- Mar 04, 2021
-
-
Timothée Cercueil authored
Genimage script configuration had wrong image name on bootfs partition. Changed the parameter "image" to correct name for the image to be generated successfully and to allow successful boot on STM32MP157C-EV1 board. Signed-off-by:
Timothée Cercueil <litchi.pi@protonmail.com> Signed-off-by:
Timothée Cercueil <timothee.cercueil@st.com> Acked-by:
Jerome Forissier <jerome@forissier.org> Reviewed-by:
Etienne Carriere <etienne.carriere@linaro.org>
-
- Jan 25, 2021
-
-
Etienne Carriere authored
Install all TAs found in devkit into target filesystem. This change allows OP-TEE test environment to exercise in-tree TAs as the pkcs11 TA. Acked-by:
-
- Jan 21, 2021
-
-
Etienne Carriere authored
Embed opensc package for pkcs11-tool to play with the PKCS11 TA. Examples of using pkcs11-tool with PKCS11 TA: # Get tokens/slots info pkcs11-tool --show-info pkcs11-tool --list-token-slots pkcs11-tool --list-mechanisms # Initialize token and user PIN pkcs11-tool --init-token --label test-token --so-pin 1234567890 pkcs11-tool --label test-token --login --so-pin 1234567890 \ --init-pin --pin ABCDEFGHIJ # Generate a 2048bit RSA key pkcs11-tool --token-label test-token --pin ABCDEFGHIJ \ --keypairgen --key-type RSA:2048 --id 123 --label rsa-test-key # List token object pkcs11-tool --token-label test-token --list-objects Co-developed-by:Gábor Székely <szvgabor@gmail.com> Signed-off-by:
Jens Wiklander <jens.wiklander@linaro.org>
-
- Nov 17, 2020
-
-
Jerome Forissier authored
Conditionally enable TA C++ tests in the optee_test_ext Buildroot package. Some toolchains may not support this feature [1] so it is best to let the user decide. common.mk enables the tests by default when $(COMPILER) is not clang, assuming that the default GCC toolchain from toolchain.mk is used (which works fine with the C++ tests). The command line option is 'make WITH_CXX_TESTS=y|n'. Link: https://github.com/OP-TEE/optee_test/issues/458 Signed-off-by:
-
Jerome Forissier authored
Conditionally enable Thread Local Storage tests in the optee_test_ext Buildroot package. Some toolchains may not support this feature [1] so it is best to let the user decide. common.mk enables the tests by default since the GCC toolchain from toolchain.mk supports them. The command line option is 'make WITH_TLS_TESTS=y|n'. Link: https://github.com/OP-TEE/optee_test/commit/30efcbeaf8864d0f2a5c4be593a5411001fab31b Signed-off-by:
-
- Oct 06, 2020
-
-
Jens Wiklander authored
By passing GP_PACKAGE=<path to GP-suite archive> optee_test is configured to compile with the GlobalPlatform test suite. The test suite is unpacked and patched in the build directory as part of the buildroot process when building optee_test. Acked-by:
Joakim Bech <joakim.bech@linaro.org> Acked-by:
-
- Sep 28, 2020
-
-
Jerome Forissier authored
Updates the toolchain to Arm's GCC 9.2 [1]. Note the following difference compared to the previous release (8.3), which is documented in the release notes: "Changed toolchain naming convention to match standard target triplet naming convention, with vendor name being none." For example, arm-linux-gnueabihf-gcc is now arm-none-linux-gnueabihf-gcc and aarch64-linux-gnu-gcc is now aarch64-none-linux-gnu-gcc. This renaming seems pretty much specific to the Arm build of GCC, and the latest Debian and Ubuntu distributions provide GCC 9.x or 10.x cross-compilers with the usual naming convention. Therefore, and to limit the impact of the name change, let's simply create symbolic links after the toolchain packages are extracted. Link: [1] https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-a/downloads Signed-off-by:
-
Jerome Forissier authored
The optee_examples_ext and optee_test_ext packages are currently using the python3 command found in $PATH. It is more correct to use the Buildroot one. Signed-off-by:
-
Jerome Forissier authored
Package [host-]python-pycrypto was removed in Buildroot release 2020.05 [1] and replaced with [host-]python3-pycryptodomex. Link: [1] https://git.busybox.net/buildroot/commit/?id=7ef76ed32fcd447391e26d33a555ff5dab6dc48e Signed-off-by:
-
- Sep 22, 2020
-
-
Etienne Carriere authored
Replace option partition-type with option partition-type-uuid as the later is intended to GPT partitioning which is what stm32mp1 relies on. This change prevents genimage tool, since its v13 release, from creating a hybrid MBR partition table that is not supported by TF-A boot stage used by the platform. Signed-off-by:
-
- Sep 01, 2020
-
-
Jerome Forissier authored
The optee_test TAs are built by a $(wildcard ...) loop. This is unreliable because there is no guarantee that os_test_lib and os_test_lib_dl will appear before os_test in the list. Yet os_test depends on the libraries being built first. Fix the issue by explicitely listing the libraries and TAs with dependencies in the correct order, then using a wildcard for the other TAs. Signed-off-by:
-
- Aug 14, 2020
-
-
Roland Nagy authored
Usage: set QEMU_PSS_ENABLE=y and adjust QEMU_PSS_HOST_DIR. It also requires QEMU_VIRTFS_ENABLE to be set to "y". Also added a buildroot post-script which appends lines to /etc/fstab, so shared directories can be automatically mounted if QEMU_VIRTFS_AUTOMOUNT and QEMU_PSS_AUTOMOUNT are set to "y". Signed-off-by:
Roland Nagy <rnagy@xmimx.tk> Reviewed-by:
-
- Jun 05, 2020
-
-
Etienne Carriere authored
Build OP-TEE for STM32MP1 based platforms. Currently supports platforms STM32MP157A-DK1, STM32MP157C-DK2 and STM32MP157C-EV1 using a SDcard as boot media. Default build targets board STM32MP157C-DK2: # make One can specify a target board with PLATFORM configuration switch: # make PLATFORM=stm32mp1-157A_DK1 # make PLATFORM=stm32mp1-157C_DK2 # make PLATFORM=stm32mp1-157C_EV1 Refer to br-ext/board/stmicroelectronics/stm32mp1-tz/readme.txt for mode information. TF-A, OP-TEE OS, U-Boot and Linux kernel are built outside Builrdoot. All other embedded components are built through Buildroot. Buildroot generates the final SDcard binary image file to be loaded raw in the target SD card. The image includes a GPT partition table. See br-ext/board/stmicroelectronics/stm32mp1-tz/genimage-*.cfg for more details. Note on U-Boot defconfig: from v2019.10 up to v2020.07-rc2, one shall use stm32mp15_optee_defconfig. From v2020-rc3 onward, one shall use stm32mp15_trusted_defconfig. For flexibility, stm32mp1.mk supports both. Signed-off-by:
-
- May 29, 2020
-
-
Etienne Carriere authored
Change packages to default define a _SITE configuration as expected when _SITE_METHOD is defined. This change aligns OP-TEE client/examples/test_ext packages with OP-TEE os_ext/benchmark_ext packages regarding this _SITE_METHOD/_SITE management. Signed-off-by:
-
Etienne Carriere authored
Rename OP-TEE packages in br-ext with a _ext suffix so that they do not conflict with the OP-TEE packages from Buildroot. This change essentially renames Buildroot configuration switches BR2_OPTEE_* to BR2_OPTEE_*_EXT_* without changing the current build process. This change is needed for OP-TEE build environment to synchronize with Buildroot GIT version [1] or later in the Buildroot integration tree. [1] points where OP-TEE packages were introduced in Buildroot, right after 2019.02 is released. This was tested with all Buildroot release tags from 2018.11 to 2020.02, and recent 2020.05-rc1. Link: [1] https://git.buildroot.net/buildroot/commit/?id=da49312af9e0c3e7f6df50e7d6f77e1fa2921b7a Signed-off-by:
-
- Feb 25, 2020
-
-
Jerome Forissier authored
If an error occurs when building a TA, the error does not stop the build. It may therefore go unnoticed if files have been generated previously. This patch adds "set -e" to address this issue. Signed-off-by:
-
- Oct 10, 2019
-
-
Markus S. Wamser authored
Depending on the size of the string in the variable TARGET_CONFIGURE_OPTS and number of examples, the size of the string in OPTEE_EXAMPLES_BUILD_TAS produced by evaluation of the $(foreach...) statement may exceed the maximum length for execvp() calls from make (128KiB). Delaying the enumeration of targets by passing a loop-statement for the shell expands the variables only once and keep the length of the string independent of the number of examples. Signed-off-by:
Markus S. Wamser <markus.wamser@mixed-mode.de> Acked-by:
-
Markus S. Wamser authored
Depending on the size of the string in the variable TARGET_CONFIGURE_OPTS and number of tests, the size of the string in OPTEE_TEST_BUILD_TAS produced by evaluation of the $(foreach...) statement may exceed the maximum length for execvp() calls from make (128KiB). Delaying the enumeration of targets by passing a loop-statement for the shell expands the variables only once and keep the length of the string independent of the number of tests. Signed-off-by:
-
- Oct 07, 2019
-
-
Jerome Forissier authored
Adds the required flags and configuration files to enable Wi-Fi on the HiKey960 board. The network name and password have to be set in br-ext/board/hikey960/overlay/etc/wpa_supplicant.conf before building. Then Wi-Fi can be enabled on the board by running 'ifup wlan0' as root. Signed-off-by:
-
- Aug 07, 2019
-
-
Victor Chong authored
Fix typo for setting CFG_TEE_BENCHMARK in OPTEE_CLIENT_CONF_OPTS. Fixes: 93758cc1 ("buildroot: provide CFG_TEE_BENCHMARK in optee_client") Signed-off-by:
Victor Chong <victor.chong@linaro.org> Acked-by:
Jerome Forissier <jerome.forissier@linaro.org>
-
- May 23, 2019
-
-
Joakim Bech authored
The BR2_KERNEL_HEADERS_4_10 has been depracted, so when trying to build with GDBSERVER=y we got this warning: Makefile.legacy:9: *** "You have legacy configuration in your .config! Please check your configuration.". Stop. To better match recent toolchain updates in this git (gcc updates and kernel header updates, commit e0298161), we also update buildroot to use and provide a GCC8.x based toolchain as well as 4.19 kernel headers. Signed-off-by:
-
- May 18, 2019
-
-
Joakim Bech authored
In the GCC v8.2-2018.08 toolchain (previous default in OP-TEE) the GDB/TUI mode was disabled, which made debugging using GDB slightly more complicated. However, in more recent versions of GCC like the one introduced here, i.e., GCC8.3-2019.03, Arm have re-enabled the TUI mode. But to be able to upgrade the toolchain, one must also step up kernel headers so that the toolchain matches the kernel headers used by Buildroot. This means that we are stepping up from 4.18 kernel headers to 4.19 kernel headers, which seems to be compatible with the version of GCC that is being introduced in this patch. Note that after this commit, older GCC versions will not work any longer when building full OP-TEE developer setups using OP-TEE's manifest.git and build.git, i.e., trying to run GCC8.2 for example will give a kernel header mismatch error. Fixes #334. Signed-off-by:
-
- May 13, 2019
-
-
Jerome Forissier authored
Similar fix to commit 106b53a2 ("buildroot: always declare BR2_PACKAGE_OPTEE_BENCHMARK_SITE"). Signed-off-by:
-
- May 06, 2019
-
-
Victor Chong authored
With CFG_TA_TEST_PATH now defaulting to n in optee_client for better security, this needs to be set explicitly to pass xtest 1008. Signed-off-by:
-
- May 02, 2019
-
-
Jerome Forissier authored
Fixes a mistake in the optee_os install step which prevents the libraries from being copied into the root FS staging area. Fixes: 91ebff72 ("buildroot: add optee_os package to copy shared libraries into the root FS") Signed-off-by:
-
- Mar 19, 2019
-
-
Jerome Forissier authored
When OP-TEE is built with CFG_ULIBS_SHARED=y, TA shared libraries are created. They have to be installed into the target root FS in order to be found at runtime. This patch adds a custom package to do just that. Signed-off-by:
-
- Feb 06, 2019
-
-
Etienne Carriere authored
Update script based on the feedback from Buildroot maintainer [1]: > +# /etc/init.d/optee Drop this comment, it is useless, and in fact wrong: the file will not have this name in a Buildroot filesystem. (...) > + if [ -e /usr/sbin/tee-supplicant -a -e /dev/teepriv0 ]; then Drop this test, just start tee-supplicatn. (...) > + echo "Starting tee-supplicant..." > + /usr/sbin/tee-supplicant & Please use start-stop-daemon. See https://patchwork.ozlabs.org/patch/994013/ for the "right" way of writing an init script. This maybe not be best way, if there's one, but it seems more standard to use start-stop-daemon. Moreover the proposed script ensures its return value matches the status of the caller request. [1] http://lists.busybox.net/pipermail/buildroot/2018-December/238354.html Signed-off-by:
-
- Feb 01, 2019
-
-
Joakim Bech authored
For some reason Raspberry Pi 3 with NFS root doesn't allow tee-supplicant to create a working folder for user 'tee' under the /data folder. We have found a workaround which is to create the /data hierarchy and set its permissions in S30optee rather than in the root fs definition in optee_client.mk. Fixes: https://github.com/OP-TEE/optee_os/issues/2773 Signed-off-by:
-
- Jan 14, 2019
-
-
Volodymyr Babchuk authored
Signed-off-by:
Volodymyr Babchuk <vlad.babchuk@gmail.com> Acked-by:
-
Volodymyr Babchuk authored
Function concatenate_files() used mix of tabs and spaces, and python3 was very unhappy about this. Signed-off-by:
-
- Sep 26, 2018
-
-
Jerome Forissier authored
Use Arm's GCC 8.2 toolchains. Signed-off-by:
-
Jerome Forissier authored
Using the current tip of the buildroot upstream branch, we get the following error: build$ make [...] [...]br-ext/package/optee_benchmark/optee_benchmark.mk:8: *** optee_benchmark has local site method, but `OPTEE_BENCHMARK_SITE` is not defined. Stop. The error does not occur if BR2_PACKAGE_OPTEE_BENCHMARK is selected (i.e., "make CFG_TEE_BENCHMARK=y"). It looks like the _SITE variable has to be declared even though the package is not selected for building. Signed-off-by:
-
- Sep 05, 2018
-
-
Jerome Forissier authored
If /dev/ion exists, it should be set up so that the test user can access it. Otherwise, some tests will fail, such as xtest 1014 (Secure Data Path). Similar to what is done for /dev/tee*, this commit configures permissions based on a specific group: ion. Signed-off-by:
-
- Aug 23, 2018
-
-
Jerome Forissier authored
Restrict execution of TEE client applications to members of the teeclnt group. A test user is created and added to this group. Having two groups (tee and teeclnt) allows to better isolate tee-supplicant from the client applications. Signed-off-by:
-
- Aug 22, 2018
-
-
Jerome Forissier authored
Build with GDBSERVER=y to enable remote debugging of Normal World applications. gdbserver is added to the root filesystem. Signed-off-by:
-
- Aug 20, 2018
-
-
Jerome Forissier authored
Create user and group tee/tee and set the proper permissions on /dev/tee* and /data/tee so that tee-supplicant and the client applications may be run as a non-root user. Signed-off-by:
-
Jerome Forissier authored
Init scripts normally print OK or FAIL when they start daemons. Update our tee-supplicant script to do just that. The -d option to tee-supplicant is used so that when the tee-supplicant command returns, we know for sure if initialization went well or not. Signed-off-by:
-
- Aug 09, 2018
-
-
Jerome Forissier authored
Adds the missing startup file to the buildroot-generated filesystem so that networking is available in the VM as claimed by docs/qemu.md. Signed-off-by:
-
- Jul 05, 2018
-
-
Igor Opaniuk authored
Provide proper value to optee_client cmake option CFG_TEE_BENCHMARK Acked-by:
Igor Opaniuk <igor.opaniuk@linaro.org>
-
- Jun 07, 2018
-
-
Volodymyr Babchuk authored
Currently sign.py uses system python to sign TAs. Problem is that buildroot can build own host-python. This python lacks pycrypto, so sign.py fails. This patch adds dependency on host-python-pycrypto, so buildroot will always build python with needed module. Signed-off-by:
-
