From: r.tyminski Date: Tue, 3 Jul 2018 10:36:21 +0000 (+0200) Subject: Initial commit for unified-ta-devkit sources X-Git-Tag: submit/tizen/20180913.130633~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b24f1ca475d03c2a585e4047db06da8dc035bf6f;p=platform%2Fcore%2Fsecurity%2Ftrusted%2Funified-ta-devkit.git Initial commit for unified-ta-devkit sources Unified cmake macro that covers tef-simulator and optee TA devkits. Add README with instructions about usage and adding new backend. Change-Id: If84c52a1748ce582ea564ed19f31b6e09006bbb8 --- diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..f70258b --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,35 @@ +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file +# @author Rafal Tyminski (r.tyminski@samsung.com) +# @brief CMakeLists file for unified ta devkit +# + +CMAKE_MINIMUM_REQUIRED(VERSION 2.6) +PROJECT("unified-ta-devkit") + +IF(NOT DEFINED BIT_SIZE) + SET(BIT_SIZE 32) +ENDIF() + +IF(NOT DEFINED ${PKGCFG_VERSION}) + SET(PKGCFG_VERSION 0.0) +ENDIF() + +SET(TA_DEVEL_ROOT_PATH ${PROJECT_SOURCE_DIR}) + +ADD_SUBDIRECTORY(pkgconfig) +ADD_SUBDIRECTORY(cmake) +ADD_SUBDIRECTORY(rpm) diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..181359e --- /dev/null +++ b/LICENSE @@ -0,0 +1,203 @@ +Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd. All rights reserved. + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..99ba812 --- /dev/null +++ b/README.md @@ -0,0 +1,135 @@ +# Unified TA Devkit +## Purpose +To use different Trusted Operating Systems with the same Tizen environment, we need transparent method to compile Trusted Application using different TA Devkits. **Unified TA Devkit** is a common wrapper for OpTEE OS and Simulator devkits. It's important to notice that **Unified TA Devkit** simplify creating packaging and CMake files for TA source code compilation. If You compile **unified_ta_devkit** for arm architecture You will get OpTEE devkit as a backend, but if You compile it for intel architecture You will get Simulator devkit as a backend. If You want to add another backend for this architecture You should specify define during compilation that triggers this new backend. + +## Compilation +If You want to compile TA for intel architecture You should compile devkit: +```bash +gbs buld -A i586 +``` +If You want to compile TA for arm architecture You should compile devkit: +```bash +gbs buld -A armv7l +``` +If You want to compile TA for arm/i586 architecture and new backend (e.g. called "trusted") You should compile devkit: +```bash +gbs buld -A armv7l --define="trusted 1" +gbs buld -A i586 --define="trusted 1" +``` + +## Repository structure +```bash +├── cmake +│ ├── CMakeList.txt +│ ├── UnifiedTADevkitCommon.cmake +│ └── UnifiedTADevkit.cmake.template.in +├── CMakeLists.txt +├── LICENSE +├── packaging +│ └── unified-ta-devkit.spec +├── pkgconfig +│ ├── CMakeList.txt +│ └── ta-devkit.pc.template.in +├── README.md +└── rpm + ├── CMakeList.txt + └── macros.template.in +``` + +### cmake directory +cmake directory contains backends implementations of **UnifiedTADevkit.cmake.template.in**. Implementation file should replace word "template" from file name with backend name. +E.g.: +OpTEE implementation of **UnifiedTADevkit.cmake.template.in** is named **UnifiedTADevkit.cmake.optee.in**. + +#### Implementation of UnifiedTADevkit.cmake.template.in +Implementation of **UnifiedTADevkit.cmake.template.in** should contains all defines/includes/targets needed by TEEOS devkit. Includes UnifiedTADevkitCommon.cmake. Implementing this file is mandatory. You should also implement: + +```cmake +# MACRO GENERATE_TA_IMAGE unifies compiling dependencies and signing/encrypting +# Parameters: +# TargetName [in] - name of target that represent TA +# TAElfTargetName [in] - TA binary target name before signing +# TAManifestFile [in] - manifest file name with a path +# TAImageName [in] - final TA binary name + +MACRO(GENERATE_TA_IMAGE TargetName TAElfTargetName TAManifestFile TAImageName) + # Fill this function with Your implementation +ENDMACRO() +``` + +TAElfTargetName - should be a target from ADD_EXECUTABLE or ADD_LIBRARY + +#### UnifiedTADevkitCommon.cmake +Defines common variables for all backends. +- TEF_BUILD_* - variable passed to Makefiles that allows developer to specify code only for specific TEEOS. (For OpTEE: TEF_BUILD_OPTEE, for Simulator: TEF_BUILD_SIMULATOR) +```C +#ifdef TEF_BUILD_OPTEE +\\ code that compiles only with OpTEE devkit +#elif TEF_BUILD_SIMULATOR +\\ code that compiles only with Simulator devkit +#endif +``` + +#### Implementation of ta-devkit.pc.template.in +Implementation of **ta-devkit.pc.template.in** should contains all defines/includes/targets needed by TEEOS devkit. Implementing this file is not mandatory. If not implemented, empty template will be installed. + +#### Implementation of macros.template.in +Implementation of **macros.template.in** should contains all defines that are needed by TEEOS devkit in rpm spec file. Implementing this file is not mandatory. If not implemented, empty template will be installed. + +## Trusted Operating System differences +Global Platform API used by Trusted OS defines only CA-TA communication. There are several aspects of TEEOS that were not structured and these aspects we need to unified. Below You can find list of them with description how they were unified. +### TA binary name +Trusted Applications are named with UUID, but UUID it self can be write in different ways like: +*00000000000000000000999999777777* or *00000000-0000-0000-0000-999999777777* . + +TA binary name was unified with rpm macro. For every TEEOS we implement **_unified_ta_devkit_get_ta_name_** macro. This macro expects one argument, which is set of 32 hexadecimal digits, like: *00000000000000000999999777777*. +Macro returns TA name in format expected by specific TEEOS implementation. To get proper TA name format in TA source code packaging, You can use code below: +``` +%define ta_name %{unified_ta_devkit_get_ta_name 00000000000000000999999777777} +echo "UUID=%{ta_name}" +``` +- on OpTEE we will get result: **UUID=00000000-0000-0000-0000-999999777777.ta** +- on Simulator we will get result: **UUID=00000000000000000000999999777777** + +### TA binaries directory +Directory, that contains Trusted Application depends on TEEOS implementation. Backends store their TA directory path in **%_tastoredir** and this is path where You should install Your TA binary. + +``` +%files +%{_tastoredir}/%{ta_name} +``` + +### Additional environment variables +If TEEOS implementation expects to get some additional information from environment, You can define them in **macros.template.in** using %unified_ta_devkit_export macro. +``` +%build +%unified_ta_devkit_export +``` + +### Linking libraries, adding includes directories +If TEEOS devkit contains pkgconfig file You can put it in pkgconfig directory with name **ta-devkit.pc.template.in**. Of caurse, please replace "template" with TEEOS name. If devkit doesn't contain pkgconfig file You should place linking libraries and directories in **UnifiedTADevkit.cmake.template.in**. + +## How to use Unified TA Devkit +Your TA compilation should be based on CMake. In CMakeLists.txt where is TA binary target You should include code: + +Include **UnifiedTADevkit.cmake** with defines: +```cmake +INCLUDE(UnifiedTADevkit) +``` + +Search for pkgconfig file. E.g.: +```cmake +INCLUDE(FindPkgConfig) + +PKG_CHECK_MODULES(YOUR_TA_DEPS REQUIRED + unified-ta-devkit + ) +``` + +Later add variables to Your target: +```cmake +TARGET_LINK_LIBRARIES(${TARGET_YOUR_TA} + ${YOUR_TA_DEPS_LIBRARIES} + ${YOUR_TA_DEPS_STATIC_LIBRARIES} + ) +``` diff --git a/cmake/CMakeLists.txt b/cmake/CMakeLists.txt new file mode 100644 index 0000000..f96e517 --- /dev/null +++ b/cmake/CMakeLists.txt @@ -0,0 +1,28 @@ +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file +# @author Rafal Tyminski (r.tyminski@samsung.com) +# @brief CMakeLists file for installing cmake module files +# + +STRING(TOUPPER ${TEF_TEE} TEF_TEE_UPPERCASE) + +CONFIGURE_FILE(${TA_DEVEL_ROOT_PATH}/cmake/UnifiedTADevkit.cmake.${TEF_TEE}.in ${TA_DEVEL_ROOT_PATH}/cmake/UnifiedTADevkit.cmake @ONLY) + +INSTALL(FILES + ${TA_DEVEL_ROOT_PATH}/cmake/UnifiedTADevkit.cmake + DESTINATION + ${SHARE_INSTALL_PREFIX}/cmake/Modules/ + ) diff --git a/cmake/UnifiedTADevkit.cmake.optee.in b/cmake/UnifiedTADevkit.cmake.optee.in new file mode 100644 index 0000000..abe59b8 --- /dev/null +++ b/cmake/UnifiedTADevkit.cmake.optee.in @@ -0,0 +1,109 @@ +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file +# @author Rafal Tyminski (r.tyminski@partner.samsung.com) +# @brief Unified TA Devkit +# + +ADD_DEFINITIONS("-DTEF_BUILD_@TEF_TEE_UPPERCASE@") + +#Define architecture +SET(ARCH_BIT_SIZE @BIT_SIZE@) + +# Adding necessary flag for debug build +IF(${CMAKE_BUILD_TYPE} MATCHES "DEBUG") + SET(LOG_LEVEL 4) + ADD_DEFINITIONS("-DDEBUG=1") + ADD_DEFINITIONS("-DCFG_TEE_PANIC_DEBUG=1") +ELSE(${CMAKE_BUILD_TYPE} MATCHES "DEBUG") + SET(LOG_LEVEL 2) + ADD_DEFINITIONS("-DDEBUG=0") +ENDIF(${CMAKE_BUILD_TYPE} MATCHES "DEBUG") + +ADD_DEFINITIONS("-DCFG_TEE_TA_LOG_LEVEL=${LOG_LEVEL}") +ADD_DEFINITIONS("-DTRACE_LEVEL=${LOG_LEVEL}") + +# Adding OpTEE specific flags +IF(${ARCH_BIT_SIZE} EQUAL 32) + SET(ARCH_BIT_FLAGS "-DARM32=1 -D__ILP32__=1") + ADD_DEFINITIONS("${ARCH_BIT_FLAGS}") + SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error=cast-align -O0 -g3 -fpie -mthumb -mthumb-interwork -fno-short-enums -fno-common -mno-unaligned-access -mno-apcs-float -mfloat-abi=soft") +ELSEIF(${ARCH_BIT_SIZE} EQUAL 64) + SET(ARCH_BIT_FLAGS "-DARM64=1 -D__LP64__=1") + ADD_DEFINITIONS("${ARCH_BIT_FLAGS}") + SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error=cast-align -Os -g3 -fpie -mstrict-align") +ELSE(${ARCH_BIT_SIZE} EQUAL 64) + MESSAGE(FATAL_ERROR "Invalid architecture bit size was set.") +ENDIF(${ARCH_BIT_SIZE} EQUAL 32) + +# C flags +SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu99 -Werror -fdiagnostics-show-option -Wall -Wcast-align -Werror-implicit-function-declaration -Wextra -Wfloat-equal -Wformat-nonliteral -Wformat-security -Wformat=2 -Winit-self -Wmissing-declarations -Wmissing-format-attribute -Wmissing-include-dirs -Wmissing-noreturn -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wshadow -Wstrict-prototypes -Wswitch-default -Wwrite-strings -Wno-missing-field-initializers -Wno-format-zero-length -Waggregate-return -Wredundant-decls -Wold-style-definition -Wstrict-aliasing=2 -Wundef -pedantic -Wdeclaration-after-statement -fno-exceptions") +# Getting compiler include path +EXECUTE_PROCESS(COMMAND bash "-c" "echo -n `${CMAKE_C_COMPILER} -print-file-name=include`" OUTPUT_VARIABLE ISYSTEM) +MESSAGE("RESULT_VARIABLE:" ${ISYSTEM}) +SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -nostdlib -nostdinc -isystem ${ISYSTEM}") + +# OpTEE devkit resources from optee-os-ta package +SET(DEVKIT_TA_PATH "/opt/optee/export-ta_arm${ARCH_BIT_SIZE}") + +SET(CMAKE_EXE_LINKER_FLAGS "-Wl,--build-id=none -pie -T ${CMAKE_CURRENT_SOURCE_DIR}/ta.lds") +SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "") + +# Compile linker script +ADD_CUSTOM_TARGET(ta-core-ld COMMAND cpp -Wp,-P,-MT,${CMAKE_CURRENT_SOURCE_DIR}/ta.lds,-MD,${CMAKE_CURRENT_SOURCE_DIR}/.ta.ld.d -DASM=1 -nostdinc ${ARCH_BIT_FLAGS} ${DEVKIT_TA_PATH}/src/ta.ld.S -o ${CMAKE_CURRENT_SOURCE_DIR}/ta.lds) + +INCLUDE_DIRECTORIES( + ${DEVKIT_TA_PATH}/include/ + ) + +LINK_DIRECTORIES( + ${DEVKIT_TA_PATH}/lib + ) + +SET(DEVKIT_TA_TARGET ta-core) + +ADD_LIBRARY(${DEVKIT_TA_TARGET} STATIC + ${DEVKIT_TA_PATH}/src/user_ta_header.c + ) + +# MACRO GENERATE_TA_IMAGE unifies compiling dependencies and signing/encrypting +# Parameters: +# TargetName [in] - name of target that represent TA +# TAElfTargetName [in] - TA binary target name before signing +# TAManifestFile [in] - manifest file name with a path (tef-simulator) +# TAImageName [in] - final TA binary name + +MACRO(GENERATE_TA_IMAGE TargetName TAElfTargetName TAManifestFile TAImageName) + # Dependency to compiled linker script + ADD_DEPENDENCIES(${TAElfTargetName} ta-core-ld ${DEVKIT_TA_TARGET}) + + TARGET_LINK_LIBRARIES(${TAElfTargetName} ${DEVKIT_TA_TARGET}) + + SET(STRIPPED_TARGET_FILE ${TAElfTargetName}.strip) + + ADD_CUSTOM_COMMAND(OUTPUT ${STRIPPED_TARGET_FILE} + COMMAND ${CMAKE_STRIP} --strip-unneeded -o ${STRIPPED_TARGET_FILE} ${TAElfTargetName} + DEPENDS ${TAElfTargetName}) + + ADD_CUSTOM_COMMAND(OUTPUT ${TAImageName} + COMMAND ${DEVKIT_TA_PATH}/scripts/sign.py --key ${DEVKIT_TA_PATH}/keys/default_ta.pem --in ${STRIPPED_TARGET_FILE} --out ${TAImageName} + DEPENDS ${STRIPPED_TARGET_FILE} + COMMENT "Signing TA with private key.") + + ADD_CUSTOM_TARGET(${TargetName} + ALL + DEPENDS ${TAImageName}) + +ENDMACRO() diff --git a/cmake/UnifiedTADevkit.cmake.simulator.in b/cmake/UnifiedTADevkit.cmake.simulator.in new file mode 100644 index 0000000..317de49 --- /dev/null +++ b/cmake/UnifiedTADevkit.cmake.simulator.in @@ -0,0 +1,45 @@ +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file +# @author Rafal Tyminski (r.tyminski@partner.samsung.com) +# @brief Unified TA Devkit +# + +ADD_DEFINITIONS("-DTEF_BUILD_@TEF_TEE_UPPERCASE@") + +IF (CMAKE_BUILD_TYPE MATCHES "DEBUG") + ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG") + ADD_DEFINITIONS("-ggdb -O0") + # undefine _FORTIFY_SOURCE - it makes no sense without optimization and produces warnings + ADD_DEFINITIONS("-Wp,-U_FORTIFY_SOURCE") +ENDIF (CMAKE_BUILD_TYPE MATCHES "DEBUG") + +INCLUDE(TEFSimulatorDevkit) + +# MACRO GENERATE_TA_IMAGE unifies compiling dependencies and signing/encrypting +# Parameters: +# TargetName [in] - name of target that represent TA +# TAElfTargetName [in] - TA binary target name before signing +# TAManifestFile [in] - manifest file name with a path (tef-simulator) +# TAImageName [in] - final TA binary name + +MACRO(GENERATE_TA_IMAGE TargetName TAElfTargetName TAManifestFile TAImageName) + # TEEStub is built in C++, so we must force linking using C++ linker + SET_TARGET_PROPERTIES(${TAElfTargetName} PROPERTIES + LINKER_LANGUAGE "CXX" + ) + + TEF_GENERATE_TA_IMAGE(${TargetName} ${TAElfTargetName} ${TAManifestFile} ${TAImageName}) +ENDMACRO() diff --git a/cmake/UnifiedTADevkit.cmake.template.in b/cmake/UnifiedTADevkit.cmake.template.in new file mode 100644 index 0000000..9c55813 --- /dev/null +++ b/cmake/UnifiedTADevkit.cmake.template.in @@ -0,0 +1,31 @@ +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file +# @author Rafal Tyminski (r.tyminski@partner.samsung.com) +# @brief Unified TA Devkit Template +# + +ADD_DEFINITIONS("-DTEF_BUILD_@TEF_TEE_UPPERCASE@") + +# MACRO GENERATE_TA_IMAGE unifies compiling dependencies and signing/encrypting +# Parameters: +# TargetName [in] - name of target that represent TA +# TAElfTargetName [in] - TA binary target name before signing +# TAManifestFile [in] - manifest file name with a path +# TAImageName [in] - final TA binary name + +MACRO(GENERATE_TA_IMAGE TargetName TAElfTargetName TAManifestFile TAImageName) + # Fill this function with Your implementation +ENDMACRO() diff --git a/packaging/unified-ta-devkit.spec b/packaging/unified-ta-devkit.spec new file mode 100644 index 0000000..29d91cf --- /dev/null +++ b/packaging/unified-ta-devkit.spec @@ -0,0 +1,69 @@ +%define bin_dir %{?TZ_SYS_BIN:%TZ_SYS_BIN}%{!?TZ_SYS_BIN:%_bindir} +%define lib_dir %{?TZ_SYS_LIB:%TZ_SYS_LIB}%{!?TZ_SYS_LIB:%_libdir} +%define data_dir %{?TZ_SYS_RO_SHARE:%TZ_SYS_RO_SHARE}%{!?TZ_SYS_RO_SHARE:%_datadir} +%define include_dir %{?TZ_SYS_INCLUDE:%TZ_SYS_INCLUDE}%{!?TZ_SYS_INCLUDE:%_includedir} + +%define build_bin_dir %{buildroot}%{bin_dir} +%define build_lib_dir %{buildroot}%{lib_dir} +%define build_data_dir %{buildroot}%{data_dir} +%define build_include_dir %{buildroot}%{include_dir} + +%define smack_domain_name System + +%define tastore_dir %{lib_dir}/tastore + +Name: unified-ta-devkit +Summary: Trusted Application Development Package +Version: 0.0.1 +Release: 0 +Group: Security/Other +License: Apache-2.0 +Source0: %{name}-%{version}.tar.gz +BuildRequires: cmake +%ifarch %ix86 x86_64 +BuildRequires: pkgconfig(tef-simulator-devkit) +Requires: pkgconfig(tef-simulator-devkit) +Requires: tef-simulator +Requires: pkgconfig(dlog) +Requires: boost-devel +%else +Requires: optee-os-ta +Requires: python +Requires: openssl +%endif + +Provides: %{name} + +%description +The package provides Trusted Application development tools. + +%prep +%setup -q + +%build + +%cmake . \ +%ifarch %{arm} aarch64 + -DPKGCFG_VERSION=%{version} \ + -DTEF_TEE=optee \ + -DBIT_SIZE=%{__isa_bits} \ +%else + -DTEF_TEE=simulator \ +%endif + -DTASTORE_DIR=%{tastore_dir} \ + -DRPM_DIR=%{_sysconfdir}/rpm +make %{?jobs:-j%jobs} + +%install +mkdir -p %{build_data_dir}/cmake/Modules +%make_install +mkdir -p %{build_bin_dir} +mkdir -p %{build_include_dir} + +%clean + +%files +%license LICENSE +%{data_dir}/cmake/Modules/UnifiedTADevkit.cmake +%{lib_dir}/pkgconfig/unified-ta-devkit.pc +%{_sysconfdir}/rpm/macros.unified-ta-devkit diff --git a/pkgconfig/CMakeLists.txt b/pkgconfig/CMakeLists.txt new file mode 100644 index 0000000..c58f5ce --- /dev/null +++ b/pkgconfig/CMakeLists.txt @@ -0,0 +1,43 @@ +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Lukasz Kostyra (l.kostyra@samsung.com) +# @author Rafal Tyminski (r.tyminski@partner.samsung.com) +# @brief CMakeLists file to install pkconfig files +# + +IF(${TEF_TEE} MATCHES "simulator") + + INSTALL(FILES + ${CMAKE_INSTALL_LIBDIR}/pkgconfig/tef-simulator-devkit.pc + DESTINATION + ${CMAKE_INSTALL_LIBDIR}/pkgconfig + RENAME unified-ta-devkit.pc + ) + +ELSE() + IF(EXISTS ${TA_DEVEL_ROOT_PATH}/pkgconfig/ta-devkit.pc.${TEF_TEE}.in) + CONFIGURE_FILE(ta-devkit.pc.${TEF_TEE}.in unified-ta-devkit.pc @ONLY) + ELSE() + CONFIGURE_FILE(ta-devkit.pc.template.in unified-ta-devkit.pc @ONLY) + ENDIF() + + INSTALL(FILES + ${TA_DEVEL_ROOT_PATH}/pkgconfig/unified-ta-devkit.pc + DESTINATION + ${CMAKE_INSTALL_LIBDIR}/pkgconfig + ) + +ENDIF() diff --git a/pkgconfig/ta-devkit.pc.optee.in b/pkgconfig/ta-devkit.pc.optee.in new file mode 100644 index 0000000..25debb2 --- /dev/null +++ b/pkgconfig/ta-devkit.pc.optee.in @@ -0,0 +1,10 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=${prefix} +libdir=${prefix}/lib +includedir=${prefix}/include + +Name: optee-ta-devkit +Description: OpTEE TA development kit +Version: @PKGCFG_VERSION@ +Libs.private: -L${libdir} -lutee -lpng -lzlib -lutils -lmpa -lta-core -lutee -lutils -lgcc_eh +Cflags: -I${includedir}/ diff --git a/pkgconfig/ta-devkit.pc.template.in b/pkgconfig/ta-devkit.pc.template.in new file mode 100644 index 0000000..43921b4 --- /dev/null +++ b/pkgconfig/ta-devkit.pc.template.in @@ -0,0 +1,9 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=${prefix} +libdir=${prefix}/lib +includedir=${prefix}/include + +Name: template-ta-devkit +Description: Template TA development kit +Version: @PKGCFG_VERSION@ +Cflags: -I${includedir}/ diff --git a/rpm/CMakeLists.txt b/rpm/CMakeLists.txt new file mode 100644 index 0000000..2f9c8e2 --- /dev/null +++ b/rpm/CMakeLists.txt @@ -0,0 +1,29 @@ +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Rafal Tyminski (r.tyminski@partner.samsung.com) +# @brief CMakeLists file to install rpm macros file +# +IF(EXISTS ${TA_DEVEL_ROOT_PATH}/rpm/macros.${TEF_TEE}.in) + CONFIGURE_FILE(macros.${TEF_TEE}.in macros.unified-ta-devkit @ONLY) +ELSE() + CONFIGURE_FILE(macros.template.in macros.unified-ta-devkit @ONLY) +ENDIF() + +INSTALL(FILES + ${TA_DEVEL_ROOT_PATH}/rpm/macros.unified-ta-devkit + DESTINATION + ${RPM_DIR}/ + ) diff --git a/rpm/macros.optee.in b/rpm/macros.optee.in new file mode 100644 index 0000000..19a8158 --- /dev/null +++ b/rpm/macros.optee.in @@ -0,0 +1,9 @@ +# RPM macros for package unified-ta-devkit + +%_tastoredir @TASTORE_DIR@ + +# change TA UUID to suit optee format +%unified_ta_devkit_get_ta_name() %(val=%1;echo ${val:0:8}-${val:8:4}-${val:12:4}-${val:16:4}-${val:20:12}.ta) + +%unified_ta_devkit_export() \ +%{nil} diff --git a/rpm/macros.simulator.in b/rpm/macros.simulator.in new file mode 100644 index 0000000..f6721d7 --- /dev/null +++ b/rpm/macros.simulator.in @@ -0,0 +1,9 @@ +# RPM macros for package unified-ta-devkit + +%_tastoredir @TASTORE_DIR@ + +# change TA UUID to suit simulator format +%unified_ta_devkit_get_ta_name() %1 + +%unified_ta_devkit_export() \ +%{nil} diff --git a/rpm/macros.template.in b/rpm/macros.template.in new file mode 100644 index 0000000..fdb93cd --- /dev/null +++ b/rpm/macros.template.in @@ -0,0 +1,9 @@ +# RPM macros for package unified-ta-devkit + +%_tastoredir @TASTORE_DIR@ + +# change TA UUID to suit implementation format +%unified_ta_devkit_get_ta_name() %1 + +%unified_ta_devkit_export() \ +%{nil}