From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7252203608347770880 X-Received: by 2002:a05:6512:6c6:b0:4f8:eb99:19a9 with SMTP id u6-20020a05651206c600b004f8eb9919a9mr17876093lff.23.1689164270193; Wed, 12 Jul 2023 05:17:50 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:ac2:5bdd:0:b0:4fb:a37b:869c with SMTP id u29-20020ac25bdd000000b004fba37b869cls1195412lfn.1.-pod-prod-05-eu; Wed, 12 Jul 2023 05:17:48 -0700 (PDT) X-Google-Smtp-Source: APBJJlEWo7lfE6WEQMFdGIjkhPFMqXS05MfMEX8evCwF8T5pcjpJuZdksmzx2C/PvMwG+B44AT27 X-Received: by 2002:a19:6518:0:b0:4fb:96f3:2f4 with SMTP id z24-20020a196518000000b004fb96f302f4mr13667844lfb.51.1689164267958; Wed, 12 Jul 2023 05:17:47 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1689164267; cv=pass; d=google.com; s=arc-20160816; b=RDCDt/KKj9QNv5+m3Ndm7jEdmbUGY2f2+So1HpLARwzUc0pfcJBw9tIs3wbqUjE+4u 2+NAgV9qhPQwRF+blk2UVea6ssdeWEy09J0VUG44AeSmxxNa9CuD5cShRisSWxAufhui fpbxrbtMftZFVmibpqK6MfQnKo+747lfDicE9RU5EqvfYiXF6fp4ZA5XIWoRNPSD8lt6 0/f9vjw/qGut9zoRxncCg6Dbh0J0VpUicKDpUk5CYIrEjQm8AIkcDbfFcmsvlafz3AKE ke0J1kh/vpHxTuBQwLYQCPwKXAEcN2rrn52E12i9eEMF2opNbcNRVgxKM294zUDeaEva z60Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:in-reply-to:from:references :cc:to:content-language:subject:user-agent:date:message-id :dkim-signature; bh=PkqRrlbpVIN4x4frJw3VaXqcyEoTlYJpTe7favwl7+M=; fh=sMH6kOCT33P4TRGPHaa4jjAtFiS0nlKKNaXSf3h3mwk=; b=OzcyU7De0DMxCKmWfygeXCgTbCnN9ecCWFjke56siR++Mmxy3BE8qurThZVm941OHE FZJVuHGHTI9SXhms1r2eFWkE2ktidGETrFiXaraRrc1KjTrOnf39dQKdOziegiSme8UZ 2BvuUuLHMKDj6mgPOcZaEGiqNdrd1xGlNCjM3W+sfLgtSqKdEKyuGo6o45cr2hDIrpP7 47deqXuGyz+ekqEPaecoFVvDKkhOd/RcwdaSl6Qjdd/M/BWHyFwlR/xtbNkaYvxrsCKh RmhnxTc5e2CmKLPtAp+azyUrHY1QvlE2sQtsYdWCR81nKT3ewrnoYdE+1UAoomwNPWhA Nj0w== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Gsl5mXLu; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe0e::614 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Return-Path: Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on0614.outbound.protection.outlook.com. [2a01:111:f400:fe0e::614]) by gmr-mx.google.com with ESMTPS id cf9-20020a056512280900b004fbb1e8722fsi320233lfb.8.2023.07.12.05.17.47 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Jul 2023 05:17:47 -0700 (PDT) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe0e::614 as permitted sender) client-ip=2a01:111:f400:fe0e::614; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Gsl5mXLu; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe0e::614 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TVmsGa7ckP3sY9I76vOTmNPGVWFC3mk+DK3TBZdiqRSibwDDwy/2n8nMlaHevTZSwH0v8XGzODyCODsJuYl2kdUsdYypyRU00F/unhrQcc/ulqqSwQOI4qpT0+PaQQwZRuM/ZWpYVjYY0yFicN4gM5Hkr0JchNyVpNBm31Yycxihs0nkwkBCUjFnsmwJKlbZXz96uzerYD3aNMSfz30Wob4P7kCZU6xF6phCkexrJvtwvfP0etOJEMIpQmIKCL7KRJy0ztoRurNByzhvTJ1kwqFgNUXUbFpRH7pkQxgLf63xteYbNagFe/roLviodSo0+yF0a9sx5wlL/WV7EMkPaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PkqRrlbpVIN4x4frJw3VaXqcyEoTlYJpTe7favwl7+M=; b=L8T88ylZpLukgyQDrhicXLVlM9SgSkS7b8+VThTHyv0FWfs/5nK6jzf3W2AX0d4z5u9UtBS6REMZ86jxFR1Q6+4hOIGXmgCQDV2WYa7KeDP/cdUbhJZm9GA+/LIPFxUK+0PqKYDuhP4NnAtkS6507byRh2CpE8i08NwKtznrr/Sbs3RJO9MmhE2nng90Vq7OzaVt4epxkIpnAWQbvPrwftu7ims0OOy5RkqLYywWQjJT09V76CLy4Q11l7E3zxHig52miRzQSLmxNtLLGOCQLLIKE2Ar7kNg5IOyWIWnF1A46oRHec24OwpqbrGZQcyUcmKvfQ2C4yBgK7RVFJQbHQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PkqRrlbpVIN4x4frJw3VaXqcyEoTlYJpTe7favwl7+M=; b=Gsl5mXLuDTm2yu9+mxU59jUIPKwoE8mZgmLEETsybwozRUEs9nFc8mquc14eqdgjXNwzID6ovtp1SrXL+pliMNs+HtKcNhxFzr975Gwk361z7Bnywav5c2IxbvJRIu96miU84f0zARaqjahbluCT4GqJYOzgnslqPC017b7bMfsjQ0GBBwuMuBBTsBTdTtLHQ5UbQU4Y/+wTx6xaR0Cm4XLKwvkC1v7CIny61oS7uX3G6II+EKYKSPSCmfsHN4aIusrFVYBFD4NO2nwvRHDhC3+anZylfqRYwFAt7Z3XXBm3eCT8Hkp/L2O57doTO4Wsm9OQhrTntZi4W+RdBkRZ5Q== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) by PAXPR10MB5567.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:242::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.30; Wed, 12 Jul 2023 12:17:45 +0000 Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::f964:e0e9:199:9246]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::f964:e0e9:199:9246%6]) with mapi id 15.20.6565.028; Wed, 12 Jul 2023 12:17:45 +0000 Message-ID: <6cc41ea2-0253-fe0e-ddfe-f9e68ff0217b@siemens.com> Date: Wed, 12 Jul 2023 14:17:38 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [PATCH v3 3/7] Add recipe for optee-client Content-Language: en-US To: baocheng.su@siemens.com, isar-users@googlegroups.com Cc: felix.moessbauer@siemens.com, christian.storm@siemens.com, quirin.gylstorff@siemens.com, baocheng_su@163.com, henning.schild@siemens.com References: <20230705053340.1158024-1-baocheng.su@siemens.com> <20230705053340.1158024-4-baocheng.su@siemens.com> From: Jan Kiszka In-Reply-To: <20230705053340.1158024-4-baocheng.su@siemens.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: CH0PR13CA0052.namprd13.prod.outlook.com (2603:10b6:610:b2::27) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) Return-Path: jan.kiszka@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|PAXPR10MB5567:EE_ X-MS-Office365-Filtering-Correlation-Id: 1a45b284-b95d-4689-ebcf-08db82d1ffe3 X-LD-Processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: oRR+g5ICILb7O1hHBc+zbao3cyIvCp32KfDXHv94B8KYwiMle1CMuhiLv+G4+RbhWBZIJlwbsZpATospzyEfLvEaATVplu9jdHNGtfyi72Mec9LfJFBJ3RXbWYW48tYFPRDa5QdN/AmJMt8vIneoSBKfLDtZokkOQhjUWWor8BEnL8dkhEg3gi4B2nrjQEEovRptNM0DcQRTac9sbE2VNFYYS68tEWkEOOrvzBtSXO9WHRVD6l8G+E1gObN/VQzNOWUGanxqiIO8GY5RJKsyhGKKKh3iW48ZIL4sisTjc6Gvsiy61eiM3nnFYshPEKPhXsZEOwThL+fEOA3lhVifBxjLY77pSLIkvgUIumhL31GE9jUD1HJlHvBWmAx0dR3D0GxGtoNsDE1Kd+D5k6iJ7NkYM5WU9f2/r/mMZEhkktgR01Ki7HxAM76DR8wZg4NND2HDfsGMNrGALwibTKCMRcdACum6YDmRzTMrDySZYpc+2WJeSdnRKD1rSNF1jVVCYHX5Vc9/HkP18249N3VuC3aTdLlbWLWY2jZWqvnZBn2QUFwZ9LFn106o/K9OSUD+ysq1/PtNhX2DS66LG07FkNrLSvdofL7vtGz0VGUbU2g71Qm5bv0qHhW9OO4RXmbdUjw1eW9+0draiW/3gDCSqG4e+ZN3BZYmOGB8Apkn7dE181E4xTt1dHtBksyAq8Ui X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230028)(4636009)(396003)(346002)(136003)(376002)(366004)(39860400002)(451199021)(86362001)(31696002)(38100700002)(82960400001)(31686004)(36756003)(6666004)(6486002)(6506007)(107886003)(26005)(186003)(966005)(478600001)(6512007)(2616005)(53546011)(2906002)(316002)(5660300002)(66556008)(66946007)(66476007)(8936002)(8676002)(83380400001)(44832011)(41300700001)(4326008)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?aWxYY2QraDBSQXNOVG1WcERVZ2VDR1hhMnFzcnN2ak8xQ1BOaExQekk1RElV?= =?utf-8?B?Nncva3BWTVBJTHovWjR0ZFp5TFJtWjNBTFNsY1FLVmVQVkVWZllQb05leENI?= =?utf-8?B?aG1XZFhqNHFYcGFUVVRMaUMyVmI4ZHlweWVuQWJhL1lrQlpTVVQ4VGNPNXk0?= =?utf-8?B?ZE4xNW5sL0Z3c1Z4Z2diSmgvWnpSVDU5OExNcll2d3BsQ1JmUVJ2OXhiamgr?= =?utf-8?B?cUxsT3JFVGY2SUpUOXk3d3ZoRkFrVEZUcFg2OE1iODNzZFJjV1QzcGFYNGc3?= =?utf-8?B?VTJPd21vRU51S1NGRi9XUEsxLzRiL2tLY2RWMzdZcWc4a2NNSUFqMlNEb3Fa?= =?utf-8?B?dEZSOUFPOFJ0aHQrSXVvNitFenV5R0w4ZkNKeUg3QW9taDdRMmo0VEZtUmJs?= =?utf-8?B?THVCdzQyWnh2anlXbVYxZDlPRkxOOEFtUE1nNFZyUU5ZeFhxL2xCTmdNWmdV?= =?utf-8?B?clpyeVBqNjFzRHpUR3VLUnY2UlVYbmFTb05VY0Ribjd0RjRaMEREdWtqclpZ?= =?utf-8?B?KzB0SXo0U0U4dUdma3FlVDZRZmxQMVFsZkhmcElrdkZZUStEYUtHbkJMTmRm?= =?utf-8?B?Zm1FRDBFb3MyZVBXVk5OVnRuZlpLdk0xTEp1MHpEbjVkZmhUZHk4SEZwSVBI?= =?utf-8?B?b3dIdVRlNHhEV1ZJRlVWNXlHMHhEODg4Rk00bG5QR0pwSkJPWFNCL1NQY05I?= =?utf-8?B?UE1KSWVHcWdVSjQwVEVvc0V0N3pFMXhHRUVOVEVyVnR2L3FTeFhZWVlsWUty?= =?utf-8?B?OFV1aVBuRWtXS3JyZ1dVMWtOMm1qdURiaTY2NnM3bm1EbnZrd0tQVnFiMDRz?= =?utf-8?B?dHl6Njk1ekQ2eFYxVTlibnIwYXAxYmlJZXhHNjZwQ1JTTld4RHdjTW5VMGR4?= =?utf-8?B?UzdUTzM3T1BjSDdlTlNSb3lMSC9tRzY0T2NLdnNSVm9VMHNHc3JjamwrckZt?= =?utf-8?B?bGczNVc1a01xMWozQW5iTk12REMwalF5SDVSRXZsQlFFcFJIempweE1wV2xX?= =?utf-8?B?QnRMNFZpc2l1Mm42dURCOUlKVlBZL2ZtdkFaeFdCVHM5YkJLSUJQSkovQTIr?= =?utf-8?B?T3Mra0lISlRZNmw2MW5VcmFDMGFPVXFMMWN2SzlnSmRGRGxmdC9BV3Z2SVFa?= =?utf-8?B?YUVGUmt4Z3hpa3MyVTZEOEZBTlJTUlN1N21uc2VPWmJDdDNiRzJEeXY3eGs3?= =?utf-8?B?U3NHSk4yVndWdlRLVXpuNFZWUUN6cUREZHR0UXlhd2lVWVkyYTJWUzJRR3A2?= =?utf-8?B?Z1dMWUg1aDB6c1I5MG5KdW55L3VQbGtIUGZQc3hHVW5QYWpSN0FXVDE2ZVZ2?= =?utf-8?B?QnZvOWhiVzM0MGIydjdKT01zaWJydjBOai9EYmZDQysraGJ3UzBRZmlNSGlp?= =?utf-8?B?ZkpOakkxb3ZmYXRSQTgzTTFETkozejdLOTQ1M0ZnTHNhM1Q5ekRmTEVicjdr?= =?utf-8?B?bld2MVlNb0lWc25jbmQ5VTAyRXZuRjdYZ1JWNm12RzlERHB6aEw5T1ROQ21u?= =?utf-8?B?a0ZUS2hvdzQyVmFhUVJmWFVTRUF3RjN2eDJmOFArQW5ZV0IweHlZYVFYdExi?= =?utf-8?B?S2tpV1BJVTh5akphaGdlemZKeGpMUUhuS3pwYWl5OXFXNlRsejdaaHZKaWpQ?= =?utf-8?B?bUlmZjUvNE5DMUx5SVJTVnpvM1Y3aW1qN0pqMjQ1R2tkQy9UZitJQlRxM0dx?= =?utf-8?B?MXQ1TWlhcEExRXVRTkFwV1FUMENxOHhTc3hhNlpvM014Wnd1SFI3ajhLK2ZQ?= =?utf-8?B?cTZoMG96cURxQlNlNFNxUHhFQS9neDI0RjZBZnY5eUs5YXd3V0Rib2pEeXlx?= =?utf-8?B?enh6MzB2aEErZkZmVDlEYk91WDhYTmVtMzVFS3d1azRlempjSWhlV3pFdHpG?= =?utf-8?B?YTc0NkY2b2RYcUVBZXhmcUZPcDY0eXVscDB6WEF5RFBnQXN0Y0lsWFgvcmVP?= =?utf-8?B?ZUNDTnlnV2pGQ1AybjV4eURhV2ZmMmdWMnc2aUdTWVNrM295cklqOXdYUXdp?= =?utf-8?B?alZqcktPUmpTZVNDT1lYaG0xZHh4UHNkKytPYTU1eGpDQXZaNkhvRkIzUHlY?= =?utf-8?B?ajZORm0xL3FOMWNTMjdlZkt5S2ltQTFoYk5ZYnZnSDMyUmtvc2VNYTk0Tk9F?= =?utf-8?B?UmJaNkEzR3pVdFVvMkh6THhpU2pUdHdHN01YMEhGeHUvRERnQXczeXpwWmZ1?= =?utf-8?B?Snc9PQ==?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1a45b284-b95d-4689-ebcf-08db82d1ffe3 X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2023 12:17:45.8255 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: er+uujJg4cTtgSx1T8Ni0Ro2cyVNeDvLCkfs9F48LKdlkjp5uuoQ3UjOXjJQXzgfCE7hHdsu8LPGOVHL1Xu95Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR10MB5567 X-TUID: CTegAzpuTjMS On 05.07.23 07:33, baocheng.su@siemens.com wrote: > From: Baocheng Su > > optee-client provides the userland library for communicating with the > trusted applications running in OP-TEE. > > It also provides a optee-client-dev package for developing host > application that talks to the TA counterpart. > > Also a user land deamon tee-supplicant is provided to serve the trusted > applications for user-land resources such as RPMB accessing. > > This brings the .inc for customization, and also a demo recipe for > stm32mp15x. > > The debianization is learnt from the debian offical package. The > tee-supplicant.service is refined by Jan to fix some timing issues. > > Signed-off-by: Baocheng Su > --- > meta-isar/conf/machine/stm32mp15x.conf | 2 +- > .../optee-client-stm32mp15x_3.21.0.bb | 18 +++++++ > .../optee-client/files/debian/compat | 1 + > .../optee-client/files/debian/control.tmpl | 51 +++++++++++++++++++ > .../optee-client/files/debian/rules.tmpl | 27 ++++++++++ > .../files/debian/tee-supplicant.service | 21 ++++++++ > .../optee-client/optee-client-custom.inc | 41 +++++++++++++++ > 7 files changed, 160 insertions(+), 1 deletion(-) > create mode 100644 meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb > create mode 100644 meta/recipes-bsp/optee-client/files/debian/compat > create mode 100644 meta/recipes-bsp/optee-client/files/debian/control.tmpl > create mode 100755 meta/recipes-bsp/optee-client/files/debian/rules.tmpl > create mode 100644 meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service > create mode 100644 meta/recipes-bsp/optee-client/optee-client-custom.inc > > diff --git a/meta-isar/conf/machine/stm32mp15x.conf b/meta-isar/conf/machine/stm32mp15x.conf > index 4fa4051..0b200d2 100644 > --- a/meta-isar/conf/machine/stm32mp15x.conf > +++ b/meta-isar/conf/machine/stm32mp15x.conf > @@ -16,4 +16,4 @@ WKS_FILE ?= "stm32mp15x.wks.in" > IMAGER_INSTALL += "trusted-firmware-a-stm32mp15x optee-os-stm32mp15x u-boot-stm32mp15x" > IMAGER_BUILD_DEPS += "trusted-firmware-a-stm32mp15x optee-os-stm32mp15x u-boot-stm32mp15x" > > -IMAGE_INSTALL += "u-boot-script" > +IMAGE_INSTALL += "u-boot-script tee-supplicant" > diff --git a/meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb b/meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb > new file mode 100644 > index 0000000..d0e157f > --- /dev/null > +++ b/meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb > @@ -0,0 +1,18 @@ > +# > +# Copyright (c) Siemens AG, 2023 > +# > +# Authors: > +# Su Bao Cheng > +# > +# SPDX-License-Identifier: MIT > +# > + > +require recipes-bsp/optee-client/optee-client-custom.inc > + > +SRC_URI += "https://github.com/OP-TEE/optee_client/archive/${PV}.tar.gz;downloadfilename=optee_client-${PV}.tar.gz" > +SRC_URI[sha256sum] = "368164a539b85557d2079fa6cd839ec444869109f96de65d6569e58b0615d026" > + > +S = "${WORKDIR}/optee_client-${PV}" > + > +# Use RPMB emulation > +RPMB_EMU = "1" > diff --git a/meta/recipes-bsp/optee-client/files/debian/compat b/meta/recipes-bsp/optee-client/files/debian/compat > new file mode 100644 > index 0000000..f599e28 > --- /dev/null > +++ b/meta/recipes-bsp/optee-client/files/debian/compat > @@ -0,0 +1 @@ > +10 > diff --git a/meta/recipes-bsp/optee-client/files/debian/control.tmpl b/meta/recipes-bsp/optee-client/files/debian/control.tmpl > new file mode 100644 > index 0000000..de780b7 > --- /dev/null > +++ b/meta/recipes-bsp/optee-client/files/debian/control.tmpl > @@ -0,0 +1,51 @@ > +Source: ${PN} > +Priority: optional > +Maintainer: Unknown maintainer > +Build-Depends: pkg-config, uuid-dev > +Standards-Version: 4.1.3 > +Section: libs > +Homepage: https://github.com/OP-TEE/optee_client > +Rules-Requires-Root: no > + > +Package: optee-client-dev > +Section: libdevel > +Architecture: ${DISTRO_ARCH} > +Multi-Arch: same > +Depends: libteec1 (= ${binary:Version}), > + ${misc:Depends} > +Description: normal world user space client APIs for OP-TEE (development) > + OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a > + non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone > + technology. OP-TEE implements TEE Internal Core API v1.1.x which is the API > + exposed to Trusted Applications and the TEE Client API v1.0, which is the > + API describing how to communicate with a TEE. This package provides the TEE > + Client API library. > + . > + This package contains the development files OpTEE Client API > + > +Package: libteec1 > +Architecture: ${DISTRO_ARCH} > +Multi-Arch: same > +Depends: ${misc:Depends}, ${shlibs:Depends} > +Description: normal world user space client APIs for OP-TEE > + OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a > + non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone > + technology. OP-TEE implements TEE Internal Core API v1.1.x which is the API > + exposed to Trusted Applications and the TEE Client API v1.0, which is the > + API describing how to communicate with a TEE. This package provides the TEE > + Client API library. > + . > + This package contains libteec library. > + > +Package: tee-supplicant > +Architecture: ${DISTRO_ARCH} > +Depends: systemd ${misc:Depends}, ${shlibs:Depends} > +Description: normal world user space client APIs for OP-TEE > + OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a > + non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone > + technology. OP-TEE implements TEE Internal Core API v1.1.x which is the API > + exposed to Trusted Applications and the TEE Client API v1.0, which is the > + API describing how to communicate with a TEE. This package provides the TEE > + Client API library. > + . > + This package contains tee-supplicant executable. > diff --git a/meta/recipes-bsp/optee-client/files/debian/rules.tmpl b/meta/recipes-bsp/optee-client/files/debian/rules.tmpl > new file mode 100755 > index 0000000..1b7920d > --- /dev/null > +++ b/meta/recipes-bsp/optee-client/files/debian/rules.tmpl > @@ -0,0 +1,27 @@ > +#!/usr/bin/make -f > +# > +# Debian rules for custom OP-TEE Client build > +# > +# This software is a part of ISAR. > +# Copyright (c) Siemens AG, 2023 > +# > +# SPDX-License-Identifier: MIT > + > +ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) > +export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- > +endif > + > +%: > + dh $@ --exclude=.a > + > +override_dh_auto_build: > + dh_auto_build -- LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) \ > + CFG_TEE_FS_PARENT_PATH=${TEE_FS_PARENT_PATH} RPMB_EMU=${RPMB_EMU} > + > +override_dh_auto_install: > + dh_auto_install -- LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) \ > + CFG_TEE_FS_PARENT_PATH=${TEE_FS_PARENT_PATH} RPMB_EMU=${RPMB_EMU} > + > +override_dh_auto_clean: > + dh_auto_clean > + rm -rf $(CURDIR)/out > diff --git a/meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service b/meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service > new file mode 100644 > index 0000000..4508a14 > --- /dev/null > +++ b/meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service > @@ -0,0 +1,21 @@ > +# This software is a part of ISAR. > +# Copyright (c) Siemens AG, 2023 > +# > +# SPDX-License-Identifier: MIT > +[Unit] > +Description=TEE Supplicant > +DefaultDependencies=no > +Before=systemd-remount-fs.service shutdown.target > +Conflicts=shutdown.target > + > +[Service] > +Type=oneshot > +RemainAfterExit=yes > +# Start if not already started by the initramfs hook > +ExecStart=/bin/sh -c '/usr/bin/pgrep tee-supplicant >/dev/null || /usr/sbin/tee-supplicant -d' > +ExecStop=/bin/sh -c '/usr/bin/findmnt /sys/firmware/efi/efivars >/dev/null && /usr/bin/umount /sys/firmware/efi/efivars || true' > +ExecStop=/bin/sh -c '/usr/sbin/modinfo -n tpm_ftpm_tee | /usr/bin/grep -E "\.ko$" >/dev/null && /usr/sbin/modprobe -r tpm_ftpm_tee || true' With bullseye: Dec 22 11:55:45 isar sh[151]: /bin/sh: 1: /usr/bin/pgrep: not found Dec 22 11:55:45 isar sh[152]: ERR [152] TEES:main:870: make_daemon(): -1 Dec 22 11:55:49 isar systemd[1]: /lib/systemd/system/tee-supplicant.service:17: Ignoring unknown escape sequences: "/usr/sbin/modinfo -n tpm_ftpm_tee | /usr/bin/grep -E "\.ko$" >/dev/null && /usr/sbin/modprobe -r tpm_ftpm_tee || true" Jan > +ExecStop=/usr/bin/pkill tee-supplicant > + > +[Install] > +WantedBy=sysinit.target > diff --git a/meta/recipes-bsp/optee-client/optee-client-custom.inc b/meta/recipes-bsp/optee-client/optee-client-custom.inc > new file mode 100644 > index 0000000..18afb93 > --- /dev/null > +++ b/meta/recipes-bsp/optee-client/optee-client-custom.inc > @@ -0,0 +1,41 @@ > +# > +# Copyright (c) Siemens AG, 2023 > +# > +# Authors: > +# Su Bao Cheng > +# > +# SPDX-License-Identifier: MIT > +# > + > +inherit dpkg > + > +FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/files:" > + > +DESCRIPTION = "OPTee Client" > + > +PROVIDES = "libteec1 optee-client-dev tee-supplicant" > + > +SRC_URI += "file://debian" > + > +TEE_FS_PARENT_PATH ?= "/var/lib/optee-client/data/tee" > +# To use the builtin RPMB emulation, change to 1 > +RPMB_EMU ?= "0" > + > +TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl" > +TEMPLATE_VARS += "TEE_FS_PARENT_PATH RPMB_EMU" > + > +do_prepare_build[cleandirs] += "${S}/debian" > +do_prepare_build() { > + cp -r ${WORKDIR}/debian ${S}/ > + > + deb_add_changelog > + > + echo "/usr/sbin/*" > ${S}/debian/tee-supplicant.install > + echo "lib/optee_armtz/" > ${S}/debian/tee-supplicant.dirs > + echo "usr/lib/tee-supplicant/plugins/" >> ${S}/debian/tee-supplicant.dirs > + > + echo "usr/lib/*/libteec*.so.*" > ${S}/debian/libteec1.install > + > + echo "usr/include/*" > ${S}/debian/optee-client-dev.install > + echo "usr/lib/*/lib*.so" >> ${S}/debian/optee-client-dev.install > +} -- Siemens AG, Technology Competence Center Embedded Linux