Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

stm-st-stm32mp: add optee-client recipe based on v4.0.0 

This commit integrates optee-client support from the meta-st-openstlinux layer,
based on the openstlinux-6.6-yocto-scarthgap-mpu-v25.03.19 tag.

https://onedigi.atlassian.net/browse/DEL-9442

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit is contained in:
Arturo Buzarra 2025-03-18 17:52:48 +01:00
parent 250acb9041
commit 30751b0eef
5 changed files with 99 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meta-digi-arm/conf/machine/include/ccmp2.inc
View File

@ -42,6 +42,8 @@ TF_A_METADATA_TOOL_ARGS ?= "-g -i 1 -b 2 -v ${TF_A_METADATA_TOOL_VERSION} ${DEVI
# optee-os # optee-os
# ========================================================================= # =========================================================================
PREFERRED_PROVIDER_virtual/optee-os = "optee-os-stm32mp" PREFERRED_PROVIDER_virtual/optee-os = "optee-os-stm32mp"
# OPTEE runtime packages to install
OPTEE_PKGS ??= "optee-client"
# ========================================================================= # =========================================================================
# Kernel # Kernel

21
meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-client/create-tee-supplicant-env Normal file
View File

@ -0,0 +1,21 @@
#!/bin/sh
#
# Create a systemd environment file for tee-supplicant
# $1 is the path to the file to be generated.
# At the moment this figures out the --rpmb-cid parameter to be given to
# tee-supplicant, indicating which eMMC device OP-TEE should use for RPMB
# storage.
# No file is generated if no device is found (not an error) or if multiple
# eMMCs are found (which is an error).
[ "$1" ] || { echo Usage: $0 FILE >&2; exit 1; }
touch $1
for f in /sys/class/mmc_host/mmc*/mmc*\:*/mmcblk?rmpb; do
[ "$CID" ] && { echo $0: Multiple eMMC devices found, not chosing one automatically >&2; exit 2; }
# POSIX shells don't expand globbing patterns that match no file
[ -e $f ] || exit 0
CID=$(cat $(dirname $f)/cid)
done
[ "$CID" ] && echo RPMB_CID="--rpmb-cid $CID" >$1

2
meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-client/optee-udev.rules Normal file
View File

@ -0,0 +1,2 @@
KERNEL=="tee[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee.device"
KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="tee", TAG+="systemd", ENV{SYSTEMD_WANTS}+="teepriv.device"

16
meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-client/tee-supplicant.service Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=TEE Supplicant
Wants=dev-tee0.device
After=dev-tee0.device
After=systemd-udevd.service
[Service]
User=tee
Group=tee
EnvironmentFile=-/etc/default/tee-supplicant
ExecStartPre=/usr/sbin/create-tee-supplicant-env /tmp/tee-supplicant.env
EnvironmentFile=-/tmp/tee-supplicant.env
ExecStart=/usr/sbin/tee-supplicant $RPMB_CID $OPTARGS
[Install]
WantedBy=basic.target

58
meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-client_4.0.bb Executable file
View File

@ -0,0 +1,58 @@
SUMMARY = "OPTEE Client"
HOMEPAGE = "https://github.com/OP-TEE/optee_client"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=69663ab153298557a59c67a60a743e5b"
inherit python3native systemd cmake pkgconfig
SRC_URI = "git://github.com/OP-TEE/optee_client.git;protocol=https;branch=master \
file://tee-supplicant.service \
file://create-tee-supplicant-env \
file://optee-udev.rules \
"
SRCREV = "acb0885c117e73cb6c5c9b1dd9054cb3f93507ee"
PV = "4.0.0+git${SRCPV}"
S = "${WORKDIR}/git"
DEPENDS += "util-linux-libuuid"
SYSTEMD_SERVICE:${PN} = "tee-supplicant.service"
EXTRA_OECMAKE = " \
-DCFG_TEE_FS_PARENT_PATH='${localstatedir}/lib/tee' \
-DCFG_WERROR=OFF \
-DCFG_TEE_CLIENT_LOG_LEVEL=2 \
-DCFG_TEE_CLIENT_LOG_FILE='/data/tee/teec.log' \
-DBUILD_SHARED_LIBS=ON \
-DRPMB_EMU=0 \
"
do_install:append() {
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
sed -i -e s:/etc:${sysconfdir}:g \
-e s:/usr/bin:${bindir}:g \
${WORKDIR}/tee-supplicant.service
install -D -p -m0644 ${WORKDIR}/tee-supplicant.service ${D}${systemd_system_unitdir}/tee-supplicant.service
install -D -p -m0755 ${WORKDIR}/create-tee-supplicant-env ${D}${sbindir}/
fi
install -d ${D}${sysconfdir}/udev/rules.d
install -m 0644 ${WORKDIR}/optee-udev.rules ${D}${sysconfdir}/udev/rules.d/optee.rules
install -d -m770 -o root -g tee ${D}${localstatedir}/lib/tee
}
FILES:${PN} += "${sysconfdir} ${localstatedir}"
inherit useradd
USERADD_PACKAGES = "${PN}"
# Create groups 'tee' and 'teeclnt'. Permissions are set elsewhere on
# /dev/teepriv0 and /dev/tee0 so that tee-supplicant should run as a user that
# is a member of the 'tee' group, and TEE client applications should runs as a
# user that is a member of the 'teeclnt' group.
GROUPADD_PARAM:${PN} = "--system tee; --system teeclnt"
# Create user 'tee' member of group 'tee' to run tee-supplicant
USERADD_PARAM:${PN} = "--system -d / -M -s /bin/nologin -c 'User for tee-supplicant' -g tee tee"