From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7247222195536003072 X-Received: by 2002:a2e:804b:0:b0:2b5:973c:7ce9 with SMTP id p11-20020a2e804b000000b002b5973c7ce9mr64202ljg.2.1687456959074; Thu, 22 Jun 2023 11:02:39 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:651c:1ca:b0:2b0:5b28:a1e7 with SMTP id d10-20020a05651c01ca00b002b05b28a1e7ls53961ljn.0.-pod-prod-03-eu; Thu, 22 Jun 2023 11:02:37 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ512aC9IWd+VZqm9lC/M7C0/7oFB3ImeFtK8KYFd1obVog1tRcCPZGvpakZQ8bB/JLfptxz X-Received: by 2002:a2e:8696:0:b0:2b5:68ad:291b with SMTP id l22-20020a2e8696000000b002b568ad291bmr6239403lji.39.1687456957487; Thu, 22 Jun 2023 11:02:37 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1687456957; cv=pass; d=google.com; s=arc-20160816; b=p6y0gfE3UZOBe3R/4zwL+zruN5qcczGqXHgPeUPME4FHIXwUrq3i2X7m/DWknnPfc1 q6MrtzUaGcJPygjRcGxXuHmHiF2MEuEMjH3g3BbNzyWA7ULei0uHYtdCBCvmA0tH29rw y6OQcxKYqteqSxzdEo6jEvSv992QKjVsODIPUyFpIxBsa8T4N8aEQnDAIMKf01J8l0Xl 4CSORKIHHMpuh8bFOUvGUriLMVIik4yoFDZrw6MZAK53Vkc0qvgzCYjXBlYiLsU4o1QO 8ecwX/gCTHFThB4uxTivhWzp1GPjRmCLA0nJkNl6Xzu1VnK7JW9B7Z/BwtQ6YqSdkVf4 5k5w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:subject:cc:to:from:date:dkim-signature; bh=j35lTBv2hH1FHmhVB9lqIGhwxb7kIQqPfHxyIJ6UsGc=; b=QklAWehYVBJnBLmYIokPa+8MwSXrvJ0JShYOGZwWi4RrggrzKnZ0hc6eveDn4c1cR2 UEHUYdQRaVZrAyM85SvF6EIyz/aQzJcuUCkrcmNCg+0aXERUMCHo4Ai3sEa6Gfushd3k T/vT73H8FucHj7EVVU1h0Gst8MSoOgOiGSHUYaYxO7fB/8z9blTHblnIvNoUfd+ApozZ PHjW7UQ5jHxyUKTEei/peyboW6+wTMenPgthbS36HBavrNcJuB7TCYjBM8eABdu0Vxo2 PUhukNtRCRASnPdUOfDiirGEkbVhcmuSgcRZL/PSKulIkozD2j0+WH0F9WwHyITTiAnc 9wRw== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=f9NHGQD1; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of henning.schild@siemens.com designates 2a01:111:f400:fe16::607 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Return-Path: Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on20607.outbound.protection.outlook.com. [2a01:111:f400:fe16::607]) by gmr-mx.google.com with ESMTPS id s20-20020a2e81d4000000b002a8b2891ba7si441226ljg.1.2023.06.22.11.02.37 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 22 Jun 2023 11:02:37 -0700 (PDT) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 2a01:111:f400:fe16::607 as permitted sender) client-ip=2a01:111:f400:fe16::607; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=f9NHGQD1; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of henning.schild@siemens.com designates 2a01:111:f400:fe16::607 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d9kyWLzUPDeGPhJRmBb8suzObZIKciWkuOz1WZDx2nc0Vzsea82yrvkxXBOHFeokAGb11XTj9pgfhXdtQHXVS9lMk7IbOSl23GeWaGox7tKB7nbVeoHGBZNX3OoK0q8dOMY/UcD4QzVqRJaN+m/lt8cP2ZjvaQCFQtMGgh6Cg7C0mspjc8aV7lUqUk3HZYwEyUR7XrYTvhC7UlqXzSCMFM1YcWagJMOPVY1HxsCtUHD/ldyxsrWeC3B1Mj/dPmL/BtRQ5FfE0cHwzKCak9Jw7O5l5pDq1mcKpkv9Da8NlikVhmUAKxg0Vcn+J47MfsPLii0deFO9bpQ4TnQHPXLKHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=j35lTBv2hH1FHmhVB9lqIGhwxb7kIQqPfHxyIJ6UsGc=; b=K0oj5M6TIzrDjvhH3MviydwypBNNqkrn8Ien5KVS8hq5wlqQgq+VPTW5Q9iXDcNZSdCNu6RRO+HxI26F/F7M8BGLhRnIESX05JjsTTGiBaN3hMo6QcVp1HNp5EelBerDmv73Q6KVYzFFFITLq11qNMow874K+m8RR05CmrAAJj3KAExKacDCYobaaLyYo2JvBAEfvqRLN6KCX9q0cosluqpKxF79nx/B/EcXbxpIr1IQks9WYAbpp01yojM6l1VgacbqMRrPrYh5ItLXP9unFqz84cRkaGMvZ+E+2M8okkNpgLu+ylkK4Wn8W1becuNGU3TlDJl67CK0nf0u3EQepQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j35lTBv2hH1FHmhVB9lqIGhwxb7kIQqPfHxyIJ6UsGc=; b=f9NHGQD15AwQeFC2j/SyVCrYDuqHkv+mVLMp0F1LEnkz8ghD8QxvuS7IV8Rai4PGR7FTGDoGDSieJ9F4ZosWHEiSS55rKCpjOx3HQfkQ+0pZmQicm2bDBwKLmqPqoPWe2nONZwBmbByxKIasfIeFpCcXB2KZ6gQkUc4kJ8yis1pmLqUc53TQzyr9oCcup6q8wZ7QiwVF8nEnSwrwXigLC7NAPRayTM4zGuxU1ANLWpWo+A18TIEG64fOrDGpMpagRYjTiXx8EY848SC356B93FwChVKjRYnI05EBC/yOQYlYKzsB4WsQVpVCg2P+0jtnkWHteXIv8Ab3/Qb7czTDqQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:269::8) by PAWPR10MB8041.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:37e::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.24; Thu, 22 Jun 2023 18:02:35 +0000 Received: from PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM ([fe80::a171:a3f2:99b7:5f29]) by PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM ([fe80::a171:a3f2:99b7:5f29%6]) with mapi id 15.20.6521.024; Thu, 22 Jun 2023 18:02:35 +0000 Date: Thu, 22 Jun 2023 20:02:26 +0200 From: Henning Schild To: baocheng_su@163.com Cc: isar-users@googlegroups.com, jan.kiszka@siemens.com, felix.moessbauer@siemens.com, christian.storm@siemens.com, quirin.gylstorff@siemens.com, baocheng.su@siemens.com Subject: Re: [PATCH v2 3/7] Add recipe for optee-client Message-ID: <20230622200226.372e5fd2@md1za8fc.ad001.siemens.net> In-Reply-To: <20230621192217.2045717-4-baocheng_su@163.com> References: <20230621192217.2045717-1-baocheng_su@163.com> <20230621192217.2045717-4-baocheng_su@163.com> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.37; x86_64-pc-linux-gnu) Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-ClientProxiedBy: CH0PR04CA0022.namprd04.prod.outlook.com (2603:10b6:610:76::27) To PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:269::8) Return-Path: henning.schild@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PA4PR10MB5780:EE_|PAWPR10MB8041:EE_ X-MS-Office365-Filtering-Correlation-Id: ddc52d91-e0b8-4b4e-e045-08db734adba4 X-LD-Processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: YXgeyTxIi/SbwzRgFXiSyQewn69i/wqkMDIeoK64D/h54xc9yRvUb+R1E602OyBH+kTfPEOHMUlee7iU/vi3EWAbBpX1M9u0WuB/UJ07VYiP2d3KF350P7TfhOg2H7GHadWOJMyLeyV89Bj9elFycUsW8J5Pc3bDsZb1Wu6bPvX2tzqNbPX/IpgLrC5v+Pa21lU2g8irli9oWRPXQCsQ5XzEdaxCfvpUxIVQX15pgyfPA2pQZZuoOF7cJguEtvICIpB9uEv6PeCSd7JCj9N77rEiZnNonFYeAq/rdLbW2lihlhx2xIdA9yNqzdWi2nUL0EqJORUMMT+BLArtLWbDq/hwwpEq756X4vWqjgwWYoAJgQjqQ1FnRL9vNcfH35Ykt6if219Fl5oy5MqFNWJHeD1uXmzFvykSbasg2sKEn3OoRHef2vtp4NkcNj4tDzRTKONndg+oTkAblks8GGfQFGAL+RuSXR2tNK7EQBXpAPwy1ccw9xywzQqB8TUu4Ydjm+WZUbcNleW5na5EQcrsrG0WN4HZZMtb54xIShb3VOXcFpQvDxrZCq5rB9e9ovpVhni/KIR7T2cu6Qp7TWZ66Wlkz4wEOYE36ZWf9hAhiycN5x/q4UWxDGK1lnJwC9GOzCKeZ9fChB0bqQD0i+mMlw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(346002)(376002)(366004)(136003)(396003)(451199021)(478600001)(6666004)(107886003)(5660300002)(6506007)(6486002)(1076003)(83380400001)(966005)(66946007)(4326008)(8676002)(41300700001)(66556008)(66476007)(6916009)(8936002)(44832011)(2906002)(186003)(9686003)(6512007)(38100700002)(82960400001)(316002)(86362001)(1491003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?MVCgSBcf/DgzVjssPauBARhOOJ6O+XTJvQdQlnkpyKHOIbtGGicu5gU+iXCn?= =?us-ascii?Q?CfaFLMZT6h0DXrLAjYfDrb19yqhZtzYf7MLunC4mDB7w4MHgkATzp+6XZdqD?= =?us-ascii?Q?FbASFV4begUXLeQWzmQmUyXOvMGAPYMgELkhiEzyKUPCm7nRoHnPFgcFtfen?= =?us-ascii?Q?UdQYiHK/kYsneHzblpj31CzLXpm+kJYAw/l/Hov3DG2/Y+6xWaKk6i9M4BaG?= =?us-ascii?Q?YyvJipZBEW5jJS029CWG7J4uDhzrjy6JrZb3tLvf156Q0i5tRnHM0mlNvMvc?= =?us-ascii?Q?U6oTzroiSN1nw8cjNn6OffE+MlryhGLiWfq1PhNcBU7Q8tBf7pM0WPAvF33T?= =?us-ascii?Q?F2y4KI0oBPy046Fp8FlzVYNemTkOGnvUf7ItJTklyWfV16SLNHppVFlrK/3M?= =?us-ascii?Q?g3YRZkb54dCYb9HoAZmdPMbwLWR6uqT4Vq8VNPWCSWst9zOdqRMnw7KtLBU4?= =?us-ascii?Q?xeresnw1z2obSasyJS97axpLEx9mQ6UJzoraD4yH5Po+EnZE7RrFw0HcW+Hw?= =?us-ascii?Q?zKsmaRkIz1G9pM72LPQtx0GwDxTT4oICRhEFQdzrZjcH6XdcboCZ4idAZBf2?= =?us-ascii?Q?byLX/JgDdeassmcz6cgOrdkhfk6BJQb6xuX6vWvS4IWmq50ows3zb9IvIhCE?= =?us-ascii?Q?hB5aGfbMYT9iDqT2MfnmSiSZTz3hCL02ViaEpttbkuHetMnlRFwn+msnrnQo?= =?us-ascii?Q?Bc6q4152KBkIXgIrFfzoaNrws5v9BIegqTpYMtwy8XRzBtyK5wFkLVu8gvwP?= =?us-ascii?Q?4QBPwUrQCobvAlYjVbVlo0/j/RhXFFw7lJzJDVa8aMYVEpZH1uR0HD5f+aJc?= =?us-ascii?Q?nNxRjhqtSoTLYEshuuTNdX+FRbnUHVGdjEu4p9lZeTlYudPYmSgKtrCOHWZc?= =?us-ascii?Q?UgxncJsGou8AamtTRMXbb4Fx29LgS/p26xRWZrhq08kGFS4sJ/1NIf84felE?= =?us-ascii?Q?0IrkV9x8arFUsvR3I0KUL2DR17fgO491xkGAAzOawbHFHvnHxG1kgj963lLH?= =?us-ascii?Q?9nGCBmG7gHMHhgWvR7d8TjKlaILl2SHyE25Tg4rWegoSqJTXR6rv0rDEplBA?= =?us-ascii?Q?ji8pxfhYzBVedx4xTt28r0VbROCrepqvh3LDnjRMBk5osUyzs+K6rTrgYR66?= =?us-ascii?Q?HzxW9tXsltTmPKNuDZoNYVgAtC5tFS+aQnMuvvNuQO9Q3IlOKWaP5RwDjdLy?= =?us-ascii?Q?skmPKSds/xkKXWi6U405FgVEkrD4lYhRix4yNElwgFmffklsHUIvHx4qJMPZ?= =?us-ascii?Q?oDiXbL6l42ZoNA6fV6r+f2zSyKf+F2Cfcm6EgKdQ2Ty6h5QKtIT2lS/sDKju?= =?us-ascii?Q?J5g1TSL0X/8zyWwZcmf94E+5BwxaV3OGE3AMZpEIEtuTt6U/IkayuD8R28GS?= =?us-ascii?Q?fOBAgfFJPsdQ5t4xztBnqBFbVlEUL8nUKakN9Wjy4ZqsIPVMvPRP4LQf1IUb?= =?us-ascii?Q?SrySYoSdLtmW/tw9NwopBJ8v6EAUr/Lkq9hfHiGFWm2GUBsj9lgVGdGR/8MT?= =?us-ascii?Q?0JGvFoXL8/8nDgDXEXxt6vOxDBHGv2YmfHFRvYuwl6F4T64RsT3YY8p7C9+o?= =?us-ascii?Q?AFnNDWnRab0Phxgy9VgrPROzbtYreFzNw+fpm2AxV9OTHdgsXHccFU4LEHOv?= =?us-ascii?Q?P2YzNpczaroItuyvY8VnXTT0JErWVDGR9Y8Dza9FBisUY+X4MVXZMuxAQisR?= =?us-ascii?Q?COGS9A=3D=3D?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: ddc52d91-e0b8-4b4e-e045-08db734adba4 X-MS-Exchange-CrossTenant-AuthSource: PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jun 2023 18:02:35.5642 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ig2MrVQWww56GAp9v9Ycnx3A6x/Rt2Zir7mOFNAYvKLF/ou98t/QaQKtvMyjTFM2dW305ynWFvsMxrH+7N8MQj9CbYB8BQl2a5nAIimmcqM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB8041 X-TUID: ygIuK8guHXI4 Am Thu, 22 Jun 2023 03:22:13 +0800 schrieb baocheng_su@163.com: > From: Baocheng Su > > optee-client provides the userland library for communicating with the > trusted applications running in OP-TEE. > > It also provides a optee-client-dev package for developing host > application that talks to the TA counterpart. > > Also a user land deamon tee-supplicant is provided to serve the > trusted applications for user-land resources such as RPMB accessing. > > This brings the .inc for customization, and also a demo recipe for > stm32mp15x. > > The debianization is learnt from the debian offical package. The > tee-supplicant.service is refined by Jan to fix some timing issues. > > Signed-off-by: Baocheng Su > --- > meta-isar/conf/machine/stm32mp15x.conf | 2 +- > .../optee-client-stm32mp15x_3.21.0.bb | 18 +++++++ > .../optee-client/files/debian/compat | 1 + > .../optee-client/files/debian/control.tmpl | 51 > +++++++++++++++++++ .../optee-client/files/debian/rules.tmpl | > 27 ++++++++++ .../files/debian/tee-supplicant.service | 21 > ++++++++ .../optee-client/optee-client-custom.inc | 41 > +++++++++++++++ 7 files changed, 160 insertions(+), 1 deletion(-) > create mode 100644 > meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb > create mode 100644 meta/recipes-bsp/optee-client/files/debian/compat > create mode 100644 > meta/recipes-bsp/optee-client/files/debian/control.tmpl create mode > 100755 meta/recipes-bsp/optee-client/files/debian/rules.tmpl create > mode 100644 > meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service > create mode 100644 > meta/recipes-bsp/optee-client/optee-client-custom.inc > > diff --git a/meta-isar/conf/machine/stm32mp15x.conf > b/meta-isar/conf/machine/stm32mp15x.conf index 4fa4051..0b200d2 100644 > --- a/meta-isar/conf/machine/stm32mp15x.conf > +++ b/meta-isar/conf/machine/stm32mp15x.conf > @@ -16,4 +16,4 @@ WKS_FILE ?= "stm32mp15x.wks.in" > IMAGER_INSTALL += "trusted-firmware-a-stm32mp15x optee-os-stm32mp15x > u-boot-stm32mp15x" IMAGER_BUILD_DEPS += > "trusted-firmware-a-stm32mp15x optee-os-stm32mp15x u-boot-stm32mp15x" > -IMAGE_INSTALL += "u-boot-script" > +IMAGE_INSTALL += "u-boot-script tee-supplicant" > diff --git > a/meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb > b/meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb > new file mode 100644 index 0000000..18525e3 --- /dev/null > +++ > b/meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb > @@ -0,0 +1,18 @@ +# > +# Copyright (c) Siemens AG, 2023 > +# > +# Authors: > +# Su Bao Cheng > +# > +# SPDX-License-Identifier: MIT > +# > + > +require recipes-bsp/optee-client/optee-client-custom.inc > + > +SRC_URI += > "https://github.com/OP-TEE/optee_client/archive/${PV}.tar.gz;downloadfilename=optee_client-${PV}.tar.gz" > +SRC_URI[sha256sum] = > "368164a539b85557d2079fa6cd839ec444869109f96de65d6569e58b0615d026" + > +S = "${WORKDIR}/optee_client-${PV}" + > +# Use RPMB emulation > +RPMB_EMU_BUILD_OPT = "" > diff --git a/meta/recipes-bsp/optee-client/files/debian/compat > b/meta/recipes-bsp/optee-client/files/debian/compat new file mode > 100644 index 0000000..f599e28 > --- /dev/null > +++ b/meta/recipes-bsp/optee-client/files/debian/compat > @@ -0,0 +1 @@ > +10 > diff --git a/meta/recipes-bsp/optee-client/files/debian/control.tmpl > b/meta/recipes-bsp/optee-client/files/debian/control.tmpl new file > mode 100644 index 0000000..6c68b1d > --- /dev/null > +++ b/meta/recipes-bsp/optee-client/files/debian/control.tmpl > @@ -0,0 +1,51 @@ > +Source: ${PN} > +Priority: optional > +Maintainer: Unknown maintainer > +Build-Depends: pkg-config, uuid-dev > +Standards-Version: 4.1.3 > +Section: libs > +Homepage: https://github.com/OP-TEE/optee_client > +Rules-Requires-Root: no > + > +Package: optee-client-dev > +Section: libdevel > +Architecture: ${DISTRO_ARCH} > +Multi-Arch: same > +Depends: libteec1 (= ${binary:Version}), > + ${misc:Depends} > +Description: normal world user space client APIs for OP-TEE > (development) > + OP-TEE is a Trusted Execution Environment (TEE) designed as > companion to a > + non-secure Linux kernel running on Arm; Cortex-A cores using the > TrustZone > + technology. OP-TEE implements TEE Internal Core API v1.1.x which is > the API > + exposed to Trusted Applications and the TEE Client API v1.0, which > is the > + API describing how to communicate with a TEE. This package provides > the TEE > + Client API library. > + . > + This package contains the development files OpTEE Client API > + > +Package: libteec1 > +Architecture: ${DISTRO_ARCH} > +Multi-Arch: same > +Depends: ${misc:Depends}, ${shlibs:Depends} > +Description: normal world user space client APIs for OP-TEE > + OP-TEE is a Trusted Execution Environment (TEE) designed as > companion to a > + non-secure Linux kernel running on Arm; Cortex-A cores using the > TrustZone > + technology. OP-TEE implements TEE Internal Core API v1.1.x which is > the API > + exposed to Trusted Applications and the TEE Client API v1.0, which > is the > + API describing how to communicate with a TEE. This package provides > the TEE > + Client API library. > + . > + This package contains libteec library. > + > +Package: tee-supplicant > +Architecture: ${DISTRO_ARCH} > +Depends: ${misc:Depends}, ${shlibs:Depends} > +Description: normal world user space client APIs for OP-TEE > + OP-TEE is a Trusted Execution Environment (TEE) designed as > companion to a > + non-secure Linux kernel running on Arm; Cortex-A cores using the > TrustZone > + technology. OP-TEE implements TEE Internal Core API v1.1.x which is > the API > + exposed to Trusted Applications and the TEE Client API v1.0, which > is the > + API describing how to communicate with a TEE. This package provides > the TEE > + Client API library. > + . > + This package contains tee-supplicant executable. > diff --git a/meta/recipes-bsp/optee-client/files/debian/rules.tmpl > b/meta/recipes-bsp/optee-client/files/debian/rules.tmpl new file mode > 100755 index 0000000..a0a8983 > --- /dev/null > +++ b/meta/recipes-bsp/optee-client/files/debian/rules.tmpl > @@ -0,0 +1,27 @@ > +#!/usr/bin/make -f > +# > +# Debian rules for custom OP-TEE Client build > +# > +# This software is a part of ISAR. > +# Copyright (c) Siemens AG, 2023 > +# > +# SPDX-License-Identifier: MIT > + > +ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) > +export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- > +endif > + > +%: > + dh $@ --exclude=.a > + > +override_dh_auto_build: > + dh_auto_build -- LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) \ > + CFG_TEE_FS_PARENT_PATH=${TEE_FS_PARENT_PATH} > ${RPMB_EMU_BUILD_OPT} + > +override_dh_auto_install: > + dh_auto_install -- LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) \ > + CFG_TEE_FS_PARENT_PATH=${TEE_FS_PARENT_PATH} > ${RPMB_EMU_BUILD_OPT} + > +override_dh_auto_clean: > + dh_auto_clean > + rm -rf $(CURDIR)/out > diff --git > a/meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service > b/meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service > new file mode 100644 index 0000000..4508a14 --- /dev/null > +++ > b/meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service > @@ -0,0 +1,21 @@ +# This software is a part of ISAR. > +# Copyright (c) Siemens AG, 2023 > +# > +# SPDX-License-Identifier: MIT > +[Unit] > +Description=TEE Supplicant > +DefaultDependencies=no > +Before=systemd-remount-fs.service shutdown.target > +Conflicts=shutdown.target > + > +[Service] > +Type=oneshot > +RemainAfterExit=yes > +# Start if not already started by the initramfs hook > +ExecStart=/bin/sh -c '/usr/bin/pgrep tee-supplicant >/dev/null || > /usr/sbin/tee-supplicant -d' +ExecStop=/bin/sh -c '/usr/bin/findmnt > /sys/firmware/efi/efivars >/dev/null && /usr/bin/umount > /sys/firmware/efi/efivars || true' +ExecStop=/bin/sh -c > '/usr/sbin/modinfo -n tpm_ftpm_tee | /usr/bin/grep -E "\.ko$" > >/dev/null && /usr/sbin/modprobe -r tpm_ftpm_tee || true' > >+ExecStop=/usr/bin/pkill tee-supplicant + +[Install] > +WantedBy=sysinit.target > diff --git a/meta/recipes-bsp/optee-client/optee-client-custom.inc > b/meta/recipes-bsp/optee-client/optee-client-custom.inc new file mode > 100644 index 0000000..5c88dad > --- /dev/null > +++ b/meta/recipes-bsp/optee-client/optee-client-custom.inc > @@ -0,0 +1,41 @@ > +# > +# Copyright (c) Siemens AG, 2023 > +# > +# Authors: > +# Su Bao Cheng > +# > +# SPDX-License-Identifier: MIT > +# > + > +inherit dpkg > + > +FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/files:" This looks weird, is it really needed? Henning > + > +DESCRIPTION = "OPTee Client" > + > +PROVIDES = "libteec1 optee-client-dev tee-supplicant" > + > +SRC_URI += "file://debian" > + > +TEE_FS_PARENT_PATH ?= "/var/lib/optee-client/data/tee" > +# To use the builtin RPMB emulation, empty this > +RPMB_EMU_BUILD_OPT ?= "RPMB_EMU=0" > + > +TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl" > +TEMPLATE_VARS += "TEE_FS_PARENT_PATH RPMB_EMU_BUILD_OPT" > + > +do_prepare_build[cleandirs] += "${S}/debian" > +do_prepare_build() { > + cp -r ${WORKDIR}/debian ${S}/ > + > + deb_add_changelog > + > + echo "/usr/sbin/*" > ${S}/debian/tee-supplicant.install > + echo "lib/optee_armtz/" > ${S}/debian/tee-supplicant.dirs > + echo "usr/lib/tee-supplicant/plugins/" >> > ${S}/debian/tee-supplicant.dirs + > + echo "usr/lib/*/libteec*.so.*" > ${S}/debian/libteec1.install > + > + echo "usr/include/*" > ${S}/debian/optee-client-dev.install > + echo "usr/lib/*/lib*.so" >> ${S}/debian/optee-client-dev.install > +}