forked from ilbers/isar
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
optee-client provides the userland library for communicating with the trusted applications running in OP-TEE. It also provides a optee-client-dev package for developing host application that talks to the TA counterpart. Also a user land deamon tee-supplicant is provided to serve the trusted applications for user-land resources such as RPMB accessing. This brings the .inc for customization, and also a demo recipe for stm32mp15x. The debianization is learnt from the debian offical package. The tee-supplicant.service is refined by Jan to fix some timing issues. Signed-off-by: Baocheng Su <baocheng.su@siemens.com>
- Loading branch information
1 parent
f5abd17
commit d7646e3
Showing
7 changed files
with
160 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
18 changes: 18 additions & 0 deletions
18
meta-isar/recipes-bsp/optee-client/optee-client-stm32mp15x_3.21.0.bb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# | ||
# Copyright (c) Siemens AG, 2023 | ||
# | ||
# Authors: | ||
# Su Bao Cheng <baocheng.su@siemens.com> | ||
# | ||
# SPDX-License-Identifier: MIT | ||
# | ||
|
||
require recipes-bsp/optee-client/optee-client-custom.inc | ||
|
||
SRC_URI += "https://github.com/OP-TEE/optee_client/archive/${PV}.tar.gz;downloadfilename=optee_client-${PV}.tar.gz" | ||
SRC_URI[sha256sum] = "368164a539b85557d2079fa6cd839ec444869109f96de65d6569e58b0615d026" | ||
|
||
S = "${WORKDIR}/optee_client-${PV}" | ||
|
||
# Use RPMB emulation | ||
RPMB_EMU_BUILD_OPT = "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
Source: ${PN} | ||
Priority: optional | ||
Maintainer: Unknown maintainer <unknown@example.com> | ||
Build-Depends: pkg-config, uuid-dev | ||
Standards-Version: 4.1.3 | ||
Section: libs | ||
Homepage: https://github.com/OP-TEE/optee_client | ||
Rules-Requires-Root: no | ||
|
||
Package: optee-client-dev | ||
Section: libdevel | ||
Architecture: ${DISTRO_ARCH} | ||
Multi-Arch: same | ||
Depends: libteec1 (= ${binary:Version}), | ||
${misc:Depends} | ||
Description: normal world user space client APIs for OP-TEE (development) | ||
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a | ||
non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone | ||
technology. OP-TEE implements TEE Internal Core API v1.1.x which is the API | ||
exposed to Trusted Applications and the TEE Client API v1.0, which is the | ||
API describing how to communicate with a TEE. This package provides the TEE | ||
Client API library. | ||
. | ||
This package contains the development files OpTEE Client API | ||
|
||
Package: libteec1 | ||
Architecture: ${DISTRO_ARCH} | ||
Multi-Arch: same | ||
Depends: ${misc:Depends}, ${shlibs:Depends} | ||
Description: normal world user space client APIs for OP-TEE | ||
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a | ||
non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone | ||
technology. OP-TEE implements TEE Internal Core API v1.1.x which is the API | ||
exposed to Trusted Applications and the TEE Client API v1.0, which is the | ||
API describing how to communicate with a TEE. This package provides the TEE | ||
Client API library. | ||
. | ||
This package contains libteec library. | ||
|
||
Package: tee-supplicant | ||
Architecture: ${DISTRO_ARCH} | ||
Depends: ${misc:Depends}, ${shlibs:Depends} | ||
Description: normal world user space client APIs for OP-TEE | ||
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a | ||
non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone | ||
technology. OP-TEE implements TEE Internal Core API v1.1.x which is the API | ||
exposed to Trusted Applications and the TEE Client API v1.0, which is the | ||
API describing how to communicate with a TEE. This package provides the TEE | ||
Client API library. | ||
. | ||
This package contains tee-supplicant executable. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
#!/usr/bin/make -f | ||
# | ||
# Debian rules for custom OP-TEE Client build | ||
# | ||
# This software is a part of ISAR. | ||
# Copyright (c) Siemens AG, 2023 | ||
# | ||
# SPDX-License-Identifier: MIT | ||
|
||
ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) | ||
export CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- | ||
endif | ||
|
||
%: | ||
dh $@ --exclude=.a | ||
|
||
override_dh_auto_build: | ||
dh_auto_build -- LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) \ | ||
CFG_TEE_FS_PARENT_PATH=${TEE_FS_PARENT_PATH} ${RPMB_EMU_BUILD_OPT} | ||
|
||
override_dh_auto_install: | ||
dh_auto_install -- LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) \ | ||
CFG_TEE_FS_PARENT_PATH=${TEE_FS_PARENT_PATH} ${RPMB_EMU_BUILD_OPT} | ||
|
||
override_dh_auto_clean: | ||
dh_auto_clean | ||
rm -rf $(CURDIR)/out |
21 changes: 21 additions & 0 deletions
21
meta/recipes-bsp/optee-client/files/debian/tee-supplicant.service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# This software is a part of ISAR. | ||
# Copyright (c) Siemens AG, 2023 | ||
# | ||
# SPDX-License-Identifier: MIT | ||
[Unit] | ||
Description=TEE Supplicant | ||
DefaultDependencies=no | ||
Before=systemd-remount-fs.service shutdown.target | ||
Conflicts=shutdown.target | ||
|
||
[Service] | ||
Type=oneshot | ||
RemainAfterExit=yes | ||
# Start if not already started by the initramfs hook | ||
ExecStart=/bin/sh -c '/usr/bin/pgrep tee-supplicant >/dev/null || /usr/sbin/tee-supplicant -d' | ||
ExecStop=/bin/sh -c '/usr/bin/findmnt /sys/firmware/efi/efivars >/dev/null && /usr/bin/umount /sys/firmware/efi/efivars' | ||
ExecStop=/bin/sh -c '/usr/sbin/modinfo -n tpm_ftpm_tee | /usr/bin/grep -E "\.ko$" >/dev/null && /usr/sbin/modprobe -r tpm_ftpm_tee' | ||
ExecStop=/usr/bin/pkill tee-supplicant | ||
|
||
[Install] | ||
WantedBy=sysinit.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# | ||
# Copyright (c) Siemens AG, 2023 | ||
# | ||
# Authors: | ||
# Su Bao Cheng <baocheng.su@siemens.com> | ||
# | ||
# SPDX-License-Identifier: MIT | ||
# | ||
|
||
inherit dpkg | ||
|
||
FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/files:" | ||
|
||
DESCRIPTION = "OPTee Client" | ||
|
||
PROVIDES = "libteec1 optee-client-dev tee-supplicant" | ||
|
||
SRC_URI += "file://debian" | ||
|
||
TEE_FS_PARENT_PATH ?= "/var/lib/optee-client/data/tee" | ||
# To use the builtin RPMB emulation, empty this | ||
RPMB_EMU_BUILD_OPT ?= "RPMB_EMU=0" | ||
|
||
TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl" | ||
TEMPLATE_VARS += "TEE_FS_PARENT_PATH RPMB_EMU_BUILD_OPT" | ||
|
||
do_prepare_build[cleandirs] += "${S}/debian" | ||
do_prepare_build() { | ||
cp -r ${WORKDIR}/debian ${S}/ | ||
|
||
deb_add_changelog | ||
|
||
echo "/usr/sbin/*" > ${S}/debian/tee-supplicant.install | ||
echo "lib/optee_armtz/" > ${S}/debian/tee-supplicant.dirs | ||
echo "usr/lib/tee-supplicant/plugins/" >> ${S}/debian/tee-supplicant.dirs | ||
|
||
echo "usr/lib/*/libteec*.so.*" > ${S}/debian/libteec1.install | ||
|
||
echo "usr/include/*" > ${S}/debian/optee-client-dev.install | ||
echo "usr/lib/*/lib*.so" >> ${S}/debian/optee-client-dev.install | ||
} |