subtree updates
meta-openembedded: 0782ea454a..ce0b93fc12:
Alex Kiernan (5):
faad2: Upgrade 2.8.8 -> 2.10.0
onig: Upgrade 6.9.4 -> 6.9.8
jansson: Honour multilib paths
jansson: Backport linker flag fixes
jansson: Default to shared builds
Beniamin Sandu (1):
libnet: update to v1.2 release
Daniel Gomez (4):
gst-instruments: Update 0.2.3 -> 0.3.1+cb8977a
libftdi: Add ftdi-eeprom support
xf86-video-ati: Update 19.1.0 -> 19.1.0+7a6a34af
v4l-utils: Update 1.22.1 -> 1.23.0+fd544473
Gianluigi Spagnuolo (1):
bpftool: add aarch64 to COMPATIBLE_HOST
Hitomi Hasegawa (1):
libsdl: add CVE-2019-14906 to allowlist
Khem Raj (2):
python3-gevent: Avoid building internal version of libev
xterm: Add _GNU_SOURCE via CFLAGS
Lukas Rusak (2):
libwebsockets: add optional support for sd-event loop
libwebsockets: add error check if PACKAGECONFIG contains systemd but DISTRO_FEATURES doesn't
Ming Liu (1):
plymouth: uprev to 22.02.122
William A. Kennington III (2):
gerbera: upgrade 1.9.2 -> 1.11.0
fmt: upgrade 8.1.1 -> 9.1.0
Yi Zhao (4):
freeradius: fix daemon startup warnings
frr: upgrade 8.2.2 -> 8.3.1
libnftnl: upgrade 1.2.2 -> 1.2.3
nftables: upgrade 1.0.4 -> 1.0.5
onkelpit (1):
tio: added tio version 2.0 and 1.47
wangmy (1):
xterm: upgrade 372 -> 373
meta-arm: 52f07a4b0b..0164b4ca7a:
Abdellatif El Khlifi (12):
arm-bsp/u-boot: corstone1000: update initramfs bundle size
arm-bsp/u-boot: corstone1000: upgrade FF-A support
arm-bsp/optee-os: corstone1000: upgrade to v3.18
arm-bsp/optee-spdevkit: corstone1000: drop the support
arm-bsp/corstone1000-initramfs-image: remove obsolete packages
arm-bsp/trusted-services: corstone1000: add secure partitions support
arm-bsp/machine: corstone1000: disable pulling the kernel into the initramfs
arm-bsp/trusted-services: corstone1000: add MHU-driver
arm-bsp/corstone1000-initramfs-image: add TS PSA API tests packages
arm-bsp/linux: corstone1000: use arm-ffa machine feature
arm/secure-partitions: drop use of the recipe
arm/ffa-debugfs: drop use of the kernel module
Adam Johnston (3):
arm-bsp/edk2-firmware: Update edk2/edk2-platforms versions for N1SDP
arm-bsp/edk2-firmware: Add edk2-platforms patches for N1SDP
arm-bsp/trusted-firmware-a: Update TF-A version for N1SDP
Andrei Gherzan (1):
edk2-firmware: Fix configure sed typo
Anton Antonov (1):
Temporary use qemu 7.0.0 for TS CI pipelines
Davidson K (6):
arm-bsp/tc: upgrade version of trusted-firmware-a
arm-bsp/tc: upgrade version of hafnium
arm-bsp/tc: upgrade version of optee
arm-bsp/u-boot: add gnutls-native as dependency
arm-bsp/trusted-firmware-a: add firmware update support for TC
arm-bsp/hafnium: enable Virtual Host Extension for TC
Denys Dmytriyenko (1):
arm-toolchain/gcc,external-arm-toolchain: resolve conflict with gcc headers
Emekcan (8):
arm-bsp/u-boot: Add external system driver to u-boot device tree
arm-bsp/kernel: Add external device driver
arm-bsp/u-boot: Add external system MHUs to u-boot device tree
arm-bsp/kernel: Add rpmsg_arm_mailbox to corstone1000
arm-bsp/test: Adding a test app for external system
arm-bsp/images: Adding external system test to initramfs image
arm-bsp/test: Changing the test app repository
arm-bsp/external-system: Changing the RTX repo
Jiacheng Tang (1):
arm/fvp-base-r-aem: upgrade to version 11.19.14
Joe Slater (1):
arm/packagegroup-ts-tests: fix parse error
Jon Mason (17):
arm-bsp/optee-os: add 3.10 recipe for corstone1000
arm-bsp/optee: rename corstone1000 files
arm/optee-spdevkit: add version to file name
arm/optee-os: add ARMv7 changes to clang patch and update patches
arm/qemuarm-secureboot: remove optee-os version pin
arm/optee: remove old versions
arm/optee-client: move the 3.14 recipe to meta-arm-bsp
arm/hafnium: update to 2.7
arm-bsp/n1sdp: update linux-yocto patches
arm/edk2-firmware: Work around clang issue
arm-bsp/tc: remove hafnium clang patch
layers: convert to langdale compatibility
CI: Remove uniquely zephyr machines
arm-bsp/fvp: move the fvp include file to the include directory
ci: move features only needed by testimage from base
CI: apply a patch so that meta-zephyr is compatible with langdale
Revert "CI: apply a patch so that meta-zephyr is compatible with langdale"
Khem Raj (6):
optee-os: Extend clang pragma fixes to core_mmu_v7.c for 3.18
trusted-services: Pin to use gcc
ffa-debugfs-mod: Exclude from world builds
linux-yocto: Add bbappend for 5.19
hafnium: Add a fix for clang-15 errors
hafnium: Exclude from world builds
Mohamed Omar Asaker (1):
arm-bsp/n1sdp-board-firmware: upgrade to N1SDP-2022.06.22
Peter Hoyes (4):
arm/lib: Specify the FVP environment variables explicitly
arm-bsp/trusted-firmware-m: Make branch names configurable
arm/classes: Migrate TF-M image signing to bbclass
arm-bsp/corstone1000: Refactor image signing to use new bbclass
Ross Burton (3):
gem5/linux-yocto: upgrade to 5.4.205 and fix buildpaths in binaries
Revert "Temporary use qemu 7.0.0 for TS CI pipelines"
runfvp: pass-through environment variables need for GUI applications
Rui Miguel Silva (1):
arm-bsp: trusted-services: fix openamp build
Vishnu Banavath (2):
arm-bsp/ffa-debugfs: update git SHA for v2.1.0
arm-bsp/external-system:corstone1000: build and install external-system
Xueliang Zhong (1):
arm-bsp/n1sdp: upgrade scp-firmware version
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I7a07eab9e4aa0bdbdb50602050c3c4caf062acbf
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
deleted file mode 100644
index be78b88..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require optee-client.inc
-
-SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
deleted file mode 100644
index f2b5f7d..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
+++ /dev/null
@@ -1,4 +0,0 @@
-require optee-examples.inc
-
-SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec"
-
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
deleted file mode 100644
index 0d37a52..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
+++ /dev/null
@@ -1,20 +0,0 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:"
-require optee-os_3.14.0.bb
-
-SUMMARY = "OP-TEE Trusted OS TA devkit"
-DESCRIPTION = "OP-TEE TA devkit for build TAs"
-HOMEPAGE = "https://www.op-tee.org/"
-
-do_install() {
- #install TA devkit
- install -d ${D}${includedir}/optee/export-user_ta/
- for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do
- cp -aR $f ${D}${includedir}/optee/export-user_ta/
- done
-}
-
-do_deploy() {
- echo "Do not inherit do_deploy from optee-os."
-}
-
-FILES:${PN} = "${includedir}/optee/"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch
index db88e7f..a69d777 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch
@@ -37,11 +37,9 @@
core/kernel/thread.c | 13 +++++++++++-
4 files changed, 71 insertions(+), 8 deletions(-)
-diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
-index f083b159e..432983c86 100644
--- a/core/arch/arm/kernel/thread.c
+++ b/core/arch/arm/kernel/thread.c
-@@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss;
+@@ -44,16 +44,31 @@ static size_t thread_user_kcode_size __n
#if defined(CFG_CORE_UNMAP_CORE_AT_EL0) && \
defined(CFG_CORE_WORKAROUND_SPECTRE_BP_SEC) && defined(ARM64)
long thread_user_kdata_sp_offset __nex_bss;
@@ -64,21 +62,20 @@
- __section(".nex_nozi.kdata_page");
+ __section(".nex_nozi.kdata_page")
#endif
-+#endif
+ #endif
+ ;
+#endif
+
+/* reset BSS section to default ( .bss ) */
+#ifdef __clang__
+#pragma clang section bss=""
- #endif
++#endif
#ifdef ARM32
-diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c
-index 19cd7b61b..78f5910c5 100644
+ uint32_t __nostackcheck thread_get_exceptions(void)
--- a/core/arch/arm/mm/core_mmu_lpae.c
+++ b/core/arch/arm/mm/core_mmu_lpae.c
-@@ -230,19 +230,46 @@ typedef uint16_t l1_idx_t;
+@@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t;
typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES];
typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES];
@@ -129,8 +126,6 @@
/*
* TAs page table entry inside a level 1 page table.
*
-diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c
-index d658b3e68..6c36706c0 100644
--- a/core/arch/arm/mm/pgt_cache.c
+++ b/core/arch/arm/mm/pgt_cache.c
@@ -104,8 +104,18 @@ void pgt_init(void)
@@ -153,11 +148,9 @@
size_t n;
for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) {
-diff --git a/core/kernel/thread.c b/core/kernel/thread.c
-index 18d34e6ad..086129e28 100644
--- a/core/kernel/thread.c
+++ b/core/kernel/thread.c
-@@ -37,13 +37,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss;
+@@ -37,13 +37,24 @@ struct thread_core_local thread_core_loc
name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1]
#endif
@@ -183,6 +176,55 @@
#define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack))
DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE,
---
-2.37.2
-
+--- a/core/arch/arm/mm/core_mmu_v7.c
++++ b/core/arch/arm/mm/core_mmu_v7.c
+@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_EN
+ typedef uint32_t l2_xlat_tbl_t[NUM_L2_ENTRIES];
+ typedef uint32_t ul1_xlat_tbl_t[NUM_UL1_ENTRIES];
+
++#ifdef __clang__
++#pragma clang section bss=".nozi.mmu.l1"
++#endif
+ static l1_xlat_tbl_t main_mmu_l1_ttb
+- __aligned(L1_ALIGNMENT) __section(".nozi.mmu.l1");
++ __aligned(L1_ALIGNMENT)
++#ifndef __clang__
++ __section(".nozi.mmu.l1")
++#endif
++;
++#ifdef __clang__
++#pragma clang section bss=""
++#endif
+
+ /* L2 MMU tables */
++#ifdef __clang__
++#pragma clang section bss=".nozi.mmu.l2"
++#endif
+ static l2_xlat_tbl_t main_mmu_l2_ttb[MAX_XLAT_TABLES]
+- __aligned(L2_ALIGNMENT) __section(".nozi.mmu.l2");
++ __aligned(L2_ALIGNMENT)
++#ifndef __clang__
++ __section(".nozi.mmu.l2")
++#endif
++;
++#ifdef __clang__
++#pragma clang section bss=""
++#endif
+
+ /* MMU L1 table for TAs, one for each thread */
++#ifdef __clang__
++#pragma clang section bss=".nozi.mmu.ul1"
++#endif
+ static ul1_xlat_tbl_t main_mmu_ul1_ttb[CFG_NUM_THREADS]
+- __aligned(UL1_ALIGNMENT) __section(".nozi.mmu.ul1");
++ __aligned(UL1_ALIGNMENT)
++#ifndef __clang__
++ __section(".nozi.mmu.ul1")
++#endif
++;
++#ifdef __clang__
++#pragma clang section bss=""
++#endif
+
+ struct mmu_partition {
+ l1_xlat_tbl_t *l1_table;
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch
index 1700539..ab4a6db 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch
@@ -1,4 +1,4 @@
-From 0bab935695ebcf0c533b49896ab18ff33d4a47d1 Mon Sep 17 00:00:00 2001
+From 528aeb42652a3159c1bfd51d6c1442c3ff27b84c Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Tue, 26 May 2020 14:38:02 -0500
Subject: [PATCH] allow setting sysroot for libgcc lookup
@@ -9,6 +9,7 @@
Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188]
Signed-off-by: Ross Burton <ross.burton@arm.com>
+
---
mk/gcc.mk | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch
index 5c0d0a5..067ba6e 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch
@@ -1,4 +1,4 @@
-From 3167f2c0dba4db59d61b60a8fe66f969d20aafa9 Mon Sep 17 00:00:00 2001
+From db9e44af75c7cfd3316cab15aaa387383df3e57e Mon Sep 17 00:00:00 2001
From: Brett Warren <brett.warren@arm.com>
Date: Wed, 23 Sep 2020 09:27:34 +0100
Subject: [PATCH] optee: enable clang support
@@ -10,12 +10,13 @@
Upstream-Status: Pending
ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701
Signed-off-by: Brett Warren <brett.warren@arm.com>
+
---
mk/clang.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mk/clang.mk b/mk/clang.mk
-index 0f48c836..47465523 100644
+index c141a3f2..7d067cc0 100644
--- a/mk/clang.mk
+++ b/mk/clang.mk
@@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch
index 1dd70b3..6d48a76 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch
@@ -1,11 +1,11 @@
-Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
-Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474]
-
-From 0b8a917fa51a366806edc0f04b88cd23b24098c4 Mon Sep 17 00:00:00 2001
+From cf2a2451f4e9300532d677bb3a8315494a3b3a82 Mon Sep 17 00:00:00 2001
From: Jerome Forissier <jerome.forissier@linaro.org>
Date: Fri, 5 Aug 2022 09:48:03 +0200
Subject: [PATCH] core: link: add --no-warn-rwx-segments
+Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
+Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474]
+
binutils ld.bfd generates one RWX LOAD segment by merging several sections
with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it
also warns by default when that happens [1], which breaks the build due to
@@ -18,12 +18,13 @@
Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
+
---
core/arch/arm/kernel/link.mk | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
-index 7eed333a32..c39d43cbfc 100644
+index 7eed333a..c39d43cb 100644
--- a/core/arch/arm/kernel/link.mk
+++ b/core/arch/arm/kernel/link.mk
@@ -31,6 +31,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0009-add-z-execstack.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0009-add-z-execstack.patch
similarity index 94%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0009-add-z-execstack.patch
rename to meta-arm/meta-arm/recipes-security/optee/optee-os/0009-add-z-execstack.patch
index 5463a34..3ba6c4e 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0009-add-z-execstack.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0009-add-z-execstack.patch
@@ -1,4 +1,4 @@
-From a9d099d17ef0af6deac4c3b4d15ad0555d258ec8 Mon Sep 17 00:00:00 2001
+From ea932656461865ab9ac4036245c756c082aeb3e1 Mon Sep 17 00:00:00 2001
From: Jerome Forissier <jerome.forissier@linaro.org>
Date: Tue, 23 Aug 2022 11:41:00 +0000
Subject: [PATCH] core, ldelf: link: add -z execstack
@@ -22,6 +22,10 @@
Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
---
+ core/arch/arm/kernel/link.mk | 13 +++++++++----
+ ldelf/link.mk | 3 +++
+ 2 files changed, 12 insertions(+), 4 deletions(-)
+
diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
index c39d43cb..0e96e606 100644
--- a/core/arch/arm/kernel/link.mk
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0010-add-note-GNU-stack-section.patch
similarity index 98%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch
rename to meta-arm/meta-arm/recipes-security/optee/optee-os/0010-add-note-GNU-stack-section.patch
index 95d5e67..4ea65d8 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0010-add-note-GNU-stack-section.patch
@@ -1,4 +1,4 @@
-From 38bf606653ee08b10db6bb298e369cb3a9cdcda9 Mon Sep 17 00:00:00 2001
+From ec30e84671aac9a2e9549754eb7bc6201728db4c Mon Sep 17 00:00:00 2001
From: Jerome Forissier <jerome.forissier@linaro.org>
Date: Tue, 23 Aug 2022 12:31:46 +0000
Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch
deleted file mode 100644
index 616a0ff..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From cb4349edce6ce360436f10da8b6aa32e68fb778d Mon Sep 17 00:00:00 2001
-From: Jerome Forissier <jerome.forissier@linaro.org>
-Date: Tue, 23 Aug 2022 11:41:00 +0000
-Subject: [PATCH] core, ldelf: link: add -z execstack
-
-When building for arm32 with GNU binutils 2.39, the linker outputs
-warnings when generating some TEE core binaries (all_obj.o, init.o,
-unpaged.o and tee.elf) as well as ldelf.elf:
-
- arm-poky-linux-gnueabi-ld.bfd: warning: atomic_a32.o: missing .note.GNU-stack section implies executable stack
- arm-poky-linux-gnueabi-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
-
-The permissions used when mapping the TEE core stacks do not depend on
-any metadata found in the ELF file. Similarly when the TEE core loads
-ldelf it already creates a non-executable stack regardless of ELF
-information. Therefore we can safely ignore the warnings. This is done
-by adding the '-z execstack' option.
-
-Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
-
-Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
-Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
-
----
- core/arch/arm/kernel/link.mk | 13 +++++++++----
- ldelf/link.mk | 4 ++++
- 2 files changed, 13 insertions(+), 4 deletions(-)
-
-diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
-index 3dc459d6..85cde58e 100644
---- a/core/arch/arm/kernel/link.mk
-+++ b/core/arch/arm/kernel/link.mk
-@@ -9,6 +9,11 @@ link-script-dep = $(link-out-dir)/.kern.ld.d
-
- AWK = awk
-
-+link-ldflags-common += $(call ld-option,--no-warn-rwx-segments)
-+ifeq ($(CFG_ARM32_core),y)
-+link-ldflags-common += $(call ld-option,--no-warn-execstack)
-+endif
-+
- link-ldflags = $(LDFLAGS)
- ifeq ($(CFG_CORE_ASLR),y)
- link-ldflags += -pie -Bsymbolic -z notext -z norelro $(ldflag-apply-dynamic-relocs)
-@@ -17,7 +22,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map
- link-ldflags += --sort-section=alignment
- link-ldflags += --fatal-warnings
- link-ldflags += --gc-sections
--link-ldflags += $(call ld-option,--no-warn-rwx-segments)
-+link-ldflags += $(link-ldflags-common)
-
- link-ldadd = $(LDADD)
- link-ldadd += $(ldflags-external)
-@@ -39,7 +44,7 @@ link-script-cppflags := \
- $(cppflagscore))
-
- ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \
-- $(call ld-option,--no-warn-rwx-segments) \
-+ $(link-ldflags-common) \
- $(link-objs) $(link-ldadd) $(libgcccore)
- cleanfiles += $(link-out-dir)/all_objs.o
- $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST)
-@@ -53,7 +58,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o
- $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@
-
- unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
-- $(call ld-option,--no-warn-rwx-segments)
-+ $(link-ldflags-common)
- unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore)
- cleanfiles += $(link-out-dir)/unpaged.o
- $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt
-@@ -82,7 +87,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o
- $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@
-
- init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
-- $(call ld-option,--no-warn-rwx-segments)
-+ $(link-ldflags-common)
- init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \
- $(libgcccore)
- cleanfiles += $(link-out-dir)/init.o
-diff --git a/ldelf/link.mk b/ldelf/link.mk
-index 8fafc879..d8a05ea6 100644
---- a/ldelf/link.mk
-+++ b/ldelf/link.mk
-@@ -19,6 +19,10 @@ link-ldflags += --sort-section=alignment
- link-ldflags += -z max-page-size=4096 # OP-TEE always uses 4K alignment
- link-ldflags += $(link-ldflags$(sm))
-
-+ifeq ($(CFG_ARM32_$(sm)), y)
-+link-ldflags += $(call ld-option,--no-warn-execstack)
-+endif
-+
- link-ldadd = $(addprefix -L,$(libdirs))
- link-ldadd += --start-group $(addprefix -l,$(libnames)) --end-group
- ldargs-ldelf.elf := $(link-ldflags) $(objs) $(link-ldadd) $(libgcc$(sm))
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0010-add-note-GNU-stack-section.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0010-add-note-GNU-stack-section.patch
deleted file mode 100644
index c0330b9..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0010-add-note-GNU-stack-section.patch
+++ /dev/null
@@ -1,128 +0,0 @@
-From f99a0278ad5e26772b3dcf8c74b5bf986ecfbe1e Mon Sep 17 00:00:00 2001
-From: Jerome Forissier <jerome.forissier@linaro.org>
-Date: Tue, 23 Aug 2022 12:31:46 +0000
-Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to
-
- .S files
-
-When building for arm32 with GNU binutils 2.39, the linker outputs
-warnings when linking Trusted Applications:
-
- arm-unknown-linux-uclibcgnueabihf-ld.bfd: warning: utee_syscalls_a32.o: missing .note.GNU-stack section implies executable stack
- arm-unknown-linux-uclibcgnueabihf-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
-
-We could silence the warning by adding the '-z execstack' option to the
-TA link flags, like we did in the parent commit for the TEE core and
-ldelf. Indeed, ldelf always allocates a non-executable piece of memory
-for the TA to use as a stack.
-
-However it seems preferable to comply with the common ELF practices in
-this case. A better fix is therefore to add the missing .note.GNU-stack
-sections in the assembler files.
-
-Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
-
-Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
-Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
-
----
- lib/libutee/arch/arm/utee_syscalls_a32.S | 2 ++
- lib/libutils/ext/arch/arm/atomic_a32.S | 2 ++
- lib/libutils/ext/arch/arm/mcount_a32.S | 2 ++
- lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S | 2 ++
- lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S | 2 ++
- lib/libutils/isoc/arch/arm/setjmp_a32.S | 2 ++
- ta/arch/arm/ta_entry_a32.S | 2 ++
- 7 files changed, 14 insertions(+)
-
-diff --git a/lib/libutee/arch/arm/utee_syscalls_a32.S b/lib/libutee/arch/arm/utee_syscalls_a32.S
-index 6e621ca6..af405f62 100644
---- a/lib/libutee/arch/arm/utee_syscalls_a32.S
-+++ b/lib/libutee/arch/arm/utee_syscalls_a32.S
-@@ -7,6 +7,8 @@
- #include <tee_syscall_numbers.h>
- #include <asm.S>
-
-+ .section .note.GNU-stack,"",%progbits
-+
- .section .text
- .balign 4
- .code 32
-diff --git a/lib/libutils/ext/arch/arm/atomic_a32.S b/lib/libutils/ext/arch/arm/atomic_a32.S
-index eaef6914..2be73ffa 100644
---- a/lib/libutils/ext/arch/arm/atomic_a32.S
-+++ b/lib/libutils/ext/arch/arm/atomic_a32.S
-@@ -5,6 +5,8 @@
-
- #include <asm.S>
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /* uint32_t atomic_inc32(uint32_t *v); */
- FUNC atomic_inc32 , :
- ldrex r1, [r0]
-diff --git a/lib/libutils/ext/arch/arm/mcount_a32.S b/lib/libutils/ext/arch/arm/mcount_a32.S
-index 51439a23..54dc3c02 100644
---- a/lib/libutils/ext/arch/arm/mcount_a32.S
-+++ b/lib/libutils/ext/arch/arm/mcount_a32.S
-@@ -7,6 +7,8 @@
-
- #if defined(CFG_TA_GPROF_SUPPORT) || defined(CFG_FTRACE_SUPPORT)
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /*
- * Convert return address to call site address by subtracting the size of the
- * mcount call instruction (blx __gnu_mcount_nc).
-diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
-index a600c879..37ae9ec6 100644
---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
-+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
-@@ -5,6 +5,8 @@
-
- #include <asm.S>
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /*
- * signed ret_idivmod_values(signed quot, signed rem);
- * return quotient and remaining the EABI way (regs r0,r1)
-diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
-index 2dc50bc9..5c3353e2 100644
---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
-+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
-@@ -5,6 +5,8 @@
-
- #include <asm.S>
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /*
- * __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d)
- */
-diff --git a/lib/libutils/isoc/arch/arm/setjmp_a32.S b/lib/libutils/isoc/arch/arm/setjmp_a32.S
-index 43ea5937..f8a0b70d 100644
---- a/lib/libutils/isoc/arch/arm/setjmp_a32.S
-+++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S
-@@ -51,6 +51,8 @@
- #define SIZE(x)
- #endif
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /* Arm/Thumb interworking support:
-
- The interworking scheme expects functions to use a BX instruction
-diff --git a/ta/arch/arm/ta_entry_a32.S b/ta/arch/arm/ta_entry_a32.S
-index d2f8a69d..cd9a12f9 100644
---- a/ta/arch/arm/ta_entry_a32.S
-+++ b/ta/arch/arm/ta_entry_a32.S
-@@ -5,6 +5,8 @@
-
- #include <asm.S>
-
-+ .section .note.GNU-stack,"",%progbits
-+
- /*
- * This function is the bottom of the user call stack. Mark it as such so that
- * the unwinding code won't try to go further down.
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.14.0.bb
deleted file mode 100644
index 6400ac2..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.14.0.bb
+++ /dev/null
@@ -1,10 +0,0 @@
-require optee-os.inc
-
-SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f"
-
-DEPENDS = "python3-pycryptodome-native python3-pyelftools-native"
-
-SRC_URI:append = " \
- file://3.14/0009-add-z-execstack.patch \
- file://3.14/0010-add-note-GNU-stack-section.patch \
- "
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb
index f459efc..59e58ed 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb
@@ -5,6 +5,6 @@
SRCREV = "1ee647035939e073a2e8dddb727c0f019cc035f1"
SRC_URI:append = " \
file://0001-core-Define-section-attributes-for-clang.patch \
- file://3.18/0009-add-z-execstack.patch \
- file://3.18/0010-add-note-GNU-stack-section.patch \
+ file://0009-add-z-execstack.patch \
+ file://0010-add-note-GNU-stack-section.patch \
"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-spdevkit_git.bb b/meta-arm/meta-arm/recipes-security/optee/optee-spdevkit_3.10.0.bb
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-spdevkit_git.bb
rename to meta-arm/meta-arm/recipes-security/optee/optee-spdevkit_3.10.0.bb
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
deleted file mode 100644
index 6367c27..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require optee-test.inc
-
-SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741"
diff --git a/meta-arm/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb b/meta-arm/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb
index 72ba33f..b9c6507 100644
--- a/meta-arm/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb
+++ b/meta-arm/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb
@@ -1,11 +1,11 @@
SUMMARY = "Trusted Services test/demo linux tools"
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
inherit packagegroup
COMPATIBLE_HOST = "aarch64.*-linux"
-PACKAGE_ARCH = "${MACHINE_ARCH}"
-
PACKAGES = "${PN} ${PN}-psa"
RDEPENDS:${PN} = "\
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions.inc b/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions.inc
deleted file mode 100644
index 1df7409..0000000
--- a/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions.inc
+++ /dev/null
@@ -1,27 +0,0 @@
-LICENSE = "Apache-2.0 & BSD-3-Clause & Zlib"
-LIC_FILES_CHKSUM = "file://license.rst;md5=ea160bac7f690a069c608516b17997f4"
-
-SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=integration;name=ts;destsuffix=git/ts"
-
-SRCREV_ts ?= "a365a04f937b9b76ebb2e0eeade226f208cbc0d2"
-
-S = "${WORKDIR}/git/ts"
-B = "${WORKDIR}/build"
-
-export CROSS_COMPILE="${TARGET_PREFIX}"
-
-CFLAGS[unexport] = "1"
-CPPFLAGS[unexport] = "1"
-AS[unexport] = "1"
-LD[unexport] = "1"
-
-# setting the linker options used to build the secure partitions
-SECURITY_LDFLAGS = ""
-TARGET_LDFLAGS = "-Wl,--build-id=none -Wl,--hash-style=both"
-
-do_configure[cleandirs] = "${B}"
-
-# Currently trusted-services and psa-arch-tests use FetchContent to download
-# more sources during do_configure. Until this is resolved we need to allow
-# network operations.
-do_configure[network] = "1"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb
deleted file mode 100644
index fca6d9d..0000000
--- a/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb
+++ /dev/null
@@ -1,74 +0,0 @@
-SUMMARY = "Trusted Services secure partitions"
-HOMEPAGE = "https://trusted-services.readthedocs.io/en/latest/index.html"
-
-COMPATIBLE_MACHINE ?= "invalid"
-
-PACKAGE_ARCH = "${MACHINE_ARCH}"
-
-require secure-partitions.inc
-
-SRCREV_FORMAT = "ts"
-PV = "0.0+git${SRCPV}"
-
-# Which environment to create the secure partions for (opteesp or shim)
-TS_ENVIRONMENT ?= "opteesp"
-
-inherit deploy python3native
-
-DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native \
- python3-pyelftools-native python3-grpcio-tools-native \
- python3-protobuf-native protobuf-native cmake-native \
- "
-
-DEPENDS:append = " ${@bb.utils.contains('TS_ENVIRONMENT', 'opteesp', 'optee-spdevkit', '', d)}"
-
-export CROSS_COMPILE="${TARGET_PREFIX}"
-
-CFLAGS[unexport] = "1"
-CPPFLAGS[unexport] = "1"
-AS[unexport] = "1"
-LD[unexport] = "1"
-
-# only used if TS_ENVIRONMENT is opteesp
-SP_DEV_KIT_DIR = "${@bb.utils.contains('TS_ENVIRONMENT', 'opteesp', '${STAGING_INCDIR}/optee/export-user_sp', '', d)}"
-
-# SP images are embedded into optee os image
-SP_PACKAGING_METHOD ?= "embedded"
-
-do_configure() {
- for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do
- cmake \
- -DCMAKE_INSTALL_PREFIX=${D}/firmware/sp \
- -DSP_DEV_KIT_DIR=${SP_DEV_KIT_DIR} \
- -DSP_PACKAGING_METHOD=${SP_PACKAGING_METHOD} \
- -DTS_PLATFORM="${TS_PLATFORM}" \
- -S ${S}/$TS_DEPLOYMENT -B "${B}/$TS_DEPLOYMENT"
- done
-}
-
-do_compile() {
- for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do
- cmake --build "${B}/$TS_DEPLOYMENT"
- done
-}
-
-do_install () {
- if [ "${TS_ENVIRONMENT}" = "opteesp" ]; then
- for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do
- cmake --install "${B}/$TS_DEPLOYMENT"
- done
- fi
-}
-
-SYSROOT_DIRS = "/firmware"
-
-do_deploy() {
- cp -rf ${D}/firmware/* ${DEPLOYDIR}/
-}
-addtask deploy after do_install
-
-FILES:${PN} = "/firmware/sp/opteesp*"
-
-# Build paths are currently embedded
-INSANE_SKIP:${PN} += "buildpaths"
-INSANE_SKIP:${PN}-dbg += "buildpaths"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc b/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc
index 80c0849..a8f49a5 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc
@@ -50,3 +50,5 @@
EXTRA_OECMAKE += "-Dlibts_DIR=${STAGING_DIR_HOST}${TS_INSTALL}/lib/cmake/ \
-DNEWLIB_INSTALL_DIR=${STAGING_DIR_HOST}${TS_INSTALL}/newlib_install \
"
+# Newlib does not compile with clang
+TOOLCHAIN = "gcc"