From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 7247222195536003072
X-Received: by 2002:a05:600c:2290:b0:3f9:c9b7:1911 with SMTP id 16-20020a05600c229000b003f9c9b71911mr3443641wmf.32.1687458906889;
        Thu, 22 Jun 2023 11:35:06 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a05:600c:3b05:b0:3f9:b9b0:4107 with SMTP id
 m5-20020a05600c3b0500b003f9b9b04107ls147589wms.2.-pod-prod-06-eu; Thu, 22 Jun
 2023 11:35:05 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ79s8VBimUTuTffd4aGjPMrEBKm7D9PU0/EHcH29qLq4NZCgxlfEaQ5rXEfUmgChmly6gcS
X-Received: by 2002:a05:600c:22d2:b0:3f9:b297:1804 with SMTP id 18-20020a05600c22d200b003f9b2971804mr8817965wmg.17.1687458905256;
        Thu, 22 Jun 2023 11:35:05 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1687458905; cv=pass;
        d=google.com; s=arc-20160816;
        b=ZAH1LRNjP1V/RivVGjxe7eidxLhrlZuyqV1pvg5PUCkxZDwl64CaE1ogyxwXcz4G/T
         1q/N+tGz83mXHPe+Z6j6LenqlTOjGIT8PzHU4x9ny9D99oHlejlM5w1vwD5sCDOMc/LM
         EWS3joGzwGQJ5YstVGMgUQlqL4tVR3DQIOzCK9/YwwHhLynxs4nf0OuaqB+AmZGLcs/Z
         G+lC+Hr/vZgiqnxRz83xETATPW/YNNFjd9nRNN8Dojchbv6fOm6xD7lioP5Hm1zXcZ4Q
         XyOiLi1L4KH2OlEU0wZTvOIO3RWzc3pRd3CDK0XwwEXrQWV1wMNuOyzJylfJnGmQyDG8
         X2Qw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:content-transfer-encoding:in-reply-to:from:references
         :cc:to:content-language:subject:user-agent:date:message-id
         :dkim-signature;
        bh=684tSgkceAGD06F96mgflvrq1DFYuJT3a72bvqhQbFU=;
        b=awAnJYI3E5OXK3Y1nFhglskB+p0pQ0LaWjoICgOC9ZX4R12IevRo6yCIxyjt8sK9T/
         IdqPK9DtF4dR/x9kvY/5DFI8IszYIKl2Bkd4iFVeLB6Hn7iFqVb2X3rEEaHmMDtFLXmR
         NSgEEvfeGG4hA2qyHLT0LQiLgtwmtCq4m3czOiiz+HypsJPGDMn/BeiPCtl8MnZTlRtI
         er4JtPSxMDT2uyNprgq1RG64OyzPp0/htGE7wDIjYiVIiC6IE+7PupRwWvRp+3FE0Ttj
         doJU41cg5zR22S3H+tE48uuWaZgKqd14GCLVm4nutGomx++mIryl0nqlMsddwKpr1NrH
         xQaw==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=selector2 header.b=oFSDL7Xi;
       arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com);
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe1f::630 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Return-Path: <jan.kiszka@siemens.com>
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0630.outbound.protection.outlook.com. [2a01:111:f400:fe1f::630])
        by gmr-mx.google.com with ESMTPS id j2-20020adfe502000000b0031111287632si395156wrm.0.2023.06.22.11.35.05
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 22 Jun 2023 11:35:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe1f::630 as permitted sender) client-ip=2a01:111:f400:fe1f::630;
Authentication-Results: gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=selector2 header.b=oFSDL7Xi;
       arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com);
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:fe1f::630 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=R3f4Ef/mdpx8823OHrttnm/A4fxVmQTjigoJ3bFpSAsf8WASYDV3DVnZ/xdbWASxADf8a90owyZgEaTsRIzJaf3ugqL1ChKg7fETVmTMJxBxNXfBb5CCVrCJSEn0oQMXav12M0x3MiPvFwZ83v5l5UnxBbJT81HXA8Ya+2hRrpKoctFtfTsy0dyj993Oo9N2JrndyWC4UQ5AcMs8SzkYj5CSkUKI4KCsRTkWGjaAA/rtKqZQ0BEK/wp5LdoP/c/3VOnLJEN5IfbN4jOwcjj568UisduogKMq1yiV3+hxlFw1YDsCrQCCO8mLgva3mLz91kxfCmE9ro7R8ORK4gEpGw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=684tSgkceAGD06F96mgflvrq1DFYuJT3a72bvqhQbFU=;
 b=DmuB3Qoa6t5l+cTsgyFNxT4sJH3bZ1JDpjPtUXUb/ML0+JjigoQ1b3FC1aHs+N0OJWYoxSQN8lA7ouwaW7yLMxCRcmQ4S72P60dBrwkruC4sEvqy0iw03SoitBwhiNLTR+klygSefOUD5wkzGpCMyCZBG5WXDon1hIt/KnYcWZuXi9IO7HHtqunbVO36Jf3OSi3BHwoJRZzvGL1Ut6GmJHYox/Vdq8fEw0RMJdUyUaPbMmz7mXeWL4XSwyqEtPx1kh5DtHTJ0Kml7vq4C6AXkQ2uSN5oYb/1oCrBEQoR3zjVbnaFvM2su/ezGXfE7EfETPoCUme5+0lTpB1tuEZ6wQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com;
 dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=684tSgkceAGD06F96mgflvrq1DFYuJT3a72bvqhQbFU=;
 b=oFSDL7XiKqL3eALbGCjO2Hz9EQ/1LIWoKExSdNgAH+8NgNFFcMUV/mcyHj68Cbe250Tu+IqAmLw32XsYHErAmYMgYiUauZ00erdQuwRKf0dX6uel9L+nP4cRDZsaoQXsqH0RFF9yBSLUMav8jTT3U3QehGE34lfmaIUhxA1zx0vVHVrIWB1L6eBvG+OSIyfDLVb1zw/dT65dDOJC3ZX2DK2iUD1NyNmuC7dyxiVPFjlYBVz64SYU7grDR0UNh52oXS1SOyG3IdxC7DHn1P8wdh1osVUbW8Tr4eBKS1kcSQkaOtvhzUJ4MPrVfoMHD9TvWygdmemQy9NsWgudBcXoDg==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=siemens.com;
Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19)
 by AM7PR10MB3288.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:10c::21) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.24; Thu, 22 Jun
 2023 18:35:02 +0000
Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM
 ([fe80::53c2:174a:8b13:ce94]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM
 ([fe80::53c2:174a:8b13:ce94%3]) with mapi id 15.20.6521.024; Thu, 22 Jun 2023
 18:35:02 +0000
Message-ID: <ab6e3e0f-f83d-ca55-cb2d-ce2492832bb6@siemens.com>
Date: Thu, 22 Jun 2023 20:34:59 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.12.0
Subject: Re: [PATCH v2 3/7] Add recipe for optee-client
Content-Language: en-US
To: Henning Schild <henning.schild@siemens.com>, baocheng_su@163.com
Cc: isar-users@googlegroups.com, felix.moessbauer@siemens.com,
 christian.storm@siemens.com, quirin.gylstorff@siemens.com,
 baocheng.su@siemens.com
References: <20230621192217.2045717-1-baocheng_su@163.com>
 <20230621192217.2045717-4-baocheng_su@163.com>
 <20230622200226.372e5fd2@md1za8fc.ad001.siemens.net>
From: Jan Kiszka <jan.kiszka@siemens.com>
In-Reply-To: <20230622200226.372e5fd2@md1za8fc.ad001.siemens.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: FR0P281CA0250.DEUP281.PROD.OUTLOOK.COM
 (2603:10a6:d10:af::20) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM
 (2603:10a6:20b:588::19)
Return-Path: jan.kiszka@siemens.com
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|AM7PR10MB3288:EE_
X-MS-Office365-Filtering-Correlation-Id: 24d01610-15cf-402f-ca68-08db734f6436
X-LD-Processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
	D3zmUOtwCsz7qUbhCOwALcuspdDmeVnfyQn9xMp6cpw3z9l+S5pec1FRQwbYeuSZYzBa0M5k5i6bVvywW9iX18+H0m3gIue62kQh0leJf3xjRFmHyI3Db/oh1rSr65IaBNu9s/cyiqyXE4tGmSIOV7FNKmbEWGBlyJiWkqqJVWFwlJQBTIJbxgIuYn84schgULb4C9M2Wf5rf8zvhuB8GS50NumA7eBEx1UTm+VqWHerql9snj3FnlFDZooI5rwIF/NYTxoOpBp2DJ3YebaeEct+f7ophCfVB18d7BV0NBltT/dwn0YaIJyf4BGUluXLOnIXxIBGsSOdCaEtl1fd6fCH8ADDSh/ArzfQjHphebhmea0ANfluC/lQnArUh/EtbvD7mR06rHDDcElJ+r3lkE9E/OxrcMrN/YPMId+heb+655++BNBN+zGrQPtiPfmNp18e1eV5Hcs5IXiLymrbSwupLpcCQj5qlKA9G9nUG9yaGeVdzhHlt1ZARS2HihVIP66NxQu314nrsvp70LdXDrPRX11dYTcxYPQUje1+wMWQAbgS4gRWIfJn5D6NzFGc51jNr0cHN3ayKIEN8+h9AewVmwrkPpkIq0CfOgDAre0u4UnTM7BJsUWVWddVIhco6+VOjAJM9fpWAAAe3akyGIfCh9iYPBiddGLH54hsp72H7tVKW16m1gmFE2eFLC61
X-Forefront-Antispam-Report:
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(396003)(366004)(136003)(376002)(346002)(451199021)(38100700002)(6512007)(4326008)(6666004)(966005)(107886003)(82960400001)(26005)(186003)(2906002)(31686004)(36756003)(86362001)(31696002)(2616005)(316002)(44832011)(66946007)(66476007)(66556008)(5660300002)(30864003)(478600001)(53546011)(6486002)(6506007)(83380400001)(8936002)(41300700001)(8676002)(43740500002)(45980500001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
	=?utf-8?B?NExidmV3d2MwalZOaVdFVzhyOExYcUJqNEN3L2E4VndHeEdSYnVUek9nTmpr?=
 =?utf-8?B?R2U4bFl3bkU2Sk5kTk9xeWdHb0NNKy84UFovZ2diblpRZ043NHFXRnA0Nk9X?=
 =?utf-8?B?RlA0NGFVL3Fia0ltV1Z4Y0ttRHk3VitLMVlZNWg0L1BRMU03UjBjbFZmclNn?=
 =?utf-8?B?LzQ4WE1oQnRKQ1o5eXlNYlR3M1BKY1FXb25VYmlCMWJ1Z2xoM2owdG1FejZu?=
 =?utf-8?B?M1RaMmJoL3ZPcytYOGNKS0RXK3N6UXBvaEtFOGZ2aHppd0hNTi83bTYxeVkr?=
 =?utf-8?B?eDR2MXlWejBtbEFuSk1nQlV5KzBjVEJrRmdhTTJ2SVpRMlNONHlDdHprV2lK?=
 =?utf-8?B?c2lZUnNydENVQVBoZEd3Y1VZdmF1b0xhZkxqTUJoQWE2SlVnMXhLMCtMaGdq?=
 =?utf-8?B?cmp3dnBJRVB0dFZrZjREOFBLOERKSDU5N1FKZVBWZTZMa1RabzJPc0pyNnhi?=
 =?utf-8?B?T2toRGo2SlpZUkw4blFJczYxRzJSWThGTTN0b3pHRnBmOCs5SkxET0Q3aGRV?=
 =?utf-8?B?bzlUUmRGMFhtWnQ4M1RyeGNmVTdHbkFGbExOMElpUDZ2YUpMbkZBd05VU3E4?=
 =?utf-8?B?TmV1dlRXWnl4WjBwTjZQenp3VUVZanZDTGFlOTF6V2F6N291WnB2RWtnTXdx?=
 =?utf-8?B?ZEprSzdoZmI4b1RCMjBSYWVTbGkwemlEbi9YRzRPSmJxczROQzgwalNMVEdl?=
 =?utf-8?B?dENXVW1YOTFFaTdQbENVcmJoNldZUzhiN093WVFNaUdVL05IL3REU2pRN0hI?=
 =?utf-8?B?YjI2QXd1V3BITmxrUUZpQUlGWkU5dnNmeS9EUkIvZkRRUWNjMG12T2h2bFVN?=
 =?utf-8?B?MG9DVTljK1hramE5c3VTblRRdHlpZTRUaE1nTEpudUcvN3pzbjQrV2t5UzVK?=
 =?utf-8?B?MkIzVmlhbHl3WnB0Y3BXUCszMDZiVFNZMGhkcjFENExRU0thdEZKTW9HRkpG?=
 =?utf-8?B?cWFaeWMyQVA5YjhvUlRGSC93aG5Ocko3ZnI2U0ttcytGM01FZGl1VXpFckY2?=
 =?utf-8?B?QzZkdlNDVzdKOUw1UGNublE1K25uZzQwaGtJZCtKWTFRcDZpSGJDTG1NeFVX?=
 =?utf-8?B?amQ3SElKcTcvOWtVbEhHZzlMWUpEYnE2QlM0MzZWcXUwYXpxU3plL0RjaWsz?=
 =?utf-8?B?aUllTnB2Q1ltWTYxNkhIQU5jNkp3NmxIQ1U1bjU5UlRDN05lMUNJTzlmN1Bv?=
 =?utf-8?B?VWo2dEZIYkd6UWdERmN3ZlZCdlZOVG85SUdEQm4vZnEvSVhLUy9FZTBiNHZp?=
 =?utf-8?B?SER1dXNzTk5iYnZBdE9hbEZyaGVBM0REUElEeEF6WEQ4UHE5czRCaFA2b1lM?=
 =?utf-8?B?MkhrZExjc1Q5emtjN0doaUNjZktIU3l4MmRvL25zc25vUkhlam1VRHlnUS9t?=
 =?utf-8?B?UDlCQ296TnUrUDZHdWJ6cVlydVI1UExyaStQZ2pYbDQ5MnFFa2QyYnRDalUy?=
 =?utf-8?B?Z0tWUXZMODBnTG9JSUY4eGNHeFVIdTZBalZaRFdNbzloaGI4dVRyK1I0UVZk?=
 =?utf-8?B?djluZDArQTJZU0gvYW5iVk45czJpbWdZK1A1VEFYRW5yVWpWVFRCYzZtMXRC?=
 =?utf-8?B?UVNCK09uaFh6Sit1cTNsYjVpRTlWc1RNek84UExFTGNFTElhZmJLOFVPMlFJ?=
 =?utf-8?B?akJJT2xLRE1NV1N0b2R5SGJRL2o3ZWloMk1tVmFqYnJIalhlRFJ3Q1JuVTEx?=
 =?utf-8?B?dWFSQk1BSlJLZnVaM2xnbFVCUHZhN1p2OEp5SnIyaklMZ3RHK2tPendvM0lj?=
 =?utf-8?B?NW5RTjI0UjQxcG55dWVXUlV1TnFvK3RIN09aTDREdWRsTktiWEhWeXBXSnF6?=
 =?utf-8?B?cFRIdEQ2VE9DWTV1Y3NvSmloZlVlYWVBYlZKUnAzTHZPbWlrTlpTWmFmcGxM?=
 =?utf-8?B?THd2cklGTTFOR3ZDcysyN1RJQ0lMQys0aG5JL205TkVSRnBhdEZxNVJaV1Aw?=
 =?utf-8?B?TFg2ZXpjTjNxZStaTTFCODFFbSt5OWsyb0ZzVjNwMUJtTmg1WnBjUDJPbFBK?=
 =?utf-8?B?L002N1NscGRjcFoxd3A2dHg5b3V3MG9xaGROK0YxbElZZ3NSNWxQUGo5L0Vn?=
 =?utf-8?B?SCtsTnRhM0tUaWV6QXlOUkV4Sm5yUkgzVnYzSXVsa1pCZEs2MmFRMnd6eStk?=
 =?utf-8?B?TXlid0IrM0hMRUxMbkxGVnU0cCtrODN2YS9mb0NKN1pHMUU2djBKRks1K2Fk?=
 =?utf-8?B?Qmc9PQ==?=
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 24d01610-15cf-402f-ca68-08db734f6436
X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jun 2023 18:35:02.5321
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: fZj6Cb0Q3xd8WqK51IQqhLQMGXVrzwC9/eKxme0cdXoah1z+ElNbzIIUi5X0aNk167uWF0i7DIBgz4TuOrVlHQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3288
X-TUID: acZ/AHM8NlQL

On 22.06.23 20:02, Henning Schild wrote:
> Am Thu, 22 Jun 2023 03:22:13 +0800
> schrieb baocheng_su@163.com:
> 
>> From: Baocheng Su <baocheng.su@siemens.com>
>>
>> optee-client provides the userland library for communicating with the
>> trusted applications running in OP-TEE.
>>
>> It also provides a optee-client-dev package for developing host
>> application that talks to the TA counterpart.
>>
>> Also a user land deamon tee-supplicant is provided to serve the
>> trusted applications for user-land resources such as RPMB accessing.
>>
>> This brings the .inc for customization, and also a demo recipe for
>> stm32mp15x.
>>
>> The debianization is learnt from the debian offical package. The
>> tee-supplicant.service is refined by Jan to fix some timing issues.
>>
>> Signed-off-by: Baocheng Su <baocheng.su@siemens.com>
>> ---
>>  meta-isar/conf/machine/stm32mp15x.conf        |  2 +-
>>  .../optee-client-stm32mp15x_3.21.0.bb         | 18 +++++++
>>  .../optee-client/files/debian/compat          |  1 +
>>  .../optee-client/files/debian/control.tmpl    | 51
>> +++++++++++++++++++ .../optee-client/files/debian/rules.tmpl      |
>> 27 ++++++++++ .../files/debian/tee-supplicant.service       | 21
>> ++++++++ .../optee-client/optee-client-custom.inc      | 41
>> +++++++++++++++ 7 files changed, 160 insertions(+), 1 deletion(-)
>>  create mode 100644
>> meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb
>> create mode 100644 meta/recipes-bsp/optee-client/files/debian/compat
>> create mode 100644
>> meta/recipes-bsp/optee-client/files/debian/control.tmpl create mode
>> 100755 meta/recipes-bsp/optee-client/files/debian/rules.tmpl create
>> mode 100644
>> meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service
>> create mode 100644
>> meta/recipes-bsp/optee-client/optee-client-custom.inc
>>
>> diff --git a/meta-isar/conf/machine/stm32mp15x.conf
>> b/meta-isar/conf/machine/stm32mp15x.conf index 4fa4051..0b200d2 100644
>> --- a/meta-isar/conf/machine/stm32mp15x.conf
>> +++ b/meta-isar/conf/machine/stm32mp15x.conf
>> @@ -16,4 +16,4 @@ WKS_FILE ?= "stm32mp15x.wks.in"
>>  IMAGER_INSTALL += "trusted-firmware-a-stm32mp15x optee-os-stm32mp15x
>> u-boot-stm32mp15x" IMAGER_BUILD_DEPS +=
>> "trusted-firmware-a-stm32mp15x optee-os-stm32mp15x u-boot-stm32mp15x" 
>> -IMAGE_INSTALL += "u-boot-script"
>> +IMAGE_INSTALL += "u-boot-script tee-supplicant"
>> diff --git
>> a/meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb
>> b/meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb
>> new file mode 100644 index 0000000..18525e3 --- /dev/null
>> +++
>> b/meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb
>> @@ -0,0 +1,18 @@ +#
>> +# Copyright (c) Siemens AG, 2023
>> +#
>> +# Authors:
>> +#  Su Bao Cheng <baocheng.su@siemens.com>
>> +#
>> +# SPDX-License-Identifier: MIT
>> +#
>> +
>> +require recipes-bsp/optee-client/optee-client-custom.inc
>> +
>> +SRC_URI +=
>> "https://github.com/OP-TEE/optee_client/archive/${PV}.tar.gz;downloadfilename=optee_client-${PV}.tar.gz"
>> +SRC_URI[sha256sum] =
>> "368164a539b85557d2079fa6cd839ec444869109f96de65d6569e58b0615d026" +
>> +S = "${WORKDIR}/optee_client-${PV}" +
>> +# Use RPMB emulation
>> +RPMB_EMU_BUILD_OPT = ""
>> diff --git a/meta/recipes-bsp/optee-client/files/debian/compat
>> b/meta/recipes-bsp/optee-client/files/debian/compat new file mode
>> 100644 index 0000000..f599e28
>> --- /dev/null
>> +++ b/meta/recipes-bsp/optee-client/files/debian/compat
>> @@ -0,0 +1 @@
>> +10
>> diff --git a/meta/recipes-bsp/optee-client/files/debian/control.tmpl
>> b/meta/recipes-bsp/optee-client/files/debian/control.tmpl new file
>> mode 100644 index 0000000..6c68b1d
>> --- /dev/null
>> +++ b/meta/recipes-bsp/optee-client/files/debian/control.tmpl
>> @@ -0,0 +1,51 @@
>> +Source: ${PN}
>> +Priority: optional
>> +Maintainer: Unknown maintainer <unknown@example.com>
>> +Build-Depends: pkg-config, uuid-dev
>> +Standards-Version: 4.1.3
>> +Section: libs
>> +Homepage: https://github.com/OP-TEE/optee_client
>> +Rules-Requires-Root: no
>> +
>> +Package: optee-client-dev
>> +Section: libdevel
>> +Architecture: ${DISTRO_ARCH}
>> +Multi-Arch: same
>> +Depends: libteec1 (= ${binary:Version}),
>> +         ${misc:Depends}
>> +Description: normal world user space client APIs for OP-TEE
>> (development)
>> + OP-TEE is a Trusted Execution Environment (TEE) designed as
>> companion to a
>> + non-secure Linux kernel running on Arm; Cortex-A cores using the
>> TrustZone
>> + technology. OP-TEE implements TEE Internal Core API v1.1.x which is
>> the API
>> + exposed to Trusted Applications and the TEE Client API v1.0, which
>> is the
>> + API describing how to communicate with a TEE. This package provides
>> the TEE
>> + Client API library.
>> + .
>> + This package contains the development files OpTEE Client API
>> +
>> +Package: libteec1
>> +Architecture: ${DISTRO_ARCH}
>> +Multi-Arch: same
>> +Depends: ${misc:Depends}, ${shlibs:Depends}
>> +Description: normal world user space client APIs for OP-TEE
>> + OP-TEE is a Trusted Execution Environment (TEE) designed as
>> companion to a
>> + non-secure Linux kernel running on Arm; Cortex-A cores using the
>> TrustZone
>> + technology. OP-TEE implements TEE Internal Core API v1.1.x which is
>> the API
>> + exposed to Trusted Applications and the TEE Client API v1.0, which
>> is the
>> + API describing how to communicate with a TEE. This package provides
>> the TEE
>> + Client API library.
>> + .
>> + This package contains libteec library.
>> +
>> +Package: tee-supplicant
>> +Architecture: ${DISTRO_ARCH}
>> +Depends: ${misc:Depends}, ${shlibs:Depends}
>> +Description: normal world user space client APIs for OP-TEE
>> + OP-TEE is a Trusted Execution Environment (TEE) designed as
>> companion to a
>> + non-secure Linux kernel running on Arm; Cortex-A cores using the
>> TrustZone
>> + technology. OP-TEE implements TEE Internal Core API v1.1.x which is
>> the API
>> + exposed to Trusted Applications and the TEE Client API v1.0, which
>> is the
>> + API describing how to communicate with a TEE. This package provides
>> the TEE
>> + Client API library.
>> + .
>> + This package contains tee-supplicant executable.
>> diff --git a/meta/recipes-bsp/optee-client/files/debian/rules.tmpl
>> b/meta/recipes-bsp/optee-client/files/debian/rules.tmpl new file mode
>> 100755 index 0000000..a0a8983
>> --- /dev/null
>> +++ b/meta/recipes-bsp/optee-client/files/debian/rules.tmpl
>> @@ -0,0 +1,27 @@
>> +#!/usr/bin/make -f
>> +#
>> +# Debian rules for custom OP-TEE Client build
>> +#
>> +# This software is a part of ISAR.
>> +# Copyright (c) Siemens AG, 2023
>> +#
>> +# SPDX-License-Identifier: MIT
>> +
>> +ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
>> +export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)-
>> +endif
>> +
>> +%:
>> +	dh $@ --exclude=.a
>> +
>> +override_dh_auto_build:
>> +	dh_auto_build -- LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) \
>> +		CFG_TEE_FS_PARENT_PATH=${TEE_FS_PARENT_PATH}
>> ${RPMB_EMU_BUILD_OPT} +
>> +override_dh_auto_install:
>> +	dh_auto_install -- LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) \
>> +		CFG_TEE_FS_PARENT_PATH=${TEE_FS_PARENT_PATH}
>> ${RPMB_EMU_BUILD_OPT} +
>> +override_dh_auto_clean:
>> +	dh_auto_clean
>> +	rm -rf $(CURDIR)/out
>> diff --git
>> a/meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service
>> b/meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service
>> new file mode 100644 index 0000000..4508a14 --- /dev/null
>> +++
>> b/meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service
>> @@ -0,0 +1,21 @@ +# This software is a part of ISAR.
>> +# Copyright (c) Siemens AG, 2023
>> +#
>> +# SPDX-License-Identifier: MIT
>> +[Unit]
>> +Description=TEE Supplicant
>> +DefaultDependencies=no
>> +Before=systemd-remount-fs.service shutdown.target
>> +Conflicts=shutdown.target
>> +
>> +[Service]
>> +Type=oneshot
>> +RemainAfterExit=yes
>> +# Start if not already started by the initramfs hook
>> +ExecStart=/bin/sh -c '/usr/bin/pgrep tee-supplicant >/dev/null ||
>> /usr/sbin/tee-supplicant -d' +ExecStop=/bin/sh -c '/usr/bin/findmnt
>> /sys/firmware/efi/efivars >/dev/null && /usr/bin/umount
>> /sys/firmware/efi/efivars || true' +ExecStop=/bin/sh -c
>> '/usr/sbin/modinfo -n tpm_ftpm_tee | /usr/bin/grep -E "\.ko$"
>>> /dev/null && /usr/sbin/modprobe -r tpm_ftpm_tee || true'
>>> +ExecStop=/usr/bin/pkill tee-supplicant + +[Install]
>> +WantedBy=sysinit.target
>> diff --git a/meta/recipes-bsp/optee-client/optee-client-custom.inc
>> b/meta/recipes-bsp/optee-client/optee-client-custom.inc new file mode
>> 100644 index 0000000..5c88dad
>> --- /dev/null
>> +++ b/meta/recipes-bsp/optee-client/optee-client-custom.inc
>> @@ -0,0 +1,41 @@
>> +#
>> +# Copyright (c) Siemens AG, 2023
>> +#
>> +# Authors:
>> +#  Su Bao Cheng <baocheng.su@siemens.com>
>> +#
>> +# SPDX-License-Identifier: MIT
>> +#
>> +
>> +inherit dpkg
>> +
>> +FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/files:"
> 
> This looks weird, is it really needed?
> 

Yes, because of...

> Henning
> 
>> +
>> +DESCRIPTION = "OPTee Client"
>> +
>> +PROVIDES = "libteec1 optee-client-dev tee-supplicant"
>> +
>> +SRC_URI += "file://debian"

...this line.

Jan

>> +
>> +TEE_FS_PARENT_PATH ?= "/var/lib/optee-client/data/tee"
>> +# To use the builtin RPMB emulation, empty this
>> +RPMB_EMU_BUILD_OPT ?= "RPMB_EMU=0"
>> +
>> +TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl"
>> +TEMPLATE_VARS += "TEE_FS_PARENT_PATH RPMB_EMU_BUILD_OPT"
>> +
>> +do_prepare_build[cleandirs] += "${S}/debian"
>> +do_prepare_build() {
>> +    cp -r ${WORKDIR}/debian ${S}/
>> +
>> +    deb_add_changelog
>> +
>> +    echo "/usr/sbin/*" > ${S}/debian/tee-supplicant.install
>> +    echo "lib/optee_armtz/" > ${S}/debian/tee-supplicant.dirs
>> +    echo "usr/lib/tee-supplicant/plugins/" >>
>> ${S}/debian/tee-supplicant.dirs +
>> +    echo "usr/lib/*/libteec*.so.*" > ${S}/debian/libteec1.install
>> +
>> +    echo "usr/include/*" > ${S}/debian/optee-client-dev.install
>> +    echo "usr/lib/*/lib*.so" >> ${S}/debian/optee-client-dev.install
>> +}
> 

-- 
Siemens AG, Technology
Competence Center Embedded Linux