optee-client: fix default secure storage path

This commit fixes the default secure storage path to /mnt/data/tee instead of /var/lib/tee. This will store all secure storage keys in that path and will keep them even during rootfs updates. Signed-off-by: Mike Engel <Mike.Engel@digi.com>
2025-07-25 12:00:41 +02:00 · 2025-07-25 12:00:41 +02:00 · 8d26062700
parent f0b4d0d02a
commit 8d26062700
1 changed files with 6 additions and 2 deletions
--- a/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-client_4.0.bb
+++ b/meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-security/optee/optee-client_4.0.bb
@ -23,7 +23,7 @@ DEPENDS += "util-linux-libuuid"
 SYSTEMD_SERVICE:${PN} = "tee-supplicant.service"

 SECURE_STORAGE_PATH ?= "${@oe.utils.vartrue('TRUSTFENCE_FILE_BASED_ENCRYPT', \
-                                        '-DCFG_TEE_FS_PARENT_PATH=/mnt/data/tee', \
+                                        '/mnt/data/tee', \
                                        '${localstatedir}/lib/tee', d)}"

 EXTRA_OECMAKE = " \
@ -48,7 +48,11 @@ do_install:append() {
    install -m 0644 ${WORKDIR}/optee-udev.rules ${D}${sysconfdir}/udev/rules.d/optee.rules
    install -d -m770 -o root -g tee ${D}${SECURE_STORAGE_PATH}
 }
-FILES:${PN} += "${sysconfdir} ${localstatedir}"
+FILES:${PN} += " \
+    ${sysconfdir} \
+    ${localstatedir} \
+    ${@oe.utils.vartrue('TRUSTFENCE_FILE_BASED_ENCRYPT', '/mnt/data/tee', '', d)} \
+"

 inherit useradd