On Wed, Feb 08, 2023 at 05:10:29PM -0600, Andrew Davis via
lists.yoctoproject.org wrote:
> Use the new ti-k3-secdev package to pull in the signing tools if they are
> not provided by the environment. This allows us to use these tools
> unconditionally. Remove the checks for the script and do the signing
> for all K3 machines. The signature is automatically stripped from
> the binaries on non-HS devices at boot time as needed so this change
> is harmless for GP devices.
>
> Signed-off-by: Andrew Davis <[email protected]>
> ---
> .../optee/optee-os_3.16%.bbappend | 44 +++++--------------
> 1 file changed, 12 insertions(+), 32 deletions(-)
>
> diff --git a/meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend
> b/meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend
> index 6913851b..5a693247 100644
> --- a/meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend
> +++ b/meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend
> @@ -1,6 +1,14 @@
> PV:ti-soc = "3.19.0+git${SRCPV}"
> SRCREV:ti-soc = "afacf356f9593a7f83cae9f96026824ec242ff52"
>
> +# Use default package TI SECDEV is one is not provided
Same typo
> +DEPENDS:append:k3 = "${@ '' if d.getVar('TI_SECURE_DEV_PKG_K3') else '
> ti-k3-secdev-native' }"
> +
> +# set a default value for TI_K3_SECDEV_INSTALL_DIR
> +export TI_K3_SECDEV_INSTALL_DIR =
> "${STAGING_DIR_NATIVE}${datadir}/ti/ti-k3-secdev"
> +include recipes-ti/includes/ti-paths.inc
Same comment
> +TI_SECURE_DEV_PKG:k3 = "${@ d.getVar('TI_SECURE_DEV_PKG_K3') or
> d.getVar('TI_K3_SECDEV_INSTALL_DIR') }"
> +
> EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+
> d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}"
>
> EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y
> CFG_TEE_CORE_LOG_LEVEL=1"
> @@ -35,20 +43,6 @@ optee_sign_legacyhs() {
> fi
> }
>
> -# Signing procedure for K3 HS devices
> -optee_sign_k3hs() {
> - ( cd ${B}/core/; \
> - if [ -f ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ]; then \
> - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh
> tee-pager_v2.bin tee-pager.bin.signed; \
> - else \
> - echo "Warning: TI_SECURE_DEV_PKG not set, OP-TEE not signed."; \
> - cp tee-pager_v2.bin tee-pager.bin.signed; \
> - fi; \
> - mv tee-pager.bin.signed ${B}/bl32.bin; \
> - cp tee.elf ${B}/bl32.elf; \
> - )
> -}
> -
> do_compile:append:ti43x() {
> optee_sign_legacyhs
> }
> @@ -57,24 +51,10 @@ do_compile:append:dra7xx() {
> optee_sign_legacyhs
> }
>
> -do_compile:append:am65xx-hs-evm() {
> - optee_sign_k3hs
> -}
> -
> -do_compile:append:am64xx-evm() {
> - optee_sign_k3hs
> -}
> -
> -do_compile:append:j721e-hs-evm() {
> - optee_sign_k3hs
> -}
> -
> -do_compile:append:j7200-hs-evm() {
> - optee_sign_k3hs
> -}
> -
> -do_compile:append:j721s2-hs-evm() {
> - optee_sign_k3hs
> +# Signing procedure for K3 devices
> +do_compile:append:k3() {
> + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh
> ${B}/core/tee-pager_v2.bin ${B}/bl32.bin
> + cp ${B}/core/tee.elf ${B}/bl32.elf
> }
>
> do_install:append:ti-soc() {
> --
> 2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#15797):
https://lists.yoctoproject.org/g/meta-ti/message/15797
Mute This Topic: https://lists.yoctoproject.org/mt/96842453/21656
Group Owner: [email protected]
Unsubscribe:
https://lists.yoctoproject.org/g/meta-ti/leave/6695321/21656/1393940836/xyzzy
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
