- Feb 06, 2019
-
-
Etienne Carriere authored
Update script based on the feedback from Buildroot maintainer [1]: > +# /etc/init.d/optee Drop this comment, it is useless, and in fact wrong: the file will not have this name in a Buildroot filesystem. (...) > + if [ -e /usr/sbin/tee-supplicant -a -e /dev/teepriv0 ]; then Drop this test, just start tee-supplicatn. (...) > + echo "Starting tee-supplicant..." > + /usr/sbin/tee-supplicant & Please use start-stop-daemon. See https://patchwork.ozlabs.org/patch/994013/ for the "right" way of writing an init script. This maybe not be best way, if there's one, but it seems more standard to use start-stop-daemon. Moreover the proposed script ensures its return value matches the status of the caller request. [1] http://lists.busybox.net/pipermail/buildroot/2018-December/238354.html Signed-off-by:
Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by:
Jens Wiklander <jens.wiklander@linaro.org>
-
Etienne Carriere authored
Targets update_rootfs-common, update_rootfs-clean-common and filelist-tee-common are not used by any of the supported platform and their content is not accurate regarding OP-TEE packages content (init.d.optee, tee-supplicant install path). This change removes this make targets. This change also remove the init.d.optee init script which is no more embedded in the filesystem of the supported platforms. Signed-off-by:
Joakim Bech <joakim.bech@linaro.org> Acked-by:
-
- Feb 04, 2019
-
-
Joakim Bech authored
Fixes: https://github.com/OP-TEE/build/issues/257 Signed-off-by:
Jerome Forissier <jerome.forissier@linaro.org>
-
- Feb 01, 2019
-
-
Joakim Bech authored
Signed-off-by:
-
Joakim Bech authored
Signed-off-by:
-
Joakim Bech authored
For some reason Raspberry Pi 3 with NFS root doesn't allow tee-supplicant to create a working folder for user 'tee' under the /data folder. We have found a workaround which is to create the /data hierarchy and set its permissions in S30optee rather than in the root fs definition in optee_client.mk. Fixes: https://github.com/OP-TEE/optee_os/issues/2773 Signed-off-by:
-
Joakim Bech authored
To be able to compile uboot.env directly we must have a proper target instead of the current '$(RPI3_UBOOT_ENV)'. Therefore we replace '$(RPI3_UBOOT_ENV)' with u-boot-env instead which also lines up better with the u-boot-env-clean variable. Signed-off-by:
-
Joakim Bech authored
The actual configuration in uboot.env.txt has diverged from our documentation (both the current and coming documentation). The documentation have "better" names etc, therefore put we put back the naming of the original configuration. Signed-off-by:
-
- Jan 29, 2019
-
-
Hashem Tatari authored
Add quotes around the soc_term and the port number to make it compatible with other terminals like terminator. To use terminator, it is enough to set the flag like: $ export LAUNCH_TERMINAL="terminator -e" $ make run-only Note when using the LAUNCH_TERMINAL the title of the terminals cannot be set separately so better to ignore the titles Signed-off-by:
Hashem Tatari <hashem.tatari@exset.com> Reviewed-by:
-
- Jan 16, 2019
-
-
Joakim Bech authored
In TF-A in the commit: (5341b42ec) rpi3: Add mem reserve region to DTB if present they started to runtime patching of the DTB, but the default build rules in TF-A doesn't set RPI3_PRELOADED_DTB_BASE to anything which then gets set to the default value: 1, which gives incorrect memory mappings for MAP_BL32_MEM. Therefore we must tell where the DTB is located and we do that by adding adding a compile time flag to TF-A, i.e., RPI3_PRELOADED_DTB_BASE=0x00010000 Signed-off-by:Igor Opaniuk <igor.opaniuk@linaro.org>
-
- Jan 14, 2019
-
-
Volodymyr Babchuk authored
Signed-off-by:
Volodymyr Babchuk <vlad.babchuk@gmail.com> Acked-by:
-
Volodymyr Babchuk authored
Function concatenate_files() used mix of tabs and spaces, and python3 was very unhappy about this. Signed-off-by:
-
- Dec 21, 2018
-
-
Igor Opaniuk authored
Spawn getty for both HDMI and serial console. Leverage post-build.sh script for rpi3, which adds getty line for tty1 in inittab [1]. [1]: https://patchwork.ozlabs.org/patch/602668/ Fixes: https://github.com/OP-TEE/build/issues/327 Acked-by:
-
- Nov 26, 2018
-
-
Etienne Carriere authored
Qemu and qemu_v8 are almost built the same way. Main differences are 32b/64b modes and u-boot/edk2 as non-secure boot stage. optee-client targets are removed since now built from the buildroot target. This change also ensures on can run 'make run-only' after 'make all' without rootfs not being copied to the output image directory. Signed-off-by:
-
- Nov 12, 2018
-
-
Jerome Forissier authored
Adds support for Arm Trusted Firmware-A version v2.0. TF-A v2.0 does not acccept FVP_USE_GIC_DRIVER=FVP_GICV3_LEGACY anymore. Therefore, use FVP_GICV3 instead. This is the default value with v2.0, and is also supported by earlier versions (such as 1.5 which is the one we are using currently). OP-TEE is configured accordingly (CFG_ARM_GICV3=y). Signed-off-by:
-
- Nov 09, 2018
-
-
Jerome Forissier authored
Adds support for Arm Trusted Firmware-A version v2.0. The qemu platform in TF-A v2.0 does not acccept MULTI_CONSOLE=0 anymore, so remove it. The current version v1.5 is quite happy without it already. Signed-off-by:
-
- Nov 05, 2018
-
-
Jerome Forissier authored
Use two vCPUs by default instead of one. This configuration is more likely to trigger race conditions when testing. Signed-off-by:
-
Jerome Forissier authored
Plain upstream kernel v4.19 now supports HiKey960 well enough, so we do not need to use the 96boards repository anymore [1]. Setting a few config symbols is needed however, otherwise the kernel can not boot our buildroot-generated root FS. This commit introduces the required symbols so that we can later drop the 96boards branch (when we rebase our optee branch [2] onto v4.19). Note that having these symbols enabled is OK with the current branch, too. Link: [1] https://github.com/96boards-hikey/linux Link: [2] https://github.com/linaro-swg/linux/tree/optee Signed-off-by:
-
- Oct 26, 2018
-
-
Jerome Forissier authored
common.mk mistakenly uses the QEMU overlay (which currently contains only an init script for udhcpc) on all platforms. This is incorrect and causes problems on RPi3 at least [1]. Fixes: commit 751b35bb ("qemu: buildroot: fix networking") Links: [1] https://github.com/OP-TEE/optee_os/issues/2478#issuecomment-432818199 Signed-off-by:
-
- Oct 17, 2018
-
-
Igor Opaniuk authored
1. Remove usage of hikey.conf for kernel config 2. Change CFG_DRAM_SIZE_GB to 1 3. Add creation of out directory Reviewed-by:
-
Igor Opaniuk authored
Signed-off-by:
-
- Sep 26, 2018
-
-
Jerome Forissier authored
Use Arm's GCC 8.2 toolchains. Signed-off-by:
-
Jerome Forissier authored
Signed-off-by:
-
Jerome Forissier authored
Using the current tip of the buildroot upstream branch, we get the following error: build$ make [...] [...]br-ext/package/optee_benchmark/optee_benchmark.mk:8: *** optee_benchmark has local site method, but `OPTEE_BENCHMARK_SITE` is not defined. Stop. The error does not occur if BR2_PACKAGE_OPTEE_BENCHMARK is selected (i.e., "make CFG_TEE_BENCHMARK=y"). It looks like the _SITE variable has to be declared even though the package is not selected for building. Signed-off-by:
-
- Sep 06, 2018
-
-
Jerome Forissier authored
The Device Tree configuration we need for the Foundation Platform is now available upstream (v4.18) as foundation-v8-gicv3-psci.dts (it only lacks the optee node and memory reservations). Let's use this new file instead of a hacked version of foundation-v8.dts modified for PSCI and GiCv3. Signed-off-by:
-
- Sep 05, 2018
-
-
Jerome Forissier authored
If /dev/ion exists, it should be set up so that the test user can access it. Otherwise, some tests will fail, such as xtest 1014 (Secure Data Path). Similar to what is done for /dev/tee*, this commit configures permissions based on a specific group: ion. Signed-off-by:
-
- Aug 28, 2018
-
-
Igor Opaniuk authored
1. Switch to upstream ARM Trusted Firmware and U-boot. 2. Change the ATF+OP-TEE booting sequence. Now the booting sequence looks like: VideoCore IV bootloader -> ATF + OP-TEE payload -> U-boot -> Linux kernel Reviewed-by:
Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by:
-
- Aug 27, 2018
-
-
Joakim Bech authored
Signed-off-by:
-
Joakim Bech authored
Signed-off-by:
-
Joakim Bech authored
Signed-off-by:
-
Joakim Bech authored
Fixes #271 Signed-off-by:
-
Joakim Bech authored
Signed-off-by:
-
Joakim Bech authored
Signed-off-by:
-
- Aug 23, 2018
-
-
Jerome Forissier authored
Restrict execution of TEE client applications to members of the teeclnt group. A test user is created and added to this group. Having two groups (tee and teeclnt) allows to better isolate tee-supplicant from the client applications. Signed-off-by:
-
- Aug 22, 2018
-
-
Jerome Forissier authored
Build with GDBSERVER=y to enable remote debugging of Normal World applications. gdbserver is added to the root filesystem. Signed-off-by:
-
- Aug 21, 2018
-
-
Jerome Forissier authored
Signed-off-by:
-
- Aug 20, 2018
-
-
Jerome Forissier authored
Create user and group tee/tee and set the proper permissions on /dev/tee* and /data/tee so that tee-supplicant and the client applications may be run as a non-root user. Signed-off-by:
-
Jerome Forissier authored
Init scripts normally print OK or FAIL when they start daemons. Update our tee-supplicant script to do just that. The -d option to tee-supplicant is used so that when the tee-supplicant command returns, we know for sure if initialization went well or not. Signed-off-by:
-
- Aug 09, 2018
-
-
Jerome Forissier authored
Adds the missing startup file to the buildroot-generated filesystem so that networking is available in the VM as claimed by docs/qemu.md. Signed-off-by:
-
Jerome Forissier authored
Now that buildroot is used, the 'mount_shared' alias is not available anymore. Document the full command instead. Signed-off-by:
-
