[Buildroot] [PATCH v3 4/7] optee-test: new package

Etienne Carriere etienne.carriere at linaro.org
Mon Jan 7 10:24:55 UTC 2019


OP-TEE test package provide test materials as part of the OP-TEE
project helping platforms to verify their OP-TEE components
against a set of regression and performance tests.

Package is added in the BR package configuration next to the
OP-TEE client package.

This change references in Buildroot the today's latest OP-TEE
revision release tagged 3.3.0 with few added patches:
- fix an issue with the CMake files,
- fix few issues with recent GCC releases (8.x)

Signed-off-by: Etienne Carriere <etienne.carriere at linaro.org>
---
Changes v2 -> v3:
  - Add an entry in file DEVELOPERS.
  - Clean Config.in layout and description sections.
  - Drop BR2_PACKAGE_OPTEE_TEST_SYNCED_VERSION.
  - Clean optee-test.mk layout.
  - Replace common optee-test.hash with per-version .hash files.
  - Patch optee_benchmark 3.3.0 against an issue reported by GCC warns.
  - Remove dependency of BR2_PACKAGE_OPTEE_EXAMPLES and Arm architecture.
    As the package depends on BR2_TARGET_OPTEE_OS, leave it to optee-os
    to define the supported architectures.

Changes v1 -> v2:
  - Replace BR2_arm with BR2_ARM_CPU_ARMV7 as OP-TEE supports only
    BR2_ARM_CPU_ARMV7 architectures among the 32bit Arm machines.
  - Add missing dependency on BR2_TARGET_OPTEE_OS and select
    BR2_PACKAGE_OPTEE_CLIENT when enabled.
  - Add option BR2_PACKAGE_OPTEE_TEST_SYNCED_VERSION to ensure
    OP-TEE test version is synced with OP-TEE OS version.
  - Fix official repo URL in Config.in package description.
  - Remove useless OPTEE_TEST_INSTALL_STAGING=YES.
  - Do not force output build directory and rely on native one: out/.

---
 DEVELOPERS                                         |  1 +
 package/Config.in                                  |  1 +
 .../optee-test/3.3.0/0001-cmake-rely-on-C.patch    | 32 +++++++++++
 ...ent-unexpected-build-warning-with-strncpy.patch | 54 +++++++++++++++++++
 ...egression-4011-correct-potential-overflow.patch | 60 +++++++++++++++++++++
 package/optee-test/3.3.0/optee-test.hash           |  4 ++
 package/optee-test/Config.in                       | 63 ++++++++++++++++++++++
 package/optee-test/optee-test.mk                   | 45 ++++++++++++++++
 8 files changed, 260 insertions(+)
 create mode 100644 package/optee-test/3.3.0/0001-cmake-rely-on-C.patch
 create mode 100644 package/optee-test/3.3.0/0002-xtest-prevent-unexpected-build-warning-with-strncpy.patch
 create mode 100644 package/optee-test/3.3.0/0003-regression-4011-correct-potential-overflow.patch
 create mode 100644 package/optee-test/3.3.0/optee-test.hash
 create mode 100644 package/optee-test/Config.in
 create mode 100644 package/optee-test/optee-test.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index c9f2e00..28ba658 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -685,6 +685,7 @@ N:	Etienne Carriere <etienne.carriere at linaro.org>
 F:	boot/optee-os/
 F:	package/optee-client/
 F:	package/optee-examples/
+F:	package/optee-test/
 
 N:	Eugene Tarassov <eugene at largest.net>
 F:	package/tcf-agent/
diff --git a/package/Config.in b/package/Config.in
index b76db17..e5b6dad 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2078,6 +2078,7 @@ menu "Security"
 	source "package/checkpolicy/Config.in"
 	source "package/optee-client/Config.in"
 	source "package/optee-examples/Config.in"
+	source "package/optee-test/Config.in"
 	source "package/paxtest/Config.in"
 	source "package/policycoreutils/Config.in"
 	source "package/refpolicy/Config.in"
diff --git a/package/optee-test/3.3.0/0001-cmake-rely-on-C.patch b/package/optee-test/3.3.0/0001-cmake-rely-on-C.patch
new file mode 100644
index 0000000..ea7b966
--- /dev/null
+++ b/package/optee-test/3.3.0/0001-cmake-rely-on-C.patch
@@ -0,0 +1,32 @@
+cmake: component rely on C support
+
+Without specifing optee_client source expects only C source file
+support cmake may attempt to look for resources as g++. When
+building with environments that do not provide such tools as when
+building from native buildroot ofr a qemu target, optee_client
+fails to build. This change ensure a minimal C support allows to
+build optee_client with cmake.
+
+Signed-off-by: Etienne Carriere <etienne.carriere at linaro.org>
+Acked-by: Jerome Forissier <jerome.forissier at linaro.org>
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 0290205..a3fd269 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -1,4 +1,5 @@
+ cmake_minimum_required (VERSION 3.2)
++project (optee_test C)
+ 
+ # Default cross compile settings
+ set (CMAKE_TOOLCHAIN_FILE CMakeToolchain.txt)
+diff --git a/ta/CMakeLists.txt b/ta/CMakeLists.txt
+index 22d7727..795237e 100644
+--- a/ta/CMakeLists.txt
++++ b/ta/CMakeLists.txt
+@@ -1,4 +1,4 @@
+-project (xtest-ta-headers)
++project (xtest-ta-headers C)
+ 
+ add_library(${PROJECT_NAME} INTERFACE)
+ 
diff --git a/package/optee-test/3.3.0/0002-xtest-prevent-unexpected-build-warning-with-strncpy.patch b/package/optee-test/3.3.0/0002-xtest-prevent-unexpected-build-warning-with-strncpy.patch
new file mode 100644
index 0000000..55e796b
--- /dev/null
+++ b/package/optee-test/3.3.0/0002-xtest-prevent-unexpected-build-warning-with-strncpy.patch
@@ -0,0 +1,54 @@
+commit 30db8e0261fabe83bea6eb1922d9581e140125b6
+Author: Etienne Carriere <etienne.carriere at linaro.org>
+Date:   Fri Dec 21 15:36:00 2018 +0100
+
+    xtest: prevent unexpected build warning with strncpy
+    
+    This change modifies adbg_run.c to prevent a false positive
+    warning reported by GCC 8.2 on usage of strncpy():
+    
+        build/optee_test/host/xtest/adbg/src/adbg_run.c: In function 'Do_ADBG_AppendToSuite':
+        build/optee_test/host/xtest/adbg/src/adbg_run.c:103:3: error: 'strncpy' specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
+           strncpy(p, Source_p->SuiteID_p, size);
+           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+        build/optee_test/host/xtest/adbg/src/adbg_run.c:88:9: note: length computed here
+          size = strlen(Source_p->SuiteID_p);
+                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~
+        cc1: all warnings being treated as errors
+    
+    From [1]:
+      Using strncpy Safely
+      In general, it is not possible to avoid string truncation by strncpy
+      except by sizing the destination to be at least a byte larger than
+      the length of the source string. With that approach, however, using
+      strncpy becomes unnecessary and the function can be avoided in favor
+      of other APIs such as strcpy or (less preferably) memcpy. Much has
+      been written about the problems with strncpy and we recommend to
+      avoid it whenever possible. It is, however, worth keeping in mind
+      that unlike other standard string-handling functions, strncpy always
+      writes exactly as many characters as specified by the third argument;
+      if the source string is shorter, the function fills the remaining
+      bytes with NULs.
+    
+    This change prefers using a snprintf() as used in the alternate
+    instruction block of the strncpy() call.
+    
+    [1] https://developers.redhat.com/blog/2018/05/24/detecting-string-truncation-with-gcc-8/
+    
+    Signed-off-by: Etienne Carriere <etienne.carriere at linaro.org>
+    Signed-off-by: Simon Hughes <simon.hughes at arm.com>
+    Reviewed-by: Jens Wiklander <jens.wiklander at linaro.org>
+
+diff --git a/host/xtest/adbg/src/adbg_run.c b/host/xtest/adbg/src/adbg_run.c
+index 406e429..2739db5 100644
+--- a/host/xtest/adbg/src/adbg_run.c
++++ b/host/xtest/adbg/src/adbg_run.c
+@@ -100,7 +100,7 @@ int Do_ADBG_AppendToSuite(
+ 		snprintf(p, size, "%s+%s", Dest_p->SuiteID_p,
+ 			 Source_p->SuiteID_p);
+ 	else
+-		strncpy(p, Source_p->SuiteID_p, size);
++		snprintf(p, size, "%s", Source_p->SuiteID_p);
+ 	free((void *)Dest_p->SuiteID_p);
+ 	Dest_p->SuiteID_p = p;
+ 
diff --git a/package/optee-test/3.3.0/0003-regression-4011-correct-potential-overflow.patch b/package/optee-test/3.3.0/0003-regression-4011-correct-potential-overflow.patch
new file mode 100644
index 0000000..77b7cd7
--- /dev/null
+++ b/package/optee-test/3.3.0/0003-regression-4011-correct-potential-overflow.patch
@@ -0,0 +1,60 @@
+commit 4e352aad0cfceeec1d9adde879a034039a0cf267
+Author: Etienne Carriere <etienne.carriere at linaro.org>
+Date:   Fri Dec 21 15:36:25 2018 +0100
+
+    regression 4011: correct potential overflow
+    
+    Fix issues reported by GCC 8.2.0.
+    
+    build/optee_test/host/xtest/regression_4000.c: In function 'xtest_tee_test_4011':
+    build/optee_test/host/xtest/regression_4000.c:5029:3: error: 'memmove' pointer overflow between offset [0, 8] and size [4294967295, 2147483647] accessing array 'tmp' with type 'uint8_t[1024]' {aka 'unsigned char[1024]'} [-Werror=array-bounds]
+       memmove(tmp + n + i, tmp + m, tmp_size - m);
+       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+    build/optee_test/host/xtest/regression_4000.c:4927:10: note: array 'tmp' declared here
+      uint8_t tmp[1024];
+              ^~~
+    build/optee_test/host/xtest/regression_4000.c:5029:3: error: 'memmove' specified size 4294967295 exceeds maximum object size 2147483647 [-Werror=stringop-overflow=]
+       memmove(tmp + n + i, tmp + m, tmp_size - m);
+       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+    cc1: all warnings being treated as errors
+    
+    Reported-by: Simon Hughes <simon.hughes at arm.com>
+    Signed-off-by: Etienne Carriere <etienne.carriere at linaro.org>
+    Reviewed-by: Jens Wiklander <jens.wiklander at linaro.org>
+
+diff --git a/host/xtest/regression_4000.c b/host/xtest/regression_4000.c
+index 766aad2..205a226 100644
+--- a/host/xtest/regression_4000.c
++++ b/host/xtest/regression_4000.c
+@@ -5018,18 +5018,28 @@ static void xtest_tee_test_4011(ADBG_Case_t *c)
+ 				out, out_size, tmp, &tmp_size)))
+ 			goto out;
+ 
++		if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, tmp_size, <=, sizeof(tmp)))
++			goto out;
++
+ 		/* 4.1 */
+-		for (n = 0; n < tmp_size; n++)
++		for (n = 0; n < tmp_size - i; n++)
+ 			if (tmp[n] == 0xff)
+ 				break;
++
++		/* Shall find at least a padding start before buffer end */
++	        if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, <, tmp_size - i - 1))
++			goto out;
++
+ 		for (m = n + 1; m < tmp_size; m++)
+ 			if (tmp[m] != 0xff)
+ 				break;
++
+ 		/* 4.2 */
+ 		memmove(tmp + n + i, tmp + m, tmp_size - m);
++
+ 		/* 4.3 */
+-		for (n = n + tmp_size - m + i; n < tmp_size; n++)
+-			tmp[n] = 0;
++		n = n + i + tmp_size - m;
++		memset(tmp + n, 0, tmp_size - n);
+ 
+ 		/* 5 */
+ 		out_size = sizeof(out);
diff --git a/package/optee-test/3.3.0/optee-test.hash b/package/optee-test/3.3.0/optee-test.hash
new file mode 100644
index 0000000..0da2212
--- /dev/null
+++ b/package/optee-test/3.3.0/optee-test.hash
@@ -0,0 +1,4 @@
+# From https://github.com/OP-TEE/optee_test/archive/3.3.0.tar.gz
+sha256 9651d5db0d28856e45d6bc25ce603bfcf641435bd3264d95b449f093665c8521  optee-test-3.3.0.tar.gz
+# Locally computed
+sha256 6e6810981f0ddab9e0d44399d0700a15d9f760a3c2843cc866659c2074139ae7  LICENSE.md
diff --git a/package/optee-test/Config.in b/package/optee-test/Config.in
new file mode 100644
index 0000000..40ac8e8
--- /dev/null
+++ b/package/optee-test/Config.in
@@ -0,0 +1,63 @@
+config BR2_PACKAGE_OPTEE_TEST
+	bool "optee-test"
+	depends on BR2_TARGET_OPTEE_OS
+	select BR2_PACKAGE_OPTEE_CLIENT
+	help
+	  This build option enables OP-TEE test package from the
+	  OP-TEE project. It helps platforms to verify the OP-TEE
+	  installation against a set of regression and performance
+	  tests.
+
+	  The package generates userspace test applications and
+	  data files for the Linux userland. It also generates
+	  OP-TEE trusted applications.
+
+	  Trusted application binary files are installed in the target
+	  directory /lib/optee_armtz as other trusted applications.
+	  At runtime OP-TEE OS can load trusted applications from this
+	  non-secure filesystem/directory into the secure world for
+	  execution.
+
+	  http://github.com/OP-TEE/optee_test
+
+if BR2_PACKAGE_OPTEE_TEST
+
+choice
+	prompt "version"
+	default BR2_PACKAGE_OPTEE_TEST_LATEST
+	help
+	  Select the version of OP-TEE test you want to use
+
+config BR2_PACKAGE_OPTEE_TEST_LATEST
+	bool "3.3.0"
+	help
+	  This fetches the registered release tag from the
+	  OP-TEE official Git repository.
+
+config BR2_PACKAGE_OPTEE_TEST_CUSTOM_GIT
+	bool "Custom Git repository"
+	help
+	  Sync with a specific OP-TEE Git repository.
+
+endchoice
+
+if BR2_PACKAGE_OPTEE_TEST_CUSTOM_GIT
+
+config BR2_PACKAGE_OPTEE_TEST_CUSTOM_REPO_URL
+	string "URL of custom repository"
+
+config BR2_PACKAGE_OPTEE_TEST_CUSTOM_REPO_VERSION
+	string "Custom repository version"
+	help
+	  Revision to use in the typical format used by
+	  Git E.G. a sha id, a tag, branch, ..
+
+endif
+
+config BR2_PACKAGE_OPTEE_TEST_VERSION
+	string
+	default "3.3.0"	if BR2_PACKAGE_OPTEE_TEST_LATEST
+	default BR2_PACKAGE_OPTEE_TEST_CUSTOM_REPO_VERSION \
+			if BR2_PACKAGE_OPTEE_TEST_CUSTOM_GIT
+
+endif #BR2_PACKAGE_OPTEE_TEST
diff --git a/package/optee-test/optee-test.mk b/package/optee-test/optee-test.mk
new file mode 100644
index 0000000..0ec7238
--- /dev/null
+++ b/package/optee-test/optee-test.mk
@@ -0,0 +1,45 @@
+################################################################################
+#
+# optee-test
+#
+################################################################################
+
+OPTEE_TEST_VERSION = $(call qstrip,$(BR2_PACKAGE_OPTEE_TEST_VERSION))
+OPTEE_TEST_LICENSE = GPL-2.0, BSD-2-Clause,
+OPTEE_TEST_LICENSE_FILES = LICENSE.md
+
+OPTEE_TEST_DEPENDENCIES = optee-client optee-os
+
+ifeq ($(BR2_PACKAGE_OPTEE_TEST_CUSTOM_GIT),y)
+OPTEE_TEST_SITE = $(call qstrip,$(BR2_PACKAGE_OPTEE_TEST_CUSTOM_REPO_URL))
+OPTEE_TEST_SITE_METHOD = git
+BR_NO_CHECK_HASH_FOR += $(OPTEE_TEST_SOURCE)
+else
+OPTEE_TEST_SITE = $(call github,OP-TEE,optee_test,$(OPTEE_TEST_VERSION))
+endif
+
+ifeq ($(BR2_aarch64),y)
+OPTEE_TEST_SDK = $(STAGING_DIR)/lib/optee/export-ta_arm64
+endif
+ifeq ($(BR2_arm),y)
+OPTEE_TEST_SDK = $(STAGING_DIR)/lib/optee/export-ta_arm32
+endif
+OPTEE_TEST_CONF_OPTS = -DOPTEE_TEST_SDK=$(OPTEE_TEST_SDK)
+
+# Trusted Application are not built from CMake due to ta_dev_kit dependencies.
+# We must build and install them on target.
+define OPTEE_TEST_BUILD_TAS
+	@$(foreach f,$(wildcard $(@D)/ta/*/Makefile), \
+		$(TARGET_CONFIGURE_OPTS) \
+		$(MAKE) CROSS_COMPILE=$(TARGET_CROSS) \
+			TA_DEV_KIT_DIR=$(OPTEE_TEST_SDK) \
+			-C $(dir $f) all &&) true
+endef
+define OPTEE_TEST_INSTALL_TAS
+	@mkdir -p $(TARGET_DIR)/lib/optee_armtz
+	@$(INSTALL) -D -m 444 -t $(TARGET_DIR)/lib/optee_armtz $(@D)/ta/*/*.ta
+endef
+OPTEE_TEST_POST_BUILD_HOOKS += OPTEE_TEST_BUILD_TAS
+OPTEE_TEST_POST_INSTALL_TARGET_HOOKS += OPTEE_TEST_INSTALL_TAS
+
+$(eval $(cmake-package))
-- 
1.9.1




More information about the buildroot mailing list