@@ -734,3 +734,10 @@ Set `TEE_SUPPLICANT_IN_USERLAND` to 0 if you are using a kernel that supports
`CONFIG_RPMB` and you only need the daemon for RPMB access. Default is 1, but
this will eventually be changed to 0. Therefore, explicitly set the variable
to 1 to stay compatible.
+
+### Support for new optee_ftpm
+
+By setting `MS_TPM_20_REF_DIR` in an optee-ftpm recipe, it is now possible to
+use the new optee_ftpm code base from the OP-TEE project. That variable has to
+point to a subdir in `WORKDIR` which contains the unpacked ms-tpm-20-ref source
+code.
@@ -1,10 +1,11 @@
#!/usr/bin/make -f
# Debian rules for optee-ftpm
#
-# Copyright (c) Siemens AG, 2023
+# Copyright (c) Siemens AG, 2023-2025
#
# Authors:
# Su Bao Cheng <baocheng.su@siemens.com>
+# Jan Kiszka <jan.kiszka@siemens.com>
#
# SPDX-License-Identifier: MIT
@@ -12,8 +13,11 @@ ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)-
endif
+export CFG_MS_TPM_20_REF=${MS_TPM_20_REF_DIR}
+export O=out
+
override_dh_auto_build:
- cd Samples/ARM32-FirmwareTPM/optee_ta && \
+ cd ${OPTEE_FTPM_SRCDIR} && \
TA_CROSS_COMPILE=${CROSS_COMPILE} \
TA_CPU=${TA_CPU} \
TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR} \
@@ -2,14 +2,15 @@
#
# Authors:
# Su Bao Cheng <baocheng.su@siemens.com>
+# Jan Kiszka <jan.kiszka@siemens.com>
#
# SPDX-License-Identifier: MIT
#
inherit dpkg
-SUMMARY = "OPTEE fTPM Microsoft TA"
-DESCRIPTION = "TCG reference implementation of the TPM 2.0 Specification."
-HOMEPAGE = "https://github.com/microsoft/ms-tpm-20-ref/"
+SUMMARY = "OP-TEE fTPM TA"
+DESCRIPTION = "Firmware TPM as OP-TEE TCG TA, using Microsoft's TPM 2.0 reference implementation"
+HOMEPAGE = "https://github.com/OP-TEE/optee_ftpm"
FILESPATH:append := ":${FILE_DIRNAME}/files"
@@ -27,22 +28,36 @@ TA_CPU ?= "unknown"
TA_DEV_KIT_DIR ?= "unknown"
OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " "
+# Set to the subdir in WORKDIR containing the unpacked ms-tpm-20-ref sources
+# Leave empty for if still using ms-tpm-20-ref for OP-TEE TA integration
+MS_TPM_20_REF_DIR ?= ""
+
+OPTEE_FTPM_SRCDIR = "${@'Samples/ARM32-FirmwareTPM/optee_ta' if d.getVar('MS_TPM_20_REF_DIR') == '' else '.'}"
+OPTEE_FTPM_BINDIR = "${@'Samples/ARM32-FirmwareTPM/optee_ta/fTPM' if d.getVar('MS_TPM_20_REF_DIR') == '' else '.'}"
+
TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl"
TEMPLATE_VARS += "DEBIAN_BUILD_DEPENDS \
DEBIAN_COMPAT \
OPTEE_FTPM_BUILD_ARGS_EXTRA \
TA_CPU \
- TA_DEV_KIT_DIR"
+ TA_DEV_KIT_DIR \
+ MS_TPM_20_REF_DIR \
+ OPTEE_FTPM_SRCDIR"
do_prepare_build() {
- rm -rf ${S}/debian
- cp -r ${WORKDIR}/debian ${S}/
+ rm -rf "${S}/debian"
+ cp -r "${WORKDIR}/debian" "${S}/"
deb_add_changelog
rm -f ${S}/debian/optee-ftpm-${OPTEE_NAME}.install
- echo "Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/bc50d971-d4c9-42c4-82cb-343fb7f37896.ta /usr/lib/optee-os/${OPTEE_NAME}/ta" > \
+ echo "${OPTEE_FTPM_BINDIR}/out/bc50d971-d4c9-42c4-82cb-343fb7f37896.ta /usr/lib/optee-os/${OPTEE_NAME}/ta" > \
${S}/debian/optee-ftpm-${OPTEE_NAME}.install
- echo "Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf /usr/lib/optee-os/${OPTEE_NAME}/ta" >> \
+ echo "${OPTEE_FTPM_BINDIR}/out/bc50d971-d4c9-42c4-82cb-343fb7f37896.stripped.elf /usr/lib/optee-os/${OPTEE_NAME}/ta" >> \
${S}/debian/optee-ftpm-${OPTEE_NAME}.install
+
+ if [ -n "${MS_TPM_20_REF_DIR}" ] && [ -e "${WORKDIR}/${MS_TPM_20_REF_DIR}" ]; then
+ rm -rf "${S}/${MS_TPM_20_REF_DIR}"
+ cp -a "${WORKDIR}/${MS_TPM_20_REF_DIR}" "${S}/"
+ fi
}