- Jan 11, 2022
-
-
Jens Wiklander authored
Drops ARM_TSP_RAM_LOCATION from TF_A_FLAGS as it's not needed any longer. Acked-by:
Jerome Forissier <jerome@forissier.org> Signed-off-by:
Jens Wiklander <jens.wiklander@linaro.org>
-
Jens Wiklander authored
Always try to enable FF-A in the kernel. The kernel tries to probe for FF-A, but only enables it if other components supports it. Acked-by:
Jerome Forissier <jerome@forissier.org> Signed-off-by:
Jens Wiklander <jens.wiklander@linaro.org>
-
- Jan 05, 2022
-
-
Jerome Forissier authored
In order to match all the digits in a number on its own line, use (\\d+)\r not (\\d+) which could return a truncated value depending on what the content of input buffer is when the matching is done. Signed-off-by:
Jerome Forissier <jerome@forissier.org> Reviewed-by:
Sumit Garg <sumit.garg@linaro.org>
-
Jerome Forissier authored
When running only the Trusted Keys test in Xen, qemu-check.exp waits for a prompt twice causing a hang. Move the expect command at the right place to fix that. Signed-off-by:
Jerome Forissier <jerome@forissier.org> Reviewed-by:
Sumit Garg <sumit.garg@linaro.org>
-
- Jan 03, 2022
-
-
Sumit Garg authored
Add a new argument for script: qemu-check.exp as the type of tests to be executed. After this change its possible to run tests granularly as follows: - Executes all tests: $ make check $ make check CHECK_TESTS=all - Execute only xtest tests: $ make check CHECK_TESTS=xtest - Execute only trusted-keys tests: $ make check CHECK_TESTS=trusted-keys Signed-off-by:
Sumit Garg <sumit.garg@linaro.org> Acked-by:
Jerome Forissier <jerome@forissier.org>
-
Sumit Garg authored
Brief description of changes: - Enable Qemu kernel configs for Trusted Keys. - Add keyutils buildroot package. - Enable Trusted Keys early TA in OP-TEE. - Create a new test script (trusted-keys.exp) which is invoked as part of "make check" for automated Trusted Keys tests. Signed-off-by:
Sumit Garg <sumit.garg@linaro.org> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org> Acked-by:
Jerome Forissier <jerome@forissier.org>
-
Sumit Garg authored
Lets switch over to using aarch64 hosted cross-compiler for aarch32 rather than building toochain for aarch32 from source which is very cumbersome. But in case of native build for aarch64 on aarch64 host we are left with no choice but to use buildroot toolchain as Arm doesn't provide binary toolchain releases for aarch64 native compiler. Also, we can't rely on distribution toolchain as buildroot doesn't support it (refer here [1] for details). Link: [1] https://buildroot.org/downloads/manual/manual.html#_cross_compilation_toolchain Signed-off-by:
Sumit Garg <sumit.garg@linaro.org> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by:
Jerome Forissier <jerome@forissier.org>
-
- Dec 22, 2021
-
-
Joakim Bech authored
When running the GitHub action, there is a warning: Unexpected input(s) 'exempt-issue-label', 'exempt-pr-label', valid inputs are ... 'exempt-issue-labels', 'exempt-pr-labels'. Add the missing 's' to labels to fix the issue. This is a new warning after upgrading to the 'Stale' action to v4.1.0, so they must have changed to the plural version in more recent versions. Signed-off-by:
Joakim Bech <joakim.bech@linaro.org> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org>
-
- Dec 21, 2021
-
-
Joakim Bech authored
- Update 'stale' from v1.0 to v4.0.1. - Give 'write' permissions to actions (pull requests and issues). - Add 'enhancement' to 'exempt-issue-label', so we that stale doesn't automatically close issues and pr's with the 'enhancement' label. - Add 'exempt-pr-label' to match exempt-issue-label'. - Add and set (to true) remove-issue-stale-when-updated remove-pr-stale-when-updated which will automatically remove the 'Stale' label when someone adds a new comment to a ticket marked as stale. Signed-off-by:
Joakim Bech <joakim.bech@linaro.org> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org>
-
- Nov 04, 2021
-
-
Jerome Forissier authored
With optee_os commit "scripts: migrate away from pycryptodome" [1], the host-python3-cryptography package is required to sign TAs. Keep host-python3-pycryptodomex for the time being to facilitate the transition. Link: [1] https://github.com/OP-TEE/optee_os/pull/4937 Signed-off-by:
Jerome Forissier <jerome@forissier.org> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org>
-
Yuan Zhuang authored
"cargo: command not found" occurs when building Rust examples. BR2_PACKAGE_OPTEE_RUST_EXAMPLES_TC_PATH_ENV clears the PATH when building optee_rust_examples_ext. Add the cargo PATH to BR2_PACKAGE_OPTEE_RUST_EXAMPLES_TC_PATH_ENV. Signed-off-by:
Yuan Zhuang <zhuangyuan04@baidu.com> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org> Acked-by:
Jerome Forissier <jerome@forissier.org>
-
- Oct 19, 2021
-
-
Jerome Forissier authored
Fix the following build error: $ make GDBSERVER=y ... Makefile.legacy:9: *** "You have legacy configuration in your .config! Please check your configuration.". Stop. The error was introduced by the upgrade to Buildroot 2021.08 [1]. The deprecated option can be found by running "make menuconfig" in out-br/ and checking the "Legacy options" submenu. It shows that "gcc 8.x support removed" is selected. We can also see that BR2_GCC_VERSION_8_X=y appears just below the comment "Legacy options removed in 2021.08" in out-br/.config. This options comes from file br-ext/configs/toolchain-br. Upgrade the toolchain to 10.x which is available in Buildroot 2021.08 and corresponds to the pre-built version we use by default ("make toolchains" currently downloads 10.2). Link: https://github.com/OP-TEE/manifest/commit/e8d2210 Signed-off-by:
Jerome Forissier <jerome@forissier.org> Reviewed-by:
Joakim Bech <joakim.bech@linaro.org>
-
- Oct 18, 2021
-
-
Rong Fan authored
Following error occurs when running make buildroot QEMU_RUST_ENABLE=y: $ make buildroot QEMU_RUST_ENABLE=y ... error: linker not found | = note: No such file or directory (os error 2) error: aborting due to previous error The toolchains path is not add to the PATH. Fix it. Signed-off-by:
Rong Fan <fanrong03@baidu.com> Acked-by:
Joakim Bech <joakim.bech@linaro.org> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org> Acked-by:
Etienne Carriere <etienne.carriere@linaro.org>
-
Aleksey-kk authored
GICv3 is newer and more featured version of the interrupt controller. Signed-off-by:
Aleksey Kazantsev <Alexey.Kazantsev@kaspersky.com> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org> Acked-by:
Etienne Carriere <etienne.carriere@linaro.org>
-
- Oct 04, 2021
-
-
Yuan Zhuang authored
Invoke optee_rust/ci/qemu-check.exp in target "check-rust" to trigger CI test for Rust applications. Run build and check progress: $ make CFG_TEE_CORE_LOG_LEVEL=0 OPTEE_RUST_ENABLE=y check-rust Signed-off-by:
Yuan Zhuang <zhuangyuan04@baidu.com> Reviewed-by:
Jerome Forissier <jerome@forissier.org> Tested-by:
Jerome Forissier <jerome@forissier.org>
-
- Oct 01, 2021
-
-
Jerome Forissier authored
When upgrading from Buildroot 2021.2 to 2021.08, the following error occurs: $ make buildroot ... GEN /home/jerome/work/optee_repo_qemu_v8/out-br/Makefile Your PATH contains spaces, TABs, and/or newline (\n) characters. This doesn't work. Fix you PATH. make[1]: *** [Makefile:23: _all] Error 2 make[1]: Leaving directory '/home/jerome/work/optee_repo_qemu_v8/out-br' make: *** [common.mk:323: buildroot] Error 2 The space comes from the line that appends the toolchain to the PATH in optee_rust_examples_ext.mk. Fix it. Signed-off-by:
Jerome Forissier <jerome@forissier.org>
-
- Sep 30, 2021
-
-
Igor Opaniuk authored
Drop ION driver configs from poplar.conf, as since linaro-swg/linux.git branch optee [1] was rebased onto kernel v5.12, where ION allocator was removed. Link: [1] https://github.com/linaro-swg/linux/tree/optee-v5.12-20210628 Acked-by:
Joakim Bech <joakim.bech@linaro.org> Acked-by:
Jerome Forissier <jerome@forissier.org> Signed-off-by:
Igor Opaniuk <igor.opaniuk@foundries.io>
-
Igor Opaniuk authored
In the current version of linux kernel eMMC is enumerated as mmcblk0 instead of mmcblk1 as before, which causes hang while trying to mount root partition: [ 1.631806] mmc0: new HS200 MMC card at address 0001 [ 1.641686] mmcblk0: mmc0:0001 8WPD3R 7.28 GiB ... [ 2.791837] Waiting for root device /dev/mmcblk1p3... Acked-by:
Joakim Bech <joakim.bech@linaro.org> Acked-by:
Jerome Forissier <jerome@forissier.org> Signed-off-by:
Igor Opaniuk <igor.opaniuk@foundries.io>
-
- Sep 20, 2021
-
-
Ibai Erkiaga authored
Current ZynqMP build script is based on Xilinx Petalinux tool, which requires the installation of a proprietary tool. The following patch removes this dependency and gets closed to the common build Makefile used by other platforms. The build is done using Xilinx out-of-tree repositories for Linux, U-Boot and ATF, while using upstream OP-TEE and Buildroot repositories. Finally the only non standard piece is the usage of pre-compiled firmware images from the Xilinx wiki page. Signed-off-by:
Ibai Erkiaga <ibai.erkiaga-elorza@xilinx.com> Acked-by:
Jerome Forissier <jerome@forissier.org>
-
- Sep 15, 2021
-
-
Rong Fan authored
Add OPTEE_RUST_ENABLE option to common.mk and define buildroot packages for OP-TEE Rust examples Build Rust examples in optee_rust/examples: $ cd build && make OPTEE_RUST_ENABLE=y CFG_TEE_RAM_VA_SIZE=0x00300000 Signed-off-by:
Rong Fan <fanrong03@baidu.com> Signed-off-by:
Yuan Zhuang <zhuangyuan04@baidu.com> Acked-by:
Joakim Bech <joakim.bech@linaro.org> Acked-by:
Etienne Carriere <etienne.carriere@linaro.org> Acked-by:
Ruchika Gupta <ruchika.gupta@linaro.org> Acked-by:
Jerome Forissier <jerome@forissier.org>
-
- Sep 08, 2021
-
-
Jerome Forissier authored
Xen is built from $(ROOT)/xen and Xen tools are built from $(ROOT)/buildroot/package/xen. They need to be the same major.minor version, otherwise the Xen tool commands ('xl ...') are likely to fail in more or less obscure ways. Add a build time check and fail early if versions do not match. Signed-off-by:
Jerome Forissier <jerome@forissier.org> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org> Acked-by:
Ruchika Gupta <ruchika.gupta@linaro.org>
-
Jerome Forissier authored
XEN_GZ is not used so remove it. Signed-off-by:
Jerome Forissier <jerome@forissier.org> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org> Acked-by:
Ruchika Gupta <ruchika.gupta@linaro.org>
-
- Aug 31, 2021
-
-
Jerome Forissier authored
Since Linux commit dcb3b06d9c34 ("tee: optee: replace might_sleep with cond_resched") in v5.11, setting CONFIG_PREEMPT=y in kconfigs/qemu.conf is not needed anymore. It was a workaround for the missing call to cond_resched() in the TEE driver. At that time, might_sleep() together with preemption enabled allowed to get rid of some RCU warning messages when running long operations in secure world such as large key generation (test case: "xtest -l 1 4007_rsa"). With cond_resched() the preemption settings do not matter anymore. As a result of this change, QEMUv8 is unmodified (CONFIG_PREEMPT=y is set by default in the kernel's arch/arm64/configs/defconfig), but 32-bit QEMU now has CONFIG_PREEMPT disabled. Both platforms are tested and 4007_rsa runs as expected with no warning. Signed-off-by:
Jerome Forissier <jerome@forissier.org> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org> Acked-by:
Etienne Carriere <etienne.carriere@linaro.org>
-
Ibai Erkiaga authored
Current linux config file generation does not add the cross compilation flag, leading potentially to compilation errors. Not sure how a proper config file is generated with current implementation but issues are observerd specially when buildling the linux image with a single thread. This commit ensures that both ARCH and CROSS_COMPILE flags are set when using the merge_config script. Signed-off-by:
Ibai Erkiaga <ibai.erkiaga-elorza@xilinx.com> Reviewed-by:
Jerome Forissier <jerome@forissier.org>
-
- Aug 24, 2021
-
-
Jerome Forissier authored
Use soc_term.py instead of the C version and stop building the soc_term project. Signed-off-by:
Jerome Forissier <jerome@forissier.org> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by:
Etienne Carriere <etienne.carriere@linaro.org>
-
Jerome Forissier authored
Adds soc_term.py, a direct replacement for the soc_term tool originally written in C [1]. This Python version is slightly simpler and does not need to be compiled (obviously). It is therefore reasonable to have it here in build.git for use on QEMU and QEMUv8. We can later get rid of the soc_term project in the manifest file of those platforms. This script is also useful with FVP, although fvp.xml does not use it; in a custom work flow the 'xterm' command is replaced by a script which connects the FVP telnet ports to soc_term.py via the socat command. Link: [1] https://github.com/linaro-swg/soc_term Signed-off-by:
Jerome Forissier <jerome@forissier.org> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org> Acked-by:
Etienne Carriere <etienne.carriere@linaro.org>
-
Etienne Carriere authored
Fix issue in ftpm_optee_ext/Config.in where BR2_PACKAGE_FTPM_OPTEE_EXT both selects and depends on BR2_PACKAGE_OPTEE_OS_EXT. Keep only the select rule. The issue was found from a OP-TEE build using GCC-11. The build failed with the following message: build/br-ext/package/ftpm_optee_ext/Config.in:1:error: recursive dependency detected! build/br-ext/package/ftpm_optee_ext/Config.in:1: symbol BR2_PACKAGE_FTPM_OPTEE_EXT depends on BR2_PACKAGE_OPTEE_OS_EXT build/br-ext/package/optee_os_ext/Config.in:1: symbol BR2_PACKAGE_OPTEE_OS_EXT is selected by BR2_PACKAGE_FTPM_OPTEE_EXT Signed-off-by:
Etienne Carriere <etienne.carriere@linaro.org> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org>
-
- Aug 12, 2021
-
-
Jerome Forissier authored
When VIRTFS_AUTOMOUNT=y and/or PSS_AUTOMOUNT=y, QEMU prints the following warning: qemu-system-aarch64: warning: 9p: degraded performance: a reasonable high msize should be chosen on client/guest side (chosen msize is <= 8192). See https://wiki.qemu.org/Documentation/9psetup#msize for details. Let's set the buffer size to 64K mainly to silence this warning. The performance is noticeably increased too although it doesn't really matters for typical OP-TEE use cases. Signed-off-by:
Jerome Forissier <jerome@forissier.org> Acked-by:
Etienne Carriere <etienne.carriere@linaro.org>
-
- Aug 05, 2021
-
-
Aleksey Kazantsev authored
Signed-off-by:
Aleksey Kazantsev <Alexey.Kazantsev@kaspersky.com> Reviewed-by:
Jerome Forissier <jerome@forissier.org>
-
- Jul 13, 2021
-
-
Jerome Forissier authored
After trying to use upstream EDK2 on my HiKey board without success, I reached a point where even 'make recovery' would not make the board bootable again. The recovery process failed like so: $ make recovery [...] Waiting for device... [35][34][33][32][31][30][29][28][27][26][25][24][23][22][21][20][19][18] Sending /home/jerome/work/optee_repo_hikey/build/../l-loader/recovery.bin ... Done fastboot flash loader /home/jerome/work/optee_repo_hikey/build/../l-loader/l-loader.bin < waiting for any device > Sending 'loader' (39 KB) FAILED (remote: 'invalid partition') fastboot: error: Command failed make: *** [Makefile:351: recovery] Error 1 The solution to this problem is mentioned in [1] and consists in running 'fastboot getvar partition-size:ptable' before the fastboot flash command. Link: [1] https://github.com/96boards/documentation/issues/751 . Signed-off-by:
Jerome Forissier <jerome@forissier.org> Acked-by:
Victor Chong <victor.chong@linaro.org>
-
- Jul 06, 2021
-
-
Jerome Forissier authored
qemu-check.exp needs the environment variable $XEN_BOOT to be set, or the following error is displayed: $ make check ... # no such variable (read trace on "::env(XEN_BOOT)") invoked from within "if {$::env(XEN_BOOT) == "y"} { info " (Xen Dom0)" }" (file "/<...>/qemu-check.exp" line 119) Signed-off-by:
Jerome Forissier <jerome@forissier.org> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org> Acked-by:
Ruchika Gupta <ruchika.gupta@linaro.org>
-
- Jul 01, 2021
-
-
Jens Wiklander authored
Replaces virt-make-fs with mke2fs since it's more robust on Ubuntu and also a bit faster. Fixes build problems like: virt-make-fs -t ext4 /home/jens/work/repos/qemu_v8_xen/build/../out/bin/xen_files /home/jens/work/repos/qemu_v8_xen/build/../out/bin/xen.ext4 Image Name: Root file system Created: Wed Jun 30 19:34:06 2021 Image Type: AArch64 Linux RAMDisk Image (gzip compressed) Data Size: 31978230 Bytes = 31228.74 KiB = 30.50 MiB Load Address: 44000000 Entry Point: 44000000 libguestfs: error: tar_in: tar subcommand failed on directory: /: tar: ./rootfs.cpio.gz: Wrote only 6144 of 10240 bytes tar: Exiting with failure status due to previous errors make: *** [Makefile:362: xen-create-image] Error 1 Reviewed-by:
Jerome Forissier <jerome@forissier.org> Tested-by:
Jerome Forissier <jerome@forissier.org> Signed-off-by:
Jens Wiklander <jens.wiklander@linaro.org>
-
- Jun 30, 2021
-
-
Javier Almansa Sobrino authored
This patch enables Measured Boot on TF-A and builds the TSS tools and the TPM Kernel Module for the FVP toolkit. The functionality is disabled by default. To enable it, build with MEASURED_BOOT=y. Signed-off-by:
Javier Almansa Sobrino <javier.almansasobrino@arm.com> Reviewed-by:
Jerome Forissier <jerome@forissier.org> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org>
-
- Jun 29, 2021
-
-
Jens Wiklander authored
TF-A v2.4 and earlier is used with the SCP binaries provided in the vexpress-firmware git. With TF-A v2.5 is supposed to use the SCP binaries released at [1] instead. So update to download the SCP binaries from [1] instead. Link [1]: https://downloads.trustedfirmware.org/tf-a/css_scp_2.8.0/juno Acked-by:
Jerome Forissier <jerome@forissier.org> Signed-off-by:
Jens Wiklander <jens.wiklander@linaro.org>
-
- Jun 28, 2021
-
-
Jerome Forissier authored
make-virt-fs is used to generate xen.ext4 but is passed '-t vfat' instead of '-t ext4'. Fix that. In fact '-t vfat' happens to be working in general, presumably because the actual format of the image is detected at runtime. However, I could not manage to make a VFAT image work in a Docker container based on Ubuntu 21.04 and with the following kernel image package installed: linux-image-kvm/hirsute-updates,now 5.11.0.1009.9 amd64 [installed] The error messages are as follows: root@32b61ad4d7f3:~/optee_repo_qemu_v8/build# LIBGUESTFS_DEBUG=1 LIBGUESTFS_TRACE=1 virt-make-fs -t vfat /root/optee_repo_qemu_v8/build/../out/bin/xen_files /root/optee_repo_qemu_v8/build/../out/bin/xen.ext4 [...] libguestfs: trace: mount_options "utf8" "/dev/sda" "/" guestfsd: => mkfs (0x116) took 0.47 secs guestfsd: <= mount_options (0x4a) request length 68 bytes commandrvf: stdout=n stderr=y flags=0x0 commandrvf: udevadm --debug settle -E /dev/sda SELinux enabled state cached to: disabled No filesystem is currently mounted on /sys/fs/cgroup. Failed to determine unit we run in, ignoring: No data available command: mount '-o' 'utf8' '/dev/sda' '/sysroot//' [ 11.673076] squashfs: Unknown parameter 'utf8' [ 11.694908] fuseblk: Unknown parameter 'utf8' command: mount returned 32 command: mount: stderr: mount: /sysroot: wrong fs type, bad option, bad superblock on /dev/sda, missing codepage or helper program, or other error. ocaml_exn: 'mount_options' raised 'Failure' exception guestfsd: error: mount exited with status 32: mount: /sysroot: wrong fs type, bad option, bad superblock on /dev/sda, missing codepage or helper program, or other error. guestfsd: => mount_options (0x4a) took 0.40 secs libguestfs: trace: mount_options = -1 (error) libguestfs: error: mount_options: mount exited with status 32: mount: /sysroot: wrong fs type, bad option, bad superblock on /dev/sda, missing codepage or helper program, or other error. libguestfs: trace: close libguestfs: closing guestfs handle 0x55f423503430 (state 2) [...] With '-t ext4', the issue is gone. Signed-off-by:
Jerome Forissier <jerome@forissier.org> Acked-by:
Jens Wiklander <jens.wiklander@linaro.org> Acked-by:
Ruchika Gupta <ruchika.gupta@linaro.org>
-
Jerome Forissier authored
Update broken URLs in the issue and PR templates. Signed-off-by:
Jerome Forissier <jerome@forissier.org> Reviewed-by:
Joakim Bech <joakim.bech@linaro.org> Reviewed-by:
Jens Wiklander <jens.wiklander@linaro.org>
-
- Jun 25, 2021
-
-
Jerome Forissier authored
Adds a helper script to create a Xen DomU from a Dom0 root shell. Signed-off-by:
Jerome Forissier <jerome@forissier.org> Reviewed-by:
Ruchika Gupta <ruchika.gupta@linaro.org>
-
Christoph Gellner authored
Use security_model mapped-xattr for QEMU_PSS_HOST_DIR. This allows folders/files below /data/tee to be owned by any uid/gid of the QEMU context. Fixes https://github.com/OP-TEE/build/issues/478 Signed-off-by:
Christoph Gellner <cgellner@de.adit-jv.com> Suggested-by:
Jerome Forissier <jerome@forissier.org> Reviewed-by:
Jerome Forissier <jerome@forissier.org>
-
- Jun 24, 2021
-
-
Ibai Erkiaga authored
Build script updated to use Petalinux 2020.2 release. Custom recipes removed in order to use upstream recipes insted for optee and python devtool dependencies. Signed-off-by:
Ibai Erkiaga <ibai.erkiaga-elorza@xilinx.com> Acked-by:
Michael Grand <michael.grand.mg@gmail.com> Tested-by:
Michael Grand <michael.grand.mg@gmail.com>
-
Jerome Forissier authored
The readability check of the host kernel makes sense only when XEN_BOOT=y, so avoid annoying users that are not concerned by this. Signed-off-by:
Jerome Forissier <jerome@forissier.org> Acked-by:
Ruchika Gupta <ruchika.gupta@linaro.org>
-