meta-arm/recipes-security/optee/optee-test.inc > > > > index aada243..33eda29 100644 > > > > --- a/meta-arm/recipes-security/optee/optee-test.inc > > > > +++ b/meta-arm/recipes-security/optee/optee-test.inc > > > > @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM ="file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" > > > > inherit python3native ptest > > > > require optee.inc > > > > -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native" > > > > +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native" > > > > SRC_URI = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \ > > > > file://run-ptest \ > > > > diff --git a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb b/meta-arm/recipes-security/optee/optee-test_3.14.0.bb > > > > deleted file mode 100644 > > > > index 6367c27..0000000 > > > > --- a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb > > > > +++ /dev/null > > > > @@ -1,3 +0,0 @@ > > > > -require optee-test.inc > > > > - > > > > -SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741" > > > > diff --git a/meta-arm/recipes-security/optee/optee-test_3.16.0.bb b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb > > > > new file mode 100644 > > > > index 0000000..03f9c34 > > > > --- /dev/null > > > > +++ b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb > > > > @@ -0,0 +1,3 @@ > > > > +require optee-test.inc > > > > + > > > > +SRCREV = "1cf0e6d2bdd1145370033d4e182634458528579d" > > > > diff --git a/meta-arm/recipes-security/optee/optee.inc b/meta-arm/recipes-security/optee/optee.inc > > > > index f02a022..beae366 100644 > > > > --- a/meta-arm/recipes-security/optee/optee.inc > > > > +++ b/meta-arm/recipes-security/optee/optee.inc > > > > @@ -26,3 +26,6 @@ EXTRA_OEMAKE += "V=1 \ > > > > OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \ > > > > TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \ > > > > " > > > > +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the > > > > +# right path until this is relocated automatically. > > > > +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" > > > > -- > > > > 2.25.1 > > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > > > Links: You receive all messages sent to this group. > > > > View/Reply Online (#3088):https://lists.yoctoproject.org/g/meta-arm/message/3088 > > > > Mute This Topic:https://lists.yoctoproject.org/mt/89404067/4354175 > > > > Group Owner:meta-arm+owner@lists.yoctoproject.org > > > > Unsubscribe:https://lists.yoctoproject.org/g/meta-arm/unsub [alhe@linux.microsoft.com] > > > > -=-=-=-=-=-=-=-=-=-=-=- > > > >
Hello, I suggest the following: In meta-arm-bsp/conf/layer.conf add : LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " meta-python openembedded-layer" In ci/qemuarm64-secureboot.yml add: ci/meta-openembedded.yml Kind regards
On 3/3/22 10:55, Abdellatif El Khlifi wrote: > Hello, > > I suggest the following: > > In meta-arm-bsp/conf/layer.conf add : > > LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " meta-python > openembedded-layer" This statement is a little confusing (to me), please correct me if I'm wrong, but you're saying we should set a dependency from meta-arm-bsp layer, only for qemuarm64-secureboot, however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp, AFAIC meta-arm-bsp has now knowledge of its existence, in fact there's no other mention of qemuarm64-secureboot in meta-arm-bsp. Cheers, Alejandro > > In ci/qemuarm64-secureboot.yml add: > > ci/meta-openembedded.yml > > Kind regards > ------------------------------------------------------------------------ > *From:* Sumit Garg <sumit.garg@linaro.org> > *Sent:* 03 March 2022 05:31 > *To:* Jon Mason <jdmason@kudzu.us>; Alejandro Hernandez > <alhe@linux.microsoft.com> > *Cc:* meta-arm@lists.yoctoproject.org > <meta-arm@lists.yoctoproject.org>; Vishnu Banavath > <Vishnu.Banavath@arm.com>; Maxim Uvarov <maxim.uvarov@linaro.org>; > Peter Griffin <peter.griffin@linaro.org>; Denys Dmytriyenko > <denis@denix.org>; Drew Reed <Drew.Reed@arm.com>; Abdellatif El Khlifi > <Abdellatif.ElKhlifi@arm.com> > *Subject:* Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16 > On Wed, 2 Mar 2022 at 20:16, Jon Mason <jdmason@kudzu.us> wrote: > > > > On Tue, Mar 01, 2022 at 09:54:04PM +0000, Alejandro Hernandez wrote: > > > Hi John, > > > > > > On 3/1/22 16:27, Jon Mason wrote: > > > > On Fri, Feb 25, 2022 at 08:04:41PM -0700, Alejandro Enedino > Hernandez Samaniego wrote: > > > > > - Removes upstreamed patches for optee-examples > > > > > - Fixes optee-examples installation > > > > > - Includes new python3-cryptography dependency > > > > > - Fixes python3-cryptography to work with openssl > > > > > > > > > > Tested on qemuarm64-secureboot via optee-examples xtest -l 15 > > > > With the new changes in python3-crypto, this is no longer working. > > > > I'm seeing the following error in CI. > > > > > > > > --- Error summary --- > > > > ERROR: Nothing PROVIDES 'python3-cryptography-native' (but > /builds/jonmason00/meta-arm/meta-arm/recipes-security/optee/optee-os_3.16.0.bb > DEPENDS on or otherwise requires it). Close matches: > > > > python3-cython-native > > > > python3-pycryptodome-native > > > > python3-typogrify-native > > > > > > > > I _think_ that adding meta-openembedded.yml being adding to the > > > > machines should fix it, but I'm not sure that is the right solution. > > > > > > > > Thanks, > > > > Jon > > > > > > My apologies, I was testing with meta-oe/meta-python enabled hence > I didnt > > > see the error before. > > > > > > > > > I'm not sure its the right solution either, this dependency is > coming from > > > the pem_to_pub_c.py script which is now using python3-cyrptography > since > > > commit > https://github.com/OP-TEE/optee_os/commit/169eac19852d98d8ade821f913bbdd76faf52823 > > > (this also means we could remove python3-cryptodome from the > dependencies as > > > well), as far as I can tell this creates a hard dependency, passing > > > EXTRA_OEMAKE += " CFG_WITH_USER_TA=n" would avoid executing the script > > > completely but I also dont think thats what we want. > > > > > > Should we include meta-openembedded.yml?, or what other choice do > we have? > > > create a python3-cyrptography recipe to meta-arm?, thoughts? > > Yes, we should include meta-openembedded.yml as a dependency and > remove python3-cryptodome from the dependencies. > > -Sumit > > > > > OPTEE isn't an area I understand well (to know whether removing this > > is superior to adding the dependency in the files). So, I'm directly > > cc'ing contributors that I think will have an opinion to this > > response. > > > > Thanks, > > Jon > > > > > > > > Cheers, > > > > > > Alejandro > > > > > > > > Signed-off-by: Alejandro Enedino Hernandez > Samaniego<alhe@linux.microsoft.com> > > > > > --- > > > > > ....bbappend => optee-client_3.16.0.bbappend} | 0 > > > > > ...pend => optee-os-tadevkit_3.16.0.bbappend} | 0 > > > > > ...14.0.bbappend => optee-os_3.16.0.bbappend} | 0 > > > > > ....0.bbappend => optee-test_3.16.0.bbappend} | 0 > > > > > .../optee-ftpm/optee-ftpm_git.bb | 8 +- > > > > > .../optee/optee-client_3.14.0.bb | 3 - > > > > > .../optee/optee-client_3.16.0.bb | 3 + > > > > > .../recipes-security/optee/optee-examples.inc | 7 +- > > > > > ...ix-non-portable-sh-check-for-plugins.patch | 46 ++++++++++ > > > > > ...efault-cross-compiler-environment-se.patch | 84 > ------------------- > > > > > ...nable-plugins-installation-in-rootfs.patch | 37 -------- > > > > > .../optee/optee-examples_3.14.0.bb | 4 - > > > > > .../optee/optee-examples_3.16.0.bb | 3 + > > > > > ..._3.14.0.bb => optee-os-tadevkit_3.16.0.bb} | 3 +- > > > > > meta-arm/recipes-security/optee/optee-os.inc | 2 +- > > > > > ...{optee-os_3.14.0.bb => optee-os_3.16.0.bb} | 2 +- > > > > > .../recipes-security/optee/optee-test.inc | 2 +- > > > > > .../optee/optee-test_3.14.0.bb | 3 - > > > > > .../optee/optee-test_3.16.0.bb | 3 + > > > > > meta-arm/recipes-security/optee/optee.inc | 3 + > > > > > 20 files changed, 73 insertions(+), 140 deletions(-) > > > > > rename > meta-arm-bsp/recipes-security/optee/{optee-client_3.14.0.bbappend => > optee-client_3.16.0.bbappend} (100%) > > > > > rename > meta-arm-bsp/recipes-security/optee/{optee-os-tadevkit_3.14.0.bbappend > => optee-os-tadevkit_3.16.0.bbappend} (100%) > > > > > rename > meta-arm-bsp/recipes-security/optee/{optee-os_3.14.0.bbappend => > optee-os_3.16.0.bbappend} (100%) > > > > > rename > meta-arm-bsp/recipes-security/optee/{optee-test_3.14.0.bbappend => > optee-test_3.16.0.bbappend} (100%) > > > > > delete mode 100644 > meta-arm/recipes-security/optee/optee-client_3.14.0.bb > > > > > create mode 100644 > meta-arm/recipes-security/optee/optee-client_3.16.0.bb > > > > > create mode 100644 > meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch > > > > > delete mode 100644 > meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch > > > > > delete mode 100644 > meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch > > > > > delete mode 100644 > meta-arm/recipes-security/optee/optee-examples_3.14.0.bb > > > > > create mode 100644 > meta-arm/recipes-security/optee/optee-examples_3.16.0.bb > > > > > rename > meta-arm/recipes-security/optee/{optee-os-tadevkit_3.14.0.bb => > optee-os-tadevkit_3.16.0.bb} (94%) > > > > > rename meta-arm/recipes-security/optee/{optee-os_3.14.0.bb > => optee-os_3.16.0.bb} (76%) > > > > > delete mode 100644 > meta-arm/recipes-security/optee/optee-test_3.14.0.bb > > > > > create mode 100644 > meta-arm/recipes-security/optee/optee-test_3.16.0.bb > > > > > > > > > > diff --git > a/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend > b/meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend > > > > > similarity index 100% > > > > > rename from > meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend > > > > > rename to > meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend > > > > > diff --git > a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend > b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend > > > > > similarity index 100% > > > > > rename from > meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend > > > > > rename to > meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend > > > > > diff --git > a/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend > b/meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend > > > > > similarity index 100% > > > > > rename from > meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend > > > > > rename to > meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend > > > > > diff --git > a/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend > b/meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend > > > > > similarity index 100% > > > > > rename from > meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend > > > > > rename to > meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend > > > > > diff --git > a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb > b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb > > > > > index f2a74da..0eb64cd 100644 > > > > > --- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb > > > > > +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb > > > > > @@ -15,7 +15,9 @@ inherit deploy python3native > > > > > LICENSE = "MIT" > > > > > LIC_FILES_CHKSUM > ="file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5 > <file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5>" > > > > > -DEPENDS = "python3-pycryptodome-native > python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit" > > > > > +DEPENDS = "python3-pycryptodome-native > python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit \ > > > > > + python3-cryptography-native \ > > > > > + " > > > > > FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896" > > > > > @@ -48,6 +50,10 @@ EXTRA_OEMAKE:append:aarch64:qemuall = "\ > > > > > CFG_ARM64_ta_arm64=y \ > > > > > " > > > > > +# python3-cryptography needs the legacy provider, so set > OPENSSL_MODULES to the > > > > > +# right path until this is relocated automatically. > > > > > +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" > > > > > + > > > > > PARALLEL_MAKE = "" > > > > > do_compile() { > > > > > diff --git > a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb > b/meta-arm/recipes-security/optee/optee-client_3.14.0.bb > > > > > deleted file mode 100644 > > > > > index be78b88..0000000 > > > > > --- a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb > > > > > +++ /dev/null > > > > > @@ -1,3 +0,0 @@ > > > > > -require optee-client.inc > > > > > - > > > > > -SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53" > > > > > diff --git > a/meta-arm/recipes-security/optee/optee-client_3.16.0.bb > b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb > > > > > new file mode 100644 > > > > > index 0000000..4a36cbc > > > > > --- /dev/null > > > > > +++ b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb > > > > > @@ -0,0 +1,3 @@ > > > > > +require optee-client.inc > > > > > + > > > > > +SRCREV = "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2" > > > > > diff --git > a/meta-arm/recipes-security/optee/optee-examples.inc > b/meta-arm/recipes-security/optee/optee-examples.inc > > > > > index 656722e..097f892 100644 > > > > > --- a/meta-arm/recipes-security/optee/optee-examples.inc > > > > > +++ b/meta-arm/recipes-security/optee/optee-examples.inc > > > > > @@ -5,16 +5,14 @@ HOMEPAGE > ="https://github.com/linaro-swg/optee_examples" > > > > > LICENSE = "BSD-2-Clause" > > > > > LIC_FILES_CHKSUM > ="file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30 > <file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30>" > > > > > -DEPENDS = "optee-client optee-os-tadevkit > python3-pycryptodome-native" > > > > > +DEPENDS = "optee-client optee-os-tadevkit > python3-pycryptodome-native python3-cryptography-native" > > > > > inherit python3native > > > > > require optee.inc > > > > > SRC_URI = > "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https > \ > > > > > > -file://0001-plugins-Honour-default-cross-compiler-environment-se.patch \ > > > > > > -file://0002-Makefile-Enable-plugins-installation-in-rootfs.patch \ > > > > > - " > > > > > +file://0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch" > > > > > EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ > > > > > HOST_CROSS_COMPILE=${HOST_PREFIX} \ > > > > > @@ -25,6 +23,7 @@ EXTRA_OEMAKE += > "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ > > > > > S = "${WORKDIR}/git" > > > > > B = "${WORKDIR}/build" > > > > > + > > > > > do_compile() { > > > > > oe_runmake -C ${S} > > > > > } > > > > > diff --git > a/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch > b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch > > > > > new file mode 100644 > > > > > index 0000000..70add62 > > > > > --- /dev/null > > > > > +++ > b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch > > > > > @@ -0,0 +1,46 @@ > > > > > +From 11610debf750f15c7a104db7315dcd7d69e282a8 Mon Sep 17 > 00:00:00 2001 > > > > > +From: Alejandro Enedino Hernandez > Samaniego<alhe@linux.microsoft.com> > > > > > +Date: Sat, 26 Feb 2022 01:52:26 +0000 > > > > > +Subject: [PATCH] Makefile: Fix non-portable sh check for plugins > > > > > + > > > > > +Upstream-Status: Pending > > > > > + > > > > > +We previously held a patch that used "=" for comparison, but when > > > > > +that patch got upstreamed it was changed to "==" which is > non-portable, > > > > > +resulting in an error: > > > > > + > > > > > +/bin/sh: 6: [: acipher: unexpected operator > > > > > +/bin/sh: 6: [: plugins: unexpected operator > > > > > +/bin/sh: 6: [: hello_world: unexpected operator > > > > > +/bin/sh: 6: [: hotp: unexpected operator > > > > > +/bin/sh: 6: [: aes: unexpected operator > > > > > +/bin/sh: 6: [: random: unexpected operator > > > > > +/bin/sh: 6: [: secure_storage: unexpected operator > > > > > + > > > > > +if /bin/sh doesnt point to bash. > > > > > + > > > > > +Which in turn causes our do_install task to fail since > plugins arent > > > > > +where we expect them to be. > > > > > + > > > > > + > > > > > +Signed-off-by: Alejandro Enedino Hernandez > Samaniego<alhe@linux.microsoft.com> > > > > > +--- > > > > > + Makefile | 2 +- > > > > > + 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > + > > > > > +diff --git a/Makefile b/Makefile > > > > > +index b3f16aa..9359d95 100644 > > > > > +--- a/Makefile > > > > > ++++ b/Makefile > > > > > +@@ -31,7 +31,7 @@ prepare-for-rootfs: examples > > > > > + cp -p > $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \ > > > > > + fi; \ > > > > > + cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \ > > > > > +- if [ $$example == plugins ]; then \ > > > > > ++ if [ $$example = plugins ]; then \ > > > > > + cp -p plugins/syslog/*.plugin > $(OUTPUT_DIR)/plugins/; \ > > > > > + fi; \ > > > > > + done > > > > > +-- > > > > > +2.25.1 > > > > > + > > > > > diff --git > a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch > b/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch > > > > > deleted file mode 100644 > > > > > index 033e48c..0000000 > > > > > --- > a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch > > > > > +++ /dev/null > > > > > @@ -1,84 +0,0 @@ > > > > > -From 79c826c249001700007a6dffe80c3d61ff4428ef Mon Sep 17 > 00:00:00 2001 > > > > > -From: Sumit Garg<sumit.garg@linaro.org> > > > > > -Date: Tue, 20 Jul 2021 13:54:30 +0530 > > > > > -Subject: [PATCH 1/2] plugins: Honour default cross compiler > environment setup > > > > > - > > > > > -Honour default $(CC), $(CFLAGS) and $(LDFLAGS) variables. > Without this > > > > > -plugins example fails to build for OE/Yocto. > > > > > - > > > > > -Upstream-Status: Submitted > [https://github.com/linaro-swg/optee_examples/pull/87] > > > > > - > > > > > -Signed-off-by: Sumit Garg<sumit.garg@linaro.org> > > > > > ---- > > > > > - plugins/Makefile | 2 +- > > > > > - plugins/host/Makefile | 2 +- > > > > > - plugins/syslog/Makefile | 16 ++++++++++++---- > > > > > - 3 files changed, 14 insertions(+), 6 deletions(-) > > > > > - > > > > > -diff --git a/plugins/Makefile b/plugins/Makefile > > > > > -index 2372b38..ea472b4 100644 > > > > > ---- a/plugins/Makefile > > > > > -+++ b/plugins/Makefile > > > > > -@@ -8,7 +8,7 @@ TA_CROSS_COMPILE ?= $(CROSS_COMPILE) > > > > > - all: > > > > > - $(MAKE) -C host > CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables > > > > > - $(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)" > LDFLAGS="" > > > > > -- $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" > > > > > -+ $(MAKE) -C syslog > CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables > > > > > - > > > > > - .PHONY: clean > > > > > - clean: > > > > > -diff --git a/plugins/host/Makefile b/plugins/host/Makefile > > > > > -index 7285104..76244c7 100644 > > > > > ---- a/plugins/host/Makefile > > > > > -+++ b/plugins/host/Makefile > > > > > -@@ -20,7 +20,7 @@ BINARY = optee_example_plugins > > > > > - all: $(BINARY) > > > > > - > > > > > - $(BINARY): $(OBJS) > > > > > -- $(CC) -o $@ $< $(LDADD) > > > > > -+ $(CC) $(LDFLAGS) -o $@ $< $(LDADD) > > > > > - > > > > > - .PHONY: clean > > > > > - clean: > > > > > -diff --git a/plugins/syslog/Makefile b/plugins/syslog/Makefile > > > > > -index 62d916a..71f5f92 100644 > > > > > ---- a/plugins/syslog/Makefile > > > > > -+++ b/plugins/syslog/Makefile > > > > > -@@ -1,3 +1,11 @@ > > > > > -+CC ?= $(CROSS_COMPILE)gcc > > > > > -+LD ?= $(CROSS_COMPILE)ld > > > > > -+AR ?= $(CROSS_COMPILE)ar > > > > > -+NM ?= $(CROSS_COMPILE)nm > > > > > -+OBJCOPY ?= $(CROSS_COMPILE)objcopy > > > > > -+OBJDUMP ?= $(CROSS_COMPILE)objdump > > > > > -+READELF ?= $(CROSS_COMPILE)readelf > > > > > -+ > > > > > - PLUGIN_UUID = 96bcf744-4f72-4866-bf1d-8634fd9c65e5 > > > > > - > > > > > - PLUGIN = $(PLUGIN_UUID).plugin > > > > > -@@ -6,17 +14,17 @@ PLUGIN_OBJ = $(patsubst %.c, > %.o, $(PLUGIN_SRS)) > > > > > - PLUGIN_INCLUDES_DIR = $(CURDIR) $(TEEC_EXPORT)/include > > > > > - > > > > > - PLUGIN_INCLUDES = $(addprefix -I, > $(PLUGIN_INCLUDES_DIR)) > > > > > --PLUGIN_CCFLAGS = -Wall -fPIC > > > > > --PLUGIN_LDFLAGS = -shared > > > > > -+PLUGIN_CCFLAGS = $(CFLAGS) -Wall -fPIC > > > > > -+PLUGIN_LDFLAGS = $(LDFLAGS) -shared > > > > > - > > > > > - .PHONY: all > > > > > - all: $(PLUGIN) > > > > > - > > > > > - $(PLUGIN): $(PLUGIN_OBJ) > > > > > -- $(CROSS_COMPILE)gcc $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) > -o $@ > > > > > -+ $(CC) $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@ > > > > > - > > > > > - %.o: %.c > > > > > -- $(CROSS_COMPILE)gcc $(PLUGIN_CCFLAGS) > $(PLUGIN_INCLUDES) -c $*.c -o $*.o > > > > > -+ $(CC) $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c > -o $*.o > > > > > - > > > > > - .PHONY: clean > > > > > - clean: > > > > > --- > > > > > -2.25.1 > > > > > - > > > > > diff --git > a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch > b/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch > > > > > deleted file mode 100644 > > > > > index 80e6b5f..0000000 > > > > > --- > a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch > > > > > +++ /dev/null > > > > > @@ -1,37 +0,0 @@ > > > > > -From f4e5e74548d92258855434b550c58fe44993c148 Mon Sep 17 > 00:00:00 2001 > > > > > -From: Sumit Garg<sumit.garg@linaro.org> > > > > > -Date: Tue, 20 Jul 2021 14:20:10 +0530 > > > > > -Subject: [PATCH] Makefile: Enable plugins installation in rootfs > > > > > - > > > > > -Upstream-Status: Submitted > [https://github.com/linaro-swg/optee_examples/pull/87] > > > > > - > > > > > -Signed-off-by: Sumit Garg<sumit.garg@linaro.org> > > > > > - > > > > > ---- > > > > > - Makefile | 5 +++++ > > > > > - 1 file changed, 5 insertions(+) > > > > > - > > > > > -diff --git a/Makefile b/Makefile > > > > > -index a275842..9359d95 100644 > > > > > ---- a/Makefile > > > > > -+++ b/Makefile > > > > > -@@ -25,14 +25,19 @@ prepare-for-rootfs: examples > > > > > - @mkdir -p $(OUTPUT_DIR) > > > > > - @mkdir -p $(OUTPUT_DIR)/ta > > > > > - @mkdir -p $(OUTPUT_DIR)/ca > > > > > -+ @mkdir -p $(OUTPUT_DIR)/plugins > > > > > - @for example in $(EXAMPLE_LIST); do \ > > > > > - if [ -e > $$example/host/optee_example_$$example ]; then \ > > > > > - cp -p > $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \ > > > > > - fi; \ > > > > > - cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \ > > > > > -+ if [ $$example = plugins ]; then \ > > > > > -+ cp -p plugins/syslog/*.plugin > $(OUTPUT_DIR)/plugins/; \ > > > > > -+ fi; \ > > > > > - done > > > > > - > > > > > - prepare-for-rootfs-clean: > > > > > - @rm -rf $(OUTPUT_DIR)/ta > > > > > - @rm -rf $(OUTPUT_DIR)/ca > > > > > -+ @rm -rf $(OUTPUT_DIR)/plugins > > > > > - @rmdir --ignore-fail-on-non-empty $(OUTPUT_DIR) || > test ! -e $(OUTPUT_DIR) > > > > > diff --git > a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb > b/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb > > > > > deleted file mode 100644 > > > > > index f2b5f7d..0000000 > > > > > --- a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb > > > > > +++ /dev/null > > > > > @@ -1,4 +0,0 @@ > > > > > -require optee-examples.inc > > > > > - > > > > > -SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec" > > > > > - > > > > > diff --git > a/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb > b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb > > > > > new file mode 100644 > > > > > index 0000000..b5f6269 > > > > > --- /dev/null > > > > > +++ b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb > > > > > @@ -0,0 +1,3 @@ > > > > > +require optee-examples.inc > > > > > + > > > > > +SRCREV = "65fc74309e12189ad5b6ce3ffec37c8011088a5a" > > > > > diff --git > a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb > b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb > > > > > similarity index 94% > > > > > rename from > meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb > > > > > rename to > meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb > > > > > index 0d37a52..c710e27 100644 > > > > > --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb > > > > > +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb > > > > > @@ -1,10 +1,11 @@ > > > > > FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:" > > > > > -require optee-os_3.14.0.bb > > > > > +require optee-os_3.16.0.bb > > > > > SUMMARY = "OP-TEE Trusted OS TA devkit" > > > > > DESCRIPTION = "OP-TEE TA devkit for build TAs" > > > > > HOMEPAGE ="https://www.op-tee.org/" > > > > > + > > > > > do_install() { > > > > > #install TA devkit > > > > > install -d ${D}${includedir}/optee/export-user_ta/ > > > > > diff --git a/meta-arm/recipes-security/optee/optee-os.inc > b/meta-arm/recipes-security/optee/optee-os.inc > > > > > index 1506a58..57c64fd 100644 > > > > > --- a/meta-arm/recipes-security/optee/optee-os.inc > > > > > +++ b/meta-arm/recipes-security/optee/optee-os.inc > > > > > @@ -10,7 +10,7 @@ require optee.inc > > > > > CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os" > > > > > -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native" > > > > > +DEPENDS = "python3-pycryptodome-native > python3-pyelftools-native python3-cryptography-native" > > > > > DEPENDS:append:toolchain-clang = " compiler-rt" > > > > > diff --git > a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb > b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb > > > > > similarity index 76% > > > > > rename from meta-arm/recipes-security/optee/optee-os_3.14.0.bb > > > > > rename to meta-arm/recipes-security/optee/optee-os_3.16.0.bb > > > > > index 95d82bb..873e964 100644 > > > > > --- a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb > > > > > +++ b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb > > > > > @@ -1,6 +1,6 @@ > > > > > require optee-os.inc > > > > > -SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f" > > > > > +SRCREV = "d0b742d1564834dac903f906168d7357063d5459" > > > > > SRC_URI:append = " \ > > > > > file://0006-allow-setting-sysroot-for-libgcc-lookup.patch > <file://0006-allow-setting-sysroot-for-libgcc-lookup.patch> \ > > > > > diff --git a/meta-arm/recipes-security/optee/optee-test.inc > b/meta-arm/recipes-security/optee/optee-test.inc > > > > > index aada243..33eda29 100644 > > > > > --- a/meta-arm/recipes-security/optee/optee-test.inc > > > > > +++ b/meta-arm/recipes-security/optee/optee-test.inc > > > > > @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM > ="file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa > <file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa>" > > > > > inherit python3native ptest > > > > > require optee.inc > > > > > -DEPENDS = "optee-client optee-os-tadevkit > python3-pycryptodome-native" > > > > > +DEPENDS = "optee-client optee-os-tadevkit > python3-pycryptodome-native python3-cryptography-native" > > > > > SRC_URI = > "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \ > > > > > file://run-ptest <file://run-ptest> \ > > > > > diff --git > a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb > b/meta-arm/recipes-security/optee/optee-test_3.14.0.bb > > > > > deleted file mode 100644 > > > > > index 6367c27..0000000 > > > > > --- a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb > > > > > +++ /dev/null > > > > > @@ -1,3 +0,0 @@ > > > > > -require optee-test.inc > > > > > - > > > > > -SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741" > > > > > diff --git > a/meta-arm/recipes-security/optee/optee-test_3.16.0.bb > b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb > > > > > new file mode 100644 > > > > > index 0000000..03f9c34 > > > > > --- /dev/null > > > > > +++ b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb > > > > > @@ -0,0 +1,3 @@ > > > > > +require optee-test.inc > > > > > + > > > > > +SRCREV = "1cf0e6d2bdd1145370033d4e182634458528579d" > > > > > diff --git a/meta-arm/recipes-security/optee/optee.inc > b/meta-arm/recipes-security/optee/optee.inc > > > > > index f02a022..beae366 100644 > > > > > --- a/meta-arm/recipes-security/optee/optee.inc > > > > > +++ b/meta-arm/recipes-security/optee/optee.inc > > > > > @@ -26,3 +26,6 @@ EXTRA_OEMAKE += "V=1 \ > > > > > OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \ > > > > > TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \ > > > > > " > > > > > +# python3-cryptography needs the legacy provider, so set > OPENSSL_MODULES to the > > > > > +# right path until this is relocated automatically. > > > > > +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" > > > > > -- > > > > > 2.25.1 > > > > > > > > > > > > > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#3096):https://lists.yoctoproject.org/g/meta-arm/message/3096 > Mute This Topic:https://lists.yoctoproject.org/mt/89404067/4354175 > Group Owner:meta-arm+owner@lists.yoctoproject.org > Unsubscribe:https://lists.yoctoproject.org/g/meta-arm/unsub [alhe@linux.microsoft.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote: > > On 3/3/22 10:55, Abdellatif El Khlifi wrote: > >Hello, > > > >I suggest the following: > > > >In meta-arm-bsp/conf/layer.conf add : > > > >LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " > >meta-python openembedded-layer" > > > This statement is a little confusing (to me), please correct me if > I'm wrong, but you're saying > > we should set a dependency from meta-arm-bsp layer, only for > qemuarm64-secureboot, > > however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp, > > AFAIC meta-arm-bsp has now knowledge of its existence, in fact > there's no other mention of > > qemuarm64-secureboot in meta-arm-bsp. Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on meta-arm, not meta-arm-bsp. Depending on python3-cryptography which is only available in meta-python (part of meta-openembedded) should be avoided. Back in the day we pushed for moving other python3 dependencies like pycryptodome and pyelftools into OE-Core: https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516ca https://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571 We could try doing the same with this new python3-cryptography dependecy and propose moving it to OE-Core. Alternatively, consider adding it to meta-arm? Not ideal, but meta-arm-bsp briefly carried alternative/older version recently: https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058
On 3/3/22 23:37, Denys Dmytriyenko wrote: > On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote: >> On 3/3/22 10:55, Abdellatif El Khlifi wrote: >>> Hello, >>> >>> I suggest the following: >>> >>> In meta-arm-bsp/conf/layer.conf add : >>> >>> LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " >>> meta-python openembedded-layer" >> >> This statement is a little confusing (to me), please correct me if >> I'm wrong, but you're saying >> >> we should set a dependency from meta-arm-bsp layer, only for >> qemuarm64-secureboot, >> >> however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp, >> >> AFAIC meta-arm-bsp has now knowledge of its existence, in fact >> there's no other mention of >> >> qemuarm64-secureboot in meta-arm-bsp. > Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on > meta-arm, not meta-arm-bsp. > > Depending on python3-cryptography which is only available in meta-python (part > of meta-openembedded) should be avoided. Back in the day we pushed for moving > other python3 dependencies like pycryptodome and pyelftools into OE-Core: > > https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516ca > https://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571 > > We could try doing the same with this new python3-cryptography dependecy and > propose moving it to OE-Core. Alternatively, consider adding it to meta-arm? > Not ideal, but meta-arm-bsp briefly carried alternative/older version recently: > > https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058 I agree with Denys's point here, I think its likely there's other cases just like meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO it would make sense to add a copy of python3-cryptography to meta-arm (especially since there's been similar situations in the past) and in parallel try to make a case for python3-cryptography to be moved from meta-python to OE-core. Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm. Alejandro
On Thu, Mar 3, 2022 at 7:16 PM Alejandro Hernandez Samaniego < alhe@linux.microsoft.com> wrote: > > On 3/3/22 23:37, Denys Dmytriyenko wrote: > > On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote: > > On 3/3/22 10:55, Abdellatif El Khlifi wrote: > > Hello, > > I suggest the following: > > In meta-arm-bsp/conf/layer.conf add : > > LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " > meta-python openembedded-layer" > > > This statement is a little confusing (to me), please correct me if > I'm wrong, but you're saying > > we should set a dependency from meta-arm-bsp layer, only for > qemuarm64-secureboot, > > however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp, > > AFAIC meta-arm-bsp has now knowledge of its existence, in fact > there's no other mention of > > qemuarm64-secureboot in meta-arm-bsp. > > Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on > meta-arm, not meta-arm-bsp. > > Depending on python3-cryptography which is only available in meta-python (part > of meta-openembedded) should be avoided. Back in the day we pushed for moving > other python3 dependencies like pycryptodome and pyelftools into OE-Core: > https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516cahttps://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571 > > We could try doing the same with this new python3-cryptography dependecy and > propose moving it to OE-Core. Alternatively, consider adding it to meta-arm? > Not ideal, but meta-arm-bsp briefly carried alternative/older version recently: > https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058 > > I agree with Denys's point here, I think its likely there's other cases just like > meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO > it would make sense to add a copy of python3-cryptography to meta-arm (especially since > there's been similar situations in the past) and in parallel try to make a case for > python3-cryptography to be moved from meta-python to OE-core. > > Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm. > > I have suggested moving python3-cryptography (also python3-cryptography-vectors) to oe-core previously. It is heavily used for cryptography and needs to be kept up to date which is much more likely in oe-core. This also means python3-pyo3, pyo3.bbclass, python3-setuptools-rust-native and the setuptools_rust.bbclass would also move to oe-core. And then some tests. And documentation. > Alejandro > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#3107): > https://lists.yoctoproject.org/g/meta-arm/message/3107 > Mute This Topic: https://lists.yoctoproject.org/mt/89404067/924729 > Group Owner: meta-arm+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [ > ticotimo@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
Hi guys,
Thanks for the feedback.
Since the machine is in meta-arm (meta-arm/conf/machine/qemuarm64-secureboot.conf), it makes sense to add the meta-python layer dependency as detailed below.
It works, meta-python and python3-cryptography are detected. Please have a look at the logs below.
So, technically it works. But let's see what Jon and Ross think.
Suggested changes:
In ci/qemuarm64-secureboot.yml add:
- ci/meta-openembedded.yml
In meta-arm/conf/layer.conf add:
LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " meta-python openembedded-layer"
Before the changes:
bitbake-layers show-layers
NOTE: Starting bitbake server...
layer path priority
==========================================================================
meta-arm /home/abdelk01/Work/qemu/meta-arm/meta-arm 5
meta-arm-bsp /home/abdelk01/Work/qemu/meta-arm/meta-arm-bsp 5
meta-arm-toolchain /home/abdelk01/Work/qemu/meta-arm/meta-arm-toolchain 5
meta /home/abdelk01/Work/qemu/poky/meta 5
meta-poky /home/abdelk01/Work/qemu/poky/meta-poky 5
After the changes:
bitbake-layers show-layers
NOTE: Starting bitbake server...
layer path priority
==========================================================================
meta-arm /home/abdelk01/Work/qemu/meta-arm/meta-arm 5
meta-arm-bsp /home/abdelk01/Work/qemu/meta-arm/meta-arm-bsp 5
meta-arm-toolchain /home/abdelk01/Work/qemu/meta-arm/meta-arm-toolchain 5
meta-filesystems /home/abdelk01/Work/qemu/meta-openembedded/meta-filesystems 5
meta-networking /home/abdelk01/Work/qemu/meta-openembedded/meta-networking 5
meta-oe /home/abdelk01/Work/qemu/meta-openembedded/meta-oe 5
meta-python /home/abdelk01/Work/qemu/meta-openembedded/meta-python 5
meta /home/abdelk01/Work/qemu/poky/meta 5
meta-poky /home/abdelk01/Work/qemu/poky/meta-poky 5
bitbake-layers show-recipes | grep -A 1 python3-cryptography
python3-cryptography:
meta-python 36.0.1
python3-cryptography-vectors:
meta-python 36.0.1
Kind regards
I meant adding meta-python dependency to meta-arm layer like this: In meta-arm/conf/layer.conf: LAYERDEPENDS_meta-arm:append:qemuarm64-secureboot = " meta-python openembedded-layer" It works as explained in the previous email.
On Fri, Mar 04, 2022 at 11:43:38AM +0000, Abdellatif El Khlifi wrote: > I meant adding meta-python dependency to meta-arm layer like this: > > In meta-arm/conf/layer.conf: > > LAYERDEPENDS_meta-arm:append:qemuarm64-secureboot = " meta-python openembedded-layer" optee-os dependency on python3-cryptography is NOT specific to qemuarm64-secureboot! > It works as explained in the previous email. > ________________________________ > From: Abdellatif El Khlifi <Abdellatif.ElKhlifi@arm.com> > Sent: 04 March 2022 11:35 > To: Tim Orling <ticotimo@gmail.com>; Alejandro Hernandez Samaniego <alhe@linux.microsoft.com> > Cc: Denys Dmytriyenko <denis@denix.org>; Drew Reed <Drew.Reed@arm.com>; Jon Mason <jdmason@kudzu.us>; Maxim Uvarov <maxim.uvarov@linaro.org>; Peter Griffin <peter.griffin@linaro.org>; Sumit Garg <sumit.garg@linaro.org>; Vishnu Banavath <Vishnu.Banavath@arm.com>; meta-arm@lists.yoctoproject.org <meta-arm@lists.yoctoproject.org>; Ross Burton <Ross.Burton@arm.com> > Subject: Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16 > > Hi guys, > > Thanks for the feedback. > > Since the machine is in meta-arm (meta-arm/conf/machine/qemuarm64-secureboot.conf), it makes sense to add the meta-python layer dependency as detailed below. > > It works, meta-python and python3-cryptography are detected. Please have a look at the logs below. > > So, technically it works. But let's see what Jon and Ross think. > > Suggested changes: > > In ci/qemuarm64-secureboot.yml add: > > - ci/meta-openembedded.yml > > In meta-arm/conf/layer.conf add: > > LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " meta-python openembedded-layer" > > Before the changes: > > bitbake-layers show-layers > > NOTE: Starting bitbake server... > layer path priority > ========================================================================== > meta-arm /home/abdelk01/Work/qemu/meta-arm/meta-arm 5 > meta-arm-bsp /home/abdelk01/Work/qemu/meta-arm/meta-arm-bsp 5 > meta-arm-toolchain /home/abdelk01/Work/qemu/meta-arm/meta-arm-toolchain 5 > meta /home/abdelk01/Work/qemu/poky/meta 5 > meta-poky /home/abdelk01/Work/qemu/poky/meta-poky 5 > > > After the changes: > > bitbake-layers show-layers > > NOTE: Starting bitbake server... > layer path priority > ========================================================================== > meta-arm /home/abdelk01/Work/qemu/meta-arm/meta-arm 5 > meta-arm-bsp /home/abdelk01/Work/qemu/meta-arm/meta-arm-bsp 5 > meta-arm-toolchain /home/abdelk01/Work/qemu/meta-arm/meta-arm-toolchain 5 > meta-filesystems /home/abdelk01/Work/qemu/meta-openembedded/meta-filesystems 5 > meta-networking /home/abdelk01/Work/qemu/meta-openembedded/meta-networking 5 > meta-oe /home/abdelk01/Work/qemu/meta-openembedded/meta-oe 5 > meta-python /home/abdelk01/Work/qemu/meta-openembedded/meta-python 5 > meta /home/abdelk01/Work/qemu/poky/meta 5 > meta-poky /home/abdelk01/Work/qemu/poky/meta-poky 5 > > bitbake-layers show-recipes | grep -A 1 python3-cryptography > > python3-cryptography: > meta-python 36.0.1 > python3-cryptography-vectors: > meta-python 36.0.1 > > Kind regards > ________________________________ > From: Tim Orling <ticotimo@gmail.com> > Sent: 04 March 2022 03:58 > To: Alejandro Hernandez Samaniego <alhe@linux.microsoft.com> > Cc: Abdellatif El Khlifi <Abdellatif.ElKhlifi@arm.com>; Denys Dmytriyenko <denis@denix.org>; Drew Reed <Drew.Reed@arm.com>; Jon Mason <jdmason@kudzu.us>; Maxim Uvarov <maxim.uvarov@linaro.org>; Peter Griffin <peter.griffin@linaro.org>; Sumit Garg <sumit.garg@linaro.org>; Vishnu Banavath <Vishnu.Banavath@arm.com>; meta-arm@lists.yoctoproject.org <meta-arm@lists.yoctoproject.org> > Subject: Re: [meta-arm] [PATCH] arm/optee: Upgrade from 3.14 to 3.16 > > > > On Thu, Mar 3, 2022 at 7:16 PM Alejandro Hernandez Samaniego <alhe@linux.microsoft.com<mailto:alhe@linux.microsoft.com>> wrote: > > > On 3/3/22 23:37, Denys Dmytriyenko wrote: > > On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote: > > > On 3/3/22 10:55, Abdellatif El Khlifi wrote: > > > Hello, > > I suggest the following: > > In meta-arm-bsp/conf/layer.conf add : > > LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " > meta-python openembedded-layer" > > > > This statement is a little confusing (to me), please correct me if > I'm wrong, but you're saying > > we should set a dependency from meta-arm-bsp layer, only for > qemuarm64-secureboot, > > however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp, > > AFAIC meta-arm-bsp has now knowledge of its existence, in fact > there's no other mention of > > qemuarm64-secureboot in meta-arm-bsp. > > > Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on > meta-arm, not meta-arm-bsp. > > Depending on python3-cryptography which is only available in meta-python (part > of meta-openembedded) should be avoided. Back in the day we pushed for moving > other python3 dependencies like pycryptodome and pyelftools into OE-Core: > > https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516ca > https://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571 > > We could try doing the same with this new python3-cryptography dependecy and > propose moving it to OE-Core. Alternatively, consider adding it to meta-arm? > Not ideal, but meta-arm-bsp briefly carried alternative/older version recently: > > https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058 > > I agree with Denys's point here, I think its likely there's other cases just like > meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO > it would make sense to add a copy of python3-cryptography to meta-arm (especially since > there's been similar situations in the past) and in parallel try to make a case for > python3-cryptography to be moved from meta-python to OE-core. > > Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm. > > > I have suggested moving python3-cryptography (also python3-cryptography-vectors) to oe-core previously. It is heavily used for cryptography and needs to be kept up to date which is much more likely in oe-core. > > This also means python3-pyo3, pyo3.bbclass, python3-setuptools-rust-native and the setuptools_rust.bbclass would also move to oe-core. > > And then some tests. And documentation. > > > > Alejandro
On Fri, Mar 04, 2022 at 03:16:31AM +0000, Alejandro Hernandez wrote: > > On 3/3/22 23:37, Denys Dmytriyenko wrote: > > On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote: > > > On 3/3/22 10:55, Abdellatif El Khlifi wrote: > > > > Hello, > > > > > > > > I suggest the following: > > > > > > > > In meta-arm-bsp/conf/layer.conf add : > > > > > > > > LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " > > > > meta-python openembedded-layer" > > > > > > This statement is a little confusing (to me), please correct me if > > > I'm wrong, but you're saying > > > > > > we should set a dependency from meta-arm-bsp layer, only for > > > qemuarm64-secureboot, > > > > > > however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp, > > > > > > AFAIC meta-arm-bsp has now knowledge of its existence, in fact > > > there's no other mention of > > > > > > qemuarm64-secureboot in meta-arm-bsp. > > Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on > > meta-arm, not meta-arm-bsp. > > > > Depending on python3-cryptography which is only available in meta-python (part > > of meta-openembedded) should be avoided. Back in the day we pushed for moving > > other python3 dependencies like pycryptodome and pyelftools into OE-Core: > > > > https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516ca > > https://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571 > > > > We could try doing the same with this new python3-cryptography dependecy and > > propose moving it to OE-Core. Alternatively, consider adding it to meta-arm? > > Not ideal, but meta-arm-bsp briefly carried alternative/older version recently: > > > > https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058 > > I agree with Denys's point here, I think its likely there's other cases just like > meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO > it would make sense to add a copy of python3-cryptography to meta-arm (especially since > there's been similar situations in the past) and in parallel try to make a case for > python3-cryptography to be moved from meta-python to OE-core. > > Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm. This seems reasonable. Can you rework your series to add this? Also, we need to keep the older version of OPTEE for corstone1000 (for the kirkstone release). So, if you can keep that around in v2, it would be appreciated. Thanks, Jon > > Alejandro
On 3/9/22 13:01, Jon Mason wrote: > On Fri, Mar 04, 2022 at 03:16:31AM +0000, Alejandro Hernandez wrote: >> On 3/3/22 23:37, Denys Dmytriyenko wrote: >>> On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote: >>>> On 3/3/22 10:55, Abdellatif El Khlifi wrote: >>>>> Hello, >>>>> >>>>> I suggest the following: >>>>> >>>>> In meta-arm-bsp/conf/layer.conf add : >>>>> >>>>> LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " >>>>> meta-python openembedded-layer" >>>> This statement is a little confusing (to me), please correct me if >>>> I'm wrong, but you're saying >>>> >>>> we should set a dependency from meta-arm-bsp layer, only for >>>> qemuarm64-secureboot, >>>> >>>> however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp, >>>> >>>> AFAIC meta-arm-bsp has now knowledge of its existence, in fact >>>> there's no other mention of >>>> >>>> qemuarm64-secureboot in meta-arm-bsp. >>> Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on >>> meta-arm, not meta-arm-bsp. >>> >>> Depending on python3-cryptography which is only available in meta-python (part >>> of meta-openembedded) should be avoided. Back in the day we pushed for moving >>> other python3 dependencies like pycryptodome and pyelftools into OE-Core: >>> >>> https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516ca >>> https://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571 >>> >>> We could try doing the same with this new python3-cryptography dependecy and >>> propose moving it to OE-Core. Alternatively, consider adding it to meta-arm? >>> Not ideal, but meta-arm-bsp briefly carried alternative/older version recently: >>> >>> https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058 >> I agree with Denys's point here, I think its likely there's other cases just like >> meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO >> it would make sense to add a copy of python3-cryptography to meta-arm (especially since >> there's been similar situations in the past) and in parallel try to make a case for >> python3-cryptography to be moved from meta-python to OE-core. >> >> Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm. > This seems reasonable. Can you rework your series to add this? Also, > we need to keep the older version of OPTEE for corstone1000 (for the > kirkstone release). So, if you can keep that around in v2, it would > be appreciated. > > Thanks, > Jon Will do, I'll send a v2 soon. Cheers, Alejandro >> Alejandro >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#3142):https://lists.yoctoproject.org/g/meta-arm/message/3142 >> Mute This Topic:https://lists.yoctoproject.org/mt/89404067/4354175 >> Group Owner:meta-arm+owner@lists.yoctoproject.org >> Unsubscribe:https://lists.yoctoproject.org/g/meta-arm/unsub [alhe@linux.microsoft.com] >> -=-=-=-=-=-=-=-=-=-=-=- >>
On Thu, 10 Mar 2022 at 01:05, Alejandro Hernandez Samaniego <alhe@linux.microsoft.com> wrote: > I agree with Denys's point here, I think its likely there's other cases just like > meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO > it would make sense to add a copy of python3-cryptography to meta-arm (especially since > there's been similar situations in the past) and in parallel try to make a case for > python3-cryptography to be moved from meta-python to OE-core. > > Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm. > > This seems reasonable. Can you rework your series to add this? Also, > we need to keep the older version of OPTEE for corstone1000 (for the > kirkstone release). So, if you can keep that around in v2, it would > be appreciated. Sorry for being late to this thread, I've been elbow-deep in Python packaging changes. As Tim said, moving python3-cryptography to meta-arm isn't one recipe: it's two recipes and four or so classes. This isn't a trivial operation and I'm against that. Can the use of python3-cryptography be a PACKAGECONFIG that is disabled in optee out of the box, so machines which want to use it can turn it on and add the dependency? A less-worse option would be to DYNAMIC_LAYERS the optee recipes, so they're only parsed if meta-python is around. Long term we definitely need to move the crypto stack to oe-core. I wonder if RP would be open to moving it now... Ross
On Thu, 2022-03-10 at 13:44 +0000, Ross Burton wrote: > On Thu, 10 Mar 2022 at 01:05, Alejandro Hernandez Samaniego > <alhe@linux.microsoft.com> wrote: > > I agree with Denys's point here, I think its likely there's other cases just like > > meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO > > it would make sense to add a copy of python3-cryptography to meta-arm (especially since > > there's been similar situations in the past) and in parallel try to make a case for > > python3-cryptography to be moved from meta-python to OE-core. > > > > Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm. > > > > This seems reasonable. Can you rework your series to add this? Also, > > we need to keep the older version of OPTEE for corstone1000 (for the > > kirkstone release). So, if you can keep that around in v2, it would > > be appreciated. > > Sorry for being late to this thread, I've been elbow-deep in Python > packaging changes. > > As Tim said, moving python3-cryptography to meta-arm isn't one recipe: > it's two recipes and four or so classes. This isn't a trivial > operation and I'm against that. > > Can the use of python3-cryptography be a PACKAGECONFIG that is > disabled in optee out of the box, so machines which want to use it can > turn it on and add the dependency? > > A less-worse option would be to DYNAMIC_LAYERS the optee recipes, so > they're only parsed if meta-python is around. > > Long term we definitely need to move the crypto stack to oe-core. I > wonder if RP would be open to moving it now... I'm wondering how many classes/recipes are involved but I'm open to the idea... Cheers, Richard
From Tim earlier in the thread: > I have suggested moving python3-cryptography (also python3-cryptography-vectors) to oe-core previously. It is heavily used for cryptography and needs to be kept up to date which is much more likely in oe-core. > This also means python3-pyo3, pyo3.bbclass, python3-setuptools-rust-native and the setuptools_rust.bbclass would also move to oe-core. A few recipes and their ancillary classes. Ross On Thu, 10 Mar 2022 at 16:37, Richard Purdie <richard.purdie@linuxfoundation.org> wrote: > > On Thu, 2022-03-10 at 13:44 +0000, Ross Burton wrote: > > On Thu, 10 Mar 2022 at 01:05, Alejandro Hernandez Samaniego > > <alhe@linux.microsoft.com> wrote: > > > I agree with Denys's point here, I think its likely there's other cases just like > > > meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO > > > it would make sense to add a copy of python3-cryptography to meta-arm (especially since > > > there's been similar situations in the past) and in parallel try to make a case for > > > python3-cryptography to be moved from meta-python to OE-core. > > > > > > Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm. > > > > > > This seems reasonable. Can you rework your series to add this? Also, > > > we need to keep the older version of OPTEE for corstone1000 (for the > > > kirkstone release). So, if you can keep that around in v2, it would > > > be appreciated. > > > > Sorry for being late to this thread, I've been elbow-deep in Python > > packaging changes. > > > > As Tim said, moving python3-cryptography to meta-arm isn't one recipe: > > it's two recipes and four or so classes. This isn't a trivial > > operation and I'm against that. > > > > Can the use of python3-cryptography be a PACKAGECONFIG that is > > disabled in optee out of the box, so machines which want to use it can > > turn it on and add the dependency? > > > > A less-worse option would be to DYNAMIC_LAYERS the optee recipes, so > > they're only parsed if meta-python is around. > > > > Long term we definitely need to move the crypto stack to oe-core. I > > wonder if RP would be open to moving it now... > > I'm wondering how many classes/recipes are involved but I'm open to the idea... > > Cheers, > > Richard >
On 3/10/22 01:05, Alejandro Hernandez wrote: > > > On 3/9/22 13:01, Jon Mason wrote: >> On Fri, Mar 04, 2022 at 03:16:31AM +0000, Alejandro Hernandez wrote: >>> On 3/3/22 23:37, Denys Dmytriyenko wrote: >>>> On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote: >>>>> On 3/3/22 10:55, Abdellatif El Khlifi wrote: >>>>>> Hello, >>>>>> >>>>>> I suggest the following: >>>>>> >>>>>> In meta-arm-bsp/conf/layer.conf add : >>>>>> >>>>>> LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " >>>>>> meta-python openembedded-layer" >>>>> This statement is a little confusing (to me), please correct me if >>>>> I'm wrong, but you're saying >>>>> >>>>> we should set a dependency from meta-arm-bsp layer, only for >>>>> qemuarm64-secureboot, >>>>> >>>>> however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp, >>>>> >>>>> AFAIC meta-arm-bsp has now knowledge of its existence, in fact >>>>> there's no other mention of >>>>> >>>>> qemuarm64-secureboot in meta-arm-bsp. >>>> Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on >>>> meta-arm, not meta-arm-bsp. >>>> >>>> Depending on python3-cryptography which is only available in meta-python (part >>>> of meta-openembedded) should be avoided. Back in the day we pushed for moving >>>> other python3 dependencies like pycryptodome and pyelftools into OE-Core: >>>> >>>> https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516ca >>>> https://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571 >>>> >>>> We could try doing the same with this new python3-cryptography dependecy and >>>> propose moving it to OE-Core. Alternatively, consider adding it to meta-arm? >>>> Not ideal, but meta-arm-bsp briefly carried alternative/older version recently: >>>> >>>> https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058 >>> I agree with Denys's point here, I think its likely there's other cases just like >>> meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO >>> it would make sense to add a copy of python3-cryptography to meta-arm (especially since >>> there's been similar situations in the past) and in parallel try to make a case for >>> python3-cryptography to be moved from meta-python to OE-core. >>> >>> Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm. >> This seems reasonable. Can you rework your series to add this? Also, >> we need to keep the older version of OPTEE for corstone1000 (for the >> kirkstone release). So, if you can keep that around in v2, it would >> be appreciated. >> >> Thanks, >> Jon > Will do, I'll send a v2 soon. > Cheers, > Alejandro > > Quick update before sending v2, the list of required dependencies to bring python3-cryptography is the following: recipes: python3-asn1crypto_1.4.0.bb python3-cffi_1.15.0.bb python3-cryptography python3-cryptography_36.0.1.bb python3-cryptography-vectors_36.0.1.bb python3-pycparser_2.21.bb python3-semantic-version_2.9.0.bb python3-setuptools-rust-native_1.1.2.bb python3-typing-extensions_3.10.0.0.bb classes: pyo3.bbclass setuptools3_rust.bbclass Alejandro >>> Alejandro >>> >>> -=-=-=-=-=-=-=-=-=-=-=- >>> Links: You receive all messages sent to this group. >>> View/Reply Online (#3142):https://lists.yoctoproject.org/g/meta-arm/message/3142 >>> Mute This Topic:https://lists.yoctoproject.org/mt/89404067/4354175 >>> Group Owner:meta-arm+owner@lists.yoctoproject.org >>> Unsubscribe:https://lists.yoctoproject.org/g/meta-arm/unsub [alhe@linux.microsoft.com] >>> -=-=-=-=-=-=-=-=-=-=-=- >>>
On Thu, Mar 10, 2022 at 9:12 AM Alejandro Hernandez Samaniego < alhe@linux.microsoft.com> wrote: > > On 3/10/22 01:05, Alejandro Hernandez wrote: > > > On 3/9/22 13:01, Jon Mason wrote: > > On Fri, Mar 04, 2022 at 03:16:31AM +0000, Alejandro Hernandez wrote: > > On 3/3/22 23:37, Denys Dmytriyenko wrote: > > On Thu, Mar 03, 2022 at 09:11:28PM +0000, Alejandro Hernandez Samaniego wrote: > > On 3/3/22 10:55, Abdellatif El Khlifi wrote: > > Hello, > > I suggest the following: > > In meta-arm-bsp/conf/layer.conf add : > > LAYERDEPENDS_meta-arm-bsp:append:qemuarm64-secureboot = " > meta-python openembedded-layer" > > This statement is a little confusing (to me), please correct me if > I'm wrong, but you're saying > > we should set a dependency from meta-arm-bsp layer, only for > qemuarm64-secureboot, > > however, the qemuarm64-secureboot is part of meta-arm and not meta-arm-bsp, > > AFAIC meta-arm-bsp has now knowledge of its existence, in fact > there's no other mention of > > qemuarm64-secureboot in meta-arm-bsp. > > Moreover, optee is used by other BSP layers (e.g. meta-ti) by depending on > meta-arm, not meta-arm-bsp. > > Depending on python3-cryptography which is only available in meta-python (part > of meta-openembedded) should be avoided. Back in the day we pushed for moving > other python3 dependencies like pycryptodome and pyelftools into OE-Core: > https://git.openembedded.org/meta-openembedded/commit/?id=a8f3c00d8d113b46a49584682e10435157d516cahttps://git.yoctoproject.org/meta-arm/commit/?id=f2069723f27d9229e8ec74263a41160c8df32571 > > We could try doing the same with this new python3-cryptography dependecy and > propose moving it to OE-Core. Alternatively, consider adding it to meta-arm? > Not ideal, but meta-arm-bsp briefly carried alternative/older version recently: > https://git.yoctoproject.org/meta-arm/commit/?id=a15c16068ab011e2ba91a6c4ca6e1251de0d8058 > > I agree with Denys's point here, I think its likely there's other cases just like > meta-ti, and we would be forcing a meta-oe and meta-python dependency on them, IMO > it would make sense to add a copy of python3-cryptography to meta-arm (especially since > there's been similar situations in the past) and in parallel try to make a case for > python3-cryptography to be moved from meta-python to OE-core. > > Once (and if) we're successful we can delete the python3-cyrptography copy from meta-arm. > > This seems reasonable. Can you rework your series to add this? Also, > we need to keep the older version of OPTEE for corstone1000 (for the > kirkstone release). So, if you can keep that around in v2, it would > be appreciated. > > Thanks, > Jon > > Will do, I'll send a v2 soon. > > Cheers, > > Alejandro > > > Quick update before sending v2, the list of required dependencies to bring python3-cryptography is the following: > > recipes: > > python3-asn1crypto_1.4.0.bbpython3-cffi_1.15.0.bb > python3-cryptographypython3-cryptography_36.0.1.bbpython3-cryptography-vectors_36.0.1.bbpython3-pycparser_2.21.bbpython3-semantic-version_2.9.0.bbpython3-setuptools-rust-native_1.1.2.bbpython3-typing-extensions_3.10.0.0.bb > > classes: > > pyo3.bbclass > setuptools3_rust.bbclass > > The full story (only missing a couple recipes added to ptest because I don’t know if they are slow or fast) https://git.yoctoproject.org/poky-contrib/log/?h=timo/move-py-crypto —Tim > > Alejandro > > > Alejandro > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#3150): > https://lists.yoctoproject.org/g/meta-arm/message/3150 > Mute This Topic: https://lists.yoctoproject.org/mt/89404067/924729 > Group Owner: meta-arm+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub [ > ticotimo@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
Thanks Tim and Richard!, I'll send a v2 soon based off on those changes. Cheers, Alejandro On 3/13/22 11:17, Richard Purdie wrote: > On Sat, 2022-03-12 at 14:02 -0800, Tim Orling wrote: >> On Thu, Mar 10, 2022 at 9:12 AM Alejandro Hernandez Samaniego >> <alhe@linux.microsoft.com> wrote: >>> Quick update before sending v2, the list of required dependencies to bring >>> python3-cryptography is the following: >>> recipes: >>> python3-asn1crypto_1.4.0.bb >>> python3-cffi_1.15.0.bb >>> python3-cryptography >>> python3-cryptography_36.0.1.bb >>> python3-cryptography-vectors_36.0.1.bb >>> python3-pycparser_2.21.bb >>> python3-semantic-version_2.9.0.bb >>> python3-setuptools-rust-native_1.1.2.bb >>> python3-typing-extensions_3.10.0.0.bb >>> classes: >>> pyo3.bbclass >>> setuptools3_rust.bbclass >>> >> >> The full story (only missing a couple recipes added to ptest because I don’t >> know if they are slow or fast) >> https://git.yoctoproject.org/poky-contrib/log/?h=timo/move-py-crypto > I've tweaked the series a bit and it is now in master-next. > > I've renamed the classes to add a python_ prefix which will mean we need to > tweak recipes a little but I think it is the right thing to do and best done now > rather than any later. > > Cheers, > > Richard > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#3168):https://lists.yoctoproject.org/g/meta-arm/message/3168 > Mute This Topic:https://lists.yoctoproject.org/mt/89404067/4354175 > Group Owner:meta-arm+owner@lists.yoctoproject.org > Unsubscribe:https://lists.yoctoproject.org/g/meta-arm/unsub [alhe@linux.microsoft.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Fri, 25 Feb 2022 20:04:41 -0700, Alejandro Enedino Hernandez Samaniego wrote: > - Removes upstreamed patches for optee-examples > - Fixes optee-examples installation > - Includes new python3-cryptography dependency > - Fixes python3-cryptography to work with openssl > > Tested on qemuarm64-secureboot via optee-examples xtest -l 15 Applied, thanks! [1/1] arm/optee: Upgrade from 3.14 to 3.16 commit: 3d0e5368d17fac053227422e4f4fddbc1fa7c7de Best regards,
diff --git a/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend similarity index 100% rename from meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bbappend rename to meta-arm-bsp/recipes-security/optee/optee-client_3.16.0.bbappend diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend similarity index 100% rename from meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend rename to meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.16.0.bbappend diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend similarity index 100% rename from meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend rename to meta-arm-bsp/recipes-security/optee/optee-os_3.16.0.bbappend diff --git a/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend similarity index 100% rename from meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend rename to meta-arm-bsp/recipes-security/optee/optee-test_3.16.0.bbappend diff --git a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb index f2a74da..0eb64cd 100644 --- a/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb +++ b/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb @@ -15,7 +15,9 @@ inherit deploy python3native LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=27e94c0280987ab296b0b8dd02ab9fe5" -DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit" +DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native python3-pyelftools-native optee-os-tadevkit \ + python3-cryptography-native \ + " FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896" @@ -48,6 +50,10 @@ EXTRA_OEMAKE:append:aarch64:qemuall = "\ CFG_ARM64_ta_arm64=y \ " +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" + PARALLEL_MAKE = "" do_compile() { diff --git a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb b/meta-arm/recipes-security/optee/optee-client_3.14.0.bb deleted file mode 100644 index be78b88..0000000 --- a/meta-arm/recipes-security/optee/optee-client_3.14.0.bb +++ /dev/null @@ -1,3 +0,0 @@ -require optee-client.inc - -SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53" diff --git a/meta-arm/recipes-security/optee/optee-client_3.16.0.bb b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb new file mode 100644 index 0000000..4a36cbc --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-client_3.16.0.bb @@ -0,0 +1,3 @@ +require optee-client.inc + +SRCREV = "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2" diff --git a/meta-arm/recipes-security/optee/optee-examples.inc b/meta-arm/recipes-security/optee/optee-examples.inc index 656722e..097f892 100644 --- a/meta-arm/recipes-security/optee/optee-examples.inc +++ b/meta-arm/recipes-security/optee/optee-examples.inc @@ -5,16 +5,14 @@ HOMEPAGE = "https://github.com/linaro-swg/optee_examples" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=cd95ab417e23b94f381dafc453d70c30" -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native" +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native" inherit python3native require optee.inc SRC_URI = "git://github.com/linaro-swg/optee_examples.git;branch=master;protocol=https \ - file://0001-plugins-Honour-default-cross-compiler-environment-se.patch \ - file://0002-Makefile-Enable-plugins-installation-in-rootfs.patch \ - " + file://0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch" EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ HOST_CROSS_COMPILE=${HOST_PREFIX} \ @@ -25,6 +23,7 @@ EXTRA_OEMAKE += "TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \ S = "${WORKDIR}/git" B = "${WORKDIR}/build" + do_compile() { oe_runmake -C ${S} } diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch new file mode 100644 index 0000000..70add62 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch @@ -0,0 +1,46 @@ +From 11610debf750f15c7a104db7315dcd7d69e282a8 Mon Sep 17 00:00:00 2001 +From: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com> +Date: Sat, 26 Feb 2022 01:52:26 +0000 +Subject: [PATCH] Makefile: Fix non-portable sh check for plugins + +Upstream-Status: Pending + +We previously held a patch that used "=" for comparison, but when +that patch got upstreamed it was changed to "==" which is non-portable, +resulting in an error: + +/bin/sh: 6: [: acipher: unexpected operator +/bin/sh: 6: [: plugins: unexpected operator +/bin/sh: 6: [: hello_world: unexpected operator +/bin/sh: 6: [: hotp: unexpected operator +/bin/sh: 6: [: aes: unexpected operator +/bin/sh: 6: [: random: unexpected operator +/bin/sh: 6: [: secure_storage: unexpected operator + +if /bin/sh doesnt point to bash. + +Which in turn causes our do_install task to fail since plugins arent +where we expect them to be. + + +Signed-off-by: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com> +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index b3f16aa..9359d95 100644 +--- a/Makefile ++++ b/Makefile +@@ -31,7 +31,7 @@ prepare-for-rootfs: examples + cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \ + fi; \ + cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \ +- if [ $$example == plugins ]; then \ ++ if [ $$example = plugins ]; then \ + cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \ + fi; \ + done +-- +2.25.1 + diff --git a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch b/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch deleted file mode 100644 index 033e48c..0000000 --- a/meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 79c826c249001700007a6dffe80c3d61ff4428ef Mon Sep 17 00:00:00 2001 -From: Sumit Garg <sumit.garg@linaro.org> -Date: Tue, 20 Jul 2021 13:54:30 +0530 -Subject: [PATCH 1/2] plugins: Honour default cross compiler environment setup - -Honour default $(CC), $(CFLAGS) and $(LDFLAGS) variables. Without this -plugins example fails to build for OE/Yocto. - -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87] - -Signed-off-by: Sumit Garg <sumit.garg@linaro.org> ---- - plugins/Makefile | 2 +- - plugins/host/Makefile | 2 +- - plugins/syslog/Makefile | 16 ++++++++++++---- - 3 files changed, 14 insertions(+), 6 deletions(-) - -diff --git a/plugins/Makefile b/plugins/Makefile -index 2372b38..ea472b4 100644 ---- a/plugins/Makefile -+++ b/plugins/Makefile -@@ -8,7 +8,7 @@ TA_CROSS_COMPILE ?= $(CROSS_COMPILE) - all: - $(MAKE) -C host CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables - $(MAKE) -C ta CROSS_COMPILE="$(TA_CROSS_COMPILE)" LDFLAGS="" -- $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" -+ $(MAKE) -C syslog CROSS_COMPILE="$(HOST_CROSS_COMPILE)" --no-builtin-variables - - .PHONY: clean - clean: -diff --git a/plugins/host/Makefile b/plugins/host/Makefile -index 7285104..76244c7 100644 ---- a/plugins/host/Makefile -+++ b/plugins/host/Makefile -@@ -20,7 +20,7 @@ BINARY = optee_example_plugins - all: $(BINARY) - - $(BINARY): $(OBJS) -- $(CC) -o $@ $< $(LDADD) -+ $(CC) $(LDFLAGS) -o $@ $< $(LDADD) - - .PHONY: clean - clean: -diff --git a/plugins/syslog/Makefile b/plugins/syslog/Makefile -index 62d916a..71f5f92 100644 ---- a/plugins/syslog/Makefile -+++ b/plugins/syslog/Makefile -@@ -1,3 +1,11 @@ -+CC ?= $(CROSS_COMPILE)gcc -+LD ?= $(CROSS_COMPILE)ld -+AR ?= $(CROSS_COMPILE)ar -+NM ?= $(CROSS_COMPILE)nm -+OBJCOPY ?= $(CROSS_COMPILE)objcopy -+OBJDUMP ?= $(CROSS_COMPILE)objdump -+READELF ?= $(CROSS_COMPILE)readelf -+ - PLUGIN_UUID = 96bcf744-4f72-4866-bf1d-8634fd9c65e5 - - PLUGIN = $(PLUGIN_UUID).plugin -@@ -6,17 +14,17 @@ PLUGIN_OBJ = $(patsubst %.c, %.o, $(PLUGIN_SRS)) - PLUGIN_INCLUDES_DIR = $(CURDIR) $(TEEC_EXPORT)/include - - PLUGIN_INCLUDES = $(addprefix -I, $(PLUGIN_INCLUDES_DIR)) --PLUGIN_CCFLAGS = -Wall -fPIC --PLUGIN_LDFLAGS = -shared -+PLUGIN_CCFLAGS = $(CFLAGS) -Wall -fPIC -+PLUGIN_LDFLAGS = $(LDFLAGS) -shared - - .PHONY: all - all: $(PLUGIN) - - $(PLUGIN): $(PLUGIN_OBJ) -- $(CROSS_COMPILE)gcc $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@ -+ $(CC) $(PLUGIN_LDFLAGS) $(PLUGIN_OBJ) -o $@ - - %.o: %.c -- $(CROSS_COMPILE)gcc $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o -+ $(CC) $(PLUGIN_CCFLAGS) $(PLUGIN_INCLUDES) -c $*.c -o $*.o - - .PHONY: clean - clean: --- -2.25.1 - diff --git a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch b/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch deleted file mode 100644 index 80e6b5f..0000000 --- a/meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch +++ /dev/null @@ -1,37 +0,0 @@ -From f4e5e74548d92258855434b550c58fe44993c148 Mon Sep 17 00:00:00 2001 -From: Sumit Garg <sumit.garg@linaro.org> -Date: Tue, 20 Jul 2021 14:20:10 +0530 -Subject: [PATCH] Makefile: Enable plugins installation in rootfs - -Upstream-Status: Submitted [https://github.com/linaro-swg/optee_examples/pull/87] - -Signed-off-by: Sumit Garg <sumit.garg@linaro.org> - ---- - Makefile | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/Makefile b/Makefile -index a275842..9359d95 100644 ---- a/Makefile -+++ b/Makefile -@@ -25,14 +25,19 @@ prepare-for-rootfs: examples - @mkdir -p $(OUTPUT_DIR) - @mkdir -p $(OUTPUT_DIR)/ta - @mkdir -p $(OUTPUT_DIR)/ca -+ @mkdir -p $(OUTPUT_DIR)/plugins - @for example in $(EXAMPLE_LIST); do \ - if [ -e $$example/host/optee_example_$$example ]; then \ - cp -p $$example/host/optee_example_$$example $(OUTPUT_DIR)/ca/; \ - fi; \ - cp -pr $$example/ta/*.ta $(OUTPUT_DIR)/ta/; \ -+ if [ $$example = plugins ]; then \ -+ cp -p plugins/syslog/*.plugin $(OUTPUT_DIR)/plugins/; \ -+ fi; \ - done - - prepare-for-rootfs-clean: - @rm -rf $(OUTPUT_DIR)/ta - @rm -rf $(OUTPUT_DIR)/ca -+ @rm -rf $(OUTPUT_DIR)/plugins - @rmdir --ignore-fail-on-non-empty $(OUTPUT_DIR) || test ! -e $(OUTPUT_DIR) diff --git a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb deleted file mode 100644 index f2b5f7d..0000000 --- a/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb +++ /dev/null @@ -1,4 +0,0 @@ -require optee-examples.inc - -SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec" - diff --git a/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb new file mode 100644 index 0000000..b5f6269 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-examples_3.16.0.bb @@ -0,0 +1,3 @@ +require optee-examples.inc + +SRCREV = "65fc74309e12189ad5b6ce3ffec37c8011088a5a" diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb similarity index 94% rename from meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb rename to meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb index 0d37a52..c710e27 100644 --- a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb +++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.16.0.bb @@ -1,10 +1,11 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:" -require optee-os_3.14.0.bb +require optee-os_3.16.0.bb SUMMARY = "OP-TEE Trusted OS TA devkit" DESCRIPTION = "OP-TEE TA devkit for build TAs" HOMEPAGE = "https://www.op-tee.org/" + do_install() { #install TA devkit install -d ${D}${includedir}/optee/export-user_ta/ diff --git a/meta-arm/recipes-security/optee/optee-os.inc b/meta-arm/recipes-security/optee/optee-os.inc index 1506a58..57c64fd 100644 --- a/meta-arm/recipes-security/optee/optee-os.inc +++ b/meta-arm/recipes-security/optee/optee-os.inc @@ -10,7 +10,7 @@ require optee.inc CVE_PRODUCT = "linaro:op-tee op-tee:op-tee_os" -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native" +DEPENDS = "python3-pycryptodome-native python3-pyelftools-native python3-cryptography-native" DEPENDS:append:toolchain-clang = " compiler-rt" diff --git a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb similarity index 76% rename from meta-arm/recipes-security/optee/optee-os_3.14.0.bb rename to meta-arm/recipes-security/optee/optee-os_3.16.0.bb index 95d82bb..873e964 100644 --- a/meta-arm/recipes-security/optee/optee-os_3.14.0.bb +++ b/meta-arm/recipes-security/optee/optee-os_3.16.0.bb @@ -1,6 +1,6 @@ require optee-os.inc -SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f" +SRCREV = "d0b742d1564834dac903f906168d7357063d5459" SRC_URI:append = " \ file://0006-allow-setting-sysroot-for-libgcc-lookup.patch \ diff --git a/meta-arm/recipes-security/optee/optee-test.inc b/meta-arm/recipes-security/optee/optee-test.inc index aada243..33eda29 100644 --- a/meta-arm/recipes-security/optee/optee-test.inc +++ b/meta-arm/recipes-security/optee/optee-test.inc @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE.md;md5=daa2bcccc666345ab8940aab1315a4fa" inherit python3native ptest require optee.inc -DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native" +DEPENDS = "optee-client optee-os-tadevkit python3-pycryptodome-native python3-cryptography-native" SRC_URI = "git://github.com/OP-TEE/optee_test.git;branch=master;protocol=https \ file://run-ptest \ diff --git a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb b/meta-arm/recipes-security/optee/optee-test_3.14.0.bb deleted file mode 100644 index 6367c27..0000000 --- a/meta-arm/recipes-security/optee/optee-test_3.14.0.bb +++ /dev/null @@ -1,3 +0,0 @@ -require optee-test.inc - -SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741" diff --git a/meta-arm/recipes-security/optee/optee-test_3.16.0.bb b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb new file mode 100644 index 0000000..03f9c34 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-test_3.16.0.bb @@ -0,0 +1,3 @@ +require optee-test.inc + +SRCREV = "1cf0e6d2bdd1145370033d4e182634458528579d" diff --git a/meta-arm/recipes-security/optee/optee.inc b/meta-arm/recipes-security/optee/optee.inc index f02a022..beae366 100644 --- a/meta-arm/recipes-security/optee/optee.inc +++ b/meta-arm/recipes-security/optee/optee.inc @@ -26,3 +26,6 @@ EXTRA_OEMAKE += "V=1 \ OPTEE_CLIENT_EXPORT=${STAGING_DIR_HOST}${prefix} \ TEEC_EXPORT=${STAGING_DIR_HOST}${prefix} \ " +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
- Removes upstreamed patches for optee-examples - Fixes optee-examples installation - Includes new python3-cryptography dependency - Fixes python3-cryptography to work with openssl Tested on qemuarm64-secureboot via optee-examples xtest -l 15 Signed-off-by: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com> --- ....bbappend => optee-client_3.16.0.bbappend} | 0 ...pend => optee-os-tadevkit_3.16.0.bbappend} | 0 ...14.0.bbappend => optee-os_3.16.0.bbappend} | 0 ....0.bbappend => optee-test_3.16.0.bbappend} | 0 .../optee-ftpm/optee-ftpm_git.bb | 8 +- .../optee/optee-client_3.14.0.bb | 3 - .../optee/optee-client_3.16.0.bb | 3 + .../recipes-security/optee/optee-examples.inc | 7 +- ...ix-non-portable-sh-check-for-plugins.patch | 46 ++++++++++ ...efault-cross-compiler-environment-se.patch | 84 ------------------- ...nable-plugins-installation-in-rootfs.patch | 37 -------- .../optee/optee-examples_3.14.0.bb | 4 - .../optee/optee-examples_3.16.0.bb | 3 + ..._3.14.0.bb => optee-os-tadevkit_3.16.0.bb} | 3 +- meta-arm/recipes-security/optee/optee-os.inc | 2 +- ...{optee-os_3.14.0.bb => optee-os_3.16.0.bb} | 2 +- .../recipes-security/optee/optee-test.inc | 2 +- .../optee/optee-test_3.14.0.bb | 3 - .../optee/optee-test_3.16.0.bb | 3 + meta-arm/recipes-security/optee/optee.inc | 3 + 20 files changed, 73 insertions(+), 140 deletions(-) rename meta-arm-bsp/recipes-security/optee/{optee-client_3.14.0.bbappend => optee-client_3.16.0.bbappend} (100%) rename meta-arm-bsp/recipes-security/optee/{optee-os-tadevkit_3.14.0.bbappend => optee-os-tadevkit_3.16.0.bbappend} (100%) rename meta-arm-bsp/recipes-security/optee/{optee-os_3.14.0.bbappend => optee-os_3.16.0.bbappend} (100%) rename meta-arm-bsp/recipes-security/optee/{optee-test_3.14.0.bbappend => optee-test_3.16.0.bbappend} (100%) delete mode 100644 meta-arm/recipes-security/optee/optee-client_3.14.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-client_3.16.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-Makefile-Fix-non-portable-sh-check-for-plugins.patch delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0001-plugins-Honour-default-cross-compiler-environment-se.patch delete mode 100644 meta-arm/recipes-security/optee/optee-examples/0002-Makefile-Enable-plugins-installation-in-rootfs.patch delete mode 100644 meta-arm/recipes-security/optee/optee-examples_3.14.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-examples_3.16.0.bb rename meta-arm/recipes-security/optee/{optee-os-tadevkit_3.14.0.bb => optee-os-tadevkit_3.16.0.bb} (94%) rename meta-arm/recipes-security/optee/{optee-os_3.14.0.bb => optee-os_3.16.0.bb} (76%) delete mode 100644 meta-arm/recipes-security/optee/optee-test_3.14.0.bb create mode 100644 meta-arm/recipes-security/optee/optee-test_3.16.0.bb