Re: [meta-rockchip][PATCH v3 0/7] OP-TEE support for ARM and rk3399

Yann Dirson

Le ven. 23 avr. 2021 à 19:19, Joshua Watt <jpewhacker@...> a écrit :

On 4/23/21 11:58 AM, Yann Dirson wrote:

From: Yann Dirson <yann@...>

Changes from v2:
- turn the DISTRO_FEATURE idea into separate RFC patches so as to allow
merging of basic support
- remove optee-os patch that proved unnecessary

Changes from v1:
- fix last-minute typo in TFA_SPD setting, which led to optee not being started
- use PACKAGECONFIG[optee] to simplify recipes as suggested on meta-arm ml

Yann Dirson (7):
trusted-firmware-a: include optee support when requested by
u-boot: include optee-os as BL32 when requested by DISTRO_FEATURE
optee-os: enable rk3399 support, including serial console support
RFC optee: new "optee" DISTRO_FEATURE to enable optee-os integration
RFC: optee: only enable the recipes when "optee" is included in
WIP nanopi-m4: declare OP-TEE presence in devicetree
WIP kernel config feature for OP-TEE activation

In general, it seems like a lot of these changes should be in the upstream recipes, not the meta-rockchip bbappends.
Generally speaking, I'd say yes, and it would be great if we are able
to do that. But from what I've seen of op-tee integration,
it looks like vendor platforms usually have different ways of integrating it.

Eg. for tf-a, meta-ti does something completely custom, see

I'd think it would make sense to integrate something in meta-arm, if
more than one platform uses it,
or possibly if this is the "right way do do things that everyone
should use going forward".

Also, the things that do belong in this layer need proper variable overrides to keep the layer (mostly) Yocto project compliant.
After a quick review I can only see the optee patch in 3/7, do I miss
anything else ?
For this particular case, it did not seem crucial to restrict it,
especially as the patch has been applied upstream. But
sure it wouldn't hurt to make it rk3399-conditional.

conf/machine/include/ | 2 +
.../trusted-firmware-a_%.bbappend | 14 +++++
recipes-bsp/u-boot/u-boot%.bbappend | 9 ++++
.../0001-nanopi-declare-optee-presence.patch | 30 +++++++++++
recipes-kernel/linux/files/bsp/tee.cfg | 2 +
recipes-kernel/linux/linux-yocto%.bbappend | 1 +
...399-enable-serial-console-by-default.patch | 52 +++++++++++++++++++
recipes-security/optee/optee%.bbappend | 4 ++
recipes-security/optee/optee-os_%.bbappend | 8 +++
9 files changed, 122 insertions(+)
create mode 100644 recipes-kernel/linux/files/0001-nanopi-declare-optee-presence.patch
create mode 100644 recipes-kernel/linux/files/bsp/tee.cfg
create mode 100644 recipes-security/optee/files/0001-rk3399-enable-serial-console-by-default.patch
create mode 100644 recipes-security/optee/optee%.bbappend
create mode 100644 recipes-security/optee/optee-os_%.bbappend

Yann Dirson <yann@...>
Blade / Shadow --

Join to automatically receive all group messages.