On Wed, Feb 15, 2023 at 01:33:43PM -0600, Andrew Davis via lists.yoctoproject.org wrote: > Use the new ti-k3-secdev package to pull in the signing tools if they are > not provided by the environment. This allows us to use these tools > unconditionally. Remove the checks for the script and do the signing > for all K3 machines. The signature is automatically stripped from > the binaries on non-HS devices at boot time as needed so this change > is harmless for GP devices. > > Signed-off-by: Andrew Davis <[email protected]>
Tested-by: Denys Dmytriyenko <[email protected]> > --- > .../optee/optee-os_3.16%.bbappend | 43 +++---------------- > 1 file changed, 7 insertions(+), 36 deletions(-) > > diff --git a/meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend > b/meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend > index 6913851b..1e0072ef 100644 > --- a/meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend > +++ b/meta-ti-bsp/recipes-security/optee/optee-os_3.16%.bbappend > @@ -1,14 +1,13 @@ > PV:ti-soc = "3.19.0+git${SRCPV}" > SRCREV:ti-soc = "afacf356f9593a7f83cae9f96026824ec242ff52" > > +# Use TI SECDEV for signing > +inherit ti-secdev > + > EXTRA_OEMAKE:append:k3 = "${@ ' CFG_CONSOLE_UART='+ > d.getVar('OPTEE_K3_USART') if d.getVar('OPTEE_K3_USART') else ''}" > > EXTRA_OEMAKE:append:am62xx = " CFG_WITH_SOFTWARE_PRNG=y > CFG_TEE_CORE_LOG_LEVEL=1" > > -do_compile:prepend:ti-soc() { > - export TI_SECURE_DEV_PKG=${TI_SECURE_DEV_PKG} > -} > - > do_compile:append:k3() { > ( cd ${B}/core/; \ > cp tee-pager_v2.bin ${B}/bl32.bin; \ > @@ -35,20 +34,6 @@ optee_sign_legacyhs() { > fi > } > > -# Signing procedure for K3 HS devices > -optee_sign_k3hs() { > - ( cd ${B}/core/; \ > - if [ -f ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh ]; then \ > - ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh > tee-pager_v2.bin tee-pager.bin.signed; \ > - else \ > - echo "Warning: TI_SECURE_DEV_PKG not set, OP-TEE not signed."; \ > - cp tee-pager_v2.bin tee-pager.bin.signed; \ > - fi; \ > - mv tee-pager.bin.signed ${B}/bl32.bin; \ > - cp tee.elf ${B}/bl32.elf; \ > - ) > -} > - > do_compile:append:ti43x() { > optee_sign_legacyhs > } > @@ -57,24 +42,10 @@ do_compile:append:dra7xx() { > optee_sign_legacyhs > } > > -do_compile:append:am65xx-hs-evm() { > - optee_sign_k3hs > -} > - > -do_compile:append:am64xx-evm() { > - optee_sign_k3hs > -} > - > -do_compile:append:j721e-hs-evm() { > - optee_sign_k3hs > -} > - > -do_compile:append:j7200-hs-evm() { > - optee_sign_k3hs > -} > - > -do_compile:append:j721s2-hs-evm() { > - optee_sign_k3hs > +# Signing procedure for K3 devices > +do_compile:append:k3() { > + ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh > ${B}/core/tee-pager_v2.bin ${B}/bl32.bin > + cp ${B}/core/tee.elf ${B}/bl32.elf > } > > do_install:append:ti-soc() { > -- > 2.39.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#15909): https://lists.yoctoproject.org/g/meta-ti/message/15909 Mute This Topic: https://lists.yoctoproject.org/mt/96991007/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-ti/leave/6695321/21656/1393940836/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
