From ae102ee750687c37d5813af0ff59989fd309e99b Mon Sep 17 00:00:00 2001 From: Etienne Carriere Date: Fri, 30 Oct 2020 08:50:39 +0100 Subject: [PATCH] boot/optee-os: bump to version 3.11.0 Bump OP-TEE OS package version to OP-TEE release 3.11.0. Remove patches since merged in OP-TEE OS 3.11.0 Signed-off-by: Etienne Carriere Signed-off-by: Thomas Petazzoni --- ...ub.py-use-Cryptodome-module-instead-.patch | 34 --- ...nfig.mk-fix-CFG_OPTEE_REVISION_MINOR.patch | 32 --- ...e-ta-Configurable-Python-interpreter.patch | 249 ------------------ boot/optee-os/Config.in | 4 +- boot/optee-os/optee-os.hash | 4 +- 5 files changed, 4 insertions(+), 319 deletions(-) delete mode 100644 boot/optee-os/0001-scripts-pem_to_pub.py-use-Cryptodome-module-instead-.patch delete mode 100644 boot/optee-os/0002-config.mk-fix-CFG_OPTEE_REVISION_MINOR.patch delete mode 100644 boot/optee-os/0003-mk-core-ta-Configurable-Python-interpreter.patch diff --git a/boot/optee-os/0001-scripts-pem_to_pub.py-use-Cryptodome-module-instead-.patch b/boot/optee-os/0001-scripts-pem_to_pub.py-use-Cryptodome-module-instead-.patch deleted file mode 100644 index 822ef4b39e..0000000000 --- a/boot/optee-os/0001-scripts-pem_to_pub.py-use-Cryptodome-module-instead-.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 04a8def18caccad27292ba97dc8ea8b3eb3a6afd Mon Sep 17 00:00:00 2001 -From: Etienne Carriere -Date: Tue, 26 May 2020 11:10:45 +0200 -Subject: [PATCH] scripts/pem_to_pub.py: use Cryptodome module instead of - Crypto - -Upgrade scripts/pem_to_pub.py to use module Cryptodome instead of -module Crypto for consistency with the other helper Python scripts -of OP-TEE OS package. - -Signed-off-by: Etienne Carriere -Acked-by: Jens Wiklander ---- - scripts/pem_to_pub_c.py | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/scripts/pem_to_pub_c.py b/scripts/pem_to_pub_c.py -index 3a896a393..d3f0e5006 100755 ---- a/scripts/pem_to_pub_c.py -+++ b/scripts/pem_to_pub_c.py -@@ -21,8 +21,8 @@ def get_args(): - - def main(): - import array -- from Crypto.PublicKey import RSA -- from Crypto.Util.number import long_to_bytes -+ from Cryptodome.PublicKey import RSA -+ from Cryptodome.Util.number import long_to_bytes - - args = get_args() - --- -2.17.1 - diff --git a/boot/optee-os/0002-config.mk-fix-CFG_OPTEE_REVISION_MINOR.patch b/boot/optee-os/0002-config.mk-fix-CFG_OPTEE_REVISION_MINOR.patch deleted file mode 100644 index 867836ef0c..0000000000 --- a/boot/optee-os/0002-config.mk-fix-CFG_OPTEE_REVISION_MINOR.patch +++ /dev/null @@ -1,32 +0,0 @@ -From c5f5e6bf6644a536a0d53bfb9f5c5419150035dd Mon Sep 17 00:00:00 2001 -From: Jens Wiklander -Date: Mon, 25 May 2020 12:20:08 +0200 -Subject: [PATCH] config.mk: fix CFG_OPTEE_REVISION_MINOR - -The current release is 3.9.0, change the revision to match. - -Fixes: af141c61fe7a ("Update CHANGELOG for 3.9.0") -Reviewed-by: Joakim Bech -Reported-by: Etienne Carriere -Signed-off-by: Jens Wiklander -Signed-off-by: Etienne Carriere ---- - mk/config.mk | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/mk/config.mk b/mk/config.mk -index c00a14618..bc49f83d8 100644 ---- a/mk/config.mk -+++ b/mk/config.mk -@@ -116,7 +116,7 @@ endif - # with limited depth not including any tag, so there is really no guarantee - # that TEE_IMPL_VERSION contains the major and minor revision numbers. - CFG_OPTEE_REVISION_MAJOR ?= 3 --CFG_OPTEE_REVISION_MINOR ?= 8 -+CFG_OPTEE_REVISION_MINOR ?= 9 - - # Trusted OS implementation manufacturer name - CFG_TEE_MANUFACTURER ?= LINARO --- -2.17.1 - diff --git a/boot/optee-os/0003-mk-core-ta-Configurable-Python-interpreter.patch b/boot/optee-os/0003-mk-core-ta-Configurable-Python-interpreter.patch deleted file mode 100644 index 911a09b986..0000000000 --- a/boot/optee-os/0003-mk-core-ta-Configurable-Python-interpreter.patch +++ /dev/null @@ -1,249 +0,0 @@ -From 49c7d2557d92993a1e09e50c961b9d4f7ab1091b Mon Sep 17 00:00:00 2001 -From: Dick Olsson -Date: Wed, 22 Jul 2020 08:49:12 +0200 -Subject: [PATCH] mk: core: ta: Configurable Python interpreter - -Build systems that manage multiple different python interpreters need -explicit control over which version of the interpreter to use. -This patch enables one to override the default interpreter with the path -to a specific one. - -Signed-off-by: Dick Olsson -Reviewed-by: Jens Wiklander -Reviewed-by: Jerome Forissier ---- - core/arch/arm/arm.mk | 2 ++ - core/arch/arm/kernel/link.mk | 22 +++++++++++----------- - core/sub.mk | 10 +++++----- - mk/config.mk | 6 ++++++ - mk/lib.mk | 2 +- - ta/arch/arm/link.mk | 2 +- - ta/arch/arm/link_shlib.mk | 2 +- - ta/ta.mk | 2 +- - 8 files changed, 28 insertions(+), 20 deletions(-) - -diff --git a/core/arch/arm/arm.mk b/core/arch/arm/arm.mk -index 5c9f16ef..878035c5 100644 ---- a/core/arch/arm/arm.mk -+++ b/core/arch/arm/arm.mk -@@ -245,6 +245,7 @@ ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE32 ?= $$(CROSS_COMPILE)_nl_ - ta-mk-file-export-add-ta_arm32 += CROSS_COMPILE_ta_arm32 ?= $$(CROSS_COMPILE32)_nl_ - ta-mk-file-export-add-ta_arm32 += COMPILER ?= gcc_nl_ - ta-mk-file-export-add-ta_arm32 += COMPILER_ta_arm32 ?= $$(COMPILER)_nl_ -+ta-mk-file-export-add-ta_arm32 += PYTHON3 ?= python3_nl_ - endif - - ifneq ($(filter ta_arm64,$(ta-targets)),) -@@ -275,6 +276,7 @@ ta-mk-file-export-add-ta_arm64 += CROSS_COMPILE64 ?= $$(CROSS_COMPILE)_nl_ - ta-mk-file-export-add-ta_arm64 += CROSS_COMPILE_ta_arm64 ?= $$(CROSS_COMPILE64)_nl_ - ta-mk-file-export-add-ta_arm64 += COMPILER ?= gcc_nl_ - ta-mk-file-export-add-ta_arm64 += COMPILER_ta_arm64 ?= $$(COMPILER)_nl_ -+ta-mk-file-export-add-ta_arm64 += PYTHON3 ?= python3_nl_ - endif - - # Set cross compiler prefix for each TA target -diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index 1b89b895..69375ad6 100644 ---- a/core/arch/arm/kernel/link.mk -+++ b/core/arch/arm/kernel/link.mk -@@ -62,13 +62,13 @@ cleanfiles += $(link-out-dir)/text_unpaged.ld.S - $(link-out-dir)/text_unpaged.ld.S: $(link-out-dir)/unpaged.o - @$(cmd-echo-silent) ' GEN $@' - $(q)$(READELFcore) -S -W $< | \ -- ./scripts/gen_ld_sects.py .text. > $@ -+ $(PYTHON3) ./scripts/gen_ld_sects.py .text. > $@ - - cleanfiles += $(link-out-dir)/rodata_unpaged.ld.S - $(link-out-dir)/rodata_unpaged.ld.S: $(link-out-dir)/unpaged.o - @$(cmd-echo-silent) ' GEN $@' - $(q)$(READELFcore) -S -W $< | \ -- ./scripts/gen_ld_sects.py .rodata. > $@ -+ $(PYTHON3) ./scripts/gen_ld_sects.py .rodata. > $@ - - - cleanfiles += $(link-out-dir)/init_entries.txt -@@ -92,12 +92,12 @@ cleanfiles += $(link-out-dir)/text_init.ld.S - $(link-out-dir)/text_init.ld.S: $(link-out-dir)/init.o - @$(cmd-echo-silent) ' GEN $@' - $(q)$(READELFcore) -S -W $< | \ -- ./scripts/gen_ld_sects.py .text. > $@ -+ $(PYTHON3) ./scripts/gen_ld_sects.py .text. > $@ - - cleanfiles += $(link-out-dir)/rodata_init.ld.S - $(link-out-dir)/rodata_init.ld.S: $(link-out-dir)/init.o - @$(cmd-echo-silent) ' GEN $@' -- $(q)$(READELFcore) -S -W $< | ./scripts/gen_ld_sects.py .rodata. > $@ -+ $(q)$(READELFcore) -S -W $< | $(PYTHON3) ./scripts/gen_ld_sects.py .rodata. > $@ - - -include $(link-script-dep) - -@@ -176,39 +176,39 @@ cleanfiles += $(link-out-dir)/tee-pager.bin - $(link-out-dir)/tee-pager.bin: $(link-out-dir)/tee.elf scripts/gen_tee_bin.py - @echo Warning: $@ is deprecated - @$(cmd-echo-silent) ' GEN $@' -- $(q)scripts/gen_tee_bin.py --input $< --out_tee_pager_bin $@ -+ $(q)$(PYTHON3) scripts/gen_tee_bin.py --input $< --out_tee_pager_bin $@ - - cleanfiles += $(link-out-dir)/tee-pageable.bin - $(link-out-dir)/tee-pageable.bin: $(link-out-dir)/tee.elf scripts/gen_tee_bin.py - @echo Warning: $@ is deprecated - @$(cmd-echo-silent) ' GEN $@' -- $(q)scripts/gen_tee_bin.py --input $< --out_tee_pageable_bin $@ -+ $(q)$(PYTHON3) scripts/gen_tee_bin.py --input $< --out_tee_pageable_bin $@ - - all: $(link-out-dir)/tee.bin - cleanfiles += $(link-out-dir)/tee.bin - $(link-out-dir)/tee.bin: $(link-out-dir)/tee.elf scripts/gen_tee_bin.py - @$(cmd-echo-silent) ' GEN $@' -- $(q)scripts/gen_tee_bin.py --input $< --out_tee_bin $@ -+ $(q)$(PYTHON3) scripts/gen_tee_bin.py --input $< --out_tee_bin $@ - - all: $(link-out-dir)/tee-header_v2.bin - cleanfiles += $(link-out-dir)/tee-header_v2.bin - $(link-out-dir)/tee-header_v2.bin: $(link-out-dir)/tee.elf \ - scripts/gen_tee_bin.py - @$(cmd-echo-silent) ' GEN $@' -- $(q)scripts/gen_tee_bin.py --input $< --out_header_v2 $@ -+ $(q)$(PYTHON3) scripts/gen_tee_bin.py --input $< --out_header_v2 $@ - - all: $(link-out-dir)/tee-pager_v2.bin - cleanfiles += $(link-out-dir)/tee-pager_v2.bin - $(link-out-dir)/tee-pager_v2.bin: $(link-out-dir)/tee.elf scripts/gen_tee_bin.py - @$(cmd-echo-silent) ' GEN $@' -- $(q)scripts/gen_tee_bin.py --input $< --out_pager_v2 $@ -+ $(q)$(PYTHON3) scripts/gen_tee_bin.py --input $< --out_pager_v2 $@ - - all: $(link-out-dir)/tee-pageable_v2.bin - cleanfiles += $(link-out-dir)/tee-pageable_v2.bin - $(link-out-dir)/tee-pageable_v2.bin: $(link-out-dir)/tee.elf \ - scripts/gen_tee_bin.py - @$(cmd-echo-silent) ' GEN $@' -- $(q)scripts/gen_tee_bin.py --input $< --out_pageable_v2 $@ -+ $(q)$(PYTHON3) scripts/gen_tee_bin.py --input $< --out_pageable_v2 $@ - - all: $(link-out-dir)/tee.symb_sizes - cleanfiles += $(link-out-dir)/tee.symb_sizes -@@ -222,5 +222,5 @@ mem_usage: $(link-out-dir)/tee.mem_usage - - $(link-out-dir)/tee.mem_usage: $(link-out-dir)/tee.elf - @$(cmd-echo-silent) ' GEN $@' -- $(q)./scripts/mem_usage.py $< > $@ -+ $(q)$(PYTHON3) ./scripts/mem_usage.py $< > $@ - endif -diff --git a/core/sub.mk b/core/sub.mk -index 03cc6bc7..0959c9a9 100644 ---- a/core/sub.mk -+++ b/core/sub.mk -@@ -9,13 +9,13 @@ ifeq ($(CFG_WITH_USER_TA),y) - gensrcs-y += ta_pub_key - produce-ta_pub_key = ta_pub_key.c - depends-ta_pub_key = $(TA_SIGN_KEY) scripts/pem_to_pub_c.py --recipe-ta_pub_key = scripts/pem_to_pub_c.py --prefix ta_pub_key \ -+recipe-ta_pub_key = $(PYTHON3) scripts/pem_to_pub_c.py --prefix ta_pub_key \ - --key $(TA_SIGN_KEY) --out $(sub-dir-out)/ta_pub_key.c - - gensrcs-y += ldelf - produce-ldelf = ldelf_hex.c - depends-ldelf = scripts/gen_ldelf_hex.py $(out-dir)/ldelf/ldelf.elf --recipe-ldelf = scripts/gen_ldelf_hex.py --input $(out-dir)/ldelf/ldelf.elf \ -+recipe-ldelf = $(PYTHON3) scripts/gen_ldelf_hex.py --input $(out-dir)/ldelf/ldelf.elf \ - --output $(sub-dir-out)/ldelf_hex.c - endif - -@@ -25,7 +25,7 @@ early-ta-$1-uuid := $(firstword $(subst ., ,$(notdir $1))) - gensrcs-y += early-ta-$1 - produce-early-ta-$1 = early_ta_$$(early-ta-$1-uuid).c - depends-early-ta-$1 = $1 scripts/ta_bin_to_c.py --recipe-early-ta-$1 = scripts/ta_bin_to_c.py --compress --ta $1 \ -+recipe-early-ta-$1 = $(PYTHON3) scripts/ta_bin_to_c.py --compress --ta $1 \ - --out $(sub-dir-out)/early_ta_$$(early-ta-$1-uuid).c - endef - $(foreach f, $(EARLY_TA_PATHS), $(eval $(call process_early_ta,$(f)))) -@@ -40,7 +40,7 @@ core-embed-fdt-c = $(out-dir)/$(arch-dir)/dts/$(CFG_EMBED_DTB_SOURCE_FILE:.dts=. - gensrcs-y += embedded_secure_dtb - produce-embedded_secure_dtb = arch/$(ARCH)/dts/$(CFG_EMBED_DTB_SOURCE_FILE:.dts=.c) - depends-embedded_secure_dtb = $(core-embed-fdt-dtb) scripts/bin_to_c.py --recipe-embedded_secure_dtb = scripts/bin_to_c.py \ -+recipe-embedded_secure_dtb = $(PYTHON3) scripts/bin_to_c.py \ - --bin $(core-embed-fdt-dtb) \ - --vname embedded_secure_dtb \ - --out $(core-embed-fdt-c) -@@ -58,7 +58,7 @@ $(conf-mk-xz-base64): $(conf-mk-file) - gensrcs-y += conf_str - produce-conf_str = conf.mk.xz.base64.c - depends-conf_str = $(conf-mk-xz-base64) --recipe-conf_str = scripts/bin_to_c.py --text --bin $(conf-mk-xz-base64) \ -+recipe-conf_str = $(PYTHON3) scripts/bin_to_c.py --text --bin $(conf-mk-xz-base64) \ - --out $(sub-dir-out)/conf.mk.xz.base64.c \ - --vname conf_str - endif -diff --git a/mk/config.mk b/mk/config.mk -index 70732c4d..1fe65576 100644 ---- a/mk/config.mk -+++ b/mk/config.mk -@@ -32,6 +32,12 @@ endif - # Supported values: undefined, 1, 2 and 3. 3 gives more warnings. - WARNS ?= 3 - -+# Path to the Python interpreter used by the build system. -+# This variable is set to the default python3 interpreter in the user's -+# path. But build environments that require more explicit control can -+# set the path to a specific interpreter through this variable. -+PYTHON3 ?= python3 -+ - # Define DEBUG=1 to compile without optimization (forces -O0) - # DEBUG=1 - -diff --git a/mk/lib.mk b/mk/lib.mk -index 6e890893..3bd422d6 100644 ---- a/mk/lib.mk -+++ b/mk/lib.mk -@@ -72,7 +72,7 @@ $(lib-shlibstrippedfile): $(lib-shlibfile) - - $(lib-shlibtafile): $(lib-shlibstrippedfile) $(TA_SIGN_KEY) - @$(cmd-echo-silent) ' SIGN $$@' -- $$(q)$$(SIGN) --key $(TA_SIGN_KEY) --uuid $(libuuid) --in $$< --out $$@ -+ $$(q)$$(PYTHON3) $$(SIGN) --key $(TA_SIGN_KEY) --uuid $(libuuid) --in $$< --out $$@ - - $(lib-libuuidln): $(lib-shlibfile) - @$(cmd-echo-silent) ' LN $$@' -diff --git a/ta/arch/arm/link.mk b/ta/arch/arm/link.mk -index db7d0b9a..b95c0cba 100644 ---- a/ta/arch/arm/link.mk -+++ b/ta/arch/arm/link.mk -@@ -2,7 +2,7 @@ link-script$(sm) = $(ta-dev-kit-dir$(sm))/src/ta.ld.S - link-script-pp$(sm) = $(link-out-dir$(sm))/ta.lds - link-script-dep$(sm) = $(link-out-dir$(sm))/.ta.ld.d - --SIGN_ENC ?= $(ta-dev-kit-dir$(sm))/scripts/sign_encrypt.py -+SIGN_ENC ?= $(PYTHON3) $(ta-dev-kit-dir$(sm))/scripts/sign_encrypt.py - TA_SIGN_KEY ?= $(ta-dev-kit-dir$(sm))/keys/default_ta.pem - - ifeq ($(CFG_ENCRYPT_TA),y) -diff --git a/ta/arch/arm/link_shlib.mk b/ta/arch/arm/link_shlib.mk -index ed81e59a..cc177ef0 100644 ---- a/ta/arch/arm/link_shlib.mk -+++ b/ta/arch/arm/link_shlib.mk -@@ -47,5 +47,5 @@ $(link-out-dir)/$(shlibuuid).elf: $(link-out-dir)/$(shlibname).so - $(link-out-dir)/$(shlibuuid).ta: $(link-out-dir)/$(shlibname).stripped.so \ - $(TA_SIGN_KEY) - @$(cmd-echo-silent) ' SIGN $@' -- $(q)$(SIGN) --key $(TA_SIGN_KEY) --uuid $(shlibuuid) \ -+ $(q)$(PYTHON3) $(SIGN) --key $(TA_SIGN_KEY) --uuid $(shlibuuid) \ - --in $< --out $@ -diff --git a/ta/ta.mk b/ta/ta.mk -index 918880f4..59ed87f7 100644 ---- a/ta/ta.mk -+++ b/ta/ta.mk -@@ -67,7 +67,7 @@ $$(arm32-user-sysregs-out)/$$(arm32-user-sysregs-$(1)-h): \ - $(1) scripts/arm32_sysreg.py - @$(cmd-echo-silent) ' GEN $$@' - $(q)mkdir -p $$(dir $$@) -- $(q)scripts/arm32_sysreg.py --guard __$$(arm32-user-sysregs-$(1)-h) \ -+ $(q)$(PYTHON3) scripts/arm32_sysreg.py --guard __$$(arm32-user-sysregs-$(1)-h) \ - < $$< > $$@ - - endef #process-arm32-user-sysreg --- -2.20.1 - diff --git a/boot/optee-os/Config.in b/boot/optee-os/Config.in index 5a786833ef..3076be6b42 100644 --- a/boot/optee-os/Config.in +++ b/boot/optee-os/Config.in @@ -18,7 +18,7 @@ choice Select the version of OP-TEE OS you want to use config BR2_TARGET_OPTEE_OS_LATEST - bool "3.9.0" + bool "3.11.0" help Use the latest release tag from the OP-TEE OS official Git repository. @@ -50,7 +50,7 @@ endif config BR2_TARGET_OPTEE_OS_VERSION string - default "3.9.0" if BR2_TARGET_OPTEE_OS_LATEST + default "3.11.0" if BR2_TARGET_OPTEE_OS_LATEST default BR2_TARGET_OPTEE_OS_CUSTOM_REPO_VERSION \ if BR2_TARGET_OPTEE_OS_CUSTOM_GIT diff --git a/boot/optee-os/optee-os.hash b/boot/optee-os/optee-os.hash index f38ebc569f..0d60cebea1 100644 --- a/boot/optee-os/optee-os.hash +++ b/boot/optee-os/optee-os.hash @@ -1,4 +1,4 @@ -# From https://github.com/OP-TEE/optee_os/archive/3.9.0.tar.gz -sha256 ac6f145ebde715d4d7a1d5277f4e08a06b660e1c0237c926a274d86cd90ef4c5 optee-os-3.9.0.tar.gz +# From https://github.com/OP-TEE/optee_os/archive/3.11.0.tar.gz +sha256 3c34eda1052fbb9ed36fcfdfaecfd2685023b9290670c1a5982f8a0457bfd2cb optee-os-3.11.0.tar.gz # Locally computed sha256 1247ee90858f4037b6cac63cbffddfed435d0d73c631b37d78c1e6e6ab3e5d1a LICENSE