From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7247222195536003072 X-Received: by 2002:a7b:ca4c:0:b0:3f9:b30f:a013 with SMTP id m12-20020a7bca4c000000b003f9b30fa013mr7182670wml.6.1687413182799; Wed, 21 Jun 2023 22:53:02 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:600c:8613:b0:3f9:b9b8:922f with SMTP id ha19-20020a05600c861300b003f9b9b8922fls143009wmb.2.-pod-prod-00-eu; Wed, 21 Jun 2023 22:53:01 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5F1fLy1vBcwHRu9vTzTjHMIu8ufjAXR2uMa7cXna+52+tTb0KKU5+EFFqdempBIqH0vb/r X-Received: by 2002:a1c:4b11:0:b0:3f7:e78e:8a41 with SMTP id y17-20020a1c4b11000000b003f7e78e8a41mr21362240wma.18.1687413181166; Wed, 21 Jun 2023 22:53:01 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1687413181; cv=pass; d=google.com; s=arc-20160816; b=DKrg5LfxIX0gF1dc1sverFhboWK32GNE35fW0VurZ1sWlgGWQcrU9u6KqMfr5dSgZA ynxtguVI5GnpJ8tThdPfc73eAD+90NokKPG0EyuH2Nfr6vslfuXhxIZUQ3hmc9x5ZLX5 pSudICfzi+EYcIaejBJu+IUdvG0Rl9TcIgOKNw2xG5HZC4OjoHwyy+5Pc7YnMyLyiZ5I XfTLwsh2JmrSR7fTVSwB2JJNLp5MfRQD8gK9t6oO6k5LyhCTQw1a1IinwtJuRdFlOafe D6thYCxUaoHwsR+sWm4Rhjubc3+iqQhDtAb57zx3du1yZZETKt0CkQO9D8HJq/kYr4ek sR6g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:in-reply-to:from:references :cc:to:content-language:subject:user-agent:date:message-id :dkim-signature; bh=pm9az1XVHEiDqHzdX6saApilw4XcabPwdC/x8j8EAkE=; fh=lTPsfRjHjQTLADPrkYquMlpw1ZYTSepSiSM7QejGvXU=; b=KsBkvHvmJxxK031cyxvgASq5A/SNeHCzw9wfCcgkEDpPWZGTZSvseRi2ZdkZ6fxVSQ MwML++UtxX9KqMVY2tATeh9aPju4vipl0lthNkooxQZNx/xWK9enOxp1IvQOIxM4ghOc 9SbGtUq7ym9BSNxVtweT5Zk/htgtQa+1Nnj2elMFHr07VGOKgIdaOkQ6Ger6yvzi6bWZ 4hnME3f9mPxuVtayVqqtPetiWr0lZt1LytBDIpeZHtvMg4mFlBDbxZ6dYMnmA2oe8QxD AaUV6+r+5pLiknyAmUwI4Kzj53MmFLYaQwBC2zRNisvQgweCSBSF1o5uM2pWSG1LraIG XZsA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=yTG+s2Et; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe16::603 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Return-Path: Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on20603.outbound.protection.outlook.com. [2a01:111:f400:fe16::603]) by gmr-mx.google.com with ESMTPS id bd18-20020a05600c1f1200b003f90ace02edsi30157wmb.3.2023.06.21.22.53.00 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 21 Jun 2023 22:53:01 -0700 (PDT) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe16::603 as permitted sender) client-ip=2a01:111:f400:fe16::603; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=yTG+s2Et; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe16::603 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Tn7RVjhQcPNJq4eN1vMBZPvwXGQnPRvxhNuOxe0Z+/hdoCm50m5mUfvMVJk/bjsLchqNXhBTHbSjGvDNMXxhAX1Wk4g25TtySVxegMIl4ynUN9y6LfIpPCznGA/6ko2HegbQGbGJT9GjR5qvCg6xolcPGIvT7omR5pmXV/EgLzFfhQC6L9B97vTuhK66+vz0i7F7jQ7WJmvjGrqzw0UEuRsgd54zg9Gzfy5+QdwB8+crYPMUdNgm1Z59jylj57H6UBGur41inRfoEsVLKEop0HqPCX1akirL6Y3k34NBhCYdhHNtRi6fal6QTTkN36bcxDpuza3JgyyPVuh9RouRjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pm9az1XVHEiDqHzdX6saApilw4XcabPwdC/x8j8EAkE=; b=fvbRz5ZGbjhfkwqQmq1f1DOnk0e3d5wj29IAihdURnefu4FBTsm3QgwHi8e9P8ZwMm+5PAw+ck+qFP//fX26hdYcnhmws5G1aL/42IWSpDH23eT0nzViPS0GQEbAaORX8YTJvGgfPVMAHgQZVVipyoYvmvSN8RbSClWn3pWee3VwQMupdDO70HmrooQ2IxiVysU0Um5XwaxNnfLNjTbal25Taqh1WVsAzoczQeQ1ZeZ9jGqV8gd+SJH4xQxe8TaOSyRD9Hx0EvMvvEwmZSNaf74EF26J1M2dtQtKl69y7jbij4FDaVt0YaWzDAPwyRcmnqMy/AWEuoBKu2z3CmzmpA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pm9az1XVHEiDqHzdX6saApilw4XcabPwdC/x8j8EAkE=; b=yTG+s2EtpDyhWKUG70k8QbqwmK/pfe5btaBz9JH9cAGidxIULxjl4mWrHOyy9MaWNWRXMpq7XKXWBPoc9e3M5CiECznrhnL0nVZFOM/AIKvqHj+3U7a70BIp7s3CAY/EbLigrr7YpeT3EpYwhnKXWuCfU5JsfDL2nlBJU8Tww98aExMwcSAJVQuE0lIy5cDdikKR7WNwIDGYwJ7BGeKuuZTTQpO5inhIopejZ+eATyDkreTt2koidh/HDQkHpLYa3FLEauc1eJSWlUJRbvB4TkaUOb4jAxMI31V88/xV/sLqUUdhOubvMfSmY+83uwloGFZqAUhXzxQ+InjLN2/y9Q== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) by DB9PR10MB7217.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:456::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.24; Thu, 22 Jun 2023 05:52:59 +0000 Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::53c2:174a:8b13:ce94]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::53c2:174a:8b13:ce94%3]) with mapi id 15.20.6521.024; Thu, 22 Jun 2023 05:52:59 +0000 Message-ID: <392affc0-24b5-21b3-fffd-c3bb117c0b0b@siemens.com> Date: Thu, 22 Jun 2023 07:52:56 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH v2 3/7] Add recipe for optee-client Content-Language: en-US To: baocheng_su@163.com, isar-users@googlegroups.com, felix.moessbauer@siemens.com Cc: christian.storm@siemens.com, quirin.gylstorff@siemens.com, baocheng.su@siemens.com References: <20230621192217.2045717-1-baocheng_su@163.com> <20230621192217.2045717-4-baocheng_su@163.com> From: Jan Kiszka In-Reply-To: <20230621192217.2045717-4-baocheng_su@163.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: FR3P281CA0005.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1d::19) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) Return-Path: jan.kiszka@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|DB9PR10MB7217:EE_ X-MS-Office365-Filtering-Correlation-Id: e14fff58-d70a-4def-d070-08db72e4ef0b X-LD-Processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: EYiDkkjSQbBIWwgnKnZhU5CDnmr9N50cqCsrgOOQfmnE+c8hTSYuPEGJ0o4LibTmmuxTiHOPnL10RdmbgeU2K4JoDQsyza97mHaP0z8kWhKnfyX+qRV1NToyMRBCV+ATMReXUpnbVZKzQMkzZ5ug5mVtOhT3V/jcwJbM7N6W7c0u+Qszm9SmyiDumKKO74a87C9RQ3hZ6PmJqNBxLrGSoPu8atKzIOCjQ0Jr4CGsTk098rpY8kNN0w6QcfQsGd7hA6r12zGfqGW5aLf7mfeplUZw0UIP0Es1uxaQPOqw6/0tr+/KKuUmU6qPaOtLWrYC/5q7d771yytrXSRq6T7LdNcTJ50zjQPbYT0s6+g5PNQlqCmt/3EXwQPF2my8pGrW+6Ncmo5BeOJf3KPmZM2O05PznxJgRV83DV0zxBbzIACbWcqkX2P3PP1Nvz+oWUNkYV8ZKRdKgKqZG5WFVj3X6CXnQhiDCooXDbmNbyk5Fdc3rnx9kis7hqIpzmqu3BhKutmUecVVFOPZrA7dT3i/ltlteD2WXB/NG8xd4Y9GXSYktXiSL1tU63uioFW9bmeerceA+aYKXmmcDzlU8rmMAMgUNraeU/iV8vP7L3/52POxtjpiOtc/aWEZT9T9pcjlpZY4f3w27dJUEkwj+Y7K9lIBMF1JDfYGS9AAonXMleAVXpO/Y+6txr9qz1Gx9z45 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230028)(4636009)(396003)(39860400002)(376002)(346002)(366004)(136003)(451199021)(316002)(83380400001)(41300700001)(44832011)(5660300002)(2906002)(8936002)(8676002)(36756003)(966005)(38100700002)(26005)(6506007)(53546011)(6512007)(6666004)(186003)(6486002)(107886003)(31686004)(66476007)(4326008)(6636002)(66556008)(66946007)(82960400001)(478600001)(31696002)(86362001)(2616005)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?UDF1YmwzQzFwOGwrTXF2WVlFK0htSVBIcnFyU1BrTHVkWGRld0dvcklTajJQ?= =?utf-8?B?UWpQWXBvY3paOXQxNVJTWGd3ekEyTlo2Vkg0d0IxYkhYVy9BZ2doaENlQ2V3?= =?utf-8?B?QVoxS2FNQjhldTJENmJhaGM4T01YWElPaW5HVjVYWFV4TURaS0Vqc1ovamRX?= =?utf-8?B?QXNEbDd6a0d1UXlLK01rWm8waVdxdkpFMkxxOXBFa3dzc2hLTmExTndraElD?= =?utf-8?B?dEdpU3pyRFhQWHYrdDNocVVWcGsrMVcxWkFQWld4N1lCMXVBL0JBSzVnMG0w?= =?utf-8?B?Z21rNmllMGFvWWU5YVpNa3IxUGJ0V2h5d25haFpHNy9FS0MzdlVlZWdRWWVL?= =?utf-8?B?RXNNS1IvNWowU3pPa21ManduUEZ4TGJkWWs4OVRJV2U1bVdWNnhJd05CeWI5?= =?utf-8?B?Zlc3ejFGM2ptckIrUW5wbk56S0tQUjIxd3F0TCtYWGdwTEVXRUZyajZmblV4?= =?utf-8?B?dFk4KzRmYnd5S2NRbVl0WEQvSmtWSFdTRWF2RnZPK2lsN09id2FhVW9WUFBu?= =?utf-8?B?Q1hzVjR6WU1MbTM2WjZJaUZMV0ZxeHo4R1Rub3pEUXV2enpxbmY1L3ZzQmRa?= =?utf-8?B?ai83dHFJR0d5Y0RUSVI5ZDZ2b2VkSU1QWDZackZJM1Q0VEFzRU1FRUZZN24w?= =?utf-8?B?bnlNYmc4UGtDU1BOTVFwcDRndWVuZTl5TCtQaXZRSnZPMmY1eE9tS0dxMXR0?= =?utf-8?B?UXczVUpoZ0lCWi9HSEl3TFNqV0ZHdGpWWm81d2Y3bU8rWnlqbmpsaVlKSGpl?= =?utf-8?B?VndPRXBwc0RZdlB4eUJqbDNqSnRBcE13VytTb0d0VGt3MUE5RkpkOVNvWGRi?= =?utf-8?B?YTNOb0hiNE9hRk9hTDFKYkRMdVMwdERmcS9mV1hoNy9VNHd5a0lZSkttTnBY?= =?utf-8?B?czF3R0hBZVJsUW93WFlCOU5JMGRnaGQ1NFowRkdja3RMRXlLQWNlN05jUTJn?= =?utf-8?B?SnNYVEw1ZTh1Z2I2TFNTTE1oelVRbUdWL3l6TCt4dDM0Ukd0bVVqWGpJMG9U?= =?utf-8?B?ZU9OQjlkNjJsRG9VenBQT2RoMFJSNXpWNWgxMUFiTGJkSXN1aHNtZmg4VnEx?= =?utf-8?B?ZkN2ZjRLOFFMcUNHNkJPSTRWa0FSKy9mVmFBeTk2VFZ3a2hrSlMxa0ZQaThz?= =?utf-8?B?T2w2M1Jzd1JHSVprbjI5ejlBTzk5dHFYSGl2ekJFcm5Gajdqa2M2RjJ4ZkYy?= =?utf-8?B?WkttOFRSQmlMbSswSko1MUo3UzRmbGxEY3VzNGsxOFMzUDJ0QTFodHhzZFh3?= =?utf-8?B?ZTJvYkNvVmdUZDRXYTlrV2tQSjEwYTR0QmJ2b3FYRGJXUTRwZENDR2RlN2dU?= =?utf-8?B?WmRkd2Q1eUJaY3BzK0xvL3dneGtWN091dVFURWJaVEFxWHpidit4ODVONVE5?= =?utf-8?B?dmZjZlh1eEk2Yng5YW5JM1NrZGh2eVhZTzlKSk9RUSt6SUg2Y0ZPTk9RaTRt?= =?utf-8?B?dVRDdTN3bUpnZkdpcTlISDBlRTRBV0xjV2FlbTdqR2x1VkRRUm5qcU9vQitr?= =?utf-8?B?MXM4cVRtNzBkWmpwT1NIcjh2dDRSd0hWRmFPZ05JcVZpNzczbFpORXIvdGVC?= =?utf-8?B?Rmp2SWxmUjE2S0wyNmZ6NEpQajF2T1BPSExNSC9YU3dSUXRUTlpVZFppN0ha?= =?utf-8?B?NlZhUW9qNGJMWWpuV1R3K2N3dVFyb2dqWlN1Mm5iQXhVOHpMcWdTYUtYemZt?= =?utf-8?B?RlRGWmoyeVJZL0pnVXlidm9INGtiUVVXYXN5SWdHWTFrdkErMEFqMzVUY3lN?= =?utf-8?B?SXBpK2FiSlErYzNIS3VoUHhTUE9WdmovRGt1ZGRtQ1pnM3RPQSsrRytaT1pS?= =?utf-8?B?UVlpQlQwdjRtMUVRY29Edm95MVdUMkRQZWJEMFdJaFJQK2hhejNHUmdsUnpy?= =?utf-8?B?ZlQ2RlFhT3JYQTRDbnhjeUEwcDBVQ0Q5U1Q1ZzdBQ0VZWVlxU1N3TmVWZWpC?= =?utf-8?B?WkY2b2JUVzlYaXl2YmlscFlLU25zWE1kVmhLbGs5eGkwclA1MHZLNGpzbTNE?= =?utf-8?B?aFVaemtFUEErNlRLaWY2c2R0TUhiZHJSM0QrOVRYcHVlWDNNd3Q5bUs4YmhF?= =?utf-8?B?cVhmd1BFMEtWUFE1Y3R5ZUwzSzFDQVQyL0ZlOVNlTm4yck9CNUJRMkhTd1Rt?= =?utf-8?B?K2dzampMYkMyclVMQWoyTEpXMkIyNDJzaEJ4VFlSOVhEWW1mQ25nRFN2ZWtM?= =?utf-8?B?UVE9PQ==?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: e14fff58-d70a-4def-d070-08db72e4ef0b X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jun 2023 05:52:59.2792 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: cKhZu3kTO2pHBEv6wGHH8ZfBuL37EUT99mRizAOy5N0p8KqIhlngb44QeVN0X7EMxV6oHvPjlKNXw2U0cj7Izw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR10MB7217 X-TUID: Y5xifb4jR3Kp On 21.06.23 21:22, baocheng_su@163.com wrote: > From: Baocheng Su > > optee-client provides the userland library for communicating with the > trusted applications running in OP-TEE. > > It also provides a optee-client-dev package for developing host > application that talks to the TA counterpart. > > Also a user land deamon tee-supplicant is provided to serve the trusted > applications for user-land resources such as RPMB accessing. > > This brings the .inc for customization, and also a demo recipe for > stm32mp15x. > > The debianization is learnt from the debian offical package. The > tee-supplicant.service is refined by Jan to fix some timing issues. > > Signed-off-by: Baocheng Su > --- > meta-isar/conf/machine/stm32mp15x.conf | 2 +- > .../optee-client-stm32mp15x_3.21.0.bb | 18 +++++++ > .../optee-client/files/debian/compat | 1 + > .../optee-client/files/debian/control.tmpl | 51 +++++++++++++++++++ > .../optee-client/files/debian/rules.tmpl | 27 ++++++++++ > .../files/debian/tee-supplicant.service | 21 ++++++++ > .../optee-client/optee-client-custom.inc | 41 +++++++++++++++ > 7 files changed, 160 insertions(+), 1 deletion(-) > create mode 100644 meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb > create mode 100644 meta/recipes-bsp/optee-client/files/debian/compat > create mode 100644 meta/recipes-bsp/optee-client/files/debian/control.tmpl > create mode 100755 meta/recipes-bsp/optee-client/files/debian/rules.tmpl > create mode 100644 meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service > create mode 100644 meta/recipes-bsp/optee-client/optee-client-custom.inc > > diff --git a/meta-isar/conf/machine/stm32mp15x.conf b/meta-isar/conf/machine/stm32mp15x.conf > index 4fa4051..0b200d2 100644 > --- a/meta-isar/conf/machine/stm32mp15x.conf > +++ b/meta-isar/conf/machine/stm32mp15x.conf > @@ -16,4 +16,4 @@ WKS_FILE ?= "stm32mp15x.wks.in" > IMAGER_INSTALL += "trusted-firmware-a-stm32mp15x optee-os-stm32mp15x u-boot-stm32mp15x" > IMAGER_BUILD_DEPS += "trusted-firmware-a-stm32mp15x optee-os-stm32mp15x u-boot-stm32mp15x" > > -IMAGE_INSTALL += "u-boot-script" > +IMAGE_INSTALL += "u-boot-script tee-supplicant" > diff --git a/meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb b/meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb > new file mode 100644 > index 0000000..18525e3 > --- /dev/null > +++ b/meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb > @@ -0,0 +1,18 @@ > +# > +# Copyright (c) Siemens AG, 2023 > +# > +# Authors: > +# Su Bao Cheng > +# > +# SPDX-License-Identifier: MIT > +# > + > +require recipes-bsp/optee-client/optee-client-custom.inc > + > +SRC_URI += "https://github.com/OP-TEE/optee_client/archive/${PV}.tar.gz;downloadfilename=optee_client-${PV}.tar.gz" > +SRC_URI[sha256sum] = "368164a539b85557d2079fa6cd839ec444869109f96de65d6569e58b0615d026" > + > +S = "${WORKDIR}/optee_client-${PV}" > + > +# Use RPMB emulation > +RPMB_EMU_BUILD_OPT = "" > diff --git a/meta/recipes-bsp/optee-client/files/debian/compat b/meta/recipes-bsp/optee-client/files/debian/compat > new file mode 100644 > index 0000000..f599e28 > --- /dev/null > +++ b/meta/recipes-bsp/optee-client/files/debian/compat > @@ -0,0 +1 @@ > +10 > diff --git a/meta/recipes-bsp/optee-client/files/debian/control.tmpl b/meta/recipes-bsp/optee-client/files/debian/control.tmpl > new file mode 100644 > index 0000000..6c68b1d > --- /dev/null > +++ b/meta/recipes-bsp/optee-client/files/debian/control.tmpl > @@ -0,0 +1,51 @@ > +Source: ${PN} > +Priority: optional > +Maintainer: Unknown maintainer > +Build-Depends: pkg-config, uuid-dev > +Standards-Version: 4.1.3 > +Section: libs > +Homepage: https://github.com/OP-TEE/optee_client > +Rules-Requires-Root: no > + > +Package: optee-client-dev > +Section: libdevel > +Architecture: ${DISTRO_ARCH} > +Multi-Arch: same > +Depends: libteec1 (= ${binary:Version}), > + ${misc:Depends} > +Description: normal world user space client APIs for OP-TEE (development) > + OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a > + non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone > + technology. OP-TEE implements TEE Internal Core API v1.1.x which is the API > + exposed to Trusted Applications and the TEE Client API v1.0, which is the > + API describing how to communicate with a TEE. This package provides the TEE > + Client API library. > + . > + This package contains the development files OpTEE Client API > + > +Package: libteec1 > +Architecture: ${DISTRO_ARCH} > +Multi-Arch: same > +Depends: ${misc:Depends}, ${shlibs:Depends} > +Description: normal world user space client APIs for OP-TEE > + OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a > + non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone > + technology. OP-TEE implements TEE Internal Core API v1.1.x which is the API > + exposed to Trusted Applications and the TEE Client API v1.0, which is the > + API describing how to communicate with a TEE. This package provides the TEE > + Client API library. > + . > + This package contains libteec library. > + > +Package: tee-supplicant > +Architecture: ${DISTRO_ARCH} > +Depends: ${misc:Depends}, ${shlibs:Depends} > +Description: normal world user space client APIs for OP-TEE > + OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a > + non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone > + technology. OP-TEE implements TEE Internal Core API v1.1.x which is the API > + exposed to Trusted Applications and the TEE Client API v1.0, which is the > + API describing how to communicate with a TEE. This package provides the TEE > + Client API library. > + . > + This package contains tee-supplicant executable. > diff --git a/meta/recipes-bsp/optee-client/files/debian/rules.tmpl b/meta/recipes-bsp/optee-client/files/debian/rules.tmpl > new file mode 100755 > index 0000000..a0a8983 > --- /dev/null > +++ b/meta/recipes-bsp/optee-client/files/debian/rules.tmpl > @@ -0,0 +1,27 @@ > +#!/usr/bin/make -f > +# > +# Debian rules for custom OP-TEE Client build > +# > +# This software is a part of ISAR. > +# Copyright (c) Siemens AG, 2023 > +# > +# SPDX-License-Identifier: MIT > + > +ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) > +export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- > +endif > + > +%: > + dh $@ --exclude=.a > + > +override_dh_auto_build: > + dh_auto_build -- LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) \ > + CFG_TEE_FS_PARENT_PATH=${TEE_FS_PARENT_PATH} ${RPMB_EMU_BUILD_OPT} > + > +override_dh_auto_install: > + dh_auto_install -- LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) \ > + CFG_TEE_FS_PARENT_PATH=${TEE_FS_PARENT_PATH} ${RPMB_EMU_BUILD_OPT} > + > +override_dh_auto_clean: > + dh_auto_clean > + rm -rf $(CURDIR)/out > diff --git a/meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service b/meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service > new file mode 100644 > index 0000000..4508a14 > --- /dev/null > +++ b/meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service > @@ -0,0 +1,21 @@ > +# This software is a part of ISAR. > +# Copyright (c) Siemens AG, 2023 > +# > +# SPDX-License-Identifier: MIT > +[Unit] > +Description=TEE Supplicant > +DefaultDependencies=no > +Before=systemd-remount-fs.service shutdown.target > +Conflicts=shutdown.target > + > +[Service] > +Type=oneshot > +RemainAfterExit=yes > +# Start if not already started by the initramfs hook > +ExecStart=/bin/sh -c '/usr/bin/pgrep tee-supplicant >/dev/null || /usr/sbin/tee-supplicant -d' > +ExecStop=/bin/sh -c '/usr/bin/findmnt /sys/firmware/efi/efivars >/dev/null && /usr/bin/umount /sys/firmware/efi/efivars || true' > +ExecStop=/bin/sh -c '/usr/sbin/modinfo -n tpm_ftpm_tee | /usr/bin/grep -E "\.ko$" >/dev/null && /usr/sbin/modprobe -r tpm_ftpm_tee || true' > +ExecStop=/usr/bin/pkill tee-supplicant > + > +[Install] > +WantedBy=sysinit.target > diff --git a/meta/recipes-bsp/optee-client/optee-client-custom.inc b/meta/recipes-bsp/optee-client/optee-client-custom.inc > new file mode 100644 > index 0000000..5c88dad > --- /dev/null > +++ b/meta/recipes-bsp/optee-client/optee-client-custom.inc > @@ -0,0 +1,41 @@ > +# > +# Copyright (c) Siemens AG, 2023 > +# > +# Authors: > +# Su Bao Cheng > +# > +# SPDX-License-Identifier: MIT > +# > + > +inherit dpkg > + > +FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/files:" > + > +DESCRIPTION = "OPTee Client" > + > +PROVIDES = "libteec1 optee-client-dev tee-supplicant" > + > +SRC_URI += "file://debian" > + > +TEE_FS_PARENT_PATH ?= "/var/lib/optee-client/data/tee" > +# To use the builtin RPMB emulation, empty this > +RPMB_EMU_BUILD_OPT ?= "RPMB_EMU=0" Why not defining RPMB_EMU ?= "0" directly at recipe level and then adding "RPMB_EMU=${RPMB_EMU}" to the rules file? Or even just accepting a generic build option form the user of optee-client-custom.inc so that stm32 demo above could set its RPMB_EMU=1 that way? Similar to OPTEE_EXTRA_BUILDARGS in optee-os-custom.inc. > + > +TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl" > +TEMPLATE_VARS += "TEE_FS_PARENT_PATH RPMB_EMU_BUILD_OPT" > + > +do_prepare_build[cleandirs] += "${S}/debian" > +do_prepare_build() { > + cp -r ${WORKDIR}/debian ${S}/ > + > + deb_add_changelog > + > + echo "/usr/sbin/*" > ${S}/debian/tee-supplicant.install > + echo "lib/optee_armtz/" > ${S}/debian/tee-supplicant.dirs > + echo "usr/lib/tee-supplicant/plugins/" >> ${S}/debian/tee-supplicant.dirs > + > + echo "usr/lib/*/libteec*.so.*" > ${S}/debian/libteec1.install > + > + echo "usr/include/*" > ${S}/debian/optee-client-dev.install > + echo "usr/lib/*/lib*.so" >> ${S}/debian/optee-client-dev.install > +} Jan -- Siemens AG, Technology Competence Center Embedded Linux